Protecting yourself against Gootkit
What this means is that Gootkit can strike you in a couple of different ways, either by infecting your PC or attacking your website. The mitigations for both attacks are quite different but I want to talk to you about protecting your users' PCs against Gootkit:
- Donít install Ė or even run Ė anything from an untrusted source. This includes directly off websites, files received by email and especially USB sticks you find lying around in the car park!
- If files or links are sent from a trustworthy source but appear out of character, validate their authenticity with the sender before doing anything with them. If it's unusual, you probably want to approach it with caution.
- Always run a virus checker and always keep the definitions up to date. You can do this for free on Windows with Microsoft Security Essentials or Avast! or AVG, or you can pay for the likes of McAfee, Norton, Kaspersky, etc.
- Use a firewall. This may consist of features built into the tools above, the native Windows Firewall, the firewall features of your router, or a combination of each. The point is that you donít want traffic coming in or going out over any old port or protocol.
- Backup, Backup, Backup! Do them frequently and preferably do them offsite with a service that can also version the files so you can roll back if your valuable docs get corrupted. We recommend using the offsite storage solution provided by AAHPC. Please read our policy here regarding your responsibilities towards your data held on our servers.
Protecting your website against Gootkit. This should (hopefully) go without saying, but weak passwords and / or poor storage mechanisms for them leaves you very vulnerable. If your PC does become infected itís not going to be a hard task to locate plain text passwords on the file system and have them extracted and sent off to the botnet controller.
Use a good password manager and ensure your passwords aren't memorable. But of course this isn't fool proof Ė key loggers combined with the ability to retrieve the keychain can upset the applecart very quickly but itís a lot better than storing them in a Word doc or Outlook notes.
This last point should also go without saying, but clearly the very first thing you want to do if your website is compromised is change any passwords related to the site as an absolute matter of priority. Donít even bother to start fixing things if that door is still open. We have changed the passwords to all of the website FTP accounts known to have been compromised and to some that we suspect may have been.
We recommend you check your FTP accounts and if you find you no longer have access, contact us below for your new password, including a mobile phone number which we can use to SMS you the new password. Please note, we will not email you the new password.
We all have our part to play in securing our data against Internet attacks. Please take the matter of security seriously to ensure that the next account to be hacked isn't yours.