Browser Security & Legitimate Browser Plugins

* Some details of this story have been left out or changed for security purposes. Some details have changed for comedy purposes. Comedy was added to alleviate the stress attached to dealing with such issues

I recently visited a "freelancer" website, where you are able to hire professionals from all over the world at potentially a discount rate. You may save a few bucks but the costs attached to these savings could be much more then a few dollars an hour. Costs attached to trusting without knowing could be the price of a new hard drive. A simple visit to a website resulted in the start of a horrific trojan horse. Please read on.

After seen initial portfolio of a competitor I decided to visit their website to get a better understanding of how they do business. Their site was sub-par at best and needed the installation of a "browser plug in" for the content to work properly. The freelancers portfolio was strong and they seemed to have many satisfied clients so I felt I could trust the installation of the plugin as the plugin was a "Microsoft, Apple, Quicktime" type plugin. After spending a bit of time on the site, I became satisfied that Web Design by MikeStratton.net offers better services at a better price, I left the website, and off to sleep I went.

Rise & Shine! Up and at my computer I go, play a few games, research potential website sales, check my email, my usual process.

Included in my day to day regime as I sit at my computer is what is known as a packet analyzer,  packet sniffer, or a network monitor. A routine check finds a most bizarre UDP connection to a unknown IP address. A bit more research and I find the same exact UDP connection, using the same port connection to another IP address separate from the original IP address. I research both IP addresses doing a who is lookup, and one IP address is registered in the American Registry for Internet Numbers(ARIN.net) and the other is listed to Réseaux Internet Protocol Européens(RIPE). The ARIN IP address is listed to an ISP out of Idaho, and the RIPE IP address is listed to an ISP in Germany.  You heard me correctly, two separate ISP's using the same UDP packet and port to connect to my computer.

A bit more research and I find out that the UDP connection is utilizing a recently installed .dll. This .dll is a child thread to a windows process. A bit more research and I find that this .dll has explored the windows process and is creating rules and values in everything and anything from the registry, to windows logs, to Firewall host processes. Someone with a bit less experience then web design by MikeStratton.net would only know that their computer seems to be running a bit slower. Someone with a bit more experience then Web Design by MikeStratton.net would be appearing at the hackers back door, with or without the FED's, dependent on their take of the situation.

If I had less experience right now as I type my PC would of became part of an ugly network laid out to do the work of today's biggest threat to our nations infrastructure. See Figure 1.0 These spineless criminals hide behind their computers scared and paranoid of the day they may get caught. Preying on innocent Computer illiterate folks allows them to take "power back" from their otherwise useless existence. Imagine a nation utilizing thousands even millions of computers to attack our nations internet infrastructure. Imagine not being able to use a credit card or a cell phone. Imagine mayhem and madness in every city down and farm from here to west of the Mississippi and back and you have imagined the results of what a cyber attack would do if done on a super computer mass scale.

Luckily for me I found the problem and did my job to report as such, as well I removed most instances of the threat. Unfortunately for me, I have not found all instances of the issue, and somewhere deep within the script of a word document or Outlook email lies the threat yet unresolved.

On a higher note, I believe that Big Brother is watching (yes I speak of the Federal Government), and that maybe they are taking note of such hacker. Unfortunately this is a delusion as Big Brother has bigger fish to fry, and their are 250k hackers out their to take this punks place even if he does get caught.

So I dream of a day when the internet will be safe for all that use it, when Microsoft and others find a way to make the development of applications a secure process rather then an invitation for a criminal. Think of  it this way, when you get in a car and drive you don't worry about someone taking the steering wheel over from China and driving you off the cliff do you? Literally impossible. The great security and operating systems of today do just this, allowing any developer with have a brain the ability to install a "browser plugin" to steal your information. Fortunately for our nations infrastructure we have professionals, unfortunately for the masses, most are not.

So until the day we have found a way to not allow Vichenswiazer Flaxenburg the ability to hack your computer and go on a spending spree in Berlin, please follow these simple formats on your computer:

1. Keep your antivirus software up to date.
2. Never open an email attachment from someone you do not know.
3. Read all email in text format if and when possible.
4. Be careful of visiting websites you are unfamiliar with.
5. Scrutinize the above article for discrepancies and find other ways to secure your PC.
6. Always talk like you know more then what you do in regards to PC security.
7. Always talk like you know less then what you do in regards to PC security.

All sarcasm aside, hacking is a serious problem and holds serious consequences. The best defense against a hacker is knowledge

A hacker tries not to leave evidence of his crime on your computer, one method he uses for doing this is taking control of other computers to find more computers to control.

Figure 1.0