FAQ

What are they and what do they do
In what way is Aruba involved?
Can Aruba help me understand if my PC is under attack?
What has Aruba done or what could it do ?
What Aruba can’t do
Recommended software to eliminate malware
Firewall videoguides
Useful links



Recent increase in the spread of “Malware” viruses
 
Recently there has been an increase in the spread of particular types of viruses called  “Malware” which set out to steal various types of personal information and other sensitive data or “identities” such as :
credit card details,
Online bank account (home banking or paypal),
ebay account,
Social network account like facebook, twitter, etc.

Apart from this type of data, Malware software also search for other information considered as less precious, but which concerns us more like :
access details for email accounts (in particular gmail, hotmail, yahoo mail),
FTP access details,
access details for dedicated servers or company servers.

For people with ill intent it is in fact easier and more practical to take all this information directly from computers which are connected to the internet instead of  trying to violate the security of central servers (banks or web, mail server, etc) which are usually protected well and therefore are more difficult to attack.

Obviously Malware can be seen as a similar activity with the same intention as to “phishing”, in other words sending false messages which require you to reply and voluntarily provide such sensitive data, still with the purpose of stealing them in bulk and later using them illegally or selling them to other people with ill intentions.

Furthermore, some types of Malware, apart from taking and transmitting the abovementioned information, also try to jeopardize the PC they are attacking so it can be controlled from any location. In this case rather than “Malware” we refer to what is generally called “trojan horse” virus.
When this occurs, the infected PC is referred to as a “zombie” and enters the so called  “botnet”, which are large networks of PCs under the control of virus originators and at their disposal for launching destructive attacks (e.g.. ddos) or for sending large quantities of spam messages.

Compared to traditional viruses, Malware has some fundamental differences like its purpose, the way it’s spread and how difficult it is to eliminate.

As for its purpose, in the past we were familiar with destructive viruses which tried to jeopardize PCs for example by deleting data or blocking its operating system. On the contrary Malware needs the PC to remain in perfect working order, especially if later it needs to be used as a zombie.

While regarding the way it’s spread, traditional viruses could usually spread themselves on their own by copying themselves from one infected PC to another via the net or by infecting removable storage devices (floppy, pen drives, etc), or by being delivered as an email attachment. This meant that they were always the same (at least in some sections) and therefore easily detected by an antivirus software. The Malware on the other hand is usually spread through compromised websites and spam, therefore allowing it to be changed frequently and not having to include the ability to replicate and spread themselves automatically, making it less recognizable and detectable.
Some Malware are even disguised as miraculous antivirus software, therefore adding insult to the injury.

Go back to the top



In what way is Aruba involved?

Since in this case it is not our servers that are under attack, but indeed directly our customers’ PCs, Aruba cannot solve the problem at the root. We can however reduce the effects and try to  minimize the phenomenon by providing useful suggestions for protecting your data and by informing the customers we believe have been affected by this problem. This way we can protect information which concerns our services, but also and above all bank details or sensitive data.

What can I do to protect my personal information?
First of all we remind you of the usual safety measures:
-    Keep your operating system up-to-date. Often Malware try to use old known vulnerabilities and this is why the regular updates are very useful.
-    Keep the software up-to-date, in particular the browser (Internet Explorer, Firefox, etc) and other common programs such as Adobe Acrobat Reader. Also these software can often have old known vulnerabilities in the old versions and therefore allow easy access if not updated.
-    Keep your antivirus up-to-date and run a complete scan on a regular basis, possibly even with several software because unfortunately sometimes one single software is not capable of detecting all types of Malware going around.
-    Keep a firewall always active to protect your internet connection. Even better if it’s an advanced firewall which displays a warning each time a program in the PC tries to send data on the internet (the passwords must eventually be sent to the virus originator).
-    Change your passwords at least every 6 months, for all the services of Aruba and others.
   
 Here below are some specific safety measures to protect yourself from Malware:

-    Do not open executable attachments received by email, not even if they come from senders that you know (who could have a compromised PC).
-    Do not click on “suspect” links received through a “social network” (facebook, twitter, etc) or by instant messaging (msn or yahoo messenger, gtalk, etc). In particular those that ask you to download captivating and “useful” software to keep you in contact with your friends or functions of this sort.
-    Never give out your details by replying to emails which request them for a fictitious “database update” or “loss of the server” or “account block”. It is highly unlikely that a service provider should request your password, let alone via email.
-    Do not download and do not run fake software or “crack” of an original software: even if it seems to be working correctly, this type of software often holds a virus or Malware or trojan horse and is usually distributed for this reason.
-    Do not save passwords and access details on your PC and do not use the “remember  password” function. Entering the password each time is obviously not as practical, but is a lot safer : the Malware in fact runs a scan on the PC where many software (for example Filezilla) save a copy which is more or less protected of the stored access data.
-    When possible always use safe protocols like https, smtps, pop3s, imaps, ftps. This way the access data will pass through the internet as not “uncoded”, but protected by cryptography: even if intercepted they will not be readable.

Go back to the top


Can Aruba help me understand if my PC is under atack?

One way that Malware is spread is by using FTP access details taken from infected PCs to  compromise relevant websites and by using these to make the visitors download the Malware.
This is usually done by entering a “hidden” Javascript code in the home page of the website : the page maintains its normal look and performance, but each time it is opened it will try to make the visitor download infected files from other websites.
In some cases the compromised website is used to make others download the Malware, other times only to host infected files.
The other method used is to send it through spam and also in this case suspect emails will be detected and blocked, as well as removed through antivirus software.
By analyzing the FTP logs our automatic tools will detect abnormal behavior and inform the owner of the account. Furthermore you will be informed each time one of our antivirus software deletes something (javascript code or Malware itself) from published content.
Obviously customers who receive such information must take the necessary precautions and recommended actions because at least one of the PCs on which they used their access details is compromised.

What do I do if my PC or my website is infected ?
Here is a list of some actions you can take, to be followed in this order :
- if not already performed by Aruba, delete any malicious code that might be found in the web pages of your websites. If you need help identifying such code you can open a ticket from our support section.
- check for any infections in your computer. If you use collaborators and/or webmasters to publish the website you must verify the integrity of all the computers that are used, in fact even if just one of these is vulnerable or infected it will allow the theft of personal information.
- clean any PC identified by the antivirus and antiMalware software, then activate suitable  protection in terms of antivirus and firewall to avoid repeating similar problems.
Only once you are sure that all the computers used to publish the website are safe, proceed to change all the passwords previously used. Even if we cannot give precise instructions on the access details of services that are not provided by Aruba (home banking, social network etc...) we strongly advise you to change these details, contacting if needed the relevant service provider.

N.B.: Even if you do not find active Malware on your computer, you should still change the passwords because if they had previously been taken they are already compromised (for example if in the meantime you have reinstalled or changed your PC)

Go back to the top


What has Aruba done or what could it do?

To fight against this particular phenomenon we have :
-    Provided the “safe” version of each protocol used to access our services : https, smtps, pop3s, imaps, ftps. To use them however, you need to change the configuration of your PC based on the guides available in our KB. -- LINK ALLA GUIDA --
-    Developed a software which automatically deletes the javascript code related to Malware  from the websites of our customers. This can be used with any existing common antivirus software.
-    Developed a software to automatically check the websites indicated by Google as “dangerous” because they are compromised. If a website that belongs to a customer of Aruba is classed as dangerous we will inform him/her and the website will be cleaned.
-    Activated a system which automatically eliminates ip addresses which perform suspect FTP or Mail activities in order to stop compromised machines from connecting to our services.

Go back to the top



What Aruba can’t do.

As we have explained, this particular problem does not concern Aruba directly or service providers in general as it is mainly a security problem of PCs connected to the internet.
This is why without the collaboration of our customers, we cannot help them solve the causes of the problem as opposed to simply fixing the damage.
We would like to thank our customers for their collaboration.

Go back to the top


Recommended software to elimanate malware

WINDOWS LINUX MAC

SOFTWARE


  • zeus trojan remover v1.2.0
  • malwarebytes


  • zeus trojan remover v1.2.0
  • malwarebytes

 


ANTIVIRUS
  •  Pc Tools
  • Zone Allarm 
  • Avira


  • Avira


  • Pc Tools
 

FIREWALL

 

  • Pc Tools
  • Zone Allarm
  • Comodo
  • OnLine – Armor
  • Avira


  • Firestarter 
  • Avira


  •  Pc Tools
  • Little Snitch 
  • NetBarrier X4

Here below is a list both for windows and linux

zeus trojan remover v1.2.0
http://www.novirusthanks.org

malwarebytes
http://www.malwarebytes.org/

The free version is also compatible with 64 Bit
Little Snitch
http://www.versiontracker.com/dyn/moreinfo/macos/17642
-------------------------------------------------------------
For those who use I Mac

Avira
http://www.avira.com/it/download/index.php
-------------------------------------------------------------
For those who use Win, Linux and Unix systems
Pc Tools
http://free.pctools.com/free-antivirus/
For those who use Win and Mac
PC Tools Firewall Plus 6: A very efficient free firewall for Windows which defends the PC by blocking access to unauthorized users. It can block trojan, backdoor, keylogger, to prevent   them damaging the computer and stealing personal information. Prevention against common attacks and exploits is activated by default, while more expert users can customize the protection through the advanced options. It offers excellent protection in real time and performs regular updates. Definitely worth trying.
-------------------------------------------------------------
FIREWALL
Comodo
http://personalfirewall.comodo.com/
Compatible with Xp,Vista,WIn7 32 and 64 Bit
Comodo Internet Security 3: is a complete package from Comodo, it includes Antivirus and Firewall. When you are installing it you can choose whether to install just one of the 2 components or both. Without a doubt the best firewall at the moment and it can protect the  PC basically from any threat concerning unauthorized access. The last version, compared to the previous ones, presents a more modern and simple interface, even though less expert users are advised not to change the default options, to avoid too many blockages. It takes first place on our list of Top Firewalls in 2010, because although it is free, it offers a better performance than any other competitor sold on the market. The Pro version, available for purchase, in addition offers support from Comodo 24 hours a day for eliminating threats which are particularly dangerous.
-------------------------------------------------
OnLine - Aemor
http://www.online-armor.com/downloads.php
Online Armor Premium 4: When you first startup the PC, Online Armor Free analyzes the  Computer searching for programs which are not safe. If it finds any, it allows you to choose whether to block them or not. Especially suitable if you use banks services or make transactions online, to protect your details from hackers. It works in the background during  navigation protecting the PC in real time and checking all incoming and outgoing connections. Unfortunately it is not free and is only available in English. The Free version offers a reduced version but is still efficient.
-------------------------------------------------
Pc Tools
http://free.pctools.com/free-antivirus/
For those who use Win and Mac
PC Tools Firewall Plus 6: A very efficient free firewall for Windows which defends the PC by blocking access to unauthorized users. It can block trojan, backdoor, keylogger, to prevent   them damaging the computer and stealing personal information. Prevention against common attacks and exploits is activated by default, while more expert users can customize the protection through the advanced options. It offers excellent protection in real time and performs regular updates. Definitely worth trying.

-------------------------------------------------
NetBarrier X4
http://netbarrier.en.softonic.com/mac/download-version/netbarrier-x4.10.4.5
http://www.intego.com/pub/Manual_NBX4_it.pdf
For those who use Mac
Even if a Macintosh is not exposed, when it is on the internet, it has the same number of potential threats as a Windows pc, and even if there is a firewall in the OS X (more or less useful based on different opinions), it is still worth having a good active firewall. First of all check which programs can access the internet and which can’t: this is something that only you can decide.
There isn’t only the spyware problem, but also one with the programs which you can download from the internet to try out, or by mistake (or for other reasons) and which could send out information from your computer without your consent.
For this reason a firewall with the characteristics of NetBarrier is essential.
NetBarrier can be configured completely, it protects against any external attack (thankfully still rare for a Macintosh), it allows you to block access to internet of programs which you do not wish to run, and –very useful- it allows you to monitor your traffic (Web, FTP, Mail, etc.) in  detail.

-------------------------------------------------
Firestarter
http://www.fs-security.com/
For those who use linux systems
When we speak of firewall and Linux it is inevitable to speak of Firestarter, a free program, available in many distros, which through its simplicity provides excellent protection for PCs against external attacks. Excellent for personal use, although this firewall is not very flexible and could be insufficient for demanding administrators. In realty, like many other applications of this category, Firestarter is a iptables front-end which uses netfilter, therefore an interface which allows you to create rules very easily and configure the various available options as you like.

-------------------------------------------------
Zone Allarm
http://www.zonealarm.com/security/en-us/anti-virus-spyware-free-download.htm

Go back to the top


Firewall videoguides

Comodo Firewall
http://vademecum.aruba.it/start/sic/firewall/comodo/

Sunbelt Firewall
http://vademecum.aruba.it/start/sic/firewall/sunbelt/

Agnitum Outpost Firewall
http://vademecum.aruba.it/start/sic/firewall/outpost/

PC Security
http://vademecum.aruba.it/main/sicurezza_tot_subs.asp

Go back to the top


Useful links:

http://www.kaspersky.com/it/reading_room?chapter=207716819
http://www.itespresso.it/hellrts-il-nuovo-Malware-per-mac-os-x-44994.html
http://www.zeusnews.it/index.php3?ar=stampa&cod=11695
http://punto-informatico.it/2865579/PI/News/zeus-ora-punta-al-conto-banca.aspx
http://www.lineaedp.it/articolo.php?aId=0000043724
http://www.corriere.it/scienze_e_tecnologie/10_febbraio_22/twitter-attacco-account-compromessi_e3efaf14-1fc7-11df-b445-00144f02aabe.shtml
http://www.corriere.it/scienze_e_tecnologie/speciali/2009/smau/notizie/intervista-hypponen-sicurezza_c1687a8a-bfdb-11de-856b-00144f02aabc.shtml
http://www.corriere.it/notizie-ultima-ora/Scienze_e_tecnologia/Informatica-attacco-hacker-oggi-sfrutterebbe-falla-Firefox/18-02-2010/1-A_000083808.shtml
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/zeusapersistentcriminalenterprise.pdf


Go back to the top