PDA

View Full Version : Spyware Threats



Stefanus
26th June 2009, 10:59
Spyware Threats

Current statistics show that nine out of the ten computers are infected with malware , spyware , adware , scumware, and other viruses. They come in the form of programs that will send any personal information about you or your current online activities to any third-party server. This is completed with you having any knowledge of it. Hackers then will use such information for their own benefit. Before you know it, someone is already stealing your identity.

As a user, it may be helpful if you can identify the different types of spyware programs that can cling into your PCs. This gives you an idea which programs you must avoid.


Spyware
Crimeware
Malware
Viruses
Hackers
Spam

Stefanus
22nd July 2010, 20:35
Spyware

The ASC [Anti-Spyware Coalition] drafted a definition of “spyware” in August 2005. The ASC defines “spyware and other potentially unwanted technologies” as those that “impair users’ control over material changes that affect their user experience, privacy, or system security; use of their system resources, including what programs are installed on their computers; or collection, use, and distribution of their personal or otherwise sensitive information.”

“Spyware” is something of a grey area, so there’s no copy-book definition for it. However, as the name suggests, it’s often loosely defined as software that is designed to gather data from a computer and forward it to a third party without the consent or knowledge of the computer’s owner. This includes monitoring key strokes, collecting confidential information (passwords, credit card numbers, PIN numbers, etc.), harvesting e-mail addresses, or tracking browsing habits. There’s a further by-product of spyware where such activities inevitably affect network performance, slowing down the system and thereby affecting the whole business process.

The reason “spyware” is such a grey area is that it is really just a catch-all term for a wide assortment of malware-related programs, rather than a defined category. Most “spyware” definitions apply not only to “adware”, “pornware” and “riskware” programs, but also to many Trojan programs: Backdoor Trojans, Trojan Proxies and PSW Trojans. Such programs have been around for almost 10 years, when the first AOL password stealers appeared. However, at this time the term “spyware” had not yet been used.

Another reference to spyware is “Adware”. In this case, spyware can exist in the form of malicious backdoor programs that open up ports, initiate an ftp server, or collect keystroke information and transmit it back to the attacker. Spyware can exist in the form of legal (and acceptable) commercial applications that give network administrators a great deal of power both over what they can affect, and see happening on managed systems.

Although such programs are not new, their use for malicious purposes has increased in recent years and they have received much greater attention, both from the media and from “spyware”-only vendors.

Stefanus
22nd July 2010, 20:36
Crimeware

Crimeware is malicious software used to initiate a crime that is typically Internet-based. During the past two years, crimeware attacks have increased at a far greater rate than the normal virus. International gangs of virus writers, hackers and spammers are joining forces to steal information and collect huge profits illegally.

A classic example of crimeware is a backdoor keylogger trojan that collects keystroke information and transmits it back to an attacker.

For example, a bank login ID and password may be collected and sent back to an attacker. The attacker typically will use this information in order to collect illegal profits.

Ransomware is another form of crimeware. In this case, a malicious Trojan encrypts files on an unsuspecting user's hard drive. Once the files are encrypted the Trojan then displays a message, or leaves behind a ransom note demanding money from the user for the decryption key.

Given the newness of this threat type, and the potential of how it might evolve in the future, further clarification and dissection of the definition of crimeware will likely be required.

Stefanus
22nd July 2010, 20:37
Malware

“Malware”, short for malicious software, is an umbrella term that refers to any software program deliberately created to perform an unauthorized and often harmful action. It is a simple combination of two words created to allow people to talk about viruses and all other forms of malicious software in a general manner.

Viruses, backdoors, keyloggers, password stealers, and other Trojan horse programs, Word and Excel macro viruses, boot sector viruses, script viruses (batch, windows shell, java, etc.) and Trojans, crimeware, spyware and adware are but a few examples of what is considered malware.

It was inevitable that the term malware would come about. It was once sufficient to call something a 'virus' or 'Trojan horse', because at one time that's about all that existed in a landscape consisting mostly of DOS-based PCs. There were “worms”, but worms affected only UNIX boxes and were of no great concern. Infection methods and vectors evolved, however. The terms virus and Trojan no longer provide a satisfactory definition for all the types of rogue programs that exist. Several examples follow:

viruses attach themselves to application files and often reduce the PC's performance
a Trojan may function as a password-stealer, making it possible for somebody to see confidential login ID and user-password information.
A vulnerability may lead to an exploit that allows an attacker complete control over the PC.
Ransomware, actually a form of a Trojan, encrypts files. Its unique characteristic is that the attacker then demands money from the user of the affected PC in order to receive the decryption key.
Crimeware, an umbrella term in itself, refers to a malicious program deliberately programmed to initiate some form of crime. These programs are typically Internet-based, and are usually closely associated to some form of identity theft.

Stefanus
22nd July 2010, 20:39
Viruses

The term “virus” is often loosely used in reference to any type of malicious program, or it is used to describe any negative event that a malicious program causes to a host system.

In the simplest terms, a virus is defined as program code that replicates from one host file to another. This simple definition leaves room for further sub-division, which has become necessary due to the evolution of malicious code over the last two decades.

Computer Viruses can be further classified by the types of objects they infect, the method used to select a potential host, and infection technique.

Infection by type: Boot sector and multipartite viruses infect boot sectors and key operating system startup files (primarily COMMAND.COM).

File viruses infect application .COM and .EXE files. Word Macro and Excel Macro viruses infect Microsoft Word .DOC and .XLS files, respectively.

Classified by the method they use to select their host: “Indirect action file viruses” load into memory and hook into the system interrupt table(s) so they can infect as files are accessed. Conversely, “direct action file viruses” do not become a memory resident, they simply infect a file (or files) when an infected program is run.

Infection technique: “Appending viruses” add code to the end of a host file, while “Prepending viruses” insert their code at the beginning of a host file, effectively "shifting up" the program's original code. Overwriting viruses replace the host file completely with their own code causing irreparable damage to the original host file. By contrast, companion viruses and link viruses avoid adding code to a host file at all.

Companion viruses create a file of the same name, but with an extension that is higher up in the execution hierarchy. Link viruses manipulate FAT (file allocation table) entries.

There are viruses that fail to work altogether. This could due to a bug in the original programming of the virus or a natural corruption (for example, a devolving virus eventually corrupts itself to the point that it can no longer function). One wonders how such corruptions can be classified as viruses at all, and yet they are the bane of the anti-virus industry. Corrupted samples show up all too often in well-intended comparative reviews, and can badly skew test results.

Stefanus
22nd July 2010, 20:40
Hackers

Just what is a hacker?

The term “hacker” used to carry with it a somewhat honorable distinction. A hacker is a person who has the innate ability to use or exploit an object in its existing state (in this case a computer's Operating System) to be used for something other than its original purpose.

Due to the overabundance of PC crimes today the term hacker is more commonly associated with a person who uses his or her computer to maliciously attack another unsuspecting person's computer.

Technically a person who commits a crime by way of “hacking” into another computer is a criminal hacker, or 'cracker'. “Hacking” a computer is the act of exploiting vulnerable operating system functions, applications, and peripherals to gain unsolicited access to a computer or network.

Phishers are considered hackers because they use social-engineering to trick and deceive their targets. For example, a phisher may send an e-mail using the façade of a major bank, credit card or E-money service like PayPal. The email will not only look official, but will also have an official-looking network domain name and return address. The body will contain an innocuous message such as: "Your account information requires updating".

The phisher’s assumption is that people will open the email, read it, and believe the contents. They hope the reader will click on the provided link because it looks official, and be directed to a site that looks exactly like the real thing (PayPal, etc.). In reality, the user has been directed to a mock site, and is about to enter confidential account information that will be recorded and sent back to the attacker.

Stefanus
22nd July 2010, 20:41
Spam

What is spam?

Spam is the equivalent of physical junk mail and unsolicited telemarketing phone calls. It has become one of the largest nuisances to computer users for both home and business users.

Over the last few years, the use of and delivery of spam has evolved. Initially, spam was sent directly to computer users. In fact, spammers didn't even need to disguise the sender information. This early spam was easy enough to block – if you blacklisted specific sender or IP addresses, you were safe. In response, spammers began creating mock sender addresses and forging other technical information.

In the mid-1990s all email servers were open relay - any sender could send an email to any recipient. Starting in 2000, spammers began switching to high-speed Internet connections and exploiting hardware vulnerabilities. Cable and ADSL connections allowed spammers to send mass email messages inexpensively and quickly. In addition, spammers quickly discovered that many ADSL modems had built-in socks servers or http proxy servers. Both are utilities that divide an Internet channel between multiple computers. This important feature meant that anybody from anywhere in the world could access these servers since they had no protection at all. In other words, malicious users could use other people's ADSL connections to do whatever they pleased, including sending spam. Moreover, they could make the spam look as if it had been sent from the victim's IP address. Since millions of people worldwide had these connections, spammers had a field day. That was until hardware manufacturers began securing their equipment.

In 2003 and 2004 spammers sent the majority of spam messages from machines belonging to unsuspecting users. Spammers use malware to install Trojans on users' machines, leaving them open to remote use. Methods used to penetrate victim machines include:

Trojan droppers and downloaders injected into pirate software which is distributed via file sharing P2P networks (Kazaa, eDonkey etc.).
Exploiting vulnerabilities in MS Windows and popular applications such as IE & Outlook.
Email worms

Anyone who has the client portion of a malicious program which controls the Trojan that has been placed on the victim’s machine controls that machine or network. The resulting networks are called bot networks, and are sold and traded among spammers.

Spammer techniques have evolved in response to the increased number of filters and the improved functionality of filters. As soon as security firms develop effective filters, spammers change their tactics to avoid the new spam blockers. This results in a predictable circular pattern, with spammers re-investing profits into developing new techniques to evade new spam filters.

Stefanus
19th August 2010, 22:20
This Week's Top 10 Spyware Threats - August 18, 2010


Threat Name | Category
Trojan.Win32.Generic!BT | Trojan
INF.Autorun (v) (fs) | Trojan
Trojan-Spy.Win32.Zbot.gen | Trojan
Trojan.Win32.Generic.pak!cobra | Trojan
Trojan.Win32.Meredrop | Trojan Downloader
Worm.Win32.Downad.Gen (v) | Worm.W32
Trojan.Win32.Generic!SB.0 | Trojan
Trojan.ASF.Wimad (v) | Trojan
FraudTool.Win32.FakeAV.gen!droppedData (v) | Trojan
Trojan.Win32.Malware.a | Trojan



Stay on top of all the real-time threats: Sunbelt security news (http://www.sunbeltsecuritynews.com/LYVWYX/100818-SunbeltLabs)

With these threats, you need the following precautionary measures in the war against spyware:


Install Microsoft security patches.
Never download or use freeware.
Disable Active-X download in your Internet Explorer.
Have at least one anti-spyware program although some experts suggest to have two.
For beginners, download one free spyware removal program like Spybot Search and Destroy or Ad-aware.


There are also available proactive spyware removal programs for you to choose from which are found in the market today. But before buying, make sure that the company selling it is reputable and possesses a veritable track record in the industry.


Fake MSRT "suggests" you purchase a rogue
Rogue deception techniques continue to evolve and the unpleasant folks who make their living selling useless rogue security products continue to refine their techniques for deception. The latest imitator is a new variant of the Fake Microsoft Software Removal Tool rogue that is popping up these days (literally) recommending that users purchase "Shield EC AV."

knipmes
21st August 2010, 20:53
Disable Active-X download in your Internet Explorer.

Stefanus, waar kyk ek of dit onaktief is?

groetnis
knipmes

Stefanus
21st August 2010, 21:34
Disable Active-X download in your Internet Explorer.

Stefanus, waar kyk ek of dit onaktief is?

groetnis
knipmes

Knipmes, hierdie is een van daardie euwels waarsonder mens ook nie juis kan klaarkom nie, as mens die net reg bestuur behoort mens nie probleme op te tel nie.

Hier volg die instruksies om veilig te wees:

Why should you care?

If ActiveX can sneak programs onto your computer, ActiveX could also sneak Viruses onto your computer from Web sites. Changing your security settings for ActiveX should minimize that threat to you.

Microsoft Internet Explorer Settings

To make IE give you prompts and feedback, set the following controls:

Look under main menu item: Tools
Go to: Internet Options
Select: Security tab
Select icon: Internet
For Internet Zone, click button: Custom Level
Click: Settings

{colsp=2}
~ Security Settings window pops up ~

{colsp=2} Under ActiveX Controls and Plugins change these settings:
Download signed ActiveX controls | Prompt
Download unsigned ActiveX controls | Disable
Initialize and script ActiveX controls not marked as safe | Disable
Run ActiveX controls and plug-ins | Prompt
Script ActiveX controls marked safe for scripting | Prompt

Setting everything to “Disable” for ActiveX controls could be done. However, this will stop Flash from working on your MSIE browser and various sites that you visit will stop working if those sites make heavy use of Flash.

Unfortunately with these settings above you end up getting OK-cancel popup warnings for sites with Flash which is a drawback.

Switch to Another Browser
However, the best solution is to simply not use MSIE. Do yourself a favor and use another browser. Mozilla Firefox® (http://www.mozilla.org/) is Free and has a complete browser and email software package that is much more secure than MSIE with OutLook Express. Mozilla's package is quite comparable if not better than Microsoft's Internet Explorer browser with OutLook Express email client. Mozilla can also import your email address book so you don't need to re-enter all of your address book email addresses. The Bookmarks Manager can import MSIE's Favorites links (see this page). Mozilla is our browser and email software of preference since 2002. We especially appreciate the Tabs for browsing feature for handling browser windows.

As was stated earlier, the Opera browser is a good alternative too. See the Opera browser (http://www.opera.com/) here.

Stefanus
21st August 2010, 21:47
Internet Explorer 7/8 supports extended functionality by the use of ActiveX Controls. These small programs, many developed by companies other than Microsoft, help Internet Explorer 7/8 do things it can't alone.

Sometimes these ActiveX Controls cause problems that generate error messages or stop IE7/8 from working at all.

Determining which ActiveX Control is causing a problem can be almost impossible so since they're safe to delete (you'll be prompted to install them again if needed in the future), removing them one by one to determine the cause of the problem is a valuable troubleshooting step.

Difficulty: Easy

Time Required: Deleting IE7/8 ActiveX Controls usually takes less than 5 minutes per ActiveX Control
Here's How:

Open Internet Explorer 7/8.


Choose Tools from the menu.


From the resulting drop-down menu, choose Manage Add-ons, followed by Enable or Disable Add-ons....


In the Manage Add-ons window, choose Downloaded ActiveX Controls from the Show: drop-down box.

The resulting list will show every ActiveX Control that Internet Explorer 7/8 has installed. If an ActiveX Control is causing the problem you're troubleshooting, it will be one listed here.


Select the first ActiveX Control listed, then click the Delete button in the Delete ActiveX area at the bottom of the window, and click OK.


If prompted to restart Internet Explorer, do so.


Close and then reopen Internet Explorer 7/8.


Test whatever activities in Internet Explorer were causing the problem you're troubleshooting here.

If the problem is not resolved, repeat Steps 1 through 7, deleting one more ActiveX Control at a time until your problem is resolved.


If you've removed all Internet Explorer 7/8 ActiveX Controls and your problem continues, you may need to Selectively Disable Internet Explorer 7/8 Add-ons, unless you've done so already.

Stefanus
6th January 2011, 19:26
Microsoft warns of Office-related malware

January 1, 2011 6:30 PM


Microsoft's Malware Protection Center issued a warning this week that it has spotted malicious code on the Internet that can take advantage of a flaw in Word and infect computers after a user does nothing more than read an e-mail.

The flaw was addressed in November in a fix issued on Patch Tuesday, but with malicious code now spotted in the wild, the protection center apparently wants to be sure the update wasn't overlooked.

Symantec underlined the seriousness of the flaw to CNET's Elinor Mills in November:


"One of the most dangerous aspects of this vulnerability is that a user doesn't have to open a malicious e-mail to be infected," Joshua Talbot, security intelligence manager at Symantec Security Response, said at the time. "All that is required is for the content of the e-mail to appear in Outlook's Reading Pane. If a user highlights a malicious e-mail to preview it in the Reading Pane, their machine is immediately infected. The same holds true if a user opens Outlook and a malicious e-mail is the most recently received in their in-box; that e-mail will appear in the Reading Pane by default and the computer will be infected."

Users of Microsoft Office should be sure to install the fix. You can use your Start menu to check for updates: Click the Start button, click All Programs, and then click Windows Update. Details of the MS10-087 update, including which software versions are affected, can be found here (https://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx).