Troubleshooting Common Security Issues – CompTIA A+ 220-802: 4.7

| June 2, 2013

Security problems can cause significant downtime and put all of your data at risk. In this video, you’ll learn about browser security issues, malware symptoms, virus hoaxes, and email security.

<< Previous Video: Operating System Troubleshooting ToolsNext: Tools for Security Troubleshooting >>


Our browsers have become one of the most important applications on our computing devices. And the bad guys know this. And they’re trying to feed ads to you and get malware. And they know that the browser is a great place to do that.

One thing you’ll notice on a website is you might get a pop-up message. Usually, it’s an advertisement of some kind. Sometimes, it’s just a single pop-up. Sometimes it is many, many pop-ups on your screen.

Obviously, if you’re starting to see a large number of pop-ups, and it seems like it’s not really a normal amount, you may be infected with some malware. And it’s a great way the bad guys use to pop up a message on your screen, get those ads in front of you, so that they can make some money behind the scenes.

Another interesting tack that’s used is that the bad guys will try to make the pop-ups look like an absolutely legitimate application. It may pop up and tell you that you need to update the version of Flash on your computer, please click here. And you’re actually now installing malware instead of updating your Flash.

Another technique used by the bad guys is a browser redirection. This is when you are performing a search that’s in Google or Bing or your search engine that you’d like to use, and you see something that you would like to follow. You click on that option.

And instead of going to that Google result, you’re actually redirected to another site. The bad guys are sending you somewhere completely different than what you clicked on. So you are being redirected to that other site.

It’s usually a virus or malware that’s causing this. This obviously isn’t something that’s normal for a computer. And it’s because the bad guys like to take you first to a site that’s going to prompt you for an ad. And at that point, they might even take you to your ultimate Google selection. But first, you had to go through their site so that they would make money putting ads in front of you.

Another concern in our browser is when we get one of these security alerts popping up. Here’s one, for instance, that tells us that the site we’re using, the site security certificate is not trusted. We’re trying to communicate through an encrypted link to that particular site, but the certificate on that site isn’t something that our browser trusts.

Our end users have gotten so accustomed to simply clicking through this. But this could point to a significant security problem. So you need to drill down into the details and find out more about what the user is seeing when they go to this site.

And this could be something simple, like the website certificate happens to be configured improperly. Or it could be that there is someone in the middle of this conversation that is decrypting the information or proxying that information. And when that happens, you could get messages like this.

So if you’re running into those types of situations, it might be worthwhile to take a moment, drill down into the message that’s popping up, do a little bit of research, and make sure that you’re not having any big security problem.

If malware is on your machine, and you are infected, you may see a number of problems. One is just slow performance. Or your system is locking up. If you’re starting up your computer, and it’s taking forever for your system to boot up, it might be pointing toward some type of malware infection.

These folks that write the malware code aren’t doing a lot of quality assurance. They’re not doing a lot of testing. So you might run into situations where the malware in their side ran great. But when it’s running on your side, you’re really noticing that there is a problem. And when that happens, now nothing is really going to run well on your computer.

You might also have problems with network access. The malware itself wants to limit or direct your computer to certain places on the internet. And it doesn’t want you to go to sites where there are known malware cleaners. So it’s going to prevent you from going to those well known antivirus sites.

It wants to control exactly where you go and exactly what you see on your screen. So if you can’t download the fix for this malware problem, obviously the malware is going to stay in your computer. So the malware authors have gotten very good at preventing you from using the network in the way that you should.

You might also notice that your Windows Update isn’t working any longer. Obviously, the Windows updates are going to include things like security patches. And the bad guys don’t want you patching your system. They want it to be as susceptible as possible. And they don’t want you to find any problems or clean those problems by performing one of these Windows updates.

The malware authors are usually finding multiple ways into your system. And if we perform a Windows update, your system is going to start closing those doors and prevent them from getting back onto your computer.

Another symptom you may notice is that the system files themselves have been changed. You might get error messages when you try to start certain applications, because the malware authors don’t want you running those apps. You might see files disappearing completely. Or files might be encrypted suddenly that you didn’t encrypt.

The malware authors are going to have complete control. Once they’re on your system, they can change any of the files that are on your computer. They can also change the permissions of the files.

The malware authors don’t want you deleting the malware once it’s on your system. They’re going to change registry entries. They’re going to add new files. They’re going to modify files in your system. And they’re going to change the permissions, so that it’s going to be very, very difficult for you to recover from those changes.

That means once you start trying to remove some of these files, you will see that you don’t have access to do it. The malware has already modified itself to lock you out of making any changes and removing that malware from your system.

One of the easiest ways for the malware authors to infect a system is to get you to infect it. That way they don’t need a lot of special back doors to get into your system. They’ll have you click on a message. And it might be a message that says that your system is infected and you need to click here to install some antivirus software. And of course, that’s not really antivirus software. That’s really malware that you’re installing.

Sometimes you’ll see hoax messages pop up. Once the malware is on your system, you may see something like these messages here that say your computer’s been locked. We have seen information on your computer that’s illegal. You have to pay the fine immediately. And they give you a lot of options at the bottom of where you can go to take your money and send it directly to the malware authors.

And this looks legitimate. There is a Department of Justice Federal Bureau of Investigation logo right on here. It looks as if it could be legitimate. But of course, the federal government in the United States isn’t going to ask you to wire them money directly.

This is obviously a hoax. And part of the problem is that your system is now locked. You don’t have access to your system any longer. You have to wire the money in the hopes that they’re going to give you the code that’s going to unlock your system. Obviously, then you have to run some type of specialized removal tool to get rid of this application.

Sometimes, there are other techniques you can use. And the bad guys have gotten very, very good at finding ways to embed themselves into your operating system and make it very difficult for you to remove these.

Unsolicited e-mail is obviously a significant problem. We have a lot of spam that’s flying around the internet. And part of the problem isn’t just that some of this happens to be advertisements. It’s that some of this spam includes malicious attacks. It may be someone who’s trying to get you to input your user name and password to a particular site by posing as that site.

Maybe there is malware included into the message itself. Or by clicking a link, it’s going to take you to a site that then installs malware onto your system. This is a very, very common way for the bad guys to get embedded onto people’s workstations. So you have to be very careful about what you are clicking inside of an e-mail message.

Obviously, once the bad guys have gained access to your system, they can do a lot of things with it. You might become a source for sending spam yourself. It’s very difficult for the bad guys to send spam, because as soon as you would see that spam being sent, they can be turned off by their internet service provider.

But if they can have your computer send an e-mail message once an hour or twice an hour, they can have a massive e-mail network running that’s practically undetectable.

Your computer might also now be controllable from a third party location. Your system simply checks into a centralized server, which gives your computer the instructions of what to do next.

So if somebody wanted to take down a site through a distributed denial of service attack, your computer now may be one of the spots that’s originating some of those attacks.

Tags: , , , , , , , , , ,

Category: CompTIA A+ 220-802

Comments are closed.

X