If you aren’t sure how to transpose the normal characters in a word to alternate characters that look similar, you can use a tool like L33t-5p34K G3n3r@t0r available from a number of sites if you simply search for it on Google.You can also visit www.transl8it.com, but the translations are not as consistently good as those created with L33t-5p34K G3n3r@t0r. If you can’t come up with a good phrase or password on your own, you can use a tool like the Secure Password Generator on the winguides.com Web site (www.winguides.com/security/password.php).The Secure Password Generator (see Figure 2.2) has check boxes to let you select the number of characters in your pass- word, whether to use uppercase letters, numbers, or punctuation, and whether to allow a character to repeat.You can also tell it to create up to 50 passwords at one time and then select the one you prefer from the list in case you are concerned that winguides.com will know your password. Figure 2.2 The Secure Password Generator Password Cracking Password-cracking utilities use three methods for attempting to break a password. The simplest and the fastest—assuming that your password is a word that might be found in a dictionary—is called the Dictionary Attack.The Dictionary Attack tries every word in the dictionary until it finds the right one for the username trying to be accessed. www.syngress.com Passwords • Chapter 2 35 413_Sec101_02.qxd 10/9/06 4:56 PM Page 35 The second method used to break passwords is called a Brute Force Attack.The Brute Force Attack will try literally every possible combination sequentially until it finds the right combination to authenticate the username trying to be accessed.The Brute Force Attack will attempt to use lowercase letters, uppercase letters, numbers, and special characters until it eventually stumbles onto the correct password. The third method is called a Hybrid Attack.The Hybrid Attack combines the Dictionary Attack and the Brute Force Attack. Many users will choose a password that is in fact a dictionary word, but add a special character or number at the end. For instance, they might use “password1” instead of “password.”A Dictionary Attack would fail because “password1” isn’t in the dictionary, but a Brute Force Attack might take days depending on the processing power of the computer being used. By combining a Dictionary Attack with a Brute Force Attack, the Hybrid Attack would be able to crack this password much faster. Given enough time and resources, no password is 100% unbreakable. Some pass- word-recovery utilities may have success where others fail, and a lot depends on the processing horsepower of the machine attempting to crack the password (see the sidebar on p. 38). Just like the lock on your home or car door—the idea is to make it difficult to get in, not impossible. A professional thief can probably still pick your lock in under a couple minutes, but the average person will be deterred by a lock and even thieves of moderate skill may be dissuaded by more complex or intricate lock systems. The goal isn’t to come up with a password that is unbreakable—although that would be nice as well.The goal is to create a password that you can remember but that the average person won’t be able to guess based on knowing a few details about your life and that would take so long to crack using a password-recovery utility that a hacker of moderate skill would be dissuaded. In the end, someone skilled or dedi- cated enough could still find a way to break or go around your password, which is one of the reasons this is not the only defense mechanism you will use. Aside from coming up with strong passwords, it is also important to change your passwords on a regular basis. Even if you have done everything possible to protect your passwords, it is still possible that through a security breach on a server or by an attacker intercepting network traffic, that your password could be intercepted or cracked. I would recommend that you change your passwords every 30 days at a minimum. Storing Your Passwords Obviously, having 70, 20, or even 5 different passwords at a given time can be diffi- cult to keep track of. It becomes more complex when different Web sites or pro- www.syngress.com 36 Chapter 2 • Passwords 413_Sec101_02.qxd 10/9/06 4:56 PM Page 36 grams restrict the number and types of characters that you can use for your pass- words, or require that you change your password very frequently.These are some of the reasons why so many people resort to tracking their usernames and passwords in a text file (.txt) using Notepad or a small spreadsheet file (.xls) using Excel. In spite of the energy that security experts expend to convince people not to write down their passwords or store them in files on their computer, their advice goes largely unheeded. So, if you find that you’re not going to be able to remember all the passwords you create, at least try to store them as securely as possible.To that end, I recommend using a free software package such as Password Safe (http://pass- wordsafe.sourceforge.net/) or Roboform (www.roboform.com/), to help you main- tain your passwords more securely. Password Safe, an open-source password-management utility (shown in Figure 2.3), is available for free from Sourceforge.net. Figure 2.3 Store Passwords Securely in Password Safe One Super-Powerful Password Do you want to prevent people from even starting up your computer? You can pass- word protect your entire computer by setting a password in the BIOS. What is the BIOS? The operating system, such as Windows XP, enables your different programs www.syngress.com Passwords • Chapter 2 37 413_Sec101_02.qxd 10/9/06 4:56 PM Page 37 and applications to work on the computer.The BIOS, or Basic Input/Output System, is the brain of the motherboard that controls the inner workings of the computer.The BIOS is typically contained in a chip on the motherboard. Tools & Traps… Cain & Abel Version 2.5 Using a freely available password recovery utility called Cain & Abel Version 2.5, I was able to discover the passwords shown in Table 2.1 in the following time- frames using an AMD 2500+ CPU with 512 MB of memory. Table 2.1 Results of a Password Search Using Cain & Abel Version 2.5 Password Attack Time john Dictionary <1 minute john4376 Dictionary attack failed Brute >12 hours j0hN4376%$$ Dictionary attack failed Brute attack failed Once you set a BIOS password, the computer will be completely useless to anyone who does not first enter the correct password.They won’t even be able to begin trying to guess or crack your operating system or file passwords, because without the BIOS the computer cannot even start loading the operating system. To configure the BIOS you typically press the F1 or DEL keys while the com- puter is booting up.The exact key to press varies from computer to computer.You should see a message when the computer first begins to boot, letting you know which key to press to enter the “Setup” screen. For details about accessing the BIOS and how to configure it, check your computer owner’s manual. www.syngress.com 38 Chapter 2 • Passwords 413_Sec101_02.qxd 10/9/06 4:56 PM Page 38 Summary Passwords are one of the most essential tools for protecting your data. In this chapter you learned about the important role that passwords play and some of the adverse affects that can occur if someone obtains your password. To prevent an attacker from being able to guess or crack your passwords, you learned how to create stronger, more complex passwords, and how to use passphrases to generate even more complex passwords that you can still remember. Lastly, this chapter covered some tools that you can use to securely store and track your passwords when remembering them all just seems too difficult, and how to lock access to your computer entirely by using a BIOS password. Additional Resources The following resources provide more information on passwords and password man- agement: ■ Bradley,Tony. Creating Secure Passwords. About.com (http://netsecurity.about.com/cs/generalsecurity/a/aa112103b.htm ). ■ Creating Strong Passwords. Microsoft Windows XP Professional Product Documentation (www.microsoft.com/resources/documentation/win- dows/xp/all/proddocs/en-us/windows_password_tips.mspx?mfr=true). ■ RSA Security Survey Reveals Multiple Passwords Creating Security Risks and End User Frustration. RSA Security, Inc. Press Release. September 27, 2005 (www.rsasecurity.com/press_release.asp?doc_id=6095). ■ Strong Passwords. Microsoft Windows Server TechCenter. January 21, 2005 (http://technet2.microsoft.com/WindowsServer/en/Library/d406b824- 857c-4c2a-8de2-9b7ecbfa6e511033.mspx?mfr=true). ■ To Manage Passwords Stored on the Computer Microsoft Windows XP Professional Product Documentation (www.microsoft.com/resources/docu- mentation/windows/xp/all/proddocs/en- us/usercpl_manage_passwords.mspx?mfr=true). www.syngress.com Passwords • Chapter 2 39 PV27 413_Sec101_02.qxd 10/9/06 4:56 PM Page 39 413_Sec101_02.qxd 10/9/06 4:56 PM Page 40 Viruses, Worms, and Other Malware Topics in this chapter: ■ Malware Terms ■ The History of Malware Chapter 3 41  Summary  Additional Resources 413_Sec101_03.qxd 10/9/06 3:14 PM Page 41 Introduction There are more than 200,000 reasons for you to learn the information in this chapter. McAfee, maker of security and antivirus software, recently announced that it has identified and created protection for its 200,000th threat. It took almost 18 years to reach the 100,000 mark, but that number doubled in only two years. Fortunately for computer users, McAfee’s growth rate for identifying threats has slowed now. Viruses rank with spam as one of the most well-known threats to computer security. Notorious threats—such as Slammer, Nimda, and MyDoom—even make headline news. Just about everyone knows that a computer virus is something to be actively avoided.This chapter will show you how to do that, by teaching you: ■ Common malware terms ■ The threat of malware ■ How to install and configure antivirus software ■ How to keep your antivirus software up-to-date ■ How not to get infected ■ What to do if you think you’re infected Malware Terms Viruses and worms are two well-known types of malicious software. Many threats combine elements from different types of malicious software together,These blended threats don’t fit into any one class, so the term malware, short for malicious software,is used as a catch-all term to describe a number of malicious threats, including viruses, worms, and more. Malware presents arguably the largest security threat to computer users. It can be confusing to understand what the difference is between a virus and a Trojan, but these explanations should help: ■ Virus A virus is malicious code that replicates itself. New viruses are dis- covered daily. Some exist simply to replicate themselves. Others can do serious damage such as erasing files or even rendering the computer itself inoperable. ■ Wo r m A worm is similar to a virus.They replicate themselves like viruses, but do not alter files like viruses do.The main difference is that worms reside in memory and usually remain unnoticed until the rate of replication reduces system resources to the point that it becomes noticeable. www.syngress.com 42 Chapter 3 • Viruses, Worms, and Other Malware 413_Sec101_03.qxd 10/9/06 3:14 PM Page 42 ■ Trojan A Trojan horse got its name from the story of the Trojan horse in Greek legend. It is a malicious program disguised as a normal application. Trojan horse programs do not replicate themselves like a virus, but they can be propagated as attachments to a virus. ■ Rootkit A rootkit is a set of tools and utilities that a hacker can use to maintain access once they have hacked a system.The rootkit tools allow them to seek out usernames and passwords, launch attacks against remote systems, and conceal their actions by hiding their files and processes and erasing their activity from system logs and a plethora of other malicious stealth tools. ■ Bot/Zombie A bot is a type of malware which allows an attacker to gain complete control over the affected computer. Computers that are infected with a bot are generally referred to as zombies. The History of Malware Every year seems to mark a new record for the most new malware introduced, as well as the most systems impacted by malware.The year 2003 was not only a record- setting year for malware but also the 20th anniversary of computer viruses. In 1983, graduate student Fred Cohen first used the term virus in a paper describing a program that can spread by infecting other computers with copies of itself.There were a handful of viruses discovered over the next 15 years, but it wasn’t until 1999, when the Melissa virus stormed the Internet, that viruses became common knowledge. Since then, there have been a number of high-profile viruses and worms which have spread rapidly around the world. Code Red, Nimda, Slammer, and MyDoom are virtually household words today.The number of new malware threats and the speed at which the threats spread across the Internet has grown each year. The Brain virus was the first virus designed to infect personal computer systems. It was introduced in 1986, at a time when the general public didn’t know what the Internet was and the World Wide Web had not even been created. It could only spread to other computers by infecting floppy disks that were passed between users and therefore had much less impact. Compare that with more recent threats such as SQL Slammer which, by spreading through the Internet to the millions of computers now connected to it, was able to infect hundreds of thousands of computers and cripple the Internet in less than 30 minutes. www.syngress.com Viruses, Worms, and Other Malware • Chapter 3 43 413_Sec101_03.qxd 10/9/06 3:14 PM Page 43 Are You Owned? SQL Slammer In January 2003, the SQL Slammer worm stunned the world with its raw speed. Exploiting a vulnerability that had been identified more than six months earlier, the worm was able to infect more than 75,000 systems in less than ten minutes. The sheer volume of traffic generated by this worm, as it replicated and continued to seek out other vulnerable systems, crippled the Internet by over- whelming routers and servers to the point that they could no longer communi- cate. The effects of SQL Slammer went as far as impacting personal banking in some cases. ATM machines require network communications to process transac- tions. With the impact of SQL Slammer, the network was unavailable and the ATM system for some banks was effectively shut down. Gone are the days when new threats were few and far between and had no simple means of propagating from system to system.The explosion of the Internet and the advent of broadband Internet service mean that there are millions of com- puters with high-speed connections linked to the Internet at any given moment. With millions of potential targets, it is almost a guarantee that at least a few thousand will fall victim to a new threat. As we discussed earlier in the book, when you are on the Internet you are a part of a worldwide network of computers.You have a responsibility to the rest of us sharing the network with you to make sure your computer system is not infected and spreading malware to everyone else. It is much less of a headache and a lot easier in the long run to proactively make sure your system is secure and to protect your- self by installing antivirus software to detect and remove threats such as these before they infect your computer system. Protect Yourself with Antivirus Software The term antivirus is a misnomer of sorts. Antivirus software has evolved to include many other security components. Depending on the vendor, the antivirus software may also contain anti-spyware tools, anti-spam filtering, a personal firewall, and more. In fact, recently the major security vendors such as McAfee and Trend Micro www.syngress.com 44 Chapter 3 • Viruses, Worms, and Other Malware 413_Sec101_03.qxd 10/9/06 3:14 PM Page 44 [...]... other time when you won’t be using your computer Scanning your entire computer system usually hogs a lot of the computer s processing power and makes using it difficult while the scan is running www.syngress.com 4 13_ Sec101_ 03. qxd 10/9/06 3: 14 PM Page 47 Viruses, Worms, and Other Malware • Chapter 3 Figure 3. 3 Manual Scan Configuration for Trend Micro PC-cillin Internet Security 2006 The third form of detection... www.syngress.com 4 13_ Sec101_ 03. qxd 10/9/06 3: 14 PM Page 51 Viruses, Worms, and Other Malware • Chapter 3 whim.Thankfully,Trend Micro provides a free Web-based scan called HouseCall (see Figure 3. 5) If all else fails, you should be able to get your system cleaned up using this service Figure 3. 5 Trend Micro’s HouseCall www.syngress.com 51 4 13_ Sec101_ 03. qxd 52 10/9/06 3: 14 PM Page 52 Chapter 3 • Viruses, Worms,... your computer Great! Now you can close the book and go back to watching Everybody Loves Raymond reruns, right? Unfortunately, no www.syngress.com 47 4 13_ Sec101_ 03. qxd 48 10/9/06 3: 14 PM Page 48 Chapter 3 • Viruses, Worms, and Other Malware Tools & Traps… Subscription-Based Antivirus Software It doesn’t have to cost a fortune to protect your computer Generally, antivirus software and personal computer security. .. away even when you aren’t doing anything on the computer? Does your system freeze up or crash all of a sudden? www.syngress.com 49 4 13_ Sec101_ 03. qxd 50 10/9/06 3: 14 PM Page 50 Chapter 3 • Viruses, Worms, and Other Malware All of these are potential signs that your computer system might be infected with some sort of malware If you have suspicions that your computer may be infected, you should run a manual... you can also enable outbound scanning to try and catch any malicious code which might be coming from your computer www.syngress.com 45 4 13_ Sec101_ 03. qxd 46 10/9/06 3: 14 PM Page 46 Chapter 3 • Viruses, Worms, and Other Malware Figure 3. 2 McAfee VirusScan Options The manual scan is a scan run on your computer to check the files that are already on it and make sure none of them are infected.These scans can... automatic updates for your application Keep in www.syngress.com 4 13_ Sec101_ 03. qxd 10/9/06 3: 14 PM Page 49 Viruses, Worms, and Other Malware • Chapter 3 mind that the computer needs to be turned on and connected to the Internet in order for the software to be able to connect and download the updates, so pick a time of day that you know the computer will be connected How Not to Get Infected Running up-to-date... December 9, 20 03 (www.msnbc.msn.com/id /36 75891/) ■ HouseCall Trend Micro Incorporated’s Products Web Page (http://housecall.trendmicro.com/) ■ Malicious Software Removal Tool Microsoft’s Security Web Page, January 11, 2005 (www.microsoft.com /security/ malwareremove/default.mspx) ■ W32/CodeRed.a.worm McAfee, Inc.’s AVERT Labs Threat Library (http://vil.nai.com/vil/content/v_99142.htm) ■ W32/Mydoom@MM McAfee,... (http://vil.nai.com/vil/content/v_1009 83. htm) ■ W32/Nimda.gen@MM McAfee, Inc.’s AVERT Labs Threat Library (http://vil.nai.com/vil/content/v_99209.htm) ■ W32/SQLSlammer.worm McAfee, Inc.’s AVERT Labs Threat Library (http://vil.nai.com/vil/content/v_99992.htm) ■ Virus Removal Tools McAfee, Inc.’s Virus Information Web Page (http://us.mcafee.com/virusInfo/default.asp?id=vrt) www.syngress.com 4 13_ Sec101_04.qxd 10/9/06 3: 18 PM Page 53 Chapter...4 13_ Sec101_ 03. qxd 10/9/06 3: 14 PM Page 45 Viruses, Worms, and Other Malware • Chapter 3 have moved to marketing their products as a security suite, rather than simply antivirus software Typically, antivirus software will detect and protect you from viruses, worms, Trojan... e-mail messages, spyware programs, and program exploits As you can see in Figure 3. 1, the Trend Micro PC-cillin software includes scanning for a variety of threats.You should take the time to understand what your security software does and does not protect your computer against Figure 3. 1 Trend Micro PC-cillin Internet Security Software Most antivirus software includes three basic types of scanning: . minutes. www.syngress.com Viruses, Worms, and Other Malware • Chapter 3 43 4 13_ Sec101_ 03. qxd 10/9/06 3: 14 PM Page 43 Are You Owned? SQL Slammer In January 20 03, the SQL Slammer worm stunned the world with its raw. L33t-5p34K G3n3r@t0r. If you can’t come up with a good phrase or password on your own, you can use a tool like the Secure Password Generator on the winguides.com Web site (www.winguides.com /security/ password.php).The. code which might be coming from your computer. www.syngress.com Viruses, Worms, and Other Malware • Chapter 3 45 4 13_ Sec101_ 03. qxd 10/9/06 3: 14 PM Page 45 Figure 3. 2 McAfee VirusScan Options The