For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.
Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.
The FBI is encouraging users to visit a website run by its security partner, www.dcwg.org, that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.
Postings by SANS Internet Storm Center and security specialist Brian Krebs describe how, in recent weeks, both have been receiving many reports that vulnerabilities in Google Images search are being exploited in order to load malicious software onto users’ systems. Both sources state that users are being led to fake anti-virus web sites and presented with false security alerts.
The Internet Storm Center gives a detailed description of the exploit: legitimate sites are compromised and scripts are planted on them; these scripts monitor Google Trends for suitable search terms and create fake web pages containing text and images culled from various web sites; these web pages and the images they contain are then be indexed by the Google bots; when a user clicks on a relevant thumbnail in the results of a Google Images search, the exploit will be triggered and the user directed to a fake anti-virus web site. The description concludes with the comment by Bojan Zdrnja that “Google is doing a relatively good job removing (or at least marking) links leading to malware in normal searches, however, Google’s image search seem to be plagued with malicious links.”
According to Krebs, Denis Sinegubko is developing a plug-in for Firefox that will recognise thumbnails that potentially lead to hostile sites in Google Image search results, and highlight them with a red border. Thumbnails that are hot-linked and may be malicious will be highlighted with a pink border. Krebs also quotes a Google source, Jay Nancarrow, as stating that the company is taking “active efforts to improve both the quality of the results and malware detection … We’re improving, as are the people trying to put users at risk, and in the interests of those users it’s best if we don’t reveal everything that we’re doing about this.”
The Federal Bureau of Investigation wants access to computers in the United States, but this might be a good thing. In an unprecedented move, the FBI has gained access to the ‘command and control’ servers that have been controlling the internet nasty ‘Coreflood’. With this control, the FBI could use these servers to send a command to all infected computers to uninstall the Coreflood software.
Coreflood has actually been around since 2002. Known as a ‘botnet’ it works by infecting your computer through a file that you open or a link that you click on, which is disguised as something you might want to read. In the background, the software embeds itself into your computer and starts communicating back to the control server, doing whatever it is told to. These commands could range from the annoying (changing your wallpaper, opening your CD tray, randomly playing sounds or shutting down your PC) through to the dangerous (recording your keyboard strokes & sending your personal information back to the command servers).
With an estimated 2.3 million infected computers, a command to uninstall itself would be a very effective way of eradicating Coreflood. However, the FBI has to watch its step and is working with the US Department of Justice to ensure it doesn’t violate the USA’s privacy protection laws. It is currently seeking ‘request and authorization to delete’ from government agencies and corporations and may issue ‘notice of infected computer’ alerts through internet providers to home users.
In the meantime, Microsoft has added a further update to its Malicious Software Removal Tool to tackle the latest instances of Coreflood and this will be released to Windows computers with Microsoft’s next batch of security updates. Most anti-virus software manufacturers will now also detect Coreflood on an infected computer.
While it’s interesting to see the FBI taking this approach to clean millions of computers, it once again highlights the need for computer owners to be vigilant about security measures. It’s easy to forget about older, rarely used computers and if their software isn’t kept up to date, they can easily be targeted by botnet infections. Your security strategy needs to include regular updates to your operating system software and your security software, as well as checking that your security software is functioning correctly and performing regular scans. You also need to practice safe internet habits, such as being careful about suspicious-looking file attachments and not visiting dubious websites.
Coreflood is one of thousands of examples of botnet software currently in existence. Talk to your local Computer Troubleshooter about the best protection strategy for your computers or about any of your technology needs.
Here at Computer Troubleshooters of Wichita we are very excited about the look, feel and functionality of our newly updated site. Please feel free to look around and contact us with any of your technology questions.
Computer Troubleshooters now offers a variety of VoIP phone services! We have specialists for both hosted (cloud-based, no server needed) systems and more powerful digital PBX systems. Here’s a sales video we put together to talk about some of the benefits VoIP can offer:
Computer Troubleshooters is now sharing its computer expertise in another medium for its customers. Online! Computer Troubleshooters now has its own blog, which we hope will become a valuable resource for you as you navigate the sometimes complicated world of understanding computers.
Looking for networking tips, how to solve connectivity problems? Or even some more basic tips on how to use Excel or Powerpoint? We’ll be posting tips, suggestions and valuable resource material for your convenience.
We might even blog a little about what’s happening inside Computer Troubleshooters, so check back often.
And while you’re at it, feel free to contact us with your own tips and suggestions on what you would like to read on our new Computer Troubleshooters Blog.
