How to save home PCs for being Zombies ?

1
How to save home PCs for being Zombies ? (Test
presentation for Altiris Certified Trainer
January 2008)
Pascal Kotté pk_at_adventis.ch (c) 2008 - Free
usage as long logo name keep in there
2
Summary

• Be a fighter against Zombie PCs
• What ?
• How this coming
• Why ?
• Sources
• Risks
• How fighting?
• Audience IT professional (any job) people or
   clever  PC users, at Home.

3
01- What is a PC Zombie?

• Botnet Network of Zombies
• are build from hackers group
• Zombie Infected computers with a  bot  (like
  a Trojan virus, not a simple spyware)
• How this curse is coming on PCs
• Just plug a PC on Internet with ADSL/Cable using
  USB cable, because giving a public IP.
• Just navigate on Internet pages, read emails
• Just download or receive funnies, cheat codes,

That is like a published phone number every
body can call Instead of, MUST use a  pivate IP
address  for your PC
4
02- Why is it the War?

• In the years 80, Hackers are heroes (like)
• Joke programs
• Disruptives or destructives (for publicity)
• For fun
• Nowadays Professional thieves
• Money is the motivation
• High technical skills
• Underground activities on pirated PCs that is
  Zombie

5
What are the risks?

• SPAMbot
• 70 Email SPAM
• 70 SPAM arefrom Zombie
• For commercial use
• For commercial abuse Or pure thieving
• For  Phishing 

Image from Wikipedia.org (GNU licence)
6
Risk Phishing sample
7
The threads from bots

• Botnet can also DOS attack or decrypt
• Deny Of Services, overload network/systems
• (2004 Microsoft, Google, was out during 2 hours)
• Mass CPUs can crack crypted data
• Hijacking the home PC
• Masquerade user Web secured Ebanking substitute
  transactions to take your cash
• Next generation phishing (will identify your
  bank)
• Never end story, we just start now

You can recover a bad use of your credit card
number, not this piracy!
8
03- How we can fight ?

• Throw away USB internet connectivity
• Do you Windows update ?
• Or Microsoft update ?
• Acrobat update? Winzip update? Altiris update?
• Activate your SVS layers update them ?
• Do you keep on your PC at night?
• Dont forget to update also your Emule co
• Do you use admin to work on your PC ?
• Also to navigate the Web ?
• DO runas /profile /usersimple Firefox.exe

SVS Altiris Software Virtualization Solution
9
How To protect using tools

• Firewall, antiSpy, antivirus
• Symantec SEP11 or a Free solution
• DO Close port 6667 (IRC)
• VMware (GSX for free, VMplayer also)
• Use NAT network option for LAN card
• Install your ebanking
• Never use for navigate elsewhere
• Microsoft update protect like your PC
• Altiris SVS (for free at home)
• Internet Explorer - Reset On Close (18
  Kb)http//svsdownload.com/

10
Lab

• Activate Microsoft update versus Windows
  update
• do it yourself at home !
• http//update.microsoft.com

11
04- Conclusion

• It is you now to be part of the fighters ! Go
  now on most homes you can, and
• Save important files reinstall their PC from
  original CD/DVD
• Update offline with latest SP
• Drop any USB like Internet access,
  replace/plug with an Ethernet NAT Box
• Apply all you learn before
• Thanks in advance for your involving in this war

SP Service Pack -current v3 for XP)
12
Thanks, Danke, Gracias, Merci !

• Pascal KOTTÉ
• Senior consultant, Altiris Certified Engineer
  Trainer
• pk_at_adventis.ch, 41 79 309 28 86.
• www.bemore.ch
• www.adventis.ch
• Personal contact
• pascal_at_kotte.net
• Please join the Fightreport your
  actions/track/feedbacks/KB at
• NoZombie_at_kotte.net

13
Annexes
14
Do you think I am a joker or just alarming for a
little?
Up to a quarter of online computers are
virus-infected components in botnet networks of
PCs under the control of hackers, according to
net luminary Vint Cerf. Cerf, who co-developed
the TCP/IP protocol, compared the spread of
botnets to a disease that has reached "pandemic"
proportions. Cerf estimated that between 100
million and 150 million of the 600 million PCs on
the internet are under the control of hackers.
Hamadoun Toure, secretary general of the
International Telecommunication Union said
greater co-operation between regulators,
government, security firms, telecom providers,
and end users was needed. World Economic Forum
in Davos, Switzerland, January 2007.
15
En FrançaisVous croyez que jexagère ?
(Janvier 2007, Conférence à Davos) Vinton Cerf,
grand spécialiste du réseau, président de
l'ICANN, et co-inventeur du protocole de
communication Internet TCP/IP, estime que
probablement ¼ des PCs connectés à Internet sont
des Zombies, soit 100 à 150 Millions de PCs sur
les 600 millions.  Hamadoun Toure, le
secrétaire général de l'UIT (Union internationale
des télécommunications), a déclaré que la guerre
contre les zombies ne serait gagnée que si les
gouvernements, les fabricants informatiques, et
les usagers faisaient alliance. 
16
Tools (Free)

• Windows defender (Microsoft)
• Spybot SDSpybot - Search Destroy can detect
  and remove spyware of different kinds from your
  computer.
• Ad-Aware SE PersonalAd-Aware SE Personal is a
  tool freely available for personal use on Windows
  platform machines
• SpywareBlaster, HiJack This, X-Cleaner
• XP-AntiSpy, (tools for quick disabling undesired
  services)
• IE-SPYADIE-SPYAD is a Registry file (IE-ADS.REG)
  that adds a long list of known advertisers,
  marketers, and spyware pushers to the Restricted
  sites zone of Internet Explorer

17
FireWall (that is an old list, sorry)

• ZoneAlarmMillions of users have selected
  ZoneAlarm as their trusted Internet security
  solution.
• Kerio Personal Firewall Kerio Personal Firewall
  4 is FREE for home
• Omniquad Personal FirewallOmniquad Personal
  Firewall is freely available and contains the
  ability to monitor inbound and outbound traffic.
• Outpost Firewall FREEAgnitum makes a scaled down
  version of their Outpost Firewall Pro 2.5
• Sygate Personal Firewall, now integrated into
  Symantec Endpoint Protection (version 11 in
  2007/2008)
• not limitative list

18
A few References

• What Is A Bot? http//netsecurity.about.com/od/fr
  equentlyaskedquestions/qt/pr_bot.htm
• Bot Networkshttp//www.schneier.com/blog/archives
  /2006/07/bot_networks.html
• UK is top of the bots (03.2005)http//www.continu
  itycentral.com/news01804.htm
• Zombie PC army responsible for big name web
  blackout (June 2004)http//software.silicon.com/m
  alware/0,3800003104,39121439,00.htm
• Botnet 'pandemic' threatens to strangle the
  nethttp//www.theregister.co.uk/2007/01/26/botnet
  _threat/
• Zombie computer (EN)http//en.wikipedia.org/wiki/
  Zombie_computer
• Machine zombie (FR)http//fr.wikipedia.org/wiki/M
  achine_zombie
• Just google it!

19
Thanks

• Michael Desmond (About, NewYorkTime)
• Tony Bradley (PCWorld, NewYorkTime)
• Bruce Schneier (BT Counterpane)
• And all others unknown warriors
• Images from  Google image search  or Wikipedia
  project (should be free use -)