[IS&T Security-FYI] SFYI Newsletter, November 28, 2011

Monique Yeaton myeaton at MIT.EDU
Mon Nov 28 16:46:26 EST 2011 

In this issue:


1. The Latest on the DNS Changer Malware

2. Cyber Shopping Risks



--------------------------------------------------------

1. The Latest on the DNS Changer Malware

--------------------------------------------------------


The FBI arrested six people this month in connection with a click-fraud scheme that infected more than 4 million computers around the world. The arrests were the result of a two-year investigation known as Operation Ghost Click. All were arrested in Estonia. A seventh person is still at large.


The malware used in the scheme is known as DNS Changer. DNS is short for Domain Name System (learn more about DNS here<http://www.howstuffworks.com/dns.htm>). DNS Changer changes the DNS settings on the infected computers, pointing them to DNS servers under control of the criminals. They can then redirect victim's traffic from legitimate sites, such as iTunes, to other sites. The criminals earned more than $14 million from commissions on referrals to the online advertising at these sites. The attack targeted both Windows and Mac computers.


Technical specifications of the malware can be found here<http://www.f-secure.com/v-descs/trojan_w32_dnschanger.shtml>.


How does a computer get the malware?

By visiting sites that ask you to download a third-party plug-in or tool. The malware is called a Trojan horse because it hides within another piece of code to carry out its attack. For example, the criminals were using a vulnerability in Flash (now fixed by Adobe) so that if you played an infected Flash-based video, it would install the malware.


Protection tips:

  *   Be careful about the sites you visit.
  *   Don't click on links you receive in shady emails.
  *   Avoid installing software from sites.
  *   Make sure you are running the latest versions of your anti-virus software, browsers and its plug-ins.


Anti-virus software should catch this malware, but can sometimes fail. The malware can prevent infected machines from downloading security updates to operating systems or updates to anti-virus software that might help detect the malware and stop it from operating. Often when the DNS Changer virus is downloaded, other types of malware come along with it, making it difficult to clean up a system. Several dozens of computers have already been infected with this virus at MIT.


If you’re worried, check that your anti-virus software is up-to-date, and verify that your DNS server settings match what you’d expect for your PC. The IS&T Help Desk (helpdesk at mit.edu) will be able to help with what to look for.


The FBI provides this resource<https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS> to help you find out if your computer is using a rogue DNS.


Read the full story in the news<http://www.eweek.com/c/a/Security/Researchers-Discover-Link-Between-TDSS-Rootkit-and-DNSchanger-Trojan-753018/>.



--------------------------------

2. Cyber Shopping Risks

--------------------------------


The Monday after Thanksgiving (today) is known as Cyber Monday, one of the busiest online shopping days of the year.


The National Retail Federation<http://www.nrf.com/> reports that almost half of all Americans plan to shop online this season. Unfortunately, just as shoppers hit the Internet to search for deals, cyber criminals are trolling the Web for their next victim. A significant increase in malicious shopping websites are launched between October and January, according to Webroot, an anti-virus and anti-spyware software company.


Tips for shoppers:


  *   Think before you click. Never click on links to unfamiliar websites, especially those provided within emails.
  *   Install security software. Protect your PC with up to date anti-virus programs.
  *   Know the retailer. If unfamiliar to you, look for more information about the company by contacting the Better Business Bureau.
  *   Monitor your credit report. Once a year you can freely check your report to look for suspicious activity on your bank or credit card accounts.
  *   Keep your passwords safe. Never reveal them to anyone and do not have a password that contains commonly known information, such as your birth date.
  *   Only make purchases from secure websites. Secured site web addresses start with "https:"


For more tips on how to stay safe while shopping online, visit the FTC site: "Fight Back Against Identity Theft<http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm>."



===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================


Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20111128/577a65d1/attachment.htm

More information about the ist-security-fyi mailing list