On a request by Mr. Karthick VP Selvaraj from the University of Greenwich (www.gre.ac.uk) for creating Public Awareness, please find his findings below.If you have questions or clarifications, please contact Karthick vigneshwar at pk839@gre.ac.uk

Early May 2010, an ethical war driving had been conducted by Karthick V P selvaraj in London and Birmingham (U.K). It had been inferred that almost half of the wireless networks are insecure. Parallel to that, a research had been conducted by surveying the public of London and Birmingham with a sample size of 50 each, the correlation of the war driving and survey shows that the number of insecure network is high because of lack of awareness about the wireless security among the public.

It is important to secure wireless network in order to protect one’s wireless network from hackers, financial fraudsters and the terrorist who exploit the insecure wireless networks.

Legal Issues:

In United Kingdom, Illegal internet usage is illegal according to Computer Misuse Act. In case if you experience free internet apart from hot spots, please be aware that you are using others internet illegally which can cost you up to £5000 fine and an imprisonment of 2 years according to Computer Misuse Act.

Accountability:

If you have either limited or unlimited Internet usage, please be responsible to have a check on the accountability of your internet usage, because somebody else can use your Internet for their own welfare, illegally. When you share your internet with your family and friend please be sure that the internet sharing key is held confidential, else someone outside can peep into your network and then into your computer.

Internet Setup Configuration:

It is must to know about the initial router configuration those are as follows,

1) SSID – Service Set Identifier: In order to identify one’s wireless network, the name of the router manufacturer along with some part of the router serial number is used. For example O2wireless9477xx (here xx are numbers from 0 to 9).

There is a security Myth which states that in order to have a strong security one should hide the SSID from broadcasting. This is false as the SSID act only as an identifier. Instead of hiding the SSID from broadcasting, one can change the default SSID name as the default configuration can be predicted and can be exploited by the hackers if the router manufacture details are known.

2) To be accountable and to have a control over your network, please be advised to configure the router as below,

Open your web browser and type http://192.168.1.1 this will direct you to your router configuration page.

Usually the username will be admin and the password will be admin. If you have issues with logging in contact your ISP or your Router manufacturer to acquire the username and password.

Once you are logged in, you can find tabs to manage your Encryption Either WEP or WPA2 (WPA2 is more secure than WEP), who are all connected (trusted users or illegal users), how to allow/deny them can be easily managed.

If you find your Neighbour connected to your network illegally, you can make a screen shot of their MAC (Media Access Control) Address (computer’s identity) from the connected computer list and can have it as a proof for their illegal act.

So it is must to know about how to configure and manage your router and its password, it is a must to change the password periodically and to know it is illegal to use others internet illegally without their knowledge.

Karthick V P Selvaraj

A recent blog from our colleagues at Sunbelt highlighted a new Trojan botnet creator tool called ‘TwitterNet Builder’.

TrendLabs SM engineers recently spotted a new worm leveraging peer-to-peer (P2P) applications similar to the threat that displays copyright violation warnings. The new worm detected by Trend Micro as WORM_PITUPI.K solves the typical problem that P2P worms face, that is, hard-coded file names used to trick users by pretending to be cracks, key generators, or actual software. However, the problem with using the hard-coded technique is that the malware becomes obsolete once the software becomes outdated.

See original here:
Pirate Worm Sails the P2P Bay

TrendLabs received reports of a suspicious email that claims to be an IT notification, informing users that their mailbox settings have been changed.

See the original post:
Fake IT Email Notification Spreads Malicious PDF

As we approach April Fool’s Day 2010, we recognize the one-year anniversary of the Downadup/Conficker threat’s April 1, 2009, “trigger” date. A year ago, the security industry monitored Downadup/Conficker activities to be fortified against the criminal or criminals behind the threat’s next move

Here is the original post:
Downadup/Conficker and April Fool’s Day: One Year Later

Hot on the heels of this month’s security bulletin , a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway

See the original post:
New IE Zero-Day Exploit (CVE-2010-0806)

In October 2009 we started tracking the Mariposa, or Butterfly, botnet. At that time, a security company had reported that a large number of Fortune 100 companies had been infected with this threat

See the rest here:
Jailing the Butterfly

Just when you think old-school network bots are dead, a group of cybercriminals revives them from them grave in the name of Chuck Norris. Dubbed the “Chuck Norris botnet,” based on the Italian comment in its source code, in nome di Chuck Norris (translation: “in the name of Chuck Norris”), this botnet infects vulnerable DSL modems and routers to spread a worm Trend Micro detects as WORM_IRCBOT.ABJ .

View original post here:
Botnet Rises in the Name of Chuck Norris

Even before the first user could buy the latest and upcoming Apple technology, the iPad , cybercriminals are already making their profits from it by taking advantage of its popularity. Trend Micro Threat Engineers found today some malicious search results when searching for news or information related to the announcement of the Apple Tablet

Excerpt from:
FAKEAV Gets First Dibs in Profits from Apple iPad

Yesterday’s blog spoke about the obfuscation techniques employed by Trojan.Hydraq.