Saturday, 26 November 2011

Beware Free Software: You Might Get More Than You Bargained For

I've been preparing a lab for our Level 3 students studying Computer & Network Security.  To make the whole exercise more interesting I've been looking for a free packet sniffer that we can use to demonstrate how easy it is to capture network traffic and analyse what unwitting users are telling you about themselves.  I was interested, therefore, to see in a well known security newsletter that there was a completely free packet capture and analysis tool.  Worth a look I thought.  Afterall, free software is just what we need as an impoverished  University.

My suspicions were aroused by the fact that the URL given was a "ru" domain but surely I could be sure that this software was safe as it had been listed by a journal known by those in cyber security as quite reputable.  Well, being an old cynic I just had to double check.  Sure enough I popped the URL into McAfee Site Advisor ( and a flurry of red crosses resulted.  The network sniffer contained a trojan (BackDoor-AZN trojan,Artemis).  So maybe being an old cynic isn't so bad after all. 

This set me to thinking.  This is actually one of the oldest tricks in the book.  However, this time it looks like it might be an attempt by hackers to use the very people attempting to thwart them to introduce malware to the networks they are meant to be protecting.  Maybe you really do get what you pay for.

So, as I say in my lectures, old cynic that I am, you should always practice your ABC:

A - Assume nothing
B - Believe noone
C - Check everything

If you are looking for a good packet analyser I suggest Colasoft's Capsa 7 or Capsa WiFi.  One is free, but cut down from the full version, and the second is time limited.  And yes I did check these before downloading  even though it was a proper commercial site,  and all I saw were green ticks.  Better safe than sorry.