Family Member Got Hacked - via Social Method 6

Posted by JD 11/08/2010 at 20:45

It had to happen eventually. Regardless of how careful we all are, if we run MS-Windows-something, our PCs will get infected. One of my family members, who lives a few states away, got infected with at least 1 virus, probably a botnet and a keylogger too.

I’m working on a plan to deal with the issue over Thanksgiving. Below are the initial thoughts.

What Happened

So, last month, a family member’s email was used to spam everyone in the family with links. Because the link appeared to be related to an ongoing conversation and was from a known email address, the person who received it also clicked it. As soon as she saw which web page come up, she closed Firefox, quickly. It was already too late. She’d been infected. This could have happened to anyone running WinXP, including you and I.

I did get the same email, but knew it was spam. All of us make hundreds of security-related decisions daily and just 1 bad choice is the difference between being infected or not.

The Previous Setup

She was running WinXP SP3 on a P4 with 1GB of RAM, not exactly powerful. For the last 5+ years, I’ve had her on Firefox with AdBlock and NoScript. NoScript was disabled last spring, which I re-enabled, but it may have become disabled again. She uses Thunderbird for email to avoid MS-Outlook attacks AND bloat. Last spring, I switched her off NortonAV onto MSE – Microsoft Security Essentials. Microsoft updates for the OS and AV are automatic. She knows to allow Thunderbird and Firefox updates when prompted. Most plugins are disabled, like Flash and PDF. She does not have Acrobat loaded on the machine at all due to my security concerns. I’ll check if NoScript is disabled again, but there really isn’t much I can do.

IE is setup with almost all highly restrictive settings. Only a few websites are in the trusted list with all others set to the highest security levels. Basically, nothing works in IE.

The New Setup

So I’m planning a new solution since being cautious didn’t work. She has a few MS-Windows-only programs that I’ll try to get working under WINE, but I probably will not try too hard. If they fail to run, a Windows virtual Machine will be created with just those 2 programs and nothing else. She doesn’t have any special hardware or USB devices that are Windows specific. Another article here goes into the other considerations for a normal user switching to Linux.

By default she’ll boot into Linux, probably LUbuntu, with a custom interface with the 5 programs that she uses big and on top. I’ll be able to remotely manage the machine, just like I manage all my other machines here. Adding 1 more machine to my maintenance list won’t be a big deal.

VirtualBox will be installed and WinXP will be placed into a VM with the 2 programs.

Steps:

  1. Save critical files and settings for the next install. Esp email, favorites, bookmarks, WindowsXP Key for reinstall, drivers
  2. Install more DDR RAM
  3. Repartition the current HDD for Linux, Data and Swap – keep the OS separate from user data
  4. Install Linux x32 (Lubuntu)
  5. Setup remote access
    • dyndns.org account
    • setup automatic updates using ddclient
    • verify remote access from my remote systems a few states away using ssh-keys
      • Open a high port for ssh
      • exchange ssh-keys
      • Verify ssh -X works
  6. attempt to get Quicken working under WINE
  7. attempt to get Toolkit working under WINE
  8. if either Windows program doesn’t work, install VirtualBox, then install them inside the VM
  9. Setup automatic patches .. weekly.
  10. Setup sudoers for me
  11. Setup fail2ban
  12. Setup logwatch
  13. Setup postfix for email delivery + aliases
  14. Setup daily backups for crontabs, software package lists and hardware settings to $HOME
  15. Create a new user account – put her and I into the same group
  16. Setup FireFox and favorite plugins
  17. Setup Thunderbird with email settings
  18. Setup Skype, PDF Viewer, OpenOffice, sshfs, K3b DVD Burner, KeePassX
  19. Setup backups with SBackup and/or rdiff-backup; probably setup remote backups of critical user data to my remote servers too.
  20. Setup daily flash object removal and other junk removal tasks.
  21. Setup the printer
  22. Provide training; It really shouldn’t be important since all the programs she uses today will be there and work about the same.
  23. Setup a guest account for visitors with FireFox; Not in a group that we like.

Verify

  1. Bookmarks, favorites, other browser settings – esp netflix
  2. Youtube, banking sites and all websites in the favorites work.
  3. Email works; address book, old emails, layout has been migrated.
  4. Sound, common video files and common audio files work.
  5. PDF, DOC, DOCX, PPT, XLS files all work as expected.
  6. Quicken and Toolkit work .. in WINE or inside a VM as needed
  7. Printing!
  8. Burning DVDs works
  9. Owner understands patching, backups and other maintenance can happen behind the scenes, but the system needs to be on and connected to the internet.

All of this needs to happen in just a few hours of effort, so practice before the visit is critical. Having the current ISO on DVD for the hostOS with me. I do have a few older machines here, but don’t think any of them are ready to boot, so pre-testing may not be possible on real hardware.

Trackbacks

Use the following link to trackback from your own site:
https://blog.jdpfu.com/trackbacks?article_id=863

  1. Robert 11/15/2010 at 10:45

    If you get Netflix running in Lubuntu please post how. I’ve tried everything and have had no success.

  2. JD 11/15/2010 at 12:57

    I don’t use Netflix, but I understand it is based on Microsoft’s Silverlight technology. That tech is DRM enhanced and any non-commercial port to Linux will fail. Basically, until Microsoft provides a port/solution, you are out of luck.

    At this point, the only solution I can recommend is the $120 WD Live TV HD Plus device. I own the non-Plus version and it works fairly well. The Plus uses a different CPU/DSP which supports Netflix.

    Or you can nag Netflix into converting from Silverlight to some technology that is more open and compatible with non-proprietary platforms.

  3. JD 11/16/2010 at 10:09

    Having a guided install can be helpful to some – Perfect Desktop Ubuntu 10.04

  4. Paulius 11/17/2010 at 18:39

    why Quicken and not mint.com?

  5. JD 11/18/2010 at 01:31

    Mint is a good option for many people, but others simply are not comfortable having their financial information stored online with a 3rd party company. For example, ME. I don’t upload any Quicken data to their servers either.

    Quicken has features that Mint does not – specifically related to Investment tracking.
    Quicken has been used for 20+ yrs and she doesn’t want to change now. I don’t want to change either.

    Still, Mint is an option that the younger people may be comfortable using.

  6. JD 12/02/2010 at 09:05

    Here are my Quicken 2011 Install instructions. It works.