Malware Advisory for users of Odnoklassniki.ru

A Russian website Odnoklassniki.ru, a social networking site that connects classmates and friends, seems to be distributing malware in a form of Trojan-Downloader.JS.Agent.ejl. It appears that another Russian website that supplies ad content – Adriver.ru is responsible for delivering the malware through it’s ad content, such as banners, on Odnoklassniki.ru.

According to Kaspersky.com website, the Trojan was detected at 4:08 a.m. on August 14, 2009, and the update released at 2:39 p.m.on the same day, meaning that as of that time, all users of Kaspersky antivirus were protected considering that they have received either automatic, or performed a manual virus signature update.

According to various online sources, Odnoklassniki.ru support team was notified of the problem on August 23, 2009, however, they have not responded as of 6:50 p.m. EDT.

Odnoklassniki.ru has over 40 million subscribers worldwide. We advise our valued customers and dear readers to refrain from visiting the website, and inform their friends and employees of a possible problem.

Unfortunately, many people use social media sites in a work place jeopardizing corporate network and data security.

The Driz Group 

Twitter, Google and TechCrunch – User Education is Key

I just finished reading a great article by Eric Lundquist – “10 Lessons IT Execs Should Learn from the Twitter and TechCrunch Document Dustup” that apparel in eWeek on July 17, 2009, and would like to reiterate and clarify some of the issues both IT and business executives face when making decisions around cloud-computing.

According to eWeek “…A hacker apparently was able to access the Google account of a Twitter employee. Twitter uses Google Docs as a method to create and share information. The hacker apparently got at the docs and sent them to TechCrunch, which decided to publish much of the information…”

To my knowledge, the account in question was hacked using a combination of common or “simple” user IDs and password, which is not uncommon. As silly as it may sound, a hacker simply guessed user ID/password combination. To minimize the risk, Google Apps Premier edition offers Advanced Password Settings that also contain password strength and monitoring tool for domain administrators. If the password policy was enforced and monitored, the system would have been much more difficult to penetrate.

What I disagree with is the fact that media keeps referring to the above event as if an attacker found a “hole” in Google Apps, an entire Google infrastructure or was able to figure out how to hack the Cloud, which is simply ignorant. I would like to clarify that there is no magic when it comes to getting into someone else’s user account. As an administrator, you must enforce user account password policies ensuring that user passwords are nearly impossible to guess.

I do agree that it is more complex to gain access to an on-premise based infrastructure simply because most of the time, access to your office computer is not visible to the general public, or detectable from outside your network. A hacker needs a lot of information in order to gain access to logon screen(s), to then start guessing passwords. In case of Google Apps, a logon screen is available on the Web and could be easily guessed if not disguised by an administrator using unique domain names etc. By the way, use of unique domain names must be encouraged by the SaaS vendors such as Google and Microsoft. It is their job to make sure that both IT executives and administrators are aware of security risks and educated enough to make informed decisions around protection of sensitive information.

While it isn’t possible to secure your environment 100%, be it on-premise or in the Cloud, the most important exercise is to constantly train and educate your end-users, as the weakest link, sharing stories and reminding them how important information security is for them personally and for the business they are in.

Until next time,

Steve E. Driz

Destroying old hard drives is the only way to keep corporate and personal information safe

Friends,

Some time ago, one of our clients discovered that one of the major PC manufacturers replaces failed computer hard drives with refurbished drives that may contain confidential information. Let me explain.

When a business purchases a new laptop or a desktop computer from one of the major computer manufacturers such as Dell, HP or Lenovo, most likely it comes with one, two or three years on-site warrantee. It means that if one of the hardware components such as hard drive or motherboard fails, the manufacturer will replace the part and will send certified technician, most likely one of their local partners to your office to install new part. So far, so good right?

Some medium and large size businesses employ platform specific certified techs, or train the existing IT staff to handle replacement of parts in-house in order to save time, and ensure that third-parties do not handle corporate information. In that case, a person responsible for hardware maintenance will be responsible for contacting PC manufacturer in the event of hardware failure identifying the problem and requesting the right replacement part.

Our client, a medium size business, employed such a person. One day, he received a phone call from one of the senior managers stating that fairly new brand name laptop won’t start. He asked to bring the laptop in, and quickly identified failed hard drive. He then contacted PC manufactured, and requested a new, replacement hard drive.

The replacement part arrived in 48-hours and was packaged impeccably resembling brand new product. Having installed new hard drive, to his surprise, the tech realized that new hard drive came with fully installed operating system. I should note that normally, the operating system such as Microsoft Windows is pre-installed by PC manufacturers, meaning that systems administrator has to go through final installation and configuration steps, or in most cases, an enterprise will have pre-configured disk image that includes operating system as well as all standard software applications used within the company.

Now back to the issue at hand. The operating system did not have a password. The shock came when the tech discovered a large amount of data on the hard drive that belonged to another company (!). In short, the hard drive was returned back to the manufacturer and exchanged. The issue was explained, however the manufacturer could not provide any reasonable explanation other than re-state the fact that the hard drive was in fact refurbished, and that their technicians must have made a mistake forgetting to properly erase all data prior to shipping the hard drive.

Businesses of all sizes around the globe have no choice but to refresh old technology and in turn dispose of old technology. For some reason, majority of IT professional that charged with safeguarding corporate data pay more attention to disposal of servers and server components, and at times totally disregard desktop and laptop computers. The issue is that some PCs may contain extremely sensitive information including company’s financial information, trade secrets, employee personal and salary information etc.

So, how can an enterprise ensure that the corporate information does not walk out the door and does not become property of an unintended recipient or a criminal? Many companies rely on simple process of formatting the hard drives prior to recycling old technology. Sounds simple, right? The problem is that even after format, almost any experienced IT professional or PC enthusiast will be able to recover files either partially or completely using widely available software tools. The only way to make sure that the data is safe, is to make sure that the hard drive isn’t operational meaning cannot be connected, powered and read by a computer of any other device.

To achieve that, computer hard drive must be physically destroyed. There are many ways of achieving that goal. We always suggest having professionals do the job. If you are an IT professional and decide to destroy a hard drive yourself, we recommend drilling several holes through the body of the device using simple power drill. After that, you can safely recycle old hard drive through one of the technology recycling companies.

Until next time,

The Driz Group