This is a follow up to last week's note about the Avi Ben Stella hoax/keyword attack.
In spite of three layers of firewalls, a couple of anti-virus software packages, and an alarm that something was trying to get "in" - one of the "Avi Ben Stella" websites did manage to infect my computer.
Fortunately, I do nightly backups and clone my hard drive periodically. Rather than "clean" my system of some bug that my anti-virus software missed the first time, I just wiped out the drive and was back in business in a few minutes.
How?
Step 1: Removed infected drive. My new computer case makes this easy. This took about two minutes because I have a messy desk.
Step 2: Installed spare drive with the most recent clean image. This takes about two minutes because I keep the drive in a fire-proof box, and I stopped by the 'fridge for a soda first.
Now my computer looks just as it did a couple of weeks ago.
Step 3: Installed whatever system updates my software vendors pushed down since I created the backup image. The key updates to get are operating system and anti-virus software. I guess I don't have to do this right away, but why wait? It doesn't hurt that I keep a software update log, but that's way too geeky for most people.
Now my computer is up to date, but my working files are a couple of weeks old.
Step 4: Reload from last night's backup my current working files. I'm now back in business. Later, I'll go back and restore all my files from backup while taking care not to overwrite today's work. I'll let that run overnight because it takes a couple of hours. I have a lot of files.
Total time - <10 minutes.
Total cost - $0.
Preparing for the incident cost me $150 for a spare 1.5 TB drive, $50 for an internal hard drive docking bay, and $50 for imaging and backup software. The docking bay isn't entirely necessary, but it's very convenient because it lets me use hard drives as if they were floppy disks. Remember those?
I also use a spare 500 GB drive salvaged from a failed external Western Digital USB back-up device. I don't count this last item as an expense because I consider Western Digital drives to be worthless anyway. I bought one external 1TB USB Western Digital drive. It failed, I replaced it, and the replacement failed - as did its replacement. Mean-time-between failures: about 12 months. At least Western Digital has great customer service. I use their hardware for paperweights now.
With $200 of back-up hardware, one might ask why not just get a backup computer instead.
I have one.
I set it up for my kids. They don't get hand-me-downs. If my hardware fries, as it has in the past, I want something on which I can run big data jobs. It also serves as the family's digital video recorder and multi-media center. An underpowered box with a creaky old operating system won't do. My kids have the fastest box on the block - next to mine.
I don't believe in using technical failure as an excuse for blown deadlines. I also have three uninterrputed power supplies and a backup generator. No, I'm not a fan of our utility company, either.
Last step: I'll go ahead and wipe the buggy hard drive and load a fresh image on it. That'll take a couple of minutes of my time, but I'll need to let it run overnight. My computer definitely works harder than I do.
© 2009 - Robert Lawton, all rights reserved
Sunday, August 30, 2009
Tuesday, August 25, 2009
Avi Ben Stella - Social Engineering at its "Best"
There’s an "Avi Ben Stella" message going around about a kid in a coma. It's obviously a hoax, but it is more than that. It is a social engineering attack aimed at those who Google suspected hoaxes for more information.
How does this attack sucker the cautious? The "Avi Ben Stella" name is unique, so people who Google it will find the "right" web page - a page loaded with malware which will try to auto-download and infect their computer.
Best bet? As with all other messages of this nature, don't "pass it on". But in this case, don't even Google it.
And yes, I found this out the hard way. I first checked Snopes which listed it as “undetermined”. However, this is a new form of attack, and it's a new message, so I then searched Google in depth. I soon I hit a few of the earliest web pages with this key term. When I did, my firewall went into a frenzy, and I had to close the infected web page via the Task Manager.
So now we have it: a social engineering attack that takes advantage of “safe” behavior – Googling before posting or forwarding "to everyone you know". Those who want to play it safe should forego Googling and stick to trusted sites (like Snopes) and search within those sites for more information. It's not as broad a search, but it's safer.
As far as social engineering goes, it's pretty clever. It’s like infecting condoms with aids before they are used - only those who exercise due care are vulnerable.
Incidentally, this "keyword" approach to steering people to a specific web page has been used for years on auction and dating websites to help customers bypass the site's fee system.
© 2009 - Robert Lawton, all rights reserved
How does this attack sucker the cautious? The "Avi Ben Stella" name is unique, so people who Google it will find the "right" web page - a page loaded with malware which will try to auto-download and infect their computer.
Best bet? As with all other messages of this nature, don't "pass it on". But in this case, don't even Google it.
And yes, I found this out the hard way. I first checked Snopes which listed it as “undetermined”. However, this is a new form of attack, and it's a new message, so I then searched Google in depth. I soon I hit a few of the earliest web pages with this key term. When I did, my firewall went into a frenzy, and I had to close the infected web page via the Task Manager.
So now we have it: a social engineering attack that takes advantage of “safe” behavior – Googling before posting or forwarding "to everyone you know". Those who want to play it safe should forego Googling and stick to trusted sites (like Snopes) and search within those sites for more information. It's not as broad a search, but it's safer.
As far as social engineering goes, it's pretty clever. It’s like infecting condoms with aids before they are used - only those who exercise due care are vulnerable.
Incidentally, this "keyword" approach to steering people to a specific web page has been used for years on auction and dating websites to help customers bypass the site's fee system.
© 2009 - Robert Lawton, all rights reserved
Subscribe to:
Posts (Atom)