Last week, Brian Krebs of the Washington Post blogged
here advising business owners to perform online banking using a live CD. This excellent advice (IMHO) created quite a stir over the last week.
Essentially, banking on a live CD prevents you from becoming susceptible to Windows viruses, while at the same time loading a fresh, non-compromised OS each time. This can almost guarantee that you online banking sessions will be secure - so long as you go directly to the bank site and don't click on a dangerous links in delivered via email, etc. It's also a
no-cost option which is great for SMBs.
Mr. Krebs took the time to respond to some of the publicity surrounding his article with a
follow up earlier today. He responds to some reader suggestions like using limited user accounts, and dedicated computers for online banking. These practices are well-recommended but don't necessarily work against the most popular banking trojans today - Zeus and Clampi.
As noted by Krebs, "a number of today's more advanced threats - including the
Zeus Trojan, a sophisticated family of
malware most commonly associated with these attacks against small businesses -- will just as happily run on a limited user account as an administrator account in Windows." He also noted that Clampi can easily propogate over a Windows network.
What I found most interesting was the discussion about the Genlabs breach which netted criminals $437,000 dollars. This was done using the Zeus (Zbot) family of malware and the forensic report done after the fact highlighted a major problem with Windows based anti-virus scanning.
"Using a Windows-based scanning tool, the drive showed no infections. However, several directory trees and files could not be accessed indicating that the tools were not able to complete a 100% analysis.
...
We built a Linux-based system to repeat selected scans and analysis on the theory that Linux would bypass possible Windows-based protocols to protect and/or hide files."
The compromised system contained two variants of the Zeus trojan, the trojan that just cost them $473,000 dollars!!!
However, this got me thinking about something I hadn't ever done before. Why not boot into Ubuntu (which I currently dual-boot, any other OS besides Windows would work) and run scans from there?
Testing this was incredibly easy. First, I went to the
Avast! website and downloaded the newest .deb package from the
Linux download page. After installing it was as simple as picking out my Windows partitions, which are easily accessible in Ubuntu, and running scans on them.
Luckily, nothing was infected.
This type of scan could also easily be run from a Live CD to check for any type of bot, virus or infection.
For those of you that have read this far, apologies for the long winded article. I had wanted to comment on the use of a live CD last week and ever got a chance until now. This cheap and quick alternative could certainly save a number of small and medium size companies from huge losses at the hands of criminals.
