Spyware
and
Virus
Information
plus
Latest
Threats
|
|
 Virus, Spyware and Browser Parasite Removal is One of Our Many
Specialties
|
Spyware Threat
- BEWARE! |
|
Ultimate
Defender
Overview:
Ultimate Defender is closely related to a variety of other
rogue security products that use an elaborately
deceptive scheme to get money from infected users.
The scheme goes something like this: First, a Trojan
gets installed through a security exploit that then
downloads a variety of SpyWare and AdAware. Second,
the payload usually consists of software that makes
alarmist claims about the integrity of the user's
computer system by using techniques like hijacking
the user's desktop with warnings of 'infection', or
opening security balloons from the taskbar
resembling Windows Security warnings. Third, after
thoroughly scaring a user into believing their
system has a variety of security problems, the
scheme offers to sell a security product that will
ail the user's ills, for a price. Fourth, after the
user pays up, the scheme will either undo the
problems it created or offer no fix at all.
|
|
|
|
 PC-Helpers
Can Safely and Correctly Remove ALL of the Above Viruses
|
|
Top
BACK To Home Page
|
|
|
What
is a ‘Virus’?
*
A
computer virus can seriously damage or completely
destroy files or software on a computer. The result
is that files may be lost permanently,
programs may not function correctly or the overall
performance of a computer may be slowed down.
*
The
process involved in repairing the damage can be time
consuming and expensive.
*
The damage caused by computer viruses varies from
poor computer performance to erasing the hard drive.
•
A computer virus is a program or piece of code that
operates by attaching itself to some other program
or downloaded file. When this program starts, the
virus code unintentionally runs, replicates itself
and infects other programs or documents on the PC. A
computer virus spreads mainly via e-mail
attachments, downloadable files from the Internet or
floppy disks. Virus infection can be prevented by
installing (and maintaining) anti-virus software,
among other strategies, some of which are outlined
in this advice sheet.
How Does a Virus
Work?
• Direct Action –
the virus is activated immediately, frequently
relying on other programs to infect and carry out
specific behavior encoded by the author of the
virus.
• Memory Resident –
the virus is loaded into the computer’s memory and
is activated by a triggering event. A triggering
event can be either a date or a certain combination
of keystrokes.
Types
of Viruses:
• Boot Sector Infectors –
These viruses infect the boot
sector on
floppy disks and hard drives. The boot sector is a
small program that initializes the operating system.
By placing its virus code in the boot sector, a
virus is guaranteed to be executed. It can load
itself into the memory immediately and it is able to
run whenever the computer is on, infecting the
entire system. Boot sector infectors are spread
through infected bootable floppy disks and can
damage the entire computer system from the moment
the computer is switched on.
• Macro Viruses –
These viruses function by relying on the built-in
(internal) programming languages used in popular
applications, such as Microsoft Word and Excel,
which allow users to create macros. Macros are very
simple programs that automate tasks. Virus writers
have created macros that, when opened unknowingly,
replicate themselves and spread into other
documents. These can subsequently be spread via
e-mail attachments and floppy disks.
• File Infectors –
These viruses function by modifying specific program
files, such as .EXE or .COM files (the file that
starts Microsoft Word, for example, is Word.exe).
When the program runs, the virus executes by loading
itself into the memory and later infects and
corrupts other files. These viruses are usually
spread via infected floppy disks, over networks or
the Internet.
Preventing Virus
Infection:
• Install
and regularly update anti-virus software. This, in
conjunction with good housekeeping, can greatly
reduce the threat caused by computer viruses.
• All floppy disks should remain within the
confines of the computer room. It is not advisable
to bring them home or return with them. However, if this occurs they should be
scanned immediately using anti-virus software.
Floppies should also be write-protected.
• Files should be saved to a designated hard drive
where incoming files can be scanned automatically by
anti-virus software.
• When the sender of an e-mail is not known to the
recipient, avoid clicking on attachments containing
an executable file.
• Creating back-ups of files won’t directly
prevent virus infection, but it may speed up the
recovery process in the event of a virus erasing or
damaging files.
* A
computer virus can seriously damage or completely
destroy files or software on a computer. The result
is that files may be lost permanently,
programs may not function correctly or the overall
performance of a computer may be slowed down.
*
The
process involved in repairing the damage can be time
consuming and expensive.
*
The damage caused by computer viruses varies from
poor computer performance to erasing the hard drive.
Back
to Top
BACK
To Home Page
|
|
|
Ways Hackers Breach Security |
|
Introduction: |
|
Hacking,
cracking, and cyber crimes are hot topics these days
and will continue to be for the foreseeable future. |
|
However,
there are steps you can take to reduce your
organization's threat level. The first step is to
understand |
|
what
risks, threats, and vulnerabilities currently exist
in your environment. The second step is to learn as
much |
|
as
possible about the problems so you can formulate a
solid response. The third step is to intelligently
deploy |
|
your
selected countermeasures and safeguards to erect
protections around your most mission-critical
assets. The |
|
following
discusses ten common methods hackers use to breach
your existing security. |
|
Stealing Passwords: |
|
Security
experts have been discussing the problems with
password security for years. But it seems that few |
|
have
listened and taken action to resolve those problems.
If your IT environment controls authentication using |
|
passwords
only, it is at greater risk for intrusion and
hacking attacks than those that use some form of
multi- |
|
factor
authentication. |
|
The
problem lies with the ever-increasing abilities of
computers to process larger amounts of data in a
smaller |
|
amount
of time. A password is just a string of characters,
typically only keyboard characters, which a person |
|
must
remember and type into a computer terminal when
required. Unfortunately, passwords that are too com- |
|
plex
for a person to remember easily can be discovered by
a cracking tool in a frighteningly short period of |
|
time.
Dictionary attacks, brute force attacks, and hybrid
attacks are all various methods used to guess or
crack |
|
passwords.
The only real protection against such threats is to
make very long passwords or use multiple factors |
|
for
authentication. Unfortunately, requiring ever longer
passwords causes a reversing of security due to the |
|
human
factor. People simply are not equipped to remember
numerous long strings of chaotic characters. |
|
But
even with reasonably long passwords that people can
remember, such as 12 to 16 characters, there are |
|
still
other problems facing password-only authentication
systems. These include: |
|
•
People who use the same password on multiple
accounts, especially when some of those accounts are |
|
on
public Internet sites with little to no security. |
|
•
People who write their passwords down and store them
in obvious places. Writing down passwords is |
|
often
encouraged by the need to frequently change
passwords. |
|
•
The continued use of insecure protocols that
transfer passwords in clear text, such as those used
for |
|
Web
surfing, e-mail, chat, file transfer, etc. |
|
•
The threat of software and hardware keystroke
loggers. |
|
•
The problem of shoulder surfing or video surveillance. |
|
Trojan Horses:
|
| A
Trojan horse is a continuing threat to all
forms of IT communication. Basically, a Trojan
horse is a malicious |
| payload
surreptitiously delivered inside a benign
host. You are sure to have heard of some of
the famous |
| Trojan
horse malicious payloads such as Back Orifice,
NetBus, and SubSeven. But the real threat of
Trojan hors- |
| es
is not the malicious payloads you know about,
its ones you don't. A Trojan horse can be
built or crafted by |
| anyone
with basic computer skills. Any malicious
payload can be combined with any benign
software to create |
| a
Trojan horse. There are countless ways of
crafting and authoring tools designed to do
just that. Thus, the real |
| threat
of Trojan horse attack is the unknown. |
| The
malicious payload of a Trojan horse can be
anything. This includes programs that destroy
hard drives, cor- |
| rupt
files, record keystrokes, monitor network
traffic, track Web usage, duplicate e-mails,
allow remote control |
| and
remote access, transmit data files to others,
launch attacks against other targets, plant
proxy servers, host |
| file
sharing services, and more. Payloads can be
grabbed off the Internet or can be just
written code authored |
| by
the hacker. Then, this payload can be embedded
into any benign software to create the Trojan
horse. |
| Common
hosts include games, screensavers, greeting
card systems, admin utilities, archive
formats, and even |
| documents. |
| All
a Trojan horse attack needs to be successful
is a single user to execute the host program.
Once that is |
| accomplished,
the malicious payload is automatically
launched as well, usually without any symptoms
of |
| unwanted
activity. A Trojan horse could be delivered
via e-mail as an attachment, it could be
presented on a |
| Web
site as a download, or it could be placed on a
removable media (memory card, CD/DVD, USB
stick, floppy, |
| etc.).
In any case, your protections are automated
malicious code detection tools, such as modern
anti-virus |
| protections
and other specific forms of malware scanners,
and user education. |
|
|
|
|
Back
to Top
BACK
To Home Page
|
|
Listed below are a few ways you can be
get infected:
- By Downloading Music
- Sharing photos
- Free programs that you install
- Email attachments sent to you
- Chat rooms where you can exchange
files
- Clicking on Pop-up ads
- Browsing Websites
- Adult-related web sites
You may experience any one or more of
the following symptoms if your system is infected with SpyWare:
- When you start your computer, or
when your computer has been idle for many minutes, your Internet
browser opens to display Web site advertisements.
- When you use your browser to view
Web sites, other instances of your browser open to display Web
site advertisements.
- Your Web browser's home page
unexpectedly changes.
- Web pages are unexpectedly added to
your Favorites folder.
- New toolbars are unexpectedly added
to your Web browser.
- You cannot start a program.
- When you click a link in a program,
the link does not work.
- Your Web browser suddenly closes or
stops responding.
- It takes a much longer time to start
or to resume your computer.
- Components of Windows or other
programs no longer work.
What is Malware?
In the past, the classic virus
which attached itself to other programs was the only major concern. In
today's Internet environment, a new kind of menace which is especially
made for attacks on the Internet are much more dangerous. Every
computer on the web is vulnerable. Two categories of harmful code have
become more important in the last two years: Worms and Trojan Horses.
Such harmful tools are called Malware. The term was created by a
combination of "malicious" and "software
".
|
Back
to Top BACK To Home Page
|
What are
Hijackers?
‘Browser Hijackers’ are programs that
attempt to alter homepage, searchpage and/or other browser
settings. Some also install additional files that change these
settings back on every restart (if you should try to revert to
your old settings). Browser Hijackers may be installed by
ActiveX controls on webpages.
|
|
Back
to Top BACK To Home Page
|
What is a BHO?
Browser Helper Object: (BHO).
A component that Internet Explorer will load whenever it
starts, shares IE's memory context, can perform any action on
the available windows and modules. A BHO can detect events,
create windows to display additional information on a viewed
page, monitor messages and actions. Microsoft calls it "a
spy we send to infiltrate the browser's land." BHOs are
not stopped by personal firewalls, because they are seen by
the firewall as your browser itself. Some exploits of this
technology search all pages you view in IE and replace banner
advertisements with other ads. Some monitor and report on your
actions. Some change your home page.
|
|
Back
to Top BACK To Home Page
|
What is a
Downloader?
Downloader: A program
designed to retrieve and install additional files, when run.
Most will be configured to retrieve from a designated web or
FTP site.
|
|
Back
to Top BACK To Home Page
|
What is an
Error Hijacker?
Error Hijacker: Any software
that resets your browser's settings to display a new error
page when a requested URL is not found. Hijacks may reroute
your info and address requests through an unseen site,
capturing that info. In such hijacks, your browser may behave
normally, but be slower.
|
|
Back
to Top BACK To Home Page
|
What is a Toolbar?
Toolbar: A group of buttons
which perform common tasks. A toolbar for Internet Explorer is
normally located below the menu bar at the top of the form.
Toolbars may be created by Browser Helper Objects.
|
|
Back
to Top BACK To Home Page
|
What is a Dialer?
Dialer: Software that dials
a phone number. Some dialers connect to local Internet Service
Providers and are beneficial as configured. Others connect to
expensive toll numbers, (such as pornography web sites),
without user awareness and/or permission.
|
|
Back
to Top BACK To Home Page
|
What is Phishing?
Phishing:
Unsolicited email that looks like it's from a trusted
institution — but in reality is an attempt to lure people
into providing personal or sensitive account information on
phony web sites. The information collected is later used to
commit fraud.
|
|
Back
to Top BACK To Home Page
|
What is a PopUnder?
PopUnder: An ad that spawns
a new browser window in the background. Mostly loathed by web
surfers.
|
|
Back
to Top BACK To Home Page
|
What are
Parasites?
‘Parasite’ is a shorthand term for
“unsolicited commercial software” — that is, a program that gets
installed on your computer which you never asked for, and which does
something you probably don’t want it to, for someone else’s
profit.
The parasite problem has grown
enormously recently, and many millions of computers are affected.
Unsolicited commercial software can typically:
- plague you with unwanted advertising
(‘adware’);
- watch everything you do on-line and
send information back to marketing companies (‘SpyWare’);
- add advertising links to web pages,
for which the author does not get paid, and redirect the payments
from affiliate-fee schemes to the makers of the software (such
software is sometimes called ‘scumware’);
- set browser home page and search
settings to point to the makers’ sites (generally loaded with
advertising), and prevent you changing it back (‘homepage
hijackers’);
- make your modem (analogue or ISDN)
call premium-rate phone numbers (‘dialers’);
- leave security holes allowing the
makers of the software — or, in particularly bad cases, anyone
at all — to download and run software on your machine;
- degrade system performance and cause
errors thanks to being badly-written;
- provide no uninstall feature, and
put its code in unexpected and hidden places to make it difficult
to remove.
All the parasites we currently know
about are only compatible with Windows, and some only affect the
Internet Explorer browser. The script on this site — when it is run
in IE for Windows — can detect many of them. But not all, for
tedious technical reasons.
Where do they come from?
There are three major ways unsolicited
commercial software can make its way on to your machine:
-
Some freeware programs are
‘bundled’ with parasites, which are installed at the same
time. The P2P file-sharing programs are notorious for this.
-
Many parasites load using Internet
Explorer’s ActiveX installation option.
-
Some of the really sleazy
parasites, particularly homepage-hijackers and dialers, execute
by exploiting security holes in Internet Explorer, ways of getting
code to run that are not supposed to be possible, but are due to
mistakes in the browser code.
Why doesn’t my anti-virus software
detect this?
Technically, most unsolicited
commercial software isn’t viral: it doesn’t spread from computer
to computer, it just installs and runs on one system.
That doesn’t mean it’s not harmful,
but anti-virus software does not attempt to detect all software that
could be harmful. Whether it should is a tricky argument that
ends up a question of where you draw the line.
To explain what
SpyWare is, we'll first explain what AdAware is. AdAware is
'freeware', whereby ads are embedded in the program. These ads will
show up when you open the program. Most AdAware authors provide the
free version with ads and a registered version whereby the ads are
disabled. As such, you the user have the choice, you either use the
freeware with ads served or you purchase the registered version.
Spyware, however, is
published as 'freeware' or as 'AdAware', but the fact that an analysis
and tracking program (which reports your activities to the advertising
providers' web site for storage and analysis, the 'SpyWare' agent) is
also installed on your system when you install this so-called
'freeware', is usually not mentioned. Even though the name may
indicate so, SpyWare is not an illegal type of software in any way.
But what the AdAware and SpyWare providers do with the collected
information and what they're going to 'feed' you with, is beyond your
control.
Hardware
SpyWare
Nowadays SpyWare can
even be found accompanying hardware you buy and install in your
system. Yes, the software you install with hardware purchased from
certain manufacturers (some even well-known) may include SpyWare
agents.
Spyware
categories
- AdAware
networks
The backbones for big
time SpyWare are ad-serving networks that pay publishers of games,
utilities and music/video players per download, to include their
ad serving programs. Ad serving networks are DoubleClick, Web3000,
Radiate, SaveNow, GAIN, etc.,
- Stalking horses
A number of programs
that enable the adware networks to function on desktops are
bundled in many popular programs and often (not always!) presented
in installation disclosure screens as desirable add-ons to their
Trojan horse hosts. All collect information. Included in TopText,
Cydoor, OnFlow, Medialoads, Delfin, WebHancer, New.net,
etc.,.
- Trojan horses
These popular Internet
downloads usually come with the ad serving network basic software
and at least one stalking horse. Included in KaZaa, Grokster,
Morpheus, Limewire, AudioGalaxy, iMesh, DivX.
- Backdoor Santas
Stand-alone programs
that incorporate similar approaches have no links to ad serving
networks and collect information from users. Included in Alexa,
Hotbar, Comet Cursor, eWallet, CuteFTP, BonziBuddy.
- Cookies
Netscape Navigator and
Internet Explorer will still send out existing cookies even after
disabling cookies in the browser settings. You must manually
delete any/all cookie files on your system to eliminate being
tracked by third-party ad networks or SpyWare or adware providers.
Spyware threats
Spyware threats come
in different flavors. The SpyWare agent can be malware (modifies
system settings, and can perform undesirable tasks on your system),
hijacker (redirects your browser to web sites), dialer (dials a
service, most likely porn sites, for which you are billed!), Trojan
horse (is attached to a program, and performs undesirable tasks on
your system), collectware (collects information about you and your
surfing habits).
In addition to doing
a detailed check of your browser history, SpyWare can install DLLs and
other executables files, send continuous data to the parent, leave a
backdoor open for hackers to intercept your personal data or enter
your computer, can install other programs directly on to your computer
without your knowledge, can send/receive cookies to other SpyWare
programs and invite them into your computer (even if you have cookies
disabled), and they can add Trojan horses to your system. Most SpyWare
and AdAware programs are independent executable files, which take on
the authorization abilities of the victim. They include auto install
and auto update capabilities and can report on any attempts to remove
or modify them.
Spyware programs can reset your auto signature,
disable or bypass your uninstall features, monitor your keystrokes,
scan files on your drive, access your applications, change homepages
in addition to displaying advertising content online or offline. They
can read, write and delete files and even reformat your hard drive and
they do this while sending a steady stream of information back to the
advertising and marketing companies. The majority of these programs
once installed cannot easily be deleted from your system by normal
methods and often leave components behind to continue to monitor your
behavior and reinstall themselves.
** In addition to being included
with software products many SpyWare programs
can get installed on your computer while you surf the Internet!
Alexa |
Aureate/Radiate | BargainBuddy | ClickTillUWin | Conducent Timesink |
Cydoor | Comet Cursor | eZula/KaZaa Toptext | Flashpoint/Flashtrack |
Flyswat | Gator | GoHip | Hotbar | ISTbar | Lions Pride
Enterprises/Blazing Logic/Trek Blue | Lop (C2Media) | Mattel Brodcast
| Morpheus | NewDotNet | Realplayer | Songspy | Web3000 | WebHancer |
Windows Messenger Service | WebSearch | SpySheriff | SpyAxe | WinFixer
2005 | and MANY more!
|
|
|
|
|
|
|
"Your Door-to-Door Technology Doctors
Since
1996
- We Come to
YOU"
|
| Home
| Feedback |
Help | Rewards
| Monitors | Contact
Us | Support |
|
"PC-Helpers
Computer Services, Inc. Providing Affordable Solutions Since 1996"
A+®
Authorized Service Center
Corporate
Member
Copyright ©
1996-2008 PC-Helpers Computer Services, Inc. All rights reserved.
|
|
|
