Blueshell Blog

An operating system is the interface between you and the computer, so whenever you issue a command or click an icon it is the operating system that converts your instruction into a command the computer understands. The operating system also manages the computers resource’s such as access to the disk drive or memory for the processor so it is a key part of any computer and the way it works. The way an operating system is configured can have a dramatic impact on your computers speed and efficiency.

There are several operating systems, which could be categorized as follows

Windows (previous to that DOS which stands for disk operating system)

Linux

Unix

VMS

AS400

Windows is the operating system most people will be familiar with although in more recent times with the advent of Linux this is changing. There are several variants of Linux some of the most popular are

Ubuntu

Fedora

Centos

Redhat

Suse

In an recent article by Bdaily business news it was reported that in a recent cyber attack 2 million passwords were stolen of which only 22% were strong. So already I can hear people clicking their mouse and switching off but please bear with me a little while.

It is often said how do they expect me to remember these complex passwords, we all know we like to use words that are easy for us to remember like our names or favorite place. However these are easy to guess for some one so in this article I am going to help you get round this problem.

I am sure we all remember when we were bored at school in math’s lessons say playing with calculators to make words, for example punching in 71077345 then turning the calculator upside down to display shell oil.

How does this help I hear you ask well let me explain

Firstly lets think of a name that’s easy to remember say Albert Einstein, we can use this and just by adding say a dot or hyphen make it harder to guess.

For example our password might be Albert-Einstein or Albert.Einstein easy to remember but a bit more difficult for the hackers to guess. However we can make it even more difficult by changing letters for character or numbers and changing the case of the letters let me break it down and show you what I mean

Letter Replacement character or number

A @ a
L l or 1 or ! or 7
B b or 8
E e or 3 €
R r
T t
E 3 or e €
I I or 1 or !
N n ^
S s 5 $
T t
E 3 or e or €
I I or ! or 1
N n ^

I am sure you are getting the idea, to make it easy all you have to do is make a decision say from now on all my passwords that contain an a I will use the @ symbol and all e’s will be replaced with a 3 . I am sure you can come up with many more e.g. 4 for an h the secret is to choose and remember to always use the same characters to substitute.

Try to make you passwords at least 8 characters long and have 2 upper case letters two lower case letters two numbers and two characters. Never ever reveal your password or the methodology you use or characters you replace as your standard. Whilst nothing is 100 % this will make it harder for hackers to compromise your account.

Please remember it is bad practice to use the same password on all your accounts so to make it easy for you to remember your password for say YouTube you might and “You” as the first 3 letters of your password but remember try to make a substation for example replace the o with a 0 (zero). You don’t have to follow this example you could choose your own prefix or add it at the end of your password or in the middle.

This alert was issued by NCCIC on 2nd of June but only affects windows based systems

National Cyber Awareness System:

TA14-150A: GameOver Zeus P2P Malware
06/02/2014 08:15 AM EDT

Original release date: June 02, 2014
Systems Affected

Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Overview

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011­1, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

Description

GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer2. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.

Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community1. GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data3. Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult1.

Impact

A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.

Solution

Users are recommended to take the following actions to remediate GOZ infections:

Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
Change your passwords – Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.
F-Secure

http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8)

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP systems)

Heimadal

http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)

Sophos

http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)

Symantec

http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)

Trend Micro

http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

References

Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus
Malware Targets Bank Accounts
The Lifecycle of Peer-to-Peer (Gameover) ZeuS
Revision History

Initial Publication

Secure Server Certificates

At Blue Shell we can provide SSL certification services, both the initial registration and on going management.

SSL Certificates are small data files that digitally bind your cryptographic key to an organisations detail. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically SSL is used to secure credit card transactions, data transfer and logins and more recently is becoming the norm when securing browsing of social media sites.

Certificates need to be generated and renewed on a regular basis. This can prove time consuming when performed by inexperienced personnel.

For an informal discussion please to see how we can help.