How to fight cheap malicious hack tools (methods that are not available in any IT Courses)

Reading another shocking note posted on our IT Professional Linkedin Group

(available at their blog here:

https://infosecisland.com/blogview/4160-CRiMEPACK-Zombie-Exploit-Gets-Upgrades.html )

about another easy and cheap way that criminals

can use to hack their way into your precious data, I was thinking

How can we turn this unsolveable situation around?

Here is what I cam up with…let me know what you think…

The main question for us, the good guys is how can we fight that
“ease of use”.

Looking at it from the Sun Tzu’s “Art of War” point of view
and employing “go where the crowds aren’t” and
“if you can’t fight them, confuse them”…

I’d say maybe instead of defending, maybe we should create programs that
feed false data into malicious programs.

Only “authenticaed” processes will get feeded with real data.

Not easy at all, and requires a major mind shift, but maybe worth a look at…

Another option is to spread “malicious” copies of the malicious software that
once activated, reports all the details and activity of the operator.
Let them taste a bit of their own food!

Anyway, my way out of this massive problem, is “if you want to beat them,
think like them” (like done in the wonderful “Ender’s Game” book).

Let me know what you think…

P.S.

Here are links to Audio copies of Sun Tzu’s “Art of War” and free Audio book Coupon:

Bookmark It

Hide Sites

I was doing my regular daily security alert review when my eye caught this message:

Hackers have used advanced SEO (search engine optimization) techniques to have

their link appear on top of Google search results for searches related to “labor day”.

Imagine this: You live in the US, you just got your labor day vacation rolling, you pick up

a cool bear from the frig and head on to your laptop to stroll around the web, looking

for labor day deals. You always tend to buy when you are on vacation…right?

And then you see this nice link in Google search, click on it, and damn! It takes

you to web page warning you that your computer is infected with Viruses.

It then invites you to download a new Anti Virus – the best they have.

All this happens as you are pooling your credit card to get ready and buy something.

Shi*** you say, I can’t put my credit card online if I have a Virus.

Why didn’t that damn Anti Virus program I have warn me about that Virus.

And then you might actually download the new Anti Virus mentioned there and actually

get a Virus or a Trojan installed on your computer…

There are many reports showing that a large percentage of malicious computer programs

are built and set to gather personal data that will be used later on by organized crime

groups – yeh, people used to call it the “Mafia”.

My question to you is, how many times you think the Mafia takes Google each week?

How would you teach your friends get protected from those threats?

Maybe tips such as:

1. Consider shopping in web sites you already know and have in your bookmarks.

2. Even if you use Google or other search engine to look for deals, write down the details of the deal

and then search those details in the specific site they belong to (eBay, Best Buy, whatever)

3. Use tools that I sent you in the past such as Mcaffee Site Advisor.

4. Do not ACT according to websites you visit accidentally if  they warn that your computer is in danger.

I do not know a legitimate site that would do that. If you have concerns about your Anti Virus,

try out a new one, by looking in Computing Magazines

How should Google fight this using its IT Infrastructure?

Maybe incorporate Fraud Detection Tools in its search engine filter?

Create partnerships with Security Firms?

Start viewing its customer’s security as important as its search relevancy?

What do you think?

Bookmark It

Hide Sites