InetDaemon

Malware is malicious software which the user is tricked into downloading and/or installing from an e-mail attachment, or more commonly today, malicious and infected websites.  Social Engineering is a term used to describe the techniques used to deceive people and trick pe0ple into revealing information or taking an action that is unsafe.  Socially-engineered malware is malware that is pushed to Internet users from malicious URL’s (website addresses) that have content designed to grab your attention and trick you into clicking a link in a search engine or e-mail, or which exploit a vulnerability via JavaScript or within a plugin (Java, Flash, Silverlight, Adobe Reader etc.) to gain access to the computer and install malware.  Once installed, the malware remotely grants hackers control of the computer, and full access to everything on the computer and everything the computer is used to access, including email, online banking and personal online investment accounts.  The hacker may even be able to observe the screen, and record keyboard and mouse activities.

The latest website to fall victim to getting hacked is MySQL.com, owned by Oracle Corporation, which was briefly forcing malware downloads to computers running vulnerable web browsers that connected to the MySQL.com website.

According to recent statistics published at Virus Bulletin by Bruce Hughes of anti-virus company AVG technologies, Internet users are four times more likely to encounter social engineering as the mechanism used to infect their computers than a technological ’hack’.

An independent security firm has released their third quarter report on the protection provided by each of the top five web browsers. The test was designed to determine how well each browser protects against malicious URL’s, malicious downloads and phishing.

The firm compared the following browser versions:

• Internet Explorer 9
• Firefox 4
• Chrome 12
• Safari 5
• Opera 11

Which browser blocked the most malware and was the best, most secure browser against socially-engineered malware?

According to NSS Labs,  all of these browsers offer a reputation system to warn the user about malicious URL’s and block malicious software downloads from those addresses. Reputation systems are used to provide the user additional feedback to make a determination as to whether the site is safe and to recommend blocking the website to the user in cases where the sites are known to be malicious. However, one of these browsers proved dramatically more effective at blocking socially-engineered malware–malware that users are tricked into downloading simply by visiting a website or clicking a picture or link in a search engine result, e-mail, tweet or SMS text.

MORE: Best web browser against socially engineered malware

Great article at Wired magazine about how digital detectives at Symantec and elsewhere deciphered the STUXNET worm.

See:  http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1

Windows 7 does not enable a Telnet client during a default installation, which is more a secure posture than previous versions of Windows.   I found I was unable to telnet when I went to simulate an HTTP request from the command line to a possibly bogus website and realized that telnet didn’t appear to exist on the Windows 7 system.  Previous versions of Windows come with the telnet client installed in the C:\Windows\System32 directory.  This is more secure, but there are times when a telnet client is needed.  Here’s how you can enable the Telnet client in Windows 7.

1. Click Start
2. Click Control Panel
3. Click Programs and Features
4. On the left hand side, click “Turn Windows features on or off”
5. A dialog box will open labled “Windows Features”
6. Scroll down until you see “Telnet Client” (DO NOT enable Telnet Server!)
7. Click the OK button

I find it interesting that Microsoft still provides the old Telnet client, but still doesn’t include an SSH client.  SSH is similar to Telnet, but provides encrypted communication between endpoints.  Odd that Telnet is disabled as a security risk–yet the best alternative, SSH is not offered or included.

So, you want to learn about Computers, Networks and the Internet?  Feeling a little overwhelmed by how complicated they are?

All of these technologies are built out of small pieces.  That is, each piece was developed all by itself, and the pieces where then put together to make the more complicated systems.  To make learning about computers and especially networking or the Internet a little easier, you can start with the OSI Model.   If you understand the concepts that go into the OSI Model, you can use the OSI Model as a framework for helping you understand how the pieces that go into networking fit together and how they rely on each other to create the web surfing experience.

Read more aobut the OSI Model