Is My Computer a Zombie?
This is a post to guide users through finding out if their machine is acting as a “zombie” to engage in malicious botnet activity without even knowing it. This only applies to Windows users as Mac and Linux users are significantly less susceptible to being infected, if even at all. A great way you can monitor this type of activity is to set up an account at www.projecthoneypot.org and they will send you reports upon your request about suspicious activity occurring on your network. Some symptoms you might notice if you are a part of a botnet are:
1. Your computer is constantly using resources when you actually aren’t using any. Your RAM might be processing information even when idle, your computer is still high in temperature even when idle, or you can hear your hard drive working when idle. Also, don’t confuse these symptoms with just a simply out of date computer.
2. Your network connection is active even though you aren’t running any applications that are accessing the internet, or browsing the internet. An easy way to look for this is to simply go to your task manager and monitor your network performance while idle.
3. You remember falling for a phishing scheme of some sort, or have browsed the internet without
Here is a systematic approach that I have come up with to detect if you are a part of a botnet:
1. Update to the latest definitions and run a full scan of your favorite spyware and virus scanners in SAFE MODE.
I use Spybot Search and Destroy and Lavasoft Ad-Aware for spyware scanners. I also use both Avast! and Threat Fire anti-virus. These are all free products because I am a poor college student, you might have better luck if you actually spent some dough.
2. Restart your computer and don’t open any other applications besides the ones set to run at start up. Go to your command line, start >> run >> “cmd”. Run the command “netstat -n” and see what network connections are being established on your computer. The results are listed in the ip.address:port# format. If you see any unrecognized IP addresses, go to http://ip-lookup.net/ and do a look up on what your computer is actually connecting to. If you are connecting to a computer in Romania or some other foreign country, chances are it is something that you aren’t using for anything productive. On the IP lookup site, you can also see a host name of the suspicious IP and it might turn out to be associated with a legitimate application you are using. The Project Honey Pot site also has a place to lookup an IP address, where it would compare it to any other suspicious activity reported by that particular IP.
3. If you followed steps 1 and 2 and have found that your computer is indeed connecting to foreign sources without your consent, then your computer is infected with some sort of malicious entity and it is quite possible that your computer is a “zombie.” If you only found maybe 1 or 2 suspicious connections, I would encourage you to dig deeper to find an answer for what the connections are doing. You can go to www.projecthoneypot.org and they have lists of suspicious IP ranges for you to compare to along with oodles of information about spam.
4. If you decide that you are infected, I don’t recommend to manually remove any of the threats as re-infection would be likely. As much of a pain it might be for you, I would back up all of your personal files on a separate hard drive and re-image your computer completely.
I hope that this method works for someone who finds out they are indeed infected because as of a very recent study, 48% of machines are infected with some form of malware and you can bet that over 80% are running Windows. RECENT ARTICLE ON INFECTIONS
DDoS Follow-up and Behavioral Prevention
This is a post that is following up on a previous article I wrote last week called “My first DDoS Experience.” I wrote the post while the company I work for was still in the middle of a relentless SYN flood attack. A Cisco ASA 5510 firewall was installed running software version 7.1(2), and didn’t do much to fight off the attack. Now I wish I had hands on experience configuring such a firewall but I don’t, and wasn’t able to be present when it was configured. The impression was that the firewall had the capabilities to stop an attack like this, but it wasn’t able to do much for us after being put into place.
After the firewall didn’t do as much as hoped, we had to manually find out what domain was being targeted by the attacker and stop hosting it from our server. We did this by making many different IP’s on the server and distribute the domains across all the IP’s, then follow which IP the traffic was being funneled to. Eventually we narrowed it down to 5 domains and made an IP for each domain, and found the culprit and removed it. That was the end of it for us, but I learned a new technique for weeding out a targeted domain name (if I ever encounter such a thing again). What I am more interested in, is preventing such attacks, and a commenter on my original blog pointed me to a great resource for such.
If you are interested in DDoS prevention and network behavioral analysis, then you must check out the material on www.intruguard.com. They offer network behavioral analysis solutions for larger companies and go into great detail on how their products operate. For smaller companies, a solution like this might be overkill if you already have an intrusion detection system in place. I do realize that could be a bold statement though, because you really can never be too safe, and I know that botnets aren’t getting smaller at the moment. I have even heard of botnet armies being reported at up to 50,000 infected machines, wowsers. I think for medium/larger sized companies a network behavioral analysis appliance would be a must as they will be targeted much more. I imagine that very large companies get hit with multiple enormous DDoS attacks daily, and I can guarantee they are using units like the ones offered by IntruGuard. I am also a huge believer in behavioral detection systems of many varieties security wise. I have been using the behavioral anti-virus Threat Fire on my personal computer to supplement my virus definition scanning anti-virus, and have had superb success with it. I think that behavioral detection of many sorts just puts you one step ahead of the attacker.
Anti-Social Networking
As a “social media intern” for the Globe Education Network - Online community for my 3rd quarter, I have gotten a chance to dive into many aspects of social media that were foreign to me in the past. I have been on Facebook for sometime, but the two new platforms that I have joined that I am most impressed with are Twitter and LinkedIn. I am a HUGE fan of LinkedIn because it is a much more professional social media platform that you only want to connect with people who you have directly done work with in the past. On the other hand, even though I have been greatly impressed with the power of connecting to mass amounts of people on Twitter, I see it being constantly abused, and sometimes I question how it is affecting the younger users on the platform. As if all of the magazines and paparazzi that invade celebrities privacy aren’t enough, now we get a chance to follow the personal lives of these celebrities in an even more creepier way on Twitter. Certainly only the celebrities who want to be followed are on there, and they feed off this attention and actually want youth to feel a personal connection to them. I am truly afraid for the youth that religiously connect and follow people they will never become in contact with, and I think it is simply unhealthy. During your youth, you are supposed to be developing your personality and social skills. I think for some people who get to engrossed into these platforms it just a set back, and why not engage in real personal contact? This isn’t the only thing that bugs me about social media, I think that full grown adults abuse these systems as well.
I am bothered by some users who think they can get away with saying whatever they please even though they would never say it to somebody’s face in the real world. This is where the I like to use the term “anti-social networking.” This term I use to describe anyone who prefers to talk about sensitive topics via social media even though they have the chance to discuss them in person. I can’t express how much this bothers me, and how unhealthy I believe it is. I think that when people engage in these “anti-social networking” tendencies enough, it can severely downgrade how they handle real life situations. To me this says, “since I can’t handle myself in difficult social situations, I can deal with it later hiding behind my computer.” Am I saying that it isn’t ok to debate over various topics on these platforms? NO! That is one of the great things I love about social media, is that there is always someone out there who is going to have an opposing view. I am saying that don’t use it as your “go to” scapegoat of emotions that should be channeled in other areas.
So what is my point in all of this? I love to social network through Facebook, Twitter, and LinkedIn, but just like anything else in life needs to be handled in moderation. If I were a parent raising a child, I wouldn’t let them join social media until I know they can handle it (whatever age that might be). Call me conservative, but I want my children to develop REAL social skills before they join the virtual world. I am also a believer in building your own social community, but don’t let your social community overshadow your real life connections. The way I see it, if real friends come and go, your virtual friends will come and go even quicker. I am awaiting some comments by people who maybe disagree with what I have to say.
My First DDoS Experience
At about 9:00 AM yesterday morning, the web design firm I am working for started experiencing some issues with the servers that host most of their websites. At first it was pretty standard because occasionally one of the servers will act up a bit, but will resume as normal. It started out with just one server going down, and then the other ones followed and stopped operating correctly as well. It was pretty clear at that point that something had gone wrong. One of the owners of the company decided to take a drive to the facility that houses the company’s web servers and most other networking equipment, called nFrame in Carmel, IN. I have gotten the chance to be at nFrame a few times now when there was a need for changes in the equipment or software, and now for this DDoS. The nFrame facility is a networking enthusiast’s dream, and has several different rooms lined with racks of networking equipment, large cooling units, removable tiled floor to store wires under, and very high security procedures including biometrics.
After investigation, it was determined that one particular server was being bombarded by ICMP requests by many different IP’s. Furthermore, it was narrowed down to a “SYN” flood attack. “SYN” is a part of the acknowledgment process in packets that use TCP/IP networking. Since the flood of requests was originating from many different IP addresses, it can be considered a “distributed” denial of service attack. This is likely the works of a botnet with the botmaster being located in another country. Since it was the work of a botnet, it would be nearly impossible to find out the true orgin of the DDoS. That is the crazy thing about botnets, is that most of these ICMP requests came from computers that don’t even know are doing they sending requests, but have been infected and are running underlying malicious software.
The attacks were overloading the router that all the servers used to route the incoming traffic, which in turn made all of them crash. Putting a hardware firewall in there would have been the best fix, but unfortunately no firewalls were readily available. It was a very aggressive attack, at the peak of traffic sending in about 2 million requests every 40 seconds. There were several attempted fixes that were put into place such as blocking ranges of IP’s in the router that were originated in other countries. Unfortunately the IP range of the requests were being changed by the attack every 20 minutes and it didn’t really help as much as hoped. One of the owners even made a PHP script to send out an email containing the unique range of IP’s every 20 minutes to be input into the router IP filter. The only problem here is that someone had to manually enter in the IP ranges to block.
Another great attempt early this morning was to add a secondary IP address to the server that was being attacked, and have nFrame put a bandwidth limit on the original IP. Since we own most the domain names for the web sites we host, we could change their domain to point at the alternate IP address. This didn’t work as well as expected however because traffic started to increase on that alternate IP address as well, showing that it was not the IP address of the server being attacked, but instead a particular domain name that resides on the server. The ICMP requests didn’t leave any clues as to which domain was being targeted so it was a guessing game. Since the attack had been going on for more than 24 hours, and was estimated by nFrame employees to have the potential to flood up to 300 mbps, the attack was considered a risk to the entire nFrame facility. Once they got involved, it wasn’t long before they figured out that all of the requests were coming predominately from one ISP. Since most of the requests were coming in the form of blank packets 40 kb in size, they simply dropped all packets 40 kb in size or lower. The sites are still loading a little slow, but this will have to do till the firewall is in place. This was a crazy experience seeing a DDoS firsthand, and I was blown away by the brute force used by the attacker.
The Cloud Computing Revolution
At first I thought that the term “cloud computing” was an overused buzz word that was used to simply describe Web 2.0 applications. For a while it seemed the term was being linked to every context imaginable and it was a bit confusing (I’m not the only one who felt that way check out this hilarious rant by Oracle Co-Founder Larry Ellison). After further research on cloud computing over the last few days, I got a chance to dive into the full potential of the model and realized that it is more than just an idea, but a change of era in the computing world.
If you have ever used Facebook applications or Google Docs then you have essentially used cloud computing. When you have a document that you are constantly updating and saving, where is that document being stored? On the cloud is the answer, now why don’t we just simply say that we saved this data on a server over the internet like everything else? Because Web 2.0 applications use cloud computing to operate, and in this new era it is called the cloud. Clouds are ran by large high powered data centers, which are essential groups of interlinked high end servers. Sure sounds a lot how the rest of the internet works right? I guess I would only be consider it a cloud if the only purpose of the dedicated data center is to solely operate web 2.0 platforms and other cloud computing technologies.
Realistically the idea isn’t terribly new because centralized computing models have been around for years. I think that what is causing all of the hype is that networking and data center processing power has finally caught up with the idea, and there appears to be a promising future in the model. The Web 2.0 applications listed above are examples of SaaS, which stands for “software as a service.” Having software available on demand to end users is one thing, but businesses will also be able to run enterprise software from the cloud.
Another type of cloud computing is HaaS, hardware as a service, this is probably the coolest use of the cloud computing model that I had a chance to read about. The Amazon EC2 (Amazon Elastic Compute Cloud) is a form of HaaS that can actually lease infrastructure components through the cloud such as memory you can buy for a very cheap price. Amazon EC2 also offers a simple and relational database solution through the cloud, which I thought was very interesting because of how integral databases are in an information system as a whole.
There are a few key advantages to the cloud computing model, such as very low implementation costs, low or no upgrading of existing infrastructure, compatibility (your system won’t run the software or hardware locally so it will always be compatible), no software upgrades, and theoretically a little less IT staff right? So maybe that last one isn’t a good thing for us IT people, but it will be hard to say if that is actually going to be the case. The way I see it though, if there is less infrastructure to maintain and configure, then why wouldn’t there be less need for traditional IT staff.
There are also a few concerns to point out about the cloud computing model. First, the major problem is the security unknown. In an industry at its infancy, only time will tell how secure the data in a cloud truly is. I found a great resource online that maps out some of the main security concerns with the cloud computing model.
Secondly, it is going to take time for even the big players to gain the trust of businesses to store their precious data in a cloud. Also, it seems like there won’t be many successful cloud computing service providers because of the trust factor leaving big players to dominate. What kind of company is going to trust their data in a cloud of a company that hasn’t been deemed fool proof. Then once there are only so many service providers, who says that they can’t start increasing the price of their service? Also I wonder if cloud computing becomes more standard, what the Internet service providers are going to think about the very large increase in network traffic. Possible that they are just eating up all of the service they are getting, but it is also possible that they could increase price as well. It is hard to say. This is a very hot topic and if anyone has anything they want to add/share do so because it is quite interesting.
EC Campus Starts an IT Club
I got an email earlier today informing me that Globe University-Eau Claire campus is starting their own Information Technology club. I am sort of jealous because I am no longer in Eau Claire and I want in! Its OK though, and very cool they are putting the club together. It will be held in room 101 on Tuesday, January 19th at 5:00 PM. The formal purpose of the club is to promote the advancement of the IT program, and to serve as a place to interchange knowledge among persons with interest in the IT field and personal computers. It also sounds like jobs will be delegated and a regular meeting schedule will be set on during the first meeting. I am assuming most of the other campuses already have IT clubs, but if they don’t, talk to your administrator about getting one going at your campus. Having a duty or just being a part of a club like this can look good on your resume, and also help improve the IT program.
IT Jobs Down in 2009, 2010 Trends
I was taken back yesterday when I came across a source on the web that reported that the recession has hit the IT profession hard in the year 2009. According to the Labor Department’s Bureau of Labor Statistics unemployment among information technology managers and staffers went from 2.5 percent in 2008 to 5.2 percent in 2009. At fist I was slightly discouraged, but after a little more research I have now seen that the high unemployment rate is across the board. The fact that the total unemployment rate in the U.S rose to slightly above 10 percent at the end of the year in 2009 demonstrates this, and assures me that its not a problem related to the low employment in IT jobs. The mere fact that every business depends on computer systems to operate is my personal theory on my job security, and don’t think its likely to see a decrease in employment in 2010. If you are graduating with an IT degree anytime soon, how do you avoid being a part of that dreaded 5.2 percent that are not employed? Get a certification that is hot right now to supplement your degree.
I listened to a podcast by David Foote of Foote Partners, which is a Florida based consultancy that tracks IT skills and competencies. He shared some predictions about what is to come in the next couple years in IT employment, and he emphasized the increasing need for security professionals. He had shared some of the top 24 market demanded IT certifications in his 2010 report and 12 out of the 24 are security related. He claims that the trend for businesses has moved from hiring very technical security professionals to more business oriented security professionals that have the ability to execute and communicate based on the needs of the business. He also says that there has been a boom in mobile and cloud computing, what he referred to as “insecure technologies.” If you want to hear the full podcast it is very interesting and informative for anyone going into the IT field and can be found here.
Windows 7 - Considerations of Upgrading Your Business
There has been a lot of hype about Windows 7 in the media since its release about 5 months ago reinforced by a heavy television ad campaign by Microsoft (at least this time they didn’t opt for Jerry Seinfeld and Bill Gates spitting nonsense). As a Windows fanatic I am thrilled with the praise it has received for the most part (there will always be haters), but it has at least been deemed a great improvement over its predecessor Vista. For the first time ever in Microsoft OS history does a newer platform take up less resources than the previous one. Windows 7 may be the best option for personal use if you are a Windows user, and any system package you buy retail will now come with it, but is it ready to be put in the business setting just yet?
I have been waiting to read an article like the one I found last night that outlines the pros and cons of upgrading to Windows 7 in the business setting, because I haven’t been able to play with it too much first hand. The need to upgrade mostly depends on the current setup in your business and if you could really take advantage of these new features 7 offers and at what cost. A few advantages the article points out for upgrading to Windows 7 that would be applicable to a business network are DirectAccess, BitLocker, Applocker, and superb driver support compared to previous versions. My favorite feature of them all is the DirectAccess, which functions very similarly to how it sounds, it gives you a secure tunnel to your business network via IPSec and IPv6 without having to configure a VPN connection. BitLocker is a new program that encrypts the contents of your hard drive, just like FileVault seen in Mac OS X Panther and later. Applocker is an awesome administrative tool that effectively regulates which programs can be executed on a machine. Finally, 7 has new and improved driver support which aids in assigning drivers and will even redirect you to the manufacturers driver page if needed.
Some of the main disadvantages when upgrading to Windows 7 in the business setting would be cost in hardware changes, having to clean install vs. a true upgrade (from XP), the time it takes for your employees to adjust, and of course the little bugs that haven’t quite been worked out yet 100%. I actually found that hard to believe that you really can’t run an upgrade from an XP machine, and I am a little disappointed with that. It wouldn’t be a big deal to salvage all of the data on your XP machines, but being able to transfer the applications they are running is a different story. Also, XP will continue to be updated by Microsoft until the year 2014, so there isn’t a rush necessarily unless you really want to take advantage of the new features.
Bottom line is that there is no definitive answer on whether its a good idea to switch just yet because once again, it will vary between different companies, but weighing some of these factors will help you decide whether it would be worth it or not with your current setup.
Check out the original article.
Social Media: What next?
Jerome Perelman poses several interesting questions in his response to my blog, “What’s the Difference Between Information Technology and Computer Science?” In summary, the question posed is “Should there be another area, user-centered Communication Technology, that is distinguishable from organization-centered Information Technology?”
In this response, I will suggest an alternative term, social media, because I wish to reserve the term “user-centered” for other purposes. I offer some ideas of what we can expect from social media and businesses that attempt to have a social media presence.
Mr. Perelman, in his post, offers a possible distinction between the two: Communication Technology as “user-centered” and Information Technology as “organization-centered.” Blogs such as this one, social sites such as Facebook, email and instant messaging can all be considered to be part of the “user-centered” communication technologies.
I agree that there are differences between these user-centered technologies and those that IT folks have been mainly concerned with over the past few decades.
Social Media
However, “user-centeredness” is a term that I would like to reserve. I would prefer to call these technologies “social media.” This term has grown in use lately to describe the emerging new media technologies that include text blogging, video blogging, micro blogging (such as Twitter) social networking sites, and so on.
User-centeredness
For some time Information Technology professionals have been seen by others to be barriers to getting things done right. The reasons for this are too numerous to completely list here, but in brief these reasons include a growing communication gap between the IT pros and the users, limited budgets, numerous new technologies to understand, and an aversion to risk and change.
I propose that IT professionals actually want to be helpful to the user. User-centeredness is a practice of all good IT teams. However, the needs of each user cannot be completly met without an unlimited budget. Instead, IT and Information Systems professionals should collaborate with user representatives to understand the work of the user, and contrive ways to improve that work. These improvements can be in the selection of technologies available, the design of specific user interfaces and reports, and an overall information architecture plan.
Back to Social Media
These technologies, unlike databases for example, are new and have been developed more-or-less without any ideas about how they will be important in businesses and organizations. They are for the common use of everyone. This fact does not mean that businesses will find no use for them. Evidence is mounting that businesses, especially the marketing and promotions units within each business, are very interested in these media technologies. We have businesses experimenting with them, offering advertisements, coupons, special offers, and so on, on Twitter. It is no accident that FaceBook recently has modified its software to allow organizations to have a presence.
Because organizations are now keenly interested in this social media, it has emerged in responsive business schools, in the curriculum. Organizations wish to know “what can social media do for our business?”
Let’s not Forget History
The advent of social media may be much like the advent of the Internet itself.
The Internet was formed in a project (ARPANET) between the US Department of Defense and major US universities in the late 1960’s with the goal of accelerating the speed of scientific discoveries. It was meant to be a collaboration media to cut the time from discovery to the time of sharing that discovery with other researchers. By 1985, almost all university students had email accounts. Internet servers were established to allow folks from around the world to play chess and other games, share files with each other, and so on. The major use of the Internet in 1985 was not what it was “meant” to be by its founders. The internet is a commons; it is a public space much like a park in which you can do whatever you like, within the law.
Likewise, the World Wide Web, released to the public in 1991 by Tim Berners Lee and CERN, was developed to be an information-sharing technology. Certainly it still is used for that purpose, but it is also now a major marketplace.
The same can be said for the US highway system, which was developed in the mid-Twentieth century to facilitate troop transportation in case of invasion from the north, south, east or west. Certainly that is not what we use it for primarily. We use it to take vacations or relocate to our advantage. Businesses of course use the same highway systems to transport goods across the country, ultimately to make money.
Although developed for users, social media is a commons, available for any legal use. For better or worse, businesses will seek to discover how to leverage social media to make a buck.
What next?
Certainly social media is very new, and how it develops and unfolds is an interesting study. I believe businesses are scrambling to identify and employ experts, but what they really need are visionaries, because social media is so new and so quickly evolving, that no one can really know what the landscape will be like in two years.
My website is open
Yesterday, I completed my preliminary work on my personal website. The purpose of this site is to help instructors and students at our schools get the information they need from me about the IT and Game and Application Development programs.
http://webspace.globeuniversity.edu/mrenslow/
All faculty members and every student in a web-related program at Globe University, Minnesota School of Business and Utah Career College has web space hosting available for free to use for professional and educational purposes.
It takes some work to make a website. I worked weekends, and this site took me three weekends to complete. If anyone is interested in making their own homepage and would like suggestions about how to proceed, I recommend a course in Basic Web Design to get started. If you prefer to be self-taught, you may begin by looking at my page on how to teach that course:
http://webspace.globeuniversity.edu/mrenslow/WD130/
The web began in 1991 when Tim Berners-Lee at CERN created a markup language so he and his colleagues could easily share information with each other across computing platforms. Berners-Lee and CERN agreed that the technology was just too useful to keep to themselves and they released it to the public. Today he is still very active in the development of web standards in his role as Director of the World Wide Web Consortium (W3C). You can read more about Berners-Lee here:
http://www.w3.org/People/Berners-Lee/