Anti-Spyware and PC Security News

Adware, spyware and computer virus share some similarities, one of which is that all three are major nuisances for computer users. Let’s differentiate the three.

Spyware is software that does not intentionally harm your computer. What they do is that they create pathways wherein someone else aside from the computer owner can communicate with the computer. Normally spywares record the various types of web sites you visit which are later used by web advertisers to allow them to send you unwanted emails and pop-ups.

This is why spyware are usually frowned upon and greatly avoided. They are more intrusive than adware. Spyware have their own separate executable programs which allow them to record your keystrokes, scan files on your hard disks and look at other applications that you use including but not limited to chat programs, cookies and Web browser settings.

The spyware then will send the information that it had gathered to the spyware author. The agent will then use this information for advertising and marketing purposes. They even sell the information to advertisers and other parties.

Adware, on the other hand, are more legitimate form of freeware. Similar to spyware, adwares are advertising materials which are packaged into a software or program and are installed automatically once that particular program or software is added into the computer system. Some forms of adware, on the other hand, download advertising contents as a particular application is being utilized. It is quite unfortunate that most of the adware programs take the form of spywares that is they track and report user information to program authors.

Some signs of spyware infections include pop-up ads that seem to be not related to the site you are viewing. More often than not, spyware pop-ups are advertisements about adult contents. Also if you notice your computer slowing down, there’s a big chance that spywares and its other components have found their way in your operating system. When the Windows desktop also takes a longer time to load, its best to scan your computer for possible spyware infections.

Meanwhile, viruses are destructive form of software. They were purely designed and created for one purpose alone: to wreck havoc to your computer. They destroy whatever they come in contact to and will initiate self replication and infect as many components of the computer’s operating system or network as possible.

Nowadays, a lot of anti-virus software also provides spyware and adware scanning and removal utilities. Some programs, however, are focused on located and deleting or destroying spyware and adware programs. Whether is an anti-virus software or a anti-spyware dedicated scanner, they both search your computer and identify any spyware and virus installed on your system.

They then remove it as well as their components located in the system registry among other places in your computer. It is therefore, good to regularly update your virus or spyware scanner to ensure that your computer is protected from the thousands of spyware and viruses in the internet. Never be fooled from ads that claim that their products only contain adware.

These adware maybe spyware in disguised and are just waiting to be deployed for them to gather your information. Learn to setup firewall systems and always block pop-up blockers to minimize computer infection and ensure the security of all your computer files.

Bookmark to:

The FBI and its partner, the Internet Crime Complaint Center (IC3), have received reports of recent spam e-mails spreading the Storm Worm malicious software, known as malware. These e-mails, which contain the phrase “F.B.I. vs. facebook,” direct e-mail recipients to click on a link to view an article about the FBI and Facebook, a popular social networking website. The Storm Worm virus has also been spread in the past in e-mails advertising a holiday e-card link. Clicking on the link downloads malware onto the Internet connected device, causing it to become infected with the virus and part of the Storm Worm botnet.

A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unsuspecting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.

“The spammers spreading this virus are preying on Internet users and making their computers an unwitting part of criminal botnet activity. We urge citizens to help prevent the spread of botnets by becoming web-savvy. Following some simple computer security practices will reduce the risk that their computers will be compromised,” said Special Agent Richard Kolko, Chief, FBI National Press Office.

Everyone should consider the following:

* Do not respond to unsolicited (spam) e-mail.
* Be skeptical of individuals representing themselves as officials soliciting personal information via e-mail.
* Do not click on links contained within an unsolicited e-mail.
* Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
* Validate the legitimacy of the organization by directly accessing the organization’s website rather than following an alleged link to the site.
* Do not provide personal or financial information to anyone who solicits information.

To receive the latest information about cyber scams, please go to the FBI website and sign up for e-mail alerts by clicking on one of the red envelopes. If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.ic3.gov. For more information on e-scams, please visit the FBI’s New E-Scams and Warnings webpage.

Bookmark to:

Cybercrime gangs enlist the help of Blogspot, Facebook and Angelina Jolie in first half of 2008.

IT security and control firm Sophos has published new research into the first six months of cybercrime in 2008. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are increasingly using creative new techniques in their attempt to make money out of internet users.

* Website infection rate three times faster than 2007
* Business websites attacked, office workers at risk, Web 2.0 introduces new threats
* Nicole and Angelina bring danger via email

It is estimated that the total number of unique malware samples in existence now exceeds 11 million, with Sophos currently receiving approximately 20,000 new samples of suspicious software every single day - one every four seconds.

The firm’s report reveals that most attacks are now designed to try and out-fox traditional security systems such as email-scanning.
Website infection rate three times faster than 2007

The first half of 2008 has seen an explosion in threats spread via the web, the preferred vector of attack for financially-motivated cybercriminals. On average, Sophos detects 16,173 malicious webpages every day - or one every five seconds. This is three times faster than the rate seen during 2007.

Over 90 per cent of the webpages that are spreading Trojan horses and spyware are legitimate websites (some belonging to household brands and Fortune 500 companies) that have been hacked through SQL injection.

SQL injection attacks exploit security vulnerabilities and insert malicious code into the database running a website. Companies whose websites have been struck by such an attack often clean-up their database, only to be infected again a few hours later. Users who visit the affected websites risk having their computer taken over by hackers, and their personal banking information stolen by identity thieves.

Sophos has identified that the number one host for malware on the web is Blogger (Blogspot.com), which allows computer users to make their own websites easily at no charge. Hackers both set up malicious blogs on the service, and inject dangerous web links and content into innocent blogs in the form of comments. Blogspot.com accounts for 2 percent of all of the world’s malware hosted on the web.

Business websites attacked, office workers at risk, Web 2.0 introduces new threats

Thousand of webpages belonging to Fortune 500 companies, government agencies and schools have been infected, putting visiting surfers at risk of infection and identity theft. High profile entertainment websites such as those belonging to Sony PlayStation, Euro 2008 ticket sales companies, and UK broadcaster ITV are amongst the many to have suffered from the problem.

Sophos experts note that with the continuing popularity of Web 2.0 social networking sites, including Facebook and LinkedIn, among business users, cybercriminals who have already gained access to user profiles, may begin to use these as corporate directories, noting new employees and launching spear-phishing attacks specifically aimed at stealing information from new and unsuspecting members of staff.

To guard against this risk, all organizations should ensure employees are fully educated about the dangers of posting too much information on these sites, and of accepting unsolicited friend requests.

“Businesses need to bite the bullet and take better care of securing their computers, networks and websites. They not only risking having their networks broken into, but are also putting their customers in peril by passing on infections,” said Graham Cluley, senior technology consultant at Sophos. “But office workers must realise it’s not just the business fat cats who need to worry about this. Visiting an infected website from your work PC, or sharing too much personal or corporate information on sites like Facebook, could lead to you being the criminal’s route into your company.”

Although most attacks are now taking place via infected websites, email continues to present a danger. It is common for cybercriminals to spam out links to compromised websites, often using a subject line and message to tempt computer users into clicking through the promise of a breaking news story or a lewd topic.

Attacks via email file attachments, however, have reduced in 2008. Only one in every 2,500 emails examined in the first six months of 2008 was found to contain a malicious attachment, compared to one in 332 in the same period of 2007.

Malware which disguises itself as naked photos of Angelina Jolie or Nicole Kidman dominates the chart of top malware spreading via email attachment.

The Pushdo Trojan dominated the chart of most widespread malware spreading via email, accounting for 31 percent of all reports. Pushdo has been spammed out during the year with a variety of disguises. Some for example, have claimed to contain nude photographs of Hollywood stars Nicole Kidman and Angelina Jolie.

Bookmark to:

By Emil Protalinski

Cybercrime is evolving. The lone hacker who steals and resells credit card numbers is being replaced by a well-structured business model. The game is no longer simply about hacking for fame, but rather about creating a business where you have frequent customers who buy your stolen product. The latest research report from web security company Finjan gives a peek at what exactly is going on.

The company’s second quarter 2008 report is based on data from its Malicious Code Research Center (MCRC), which specializes in the detection of dangerous vulnerabilities that could be exploited for malicious attacks. According to Finjan, “cybercrime activities on [the] Internet are booming as never before.” The company’s employees, masked as potential customers, did some digging while talking to cymbercrime affiliates, and their research showed how the market for pilfered data has evolved over the past couple of years.

In 2006, vulnerabilities were being sold online to the highest bidder. Last year, software packages that provided various ways of attacking websites and stealing valuable data were sold by professional hackers. These toolkits started to contain multiple exploits for new vulnerabilities and became more sophisticated, including update mechanisms for new software flaws and Trojans that adapt to the country of the victim. By the first quarter of this year, criminals began to log into their “data supplier” and could download any information need for their illegal activities.

Now, Finjan claims the situation has gotten even worse. Cybercrime companies that work much like real-world companies are starting to appear and are steadily growing, thanks to the profits they turn. Forget individual hackers or groups of hackers with common goals. Hierarchical cybercrime organizations where each cybercriminal has his or her own role and reward system is what you and your company should be worried about. Targeted attacks against financial institutions, enterprises, and governmental agencies, coupled with excellent management of stolen data, makes these “businesses” highly successful, and makes any organization using the Internet vulnerable.

Finjan describes the employee structure that these cybercrime companies employ as being similar to the Mafia. In both cases, there is a “boss” who operates as a business entrepreneur and doesn’t commit the (cyber)crimes himself, with an “underboss” who manages the operation, sometimes providing the tools needed for attacks. In the Mafia, several “capos” operate beneath the underboss as lieutenants leading their own section of the operation with their own soldiers, and in cybercrime, “campaign managers” lead their own attacks to steal data with their “affiliation networks.” The stolen data are sold by “resellers,” similar to the Mafia’s “associates.” Since these individuals did not partake in the actual cybercrime, they know nothing about the original attacks. They do, however, know about “replacement rules” (for example, stolen credit cards that have been reported) and other company-specific policies, just like the sales representatives you talk to in your average store.

Commodities (stolen credit cards and bank accounts) are priced low, while prime articles (stolen healthcare related information, single sign-on login credentials for organizations, e-mail, and FTP accounts) are much more expensive. Not too long ago, credit card numbers and bank accounts with PINs were selling for $100 or more each, but prices have since dropped to $10-20 per item.

Successful attacks can cause long-term damage to the company’s victim: loss of valuable data, loss of IP, loss of productivity, impact on profits or stock price, brand damage, law suits, and class actions. Finjan suggests deploying innovative security solutions (such as real-time content inspection) designed to detect and handle recent threats. These solutions analyze and understand what the code intends to do before it does it, without relying on signature updates or databases of classified URLs, therefore assuring that malicious content will not enter the network, even if its origin is a highly trusted site.

Bookmark to:

It never fails. When you think we’ve covered every nasty rogue anti-spyware program there is out there, another one rears its ugly head. This time it is in the form of Virusheat and it is one of the newest ones infecting computers world wide. Getting rid of this nasty little program takes a lot patience and the willingness to go step by step to hand remove files because it is so new. Most of the anti-spyware and anti-virus programs available on the market today do not recognize this one yet.

Virusheat’s most current version is 4.4 and the program has commonly been mistaken for VirusHeal, another spyware/malware program that has been plaguing computer users since 2007. When Virusheat alerts you to its presence, it will tell you that your computer is infected with Trojan viruses, especially the virus known smithfraud.G, a malware hoax that malware vendors just love to spread around. How do you get Virusheat? Usually you get by visiting their website or when you pick up the backdoor Trojan virus, Zlob. Either way, you don’t want this pesky program around.

This parasitic program’s website claims the parent company to be located overseas in Riga, Latvia and has been in business since the year 2000. However, when we investigated the website in more detail, we definitely found some inconsistencies that set off plenty of warning bells. For example, the domain was only bought by the fraud company in January of 2008. Like many other rogue security programs, it is hosted in the Ukraine, not Latvia. The company is also the parent of Total Cleaner, another rogue program, and it uses a proven credit card scamming site, segpay.com. So if this should happen to pop up on your computer telling you that are seriously infected and can get rid of the infections by purchasing the full blown program, don’t buy it!

Virusheat like many other rogue programs can spread throughout your computer and others by sticking itself to a Trojan virus that may have installed itself onto your computer. It has been known to install additional spyware programs onto your system, install itself unto your computer without permission, repair its own files and update itself, and compromise your privacy and security. It can hijack programs, change registry settings, interfere with your Internet settings, and basically rob you of your money and possibly your sanity before you can get rid of the program.

Rogue spyware/malware programs like Virusheat can cause your entire system to slow down. Because it keeps a track of your Internet browsing habits, you’ll also notice a bunch of unwanted tool bars, spam mails, and pop-ups appearing out of nowhere. It will change your icons, cause the stability of your system to become weak, and will cause problems uninstalling any unwanted programs.

Removing this program will require the use of an anti-spyware program like SpyZooka or XoftSpy and a list of the rogue files that load themselves onto your computer. If you are not experienced in this type of advanced computer use, then ask a professional computer user to help you get rid of them. Check you system using our SpyZooka or XoftSpySE program to see if your system is infected with Virusheat or any other spyware/malware.

Bookmark to:

by Deborah Gage

A security researcher Tuesday revealed a flaw that makes it possible for someone to take control of the Internet.

The flaw is in the design of the Internet’s Domain Name System, a fundamental feature of the Internet that makes it possible for computers to find Web sites. DNS works like a phone book–computers request a Web site by name and get the site’s Internet protocol address–its location–in return.

Details of how the flaw works were not revealed, but it allows Internet users to be redirected anywhere an attacker chooses, said Dan Kaminsky, the director of penetration testing for IOActive, who discovered the flaw by accident six months ago.

So far there is no sign the flaw has been exploited, he said. Patches from several vendors–including Cisco, the Internet Software Consortium, and Microsoft–are being issued and some Internet Service Providers, including Comcast, have already fixed the problem.

But many businesses and Internet Service Providers are still vulnerable. There’s also a very small chance that home users could be affected.

Kaminsky created a DNS checker at his Web site, so people could click a button to see if they’re vulnerable to the flaw, but the Web site was down at press time.

He also suggested that home users either call their Internet Service Providers or protect themselves by signing up for OpenDNS’s free DNS service.

OpenDNS CEO David Ulevitch said his software has never been vulnerable to the flaw because he and his company figured out a different way to secure DNS.

Kaminsky kept the flaw secret until Tuesday to give researchers time to figure out how to fix it and to notify the affected vendors, he said. Sixteen researchers met on the Microsoft campus to discuss it on March 31.

Other countries have also been notified through the U.S. Computer Emergency Response Team, which is affiliated with the Department of Homeland Security, said Art Manion, an analyst at CERT.

More details on the flaw and a list of affected systems can be found here. Kaminsky said he will reveal more details in the next 30 days.

Bookmark to: