Computer users cautioned about malware
Would-be computer saboteurs are trying to capitalize on the summer Olympics to introduce hidden code that compromises computers, warns ITD Cyber Security Officer Forrest Anderson.
Although the vulnerability is greatest for home computer users, anyone who has the authority to download applications from the Internet also could be at risk. The department’s computers are less vulnerable because few users have the authority to download “.exe” files, and download attempts by employees who are not authorized are blocked.
“It is really a greater risk to the home user, although we hope people have learned that opening .exe attachments is risky,” Anderson says.
Computer intruders recently tried a second-wave of Olympics-related malware that comes in the form of a movie file circulating on the Internet. The file poses as a cartoon ridiculing the effort of a Chinese gymnast at the games, followed by images that support a free Tibet. The file is “booby-trapped” with malware, Anderson says.
While the Flash-based movie runs, a keystroke-logging tool is installed on the victim’s Windows PC. The malware contains a hidden “rootkit functionality,” making it harder to detect and remove.
“The malicious cartoon is distributed as an e-mail attachment called “RaceForTibet.exe”. Data captured by the keystroke logger is sent to a computer in China. McAfee warns that pro-Tibet Web sites are being modified by attackers to host malicious software.
Idaho’s cyber security program Websense blocks the malicious sites and the .exe files that have been reported. It is being updated as new sites are identified, Anderson said.
“There may still be sites being exploited that Websense has not yet identified or blocked,” Anderson said. “Department employees need to be especially careful about the sites they visit and should not download any applications or content from the Internet that is not specifically needed for work.”
Users who have administrative authority on their computers are even more at risk because the malicious applications can take advantage of the user’s elevated permissions to further compromise the computer.
Report any suspicious Web sites to: firstname.lastname@example.org