HS Software

Homeland Security Officials Warn Hazardous Software Targeting Networks

JEFFERSON CITY, December 22, 2005—As new computers are purchased this holiday season, homeland security officials alert computer users to the vulnerabilities their networks may face.

According to Department of Homeland Security (DHS), Trojan Horse software is the biggest threat to computer users and networks. The software was first discovered in May 2005 as top companies in the country were targeted. The software masquerades itself as a friendly application as it embeds links to websites that download malicious codes.

In one case, a company employee received an e-mail containing what appeared to be a legitimate business proposal from a reputable company. On opening the proposal, hidden software surreptitiously installed a keylogger -- which captures and stores all keystrokes a user makes -- on the computer.

Homeland Security Coordinator Paul Fennewald said although the software has not surfaced in Missouri, it is important to take cautionary steps. Fennewald said this attack scheme preys on a computer system’s weakest component—the user. He urges all computer users especially businesses, organizations and universities to review the computer security information below and visit the DHS web site at
http://www.us-cert.gov/cas/techalerts/TA05-189A.html

“While firewall programs deflect direct attacks, email provides a vulnerable route into an organization’s internal network through which attackers can destroy or steal information,” Fennewald said. “This is a dangerous yet accessible tool for hackers, since employees usually do not think twice about opening an e-mail from a co-worker or their help desk.”

DHS tips to protect against computer hackers:
· Train and make yourself and other network users aware of attack techniques and safe web browsing practices.
· Perform a thorough review of operational needs to determine the types of required attachments. Implement a default deny rule, allowing only those attachment types with a verifiable business need and associated approved software. Block all other attachments.
· Block e-mail that does not originate from an internal e-mail server and claims to be from the “same domain” (same .gov, .com, .mil, .org, etc) email address.

Users should be wary of emails with any of the following characteristics:

· E-mail messages written as if they are part of an ongoing conversation, but the user was never part of the original thread.
· E-mail messages disseminated by people or organizations with whom the user has never had contact or that entice the user to click on a link or open an attachment for more information.
· E-mails with attachments the user was not expecting. This can be any type of attachment, including files with common extensions, such as “.doc” for Microsoft Word files, “.jpg” for photo files, and “.wmv” for video files.
· E-mails that claim to originate from someone familiar to the user, but the “from” displays differently than in previous messages, such as with a misspelled name or only an email address instead of the sender’s name.
· E-mail messages crafted to display the entire body as one big hyperlink, so that if you click anywhere in the body, it will try to open a web page or download an item.
· E-mail messages that do not display the recipient in either the “to:” or “cc:” fields, or have unfamiliar people in the “to:” field.

For more information regarding security problems associated with holiday purchases, please contact Terri Durdaller at (573) 751-4819.

*News Release*
*Public Safety*	Matt Blunt, Governor	Mark James, Director
FOR IMMEDIATE RELEASE For more information, please contact: Terri Durdaller Communication Director Work:(573) 751-4819 Cell: (573) 301-2023
Homeland Security Officials Warn Hazardous Software Targeting Networks JEFFERSON CITY, December 22, 2005—As new computers are purchased this holiday season, homeland security officials alert computer users to the vulnerabilities their networks may face. According to Department of Homeland Security (DHS), Trojan Horse software is the biggest threat to computer users and networks. The software was first discovered in May 2005 as top companies in the country were targeted. The software masquerades itself as a friendly application as it embeds links to websites that download malicious codes. In one case, a company employee received an e-mail containing what appeared to be a legitimate business proposal from a reputable company. On opening the proposal, hidden software surreptitiously installed a keylogger -- which captures and stores all keystrokes a user makes -- on the computer. Homeland Security Coordinator Paul Fennewald said although the software has not surfaced in Missouri, it is important to take cautionary steps. Fennewald said this attack scheme preys on a computer system’s weakest component—the user. He urges all computer users especially businesses, organizations and universities to review the computer security information below and visit the DHS web site at http://www.us-cert.gov/cas/techalerts/TA05-189A.html “While firewall programs deflect direct attacks, email provides a vulnerable route into an organization’s internal network through which attackers can destroy or steal information,” Fennewald said. “This is a dangerous yet accessible tool for hackers, since employees usually do not think twice about opening an e-mail from a co-worker or their help desk.” DHS tips to protect against computer hackers: · Train and make yourself and other network users aware of attack techniques and safe web browsing practices. · Perform a thorough review of operational needs to determine the types of required attachments. Implement a default deny rule, allowing only those attachment types with a verifiable business need and associated approved software. Block all other attachments. · Block e-mail that does not originate from an internal e-mail server and claims to be from the “same domain” (same .gov, .com, .mil, .org, etc) email address. Users should be wary of emails with any of the following characteristics: · E-mail messages written as if they are part of an ongoing conversation, but the user was never part of the original thread. · E-mail messages disseminated by people or organizations with whom the user has never had contact or that entice the user to click on a link or open an attachment for more information. · E-mails with attachments the user was not expecting. This can be any type of attachment, including files with common extensions, such as “.doc” for Microsoft Word files, “.jpg” for photo files, and “.wmv” for video files. · E-mails that claim to originate from someone familiar to the user, but the “from” displays differently than in previous messages, such as with a misspelled name or only an email address instead of the sender’s name. · E-mail messages crafted to display the entire body as one big hyperlink, so that if you click anywhere in the body, it will try to open a web page or download an item. · E-mail messages that do not display the recipient in either the “to:” or “cc:” fields, or have unfamiliar people in the “to:” field. For more information regarding security problems associated with holiday purchases, please contact Terri Durdaller at (573) 751-4819.
More Public Safety News