How to save home PCs for being Zombies by yyx10738

VIEWS: 0 PAGES: 19

									How to save home PCs for being
          Zombies ?
   (Test presentation for Altiris Certified Trainer January 2008)
                         Pascal Kotté
                       pk@adventis.ch


(c) 2008 - Free usage as long logo & name keep in there
Summary
  Be a fighter against Zombie PCs
   1. What ?
          How this coming
   2. Why ?
          Sources
          Risks
   3. How fighting?
  Audience: IT professional (any job) people or « clever »
  PC users, at Home.
01- What is a PC Zombie?

  Botnet = Network of Zombies
     are build from hackers group
     Zombie = Infected computers with a « bot »
     (like a Trojan virus, not a simple “spyware”)
  How this curse is coming on PCs:
     Just plug a PC on Internet with ADSL/Cable using USB cable,
     because giving a public IP*.
     Just navigate on Internet pages, read emails…
     Just download or receive funnies, cheat codes, …
     …




                     * That is like a published phone number every body can call
                   Instead of, MUST use a « pivate IP address » for your PC
02- Why is it the War?

In the years 80, Hackers are “heroes” (like )
    Joke programs
    Disruptives or destructives (for publicity )
    For fun…
Nowadays: Professional thieves
    Money is the motivation
    High technical skills
    Underground activities on pirated PCs:
    that is “Zombie”
What are the risks?

SPAMbot
    70+% Email = SPAM
    70+% SPAM are
    from Zombie
For commercial use
For commercial abuse
… Or pure thieving
For « Phishing »
…




                        Image from Wikipedia.org (GNU licence)
Risk: Phishing sample
The threads from “bots”
   “Botnet” can also DOS attack or decrypt
      Deny Of Services, overload network/systems
      (2004: Microsoft, Google, was out during 2 hours)
      Mass CPUs can crack crypted data…
      …
   Hijacking the home PC
       Masquerade user Web secured Ebanking & substitute
       transactions to take your cash…*
       Next generation phishing (will identify your bank…)
   … Never end story, we just start now…




              * You can recover a bad use of your credit card number, not this piracy!
03- How we can fight ?

  Throw away USB internet connectivity
  Do you… Windows update ?
     Or Microsoft update ?
     Acrobat update? Winzip update? Altiris update?
         Activate your SVS* layers & update them ?
  Do you… keep on your PC at night?
        Don’t forget to update also your Emule & co…
  Do you… use admin to work on your PC ?
     Also to navigate the Web ?
         DO: runas /profile /user:simple “Firefox.exe”




                          * SVS = Altiris Software Virtualization Solution
How To protect – using tools
  Firewall, antiSpy, antivirus
      Symantec SEP11 or a Free solution &:
          DO: Close port 6667 (IRC)
  VMware (GSX for free, VMplayer also)
        Use NAT network option for LAN card
        Install your ebanking
        Never use for navigate elsewhere
        Microsoft update & protect like your PC
  Altiris SVS (for free at home)
           Internet Explorer - Reset On Close (18 Kb)
           http://svsdownload.com/
Lab

    Activate “Microsoft update” versus
    “Windows update”

…

do it yourself at home !

http://update.microsoft.com
04- Conclusion

  It is you now to be part of the fighters !
  Go now on most homes you can, and:
    1. Save important files & reinstall their PC from original CD/DVD
    2. Update “offline” with latest SP*
    3. Drop any “USB like” Internet access,
        replace/plug with an “Ethernet” NAT Box
    4. Apply all you learn before
  Thanks in advance for your involving in this war




                                     *SP = Service Pack -current v3 for XP)
 Thanks, Danke, Gracias, Merci !

   Pascal KOTTÉ
      Senior consultant, Altiris Certified Engineer & Trainer
      pk@adventis.ch, +41 79 309 28 86.
   www.bemore.ch
   www.adventis.ch
Personal contact:
   pascal@kotte.net
Please join the Fight:
report your actions/track/feedbacks/KB at:
       NoZombie@kotte.net
Annexes
Do you think I am a joker or just
alarming for a little?
« Up to a quarter of online computers are virus-infected components in
botnet networks of PCs under the control of hackers, according to net
luminary Vint Cerf. Cerf, who co-developed the TCP/IP protocol, compared
the spread of botnets to a disease that has reached "pandemic"
proportions. Cerf estimated that between 100 million and 150 million of the
600 million PCs on the internet are under the control of hackers. »
« Hamadoun Toure, secretary general of the International
Telecommunication Union said greater co-operation between regulators,
government, security firms, telecom providers, and end users was needed.
»

World Economic Forum in Davos, Switzerland, January 2007.
En Français
Vous croyez que j’exagère ?
(Janvier 2007, Conférence à Davos)
« Vinton Cerf, grand spécialiste du réseau, président de l'ICANN,
et co-inventeur du protocole de communication Internet TCP/IP,
estime que probablement ¼ des PCs connectés à Internet sont
des Zombies, soit 100 à 150 Millions de PCs sur les 600
millions. »
« Hamadoun Toure, le secrétaire général de l'UIT (Union
internationale des télécommunications), a déclaré que la guerre
contre les zombies ne serait gagnée que si les gouvernements,
les fabricants informatiques, et les usagers faisaient alliance. »
Tools (Free)
  Windows defender (Microsoft)
  Spybot S&D
  Spybot - Search & Destroy can detect and remove spyware of different
  kinds from your computer.
  Ad-Aware SE Personal
  Ad-Aware SE Personal is a tool freely available for personal use on
  Windows platform machines
  SpywareBlaster, HiJack This, X-Cleaner
  XP-AntiSpy, (tools for quick disabling undesired services)
  IE-SPYAD
  IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of known
  advertisers, marketers, and spyware pushers to the Restricted sites zone of
  Internet Explorer
FireWall (that is an old list, sorry)

 ZoneAlarm
 Millions of users have selected ZoneAlarm as their trusted Internet security
 solution.
 Kerio Personal Firewall
 Kerio Personal Firewall 4 is FREE for home
 Omniquad Personal Firewall
 Omniquad Personal Firewall is freely available and contains the ability to
 monitor inbound and outbound traffic.
 Outpost Firewall FREE
 Agnitum makes a scaled down version of their Outpost Firewall Pro 2.5
 Sygate Personal Firewall, now integrated into
 Symantec Endpoint Protection (version 11 in 2007/2008)
 … not limitative list …
A few References
What Is A Bot?
http://netsecurity.about.com/od/frequentlyaskedquestions/qt/pr_bot.htm
Bot Networks
http://www.schneier.com/blog/archives/2006/07/bot_networks.html
UK is top of the bots (03.2005)
http://www.continuitycentral.com/news01804.htm
Zombie PC army responsible for big name web blackout (June 2004)
http://software.silicon.com/malware/0,3800003104,39121439,00.htm
Botnet 'pandemic' threatens to strangle the net
http://www.theregister.co.uk/2007/01/26/botnet_threat/
Zombie computer (EN)
http://en.wikipedia.org/wiki/Zombie_computer
Machine zombie (FR)
http://fr.wikipedia.org/wiki/Machine_zombie

Just google it!
Thanks

 Michael Desmond (About, NewYorkTime)
 Tony Bradley (PCWorld, NewYorkTime)
 Bruce Schneier (BT Counterpane)
 And all others unknown warriors…

 Images from « Google image search » or Wikipedia project
 (should be free use ;-)

								
To top