[IS&T Security-FYI] SFYI Newsletter, May 23, 2011

Monique Yeaton myeaton at MIT.EDU
Mon May 23 12:48:07 EDT 2011 

In this issue:


1. I've Been Hacked! Now What?

2. Google Has Fix for Android Vulnerability



------------------------------------------

1. I've Been Hacked! Now What?

------------------------------------------


In spite of all your precautions to protect your computer from a virus, somehow one got through. Pop up windows are appearing all over the place, you can't launch some applications, your computer is sluggish and it's just generally not working as it should. What do you do now??


This article from About.com shares a set of steps to take to bring your machine back to its normal state without your files being destroyed: <http://netsecurity.about.com/od/disasterrecovery/a/I-Ve-Been-Hacked-Now-What.htm>


Below is a summary of the recovery steps mentioned:


1. Isolate your computer: Isolation prevents the hacker from continuing to wreak havoc by pulling files or personal information. Network access should be cut off by removing the cable or turning off the wifi.


Important Note!!: This step isn't mentioned in the article, but if your infected MIT work computer contains the personal information or financial information of anyone other than yourself, you will want to notify your supervisor and send an email to infoprotect at mit.edu before taking any of the following steps. The IT Security team will run forensics on the drive to find out if the malware was data-seeking and will attempt to determine if the data was accessed by a third party. They will re-image the drive and return the original drive back to you as soon as possible.


2. Shut down and remove the hard drive: If you don't feel comfortable removing the drive, take the computer to a PC repair shop or the IS&T Help Desk. (An alternative to removing the drive would be to boot the machine off a Linux Live CD <http://en.wikipedia.org/wiki/Live_CD> with virus detecting tools and the latest virus definitions on it.)


3. Scan the drive for infection and malware: Using a separate bootable drive, scan the drive using rootkit, virus and spyware detectors. They should be able to remove the malware from the file system.


4. Backup important files if you haven't already: You'll want to get all personal data off the drive. Copy photos, documents, media and other personal files to a DVD, CD or other clean hard drive.


5. Reinstall the hard drive: After verifying a successful backup of your files, you can put the drive back into the computer.


6. Completely wipe the old drive (repartition and reformat): You shouldn't trust that the malware has been cleaned off entirely. Some damage to the file system might still exist. The only way to be sure is to clean the drive with a hard drive wipe utility to blank the drive. This may take a few hours to complete. The wiping process will overwrite every sector of the hard drive.


7. Reload the OS and trusted media: Use your original OS disks that came with your computer, do not use ones from unknown origin. When attaching the computer back to the network, the first thing you want to do is accept the updates and patches. Don't install any software yet.


8. Reinstall virus protection software, and any other security software before loading any applications on the machine. Make sure your AV software is up to date and is accepting new virus definitions on a daily basis.


9. Scan the backup disks for viruses before copying the files back onto the computer. You can never be too careful, as your backup files might have become infected during a previous backup process.


10. Going forward, back up your files on a regular basis so that if this happens again, you won't spend as much time reloading your system.



------------------------------------------------------

2. Google Has Fix for Android Vulnerability

------------------------------------------------------


Google is rolling out a fix for a vulnerability in the majority of Android phones that allows attackers to access and modify users' Google contacts and calendar when they are being accessed over unsecured Wi-Fi networks. The flaw affects versions 2.3.3 and earlier of the Android platform, which is running on 99.7 percent of Android devices. The fix does not require action from users; it will be pushed out automatically.


Read the full story:

<http://www.pcworld.com/article/228146/google_issues_patch_to_plug_android_data_leaks.html>



====================================================================

Read all Security FYI Newsletter articles online at http://securityfyi.wordpress.com/.

====================================================================


Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110523/86f1a241/attachment.htm

More information about the ist-security-fyi mailing list