ITJuju.com

A few days ago while catching up on my back log of emails – I came across a newsletter issue by a very big info publisher.

The main article of the newsletter was about their “battle” against a piece of malicious software that had compromised a number of their machines as well as their web server.

It never ceases to amaze me when people who should know better make one or two basic rookie mistakes. What struck me, was the level of mistakes that were detailed.

First major mistake was :

“If you take the proper precautions – like using reputable anti-virus and malware protection software – this is a one-in-a-million occurrence. And the possibility of contracting a virus is certainly not a reason to get scared away from doing business online.”

Here’s the reality, all the antivirus/malware/spyware/adware/whatever are just a false sense of security. The software is basically band aids, and just like band aids they can become lose, fall off or become infected making what it’s protecting even worse.

Also the words “reputable”, “anti-virus” and “protection software” should not be used in the same sentence – very few antivirus software companies can be considered reputable. Especially after the debacle that is the Sony BMG rootkit. In that case only FSecure can be considered reputable.


Rookie mistake continued:

“This particular Trojan/Virus has a way of infecting a computer without being detected by anti-virus software,”

When I read that I thought to myself: “no sh*t” – that’s the trend, their only following what Sony did with their root kit.

Also, last year the Limbo 2 Trojan was released with the claim by it’s maker of being undetectable by the top 10 antivirus software products.

Next rookie mistake:

“It works by first infecting your computer, and then infecting your website using login criteria it steals from your FTP client. (FTP is a software used to upload and download pages from your Web server.) It then begins to upload infected Web pages to your server without you knowing it!”

From the above it sound as if their just using standard old school FTP. Lets clear a couple of bits up before we continue.

FTP is not software it is a means of transferring files to and from computers.

FTP clients are software which implement the File Transfer Protocol which is what FTP stands for.

FTP was originally designed without the use of encryption which means that when you connect to a server (the term applied to a computer, which is setup to do a specific task – in this case host web sites).

The usernames and passwords are sent in clear text – a good example is to think of it like sending your credit card details to a business your buying something from – on the back of a post card, all out in the open for everyone to see and copy. The same applys to FTP.

A secure version of FTP has been available for use on most servers for a good 5 years now. Windows being the exception, where you have to install FTP software which has secure FTP capabilities. If you use say a GNU/Linux or Solaris or BSD or other UNIX based server, then your more than likely good to go.

Most modern FTP client software is designed to handle secure FTP – all you have to do is change the connection settings from using standard FTP to either secure FTP or SFTP (some clients use different terms for the same thing).

Simply put – there is no real excuse to not using secure FTP, the only difference between secure FTP and plain old FTP is that one is secure and the other is not. Which could have prevented their server from being compromised – although I suspect that there is more to it, as the information published is very limited.

Final mistake:

“The first thing we did was change ALL the passwords on every site we hosted on the server. Once they were changed, the virus had no way to upload itself to the server.

***** and I then ran around to every computer in the office (more than 20) and installed virus protection software called Avast! Antivirus. This was the only software we could find that detected this Trojan/Virus.

Once everyone’s computer was clean, I proceeded to clean out the files on the server.”

At least they changed their passwords, which is always a good thing to do every month.

The mistake they made was not wiping every machine that was infected and doing a fresh install of all the software.

This is an area which sets the pros apart from everyone else.

Once a machine is compromised, it’s always compromised.

No ifs or buts, even if the antivirus software says the machine is clean. You can never trust that machine, the malicious software may have created “back doors” that are not known about, it may have install other software that isn’t known about as well.

The only real way to ensure that the machine is clean is to wipe the hard drive and reinstall every thing from scratch.

Scorched earth policy if you will.

On the flip side – once all the machines are ready to use again, they will be a lot faster than they were before the rebuild.

If you’d like to be kept up to date on the real security issues affecting
online as well as offline businesses – and what you can do about it.

Signup to the exclusive No B.S Computer Secrets e-Letter…

Just enter your first name and valid email address below,
then click the “Gimme Those Secrets!” button.

Your Name:
Your E-Mail:

If you need help with an IT problem you can now pick my brains for free by getting yourself a Free Question Coupon.