Protect your PC against the latest viruses afflicting Outlook, Outlook Express.
Do you think your PC's peril is increasing these days? You're right. Last year, the number of reported security threats (including viruses) more than doubled, according to the Computer Emergency Response Team Coordination Center at Carnegie Mellon University. Now more than ever you need to stay on top of virus updates. Here are the facts about two of the thorniest new attacks.
With PCs running either Internet Explorer 5.01 or 5.5, the nastiest new virus exploits a hole in Outlook and Outlook Express. Dubbed W32.Klez.E, this worm emerges when you view an infected e-mail message in the preview window. Like other worms, W32.Klez.E sends copies of itself to everyone in your address book.
There's more: On the sixth of every month, for example, W32.Klez.E tries to overwrite every file on your hard disk that has one of the following extensions:.txt,.htm,.html,.wab,.doc,.xls,.jpg,.cpp,.c,.pas,.mpg,.mpeg,.bak, or.mp3. To be extra mean, if it's January or July, it overwrites all the files on your hard drive.
You can avoid contracting the virus through your preview window by disabling the Preview Pane function, but the worm will still infect your PC if you open the message. (To turn off the preview pane, Outlook users need to select View and click Preview Pane; Outlook Express users must choose View, Layout, and uncheck " Show Preview Pane.")
Monday, January 21, 2008
Monday, August 13, 2007
SPYWARE AND KEYLOGGER OVERVIEW
Spyware is a categorical term given to applications and software that log information about a user's online habits and report back to the software's creators. The effects of these programs range from unwanted pop-up ads and browser hijacking to more dangerous security breaches, which include the theft of personal information, keystroke logging, changing dialup ISP numbers to expensive toll numbers, and installing backdoors on a system that leave it open for hackers.
Spyware usually gets into the computer through banner ad-based software where the user is enticed to install the software for free. Other sources of spyware include instant messaging, various peer-to-peer applications, popular download managers, online gaming, many porn/crack sites, and more. Note that most, but not all, spyware is targeted exclusively at Microsoft's Internet Explorer web browser. Users of modern Web browser alternatives, such as Mozilla's Firefox and Apple's Safari, are generally not affected by spyware at all.
The most recent delivery methods used by malicious spyware require no permission or interaction with the users at all. Dubbed as "drive-by downloads," [ref 1] the spyware application is delivered to the user without his knowledge simply when he visits a particular website, opens some zipped files, or clicks on a malicious pop-up ad that contains some active content such as ActiveX, Java Applets, and so on. Spyware can also be hidden in image files or in some cases has been shipped along with the drivers that come with a new hardware device.
Spying techniquesDepending upon the nature of the information gathered, each piece of spyware may function differently. Some spyware applications simply gather information about a user's surfing habits, purely for marketing purposes, while others are far more malicious. In any case, the spyware attempts to uniquely identify the information sent across a network by using a unique identifier, such as a cookie on the user's hard disk or a Globally Unique Identifier (GUID). [ref 2] The spyware then sends the logs directly to a remote user or a sever that is collecting this information. The collected information typically includes the infected user's hostname, IP address, and GUID, along with various login names, passwords and other keystrokes.
Types of keyloggersAs mentioned, keyloggers are applications that monitor a user's keystrokes and then send this information back to the malicious user. This can happen via email or to a malicious user's server somewhere on the Internet. These logs can then be used to collect email and online banking usernames and passwords from unsuspecting users or even capture source code being developed in software firms.
While keyloggers have been around for a long time, the growth of spyware over the last few years means they warrant renewed attention. In particular, this is due to the relative ease at which a computer can become infected -- a user simply has to visit the wrong website to become infected.
Keyloggers can be one of three types:
Hardware Keyloggers. These are small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for long periods of time -- however, they of course require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.
Software using a hooking mechanism. This type logging is accomplished by using the Windows function SetWindowsHookEx() that monitors all keystrokes. The spyware will typically come packaged as an executable file that initiates the hook function, plus a DLL file to handle the logging functions. An application that calls SetWindowsHookEx() is capable of capturing even autocomplete passwords.
Kernel/driver keyloggers. This type of keylogger is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be virtually undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start. Since the program runs at the kernel level, one disadvantage to this approach it that it fails to capture autocomplete passwords, as this information is passed in the application layer.
Analyzing a keyloggerThere are many different keyloggers available, including the Blazing Tools Perfect Keylogger [ref 3], Spector [ref 4], Invisible Keylogger Stealth [ref 5], and Keysnatch [ref 6]. Most of these have more or less the same set of features and way of functioning. Therefore, we will focus on one particular tool in our examples, the one from Blazing Tools.
The Blazing Tools Perfect Keylogger will be analyzed in this paper because it has been found hidden in so many Trojans on the Internet. It's a good example of a common hook-type keylogger. Although Blazing Tools markets its products to IT administrators and parents, the presence of their keylogger in many Trojans illustrates how people can package legal code and use it for malicious activities. The following features of the "Perfect Keylogger" are of use to anyone trying to spy on an unsuspecting user:
Stealth Mode. In this mode no icon is present in the taskbar and the keylogger is virtually hidden.
Remote Installation. The keylogger has a feature whereby it can attach to other programs and can be sent by e-mail to install on the remote PC in stealth mode. It will then send keystrokes, screenshots and websites visited to the attacker by e-mail or via FTP.
Smart Rename. This feature allows a user to rename all keylogger's executable files and registry entries.
Spyware usually gets into the computer through banner ad-based software where the user is enticed to install the software for free. Other sources of spyware include instant messaging, various peer-to-peer applications, popular download managers, online gaming, many porn/crack sites, and more. Note that most, but not all, spyware is targeted exclusively at Microsoft's Internet Explorer web browser. Users of modern Web browser alternatives, such as Mozilla's Firefox and Apple's Safari, are generally not affected by spyware at all.
The most recent delivery methods used by malicious spyware require no permission or interaction with the users at all. Dubbed as "drive-by downloads," [ref 1] the spyware application is delivered to the user without his knowledge simply when he visits a particular website, opens some zipped files, or clicks on a malicious pop-up ad that contains some active content such as ActiveX, Java Applets, and so on. Spyware can also be hidden in image files or in some cases has been shipped along with the drivers that come with a new hardware device.
Spying techniquesDepending upon the nature of the information gathered, each piece of spyware may function differently. Some spyware applications simply gather information about a user's surfing habits, purely for marketing purposes, while others are far more malicious. In any case, the spyware attempts to uniquely identify the information sent across a network by using a unique identifier, such as a cookie on the user's hard disk or a Globally Unique Identifier (GUID). [ref 2] The spyware then sends the logs directly to a remote user or a sever that is collecting this information. The collected information typically includes the infected user's hostname, IP address, and GUID, along with various login names, passwords and other keystrokes.
Types of keyloggersAs mentioned, keyloggers are applications that monitor a user's keystrokes and then send this information back to the malicious user. This can happen via email or to a malicious user's server somewhere on the Internet. These logs can then be used to collect email and online banking usernames and passwords from unsuspecting users or even capture source code being developed in software firms.
While keyloggers have been around for a long time, the growth of spyware over the last few years means they warrant renewed attention. In particular, this is due to the relative ease at which a computer can become infected -- a user simply has to visit the wrong website to become infected.
Keyloggers can be one of three types:
Hardware Keyloggers. These are small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for long periods of time -- however, they of course require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.
Software using a hooking mechanism. This type logging is accomplished by using the Windows function SetWindowsHookEx() that monitors all keystrokes. The spyware will typically come packaged as an executable file that initiates the hook function, plus a DLL file to handle the logging functions. An application that calls SetWindowsHookEx() is capable of capturing even autocomplete passwords.
Kernel/driver keyloggers. This type of keylogger is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be virtually undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start. Since the program runs at the kernel level, one disadvantage to this approach it that it fails to capture autocomplete passwords, as this information is passed in the application layer.
Analyzing a keyloggerThere are many different keyloggers available, including the Blazing Tools Perfect Keylogger [ref 3], Spector [ref 4], Invisible Keylogger Stealth [ref 5], and Keysnatch [ref 6]. Most of these have more or less the same set of features and way of functioning. Therefore, we will focus on one particular tool in our examples, the one from Blazing Tools.
The Blazing Tools Perfect Keylogger will be analyzed in this paper because it has been found hidden in so many Trojans on the Internet. It's a good example of a common hook-type keylogger. Although Blazing Tools markets its products to IT administrators and parents, the presence of their keylogger in many Trojans illustrates how people can package legal code and use it for malicious activities. The following features of the "Perfect Keylogger" are of use to anyone trying to spy on an unsuspecting user:
Stealth Mode. In this mode no icon is present in the taskbar and the keylogger is virtually hidden.
Remote Installation. The keylogger has a feature whereby it can attach to other programs and can be sent by e-mail to install on the remote PC in stealth mode. It will then send keystrokes, screenshots and websites visited to the attacker by e-mail or via FTP.
Smart Rename. This feature allows a user to rename all keylogger's executable files and registry entries.
This keylogger was installed on a test PC. The following capture, with the help of a tool such as SNAPPER [ref 7], shows the changes in the files after installing the keylogger, as shown above in the Figure.
Similarly, the keylogger can be used to capture all types of passwords including passwords used for proxies, email accounts, and online banking applications. It can also capture programming code typed by a developer, instant messaging text, and the URLs of websites visited by the user.
New approachesWith the market being inundated with new anti-spyware products, spyware creators have now resorted to unorthodox methods of sustenance. One such example is the nasty ability of the spyware code to keep reinstalling itself. Although anti-spyware applications can remove the spyware's registry entry from one location, most of them are found lacking in cleaning hidden registry entries that try to have the software reinstalled on boot. Another approach is to make the spyware application load into memory very early in the boot process (before the Operating System loads user-level processes). In this case, when a user tries to uninstall the software with an anti-spyware application, the OS will not allow this as it tries to protect the integrity of a running program (spyware) that it doesn't control. [ref 12]
Detection and removalA spyware application is inherently very different in behavior and operation from a traditional virus or a worm, and therefore to most antivirus software, it may appear as a legitimate program. The fact is, virus signatures are very different from spyware signatures. Firewalls also are ineffective in dealing with them as spyware is either piggybacked with legitimate applications, hidden in a regular image file, or can occur as normal port 80 web traffic.
Therefore, the essence of any spyware prevention exercise is first to ensure the operating system is fully patched to known vulnerabilities. The best prevention, aside from switching to less vulnerable operating systems like Mac OS X and Linux, is to educate users that it is not safe to click on anything and everything found on the Web, and they must also install only what is needed. Freebies on the Internet, ones which are often typically advertised in pop-up banners, must be totally abstained from. Other methods of avoiding spyware are to ensure the browser used is configured securely, and to have at least one good spyware detection and removal tool installed. Microsoft Antispyware, Ad-Aware [ref 13], PestPatrol [ref 14], and Spy Sweeper [ref 15] are some of the free tools that help in detecting and removing spyware.
Please note that spyware is largely, but not exclusively, a problem with Microsoft's Internet Explorer. The user of more modern, feature-rich browsers such as Mozilla Firefox can virtually eliminate the spyware problem altogether. However, it is still the case that some websites are coded to only work with IE, and therefore switching to Firefox may not be a solution for 100% of a user's web surfing needs.
Preventing keystroke captureSince this article has looked at keyloggers, it was found worthwhile to include a section on how to avoid keystroke capture. Keyloggers, both hardware and software, are basically designed to capture what a user types on the keyboard. On the web application side, one method to avoid keystroke capture is to use a virtual keyboard for entering the username and password. A virtual keyboard is analogous to a graphical keypad where a user clicks on the characters rather than types them on the keyboard. This approach may not be practical for every user, for obvious reasons. However, it can be still be useful for very sensitive applications. Note however that even this approach is not completely secure, as some keyloggers are designed to capture screenshots on every mouse-click. Thus, the password of the user can still be found out when a virtual keyboard is used by looking at the screenshots and getting all the characters clicked corresponding to the mouse click. To avoid this, some virtual keyboards also have a feature that allows a user to enter a character by hovering the mouse cursor over a letter for a few seconds. Thus the user can enter the password without even clicking the mouse button.
New approachesWith the market being inundated with new anti-spyware products, spyware creators have now resorted to unorthodox methods of sustenance. One such example is the nasty ability of the spyware code to keep reinstalling itself. Although anti-spyware applications can remove the spyware's registry entry from one location, most of them are found lacking in cleaning hidden registry entries that try to have the software reinstalled on boot. Another approach is to make the spyware application load into memory very early in the boot process (before the Operating System loads user-level processes). In this case, when a user tries to uninstall the software with an anti-spyware application, the OS will not allow this as it tries to protect the integrity of a running program (spyware) that it doesn't control. [ref 12]
Detection and removalA spyware application is inherently very different in behavior and operation from a traditional virus or a worm, and therefore to most antivirus software, it may appear as a legitimate program. The fact is, virus signatures are very different from spyware signatures. Firewalls also are ineffective in dealing with them as spyware is either piggybacked with legitimate applications, hidden in a regular image file, or can occur as normal port 80 web traffic.
Therefore, the essence of any spyware prevention exercise is first to ensure the operating system is fully patched to known vulnerabilities. The best prevention, aside from switching to less vulnerable operating systems like Mac OS X and Linux, is to educate users that it is not safe to click on anything and everything found on the Web, and they must also install only what is needed. Freebies on the Internet, ones which are often typically advertised in pop-up banners, must be totally abstained from. Other methods of avoiding spyware are to ensure the browser used is configured securely, and to have at least one good spyware detection and removal tool installed. Microsoft Antispyware, Ad-Aware [ref 13], PestPatrol [ref 14], and Spy Sweeper [ref 15] are some of the free tools that help in detecting and removing spyware.
Please note that spyware is largely, but not exclusively, a problem with Microsoft's Internet Explorer. The user of more modern, feature-rich browsers such as Mozilla Firefox can virtually eliminate the spyware problem altogether. However, it is still the case that some websites are coded to only work with IE, and therefore switching to Firefox may not be a solution for 100% of a user's web surfing needs.
Preventing keystroke captureSince this article has looked at keyloggers, it was found worthwhile to include a section on how to avoid keystroke capture. Keyloggers, both hardware and software, are basically designed to capture what a user types on the keyboard. On the web application side, one method to avoid keystroke capture is to use a virtual keyboard for entering the username and password. A virtual keyboard is analogous to a graphical keypad where a user clicks on the characters rather than types them on the keyboard. This approach may not be practical for every user, for obvious reasons. However, it can be still be useful for very sensitive applications. Note however that even this approach is not completely secure, as some keyloggers are designed to capture screenshots on every mouse-click. Thus, the password of the user can still be found out when a virtual keyboard is used by looking at the screenshots and getting all the characters clicked corresponding to the mouse click. To avoid this, some virtual keyboards also have a feature that allows a user to enter a character by hovering the mouse cursor over a letter for a few seconds. Thus the user can enter the password without even clicking the mouse button.
Another method of avoiding keystroke capture is to ask the user to enter the characters of the password randomly. For example, an application can ask the user to enter the 1st, 3rd and 5th (odd placed) characters of the password and then the characters in the even places. However this sequence has to change every time or else anyone capturing the password can easily reconstruct the original password -- and additionally, the application must support this approach. The disadvantage of this method is that the keylogger still captures all the characters in the password and the malicious person can easily crack it by simply trying different combinations.
Anti-keylogging softwareTo prevent keyloggers on the desktop level two types of anti-keylogging software is available from various vendors:
Signature based anti-keylogger. These are applications that typically identify a keylogger based on the files or DLLs that it installs, and the registry entries that it makes. Although it successfully identifies known keyloggers, it fails to identify a keylogger whose signature is not stored in its database. Some anti-spyware applications use this approach, with varying degrees of success.
Hook based anti-keyloggers. A hook process in Windows uses the function SetWindowsHookEx(), the same function that hook based keyloggers use. This is used to monitor the system for certain types of events, for instance a keypress/mouse-click -- however, hook based anti-keyloggers block this passing of control from one hook procedure to another. This results in the keylogging software generating no logs at all of the keystroke capture. Although hook based anti-keyloggers are better than signature based anti-keyloggers, note that they still are incapable of stopping kernel-based keyloggers.
SummaryWith the vast proliferation of spyware in recent years, there has been a growing list of websites and malicious users trying to cash in by installing keyloggers and stealing personal information. Identity theft has become rampant.
The need of the hour is to be aware of such common practices in spyware, and recognize it for what it is: malicious code that should always be avoided. The first step in evaluating ways to combat spyware should be to consider an alternate Web browser, such as Firefox, Safari, Opera, and others. If this is not possible, then steps to detect, combat and remove keylogging spyware must always be taken.
Anti-keylogging softwareTo prevent keyloggers on the desktop level two types of anti-keylogging software is available from various vendors:
Signature based anti-keylogger. These are applications that typically identify a keylogger based on the files or DLLs that it installs, and the registry entries that it makes. Although it successfully identifies known keyloggers, it fails to identify a keylogger whose signature is not stored in its database. Some anti-spyware applications use this approach, with varying degrees of success.
Hook based anti-keyloggers. A hook process in Windows uses the function SetWindowsHookEx(), the same function that hook based keyloggers use. This is used to monitor the system for certain types of events, for instance a keypress/mouse-click -- however, hook based anti-keyloggers block this passing of control from one hook procedure to another. This results in the keylogging software generating no logs at all of the keystroke capture. Although hook based anti-keyloggers are better than signature based anti-keyloggers, note that they still are incapable of stopping kernel-based keyloggers.
SummaryWith the vast proliferation of spyware in recent years, there has been a growing list of websites and malicious users trying to cash in by installing keyloggers and stealing personal information. Identity theft has become rampant.
The need of the hour is to be aware of such common practices in spyware, and recognize it for what it is: malicious code that should always be avoided. The first step in evaluating ways to combat spyware should be to consider an alternate Web browser, such as Firefox, Safari, Opera, and others. If this is not possible, then steps to detect, combat and remove keylogging spyware must always be taken.
HOW CAN SPYWARE ENTER INTO YOUR PC
So what's the big deal about spyware? Consider this: Once installed on your PC, spyware can record your every keystroke-including user names, passwords, credit card information and more- and transmit that information to hackers, who can then use the information to steal your identity. Spyware is dangerous in many ways. A spyware program can monitor your Web browsing and repeatedly redirect you to sites the spyware author wants you to see. Spyware can, unbeknownst to you, transform your PC into a spam zombie, sending junk e-mail to thousands of PCs around the world. And spyware can slow your computer's performance to a crawl-or even render it completely useless. (For a definition of spyware, see the sidebar, "Spyware 101.")"Spyware is one of the fastest growing security threats today," says Gregor Freund, founder of Zone Labs(R) LLC, a leading creator of consumer endpoint security solutions. "Today's spyware has become sophisticated, malicious, and harder to remove, so it's more important than ever before to secure your PC."In fact, 80% of respondents in an America Online/National Cyber Security Alliance survey said they had had some form of spyware on their computers in 2004. One reason behind the high percentage is that spyware is so easy to get. Here are the top 10 ways spyware can infiltrate your PC-and what you can do to prevent that from happening. 1. Everyday, unprotected computer use. Spyware doesn't magically find its way onto your computer by itself. It infiltrates your PC through actions that you perform-for example, downloading and installing free software programs that contain hidden spyware. Every time you use an Internet-connected or networked computer, you're potentially opening the door to spyware.Solutions: Be cautious about what you do online. Install the best anti-spyware, firewall, and other Internet security solutions; update them regularly; and scan your hard drive for spyware frequently. 2. Kids using the computer. Children and teens often engage in online activities that, without their knowledge, make the PC vulnerable to spyware. For example, spyware companies often target children with free game software and other software geared toward kids. This type of software can surreptitiously install spyware. Solutions: Educate your kids about what spyware is, the damage it can do, and how it can sneak onto a computer. Make sure any software your child uses is from a reputable source and is really necessary. Install the best anti-spyware and other security tools on any computers your kids use. And prohibit the use of peer-to-peer networks (see below).3. E-mail. Some unsolicited e-mails may claim to offer patches and updates to popular software programs you use. Even though these e-mails may appear, at first glance, to be legitimate, their purpose may be to get you to download and install spyware (which is masquerading as a patch or update). Also, some computer viruses-which infiltrate your PC as infected e-mail attachments-can help hackers install spyware on your PC. Solutions: Never reply to suspicious-looking e-mails or click any links embedded in suspect e-mail. Install and keep updated antivirus software, along with anti-spyware and firewall solutions. 4. Pop-ups. Some browser pop-up windows attempt to install unwanted software on your computer and change your system configurations. These pop-ups employ highly deceptive tricks, including claiming your PC is already infected with spyware, to get you to click on a link to install malicious programs. Once installed, the spyware may redirect you to a different home page, replace your browser bookmarks, and more. Solution: Never click on a pop-up window unless you're positive it's legitimate. 5. Microsoft Internet Explorer (IE). As the world's most widely used Web browser, Internet Explorer is a favorite target among hackers seeking to exploit potential security holes. The result: IE users are more vulnerable to spyware than those who use other Web browsers. Solutions: Increase your browser's security settings. With Microsoft Internet Explorer, click Tools in the menu bar, then click Internet Options. Next, click the Security tab, then select ‘Custom Level' to customize your security settings. Also, download and install the latest Internet Explorer security patches. Or consider changing Web browsers. Mozilla's Firefox has become a popular alternative, partly because it has had fewer security problems (though it's not immune, either). Firefox is a free download at http://www.mozilla.org/6. Unpatched software. Microsoft and other software makers often update their applications with ‘patches' that fix security holes, as well as bugs or other problems. If you choose not to update your Windows operating system or other software with the latest patches, your computer may be vulnerable to hackers, who know where the security holes are and how to exploit them. Solution: Keep your Windows operating system and other software applications security up-to-date with the latest patches. Visit the software maker's online support center to check for the latest updates and patches. 7. Instant messaging. Instant messaging allows people to chat in real-time with each other, and typically has features that permit users to easily transmit files between computers. But just like e-mail, these files can be malicious. Solutions: Because IM can potentially connect you to so many unknown users, you should use great discretion before downloading files from any unknown sources. Also, install an Internet security solution that offers instant messaging protection. 8. Peer-to-peer (P2P) file-sharing services. P2P sites allow you to swap and download music files, videos, photographs, and other content, usually for free or at little charge. By their nature, many file-sharing services turn your PC into a server, which anyone using the P2P service can access. Along with their potential security, privacy, and legal risks, P2P services are notorious for installing spyware on users' computers. Solutions: Avoid P2P services and prohibit your children from using them, too.9. Downloading and installing freeware, shareware, and browser plug-ins. There are a lot of free software programs available online. Unfortunately, some contain ‘Trojan' spyware, which is installed-without your knowledge-when you install the free software you downloaded. Even worse, some free ‘anti-spyware' programs available online actually install spyware on your PC.Solution: Only install software from known, reputable, trusted software makers. 10. ActiveX controls. A set of rules for how applications can share information, ActiveX controls execute some of the interactive elements you see on Web pages. But ActiveX controls can also embed spyware on your PC, all the way down to the operating system level. Solution: Restrict ActiveX controls in your browser's security settings. For instance, in the Security Settings dialog box in Internet Explorer, select ‘Prompt' as the option for ‘Download signed ActiveX controls' and choose ‘Disable' for ‘Download unsigned ActiveX controls.'Other Ways to Stop Spyware* Educate yourself. Learning more about safe browsing techniques, and teaching those techniques to your kids, can help keep your PC free of spyware. * Install proactive security. Most antispyware software today is reactive. It uses signatures-which are like fingerprints-to identify spyware that is installed on your computer. Ideally, your antispyware solution should also be proactive, in that it prevents spyware from attacking legitimate programs and stops spyware from infiltrating your PC's operating system. In addition, your antispyware software should scan and remove all spyware traces and prevent spyware and other malicious software from transferring your data over the Internet. Beating the OddsTaking the mystery out of spyware will help you protect yourself from the misery that spyware causes. Know the enemy: what spyware is, what it does, and how it gets onto your PC. Avoid the risky online behaviors that can invite spyware onto your computer. Install and regularly update antispyware technology that's proactive, not just reactive. Once you've taken these precautions, your odds of joining the 80% of users who had spyware on their PCs last year will be slim-to-none.
Thursday, July 26, 2007
HOW TO REMOVE SPYWARE FROM YOUR P.C
These days it may seem as though the short list of unavoidable perils ought to be expanded to include death, taxes, and spyware. But if you ever do get infected with some nasty piece of malware, all you need to get rid of it are the right free tools, some time, and a little know-how.
A couple of warnings first: Removing spyware is as much art as it is science. The rogues who create spyware make removing their malicious programs as difficult as they can. In addition, some types of spyware download and install additional components, often hiding pieces of code from Windows to make removal even harder. The instructions below will wipe out most forms of spyware, but your machine's infestation may resist these measures. If so, you may have to consult a professional PC repair person. Or you can start afresh by reformatting your hard drive and then reloading Windows, your apps, and your data files.
Note too that if you perform certain removal steps improperly, your PC could become inoperable. Our instructions call out these danger spots, but if you don't feel confident about performing them, ask for help from a knowledgeable friend or from the experts on a spyware-removal Web forum.
Make Sure It's an Infection
How do you know whether your PC has an active spyware infestation? Slower-than-normal performance is the most common symptom people report, but such behavior can also be due to any number of factors unrelated to spyware, such as running too many applications with too little system memory, having a full or very fragmented hard drive, or running buggy software that fails to free up the memory it uses after you close the application. Your first task is to determine whether you have a spyware-related problem or just a slow machine.
Download the latest versions of these tools:
Microsoft's Malicious Software Removal Tool. This program is updated monthly, so always download the latest version before you use it.
Microsoft's Windows Defender. Windows Vista has Defender built-in, but if you suspect that you have spyware on your PC, update the program so it can find the newest bad stuff.
Avira Antivir PersonalEdition Classic, a free antivirus program--if you don't already have up-to-date antivirus software.
Since some spyware applications prevent you from downloading these tools, or from visiting the Web sites that host them, download the programs to another PC that you know is free of spyware. Then copy the installers to a portable USB drive, and plug that drive into the machine you suspect is infected.
Start by running the Malicious Software Removal Tool. This program is designed to search for and destroy only a small fraction of malware, but the ones it finds are the most serious strains of spyware and virus you can get.
If that program doesn't find anything, run the installer for Windows Defender (if it isn't already installed on your PC) and make sure that the program downloads its updates. Then click the downward-pointing arrow to the right of the word 'Scan' at the top of the Defender window and choose Full Scan. If Defender finds malware, follow the on-screen instructions to delete the harmful files. This may require one or more reboots, because some spyware won't let you uninstall it while Windows is running.
If Defender fails to find anything, or if it finds spyware that it can't delete, it's time for a full antivirus scan. If you're using an antivirus program that is already loaded on your system, make sure that it's updated. If you're using AntiVir, run the installer, and then reboot. When AntiVir is running, you'll see an icon in your system tray showing an open umbrella inside a red square. Right-click the icon and choose Start AntiVir. Click the Start Update link in AntiVir's program window, and when the update is complete, click the Scanner tab, choose the Local Drives option in the lower pane, and press thekey to begin scanning your hard drive. If it finds anything, AntiVir will pop up a dialog box. Select either Quarantine or Delete to remove the suspect files that it identifies.But if you need good recommended spyware softwares try this companies.http://nedbertini.xoftspyse.hop.clickbank.net/ and http://nedbertini.noadware.hop.clickbank.net. Good luck
A couple of warnings first: Removing spyware is as much art as it is science. The rogues who create spyware make removing their malicious programs as difficult as they can. In addition, some types of spyware download and install additional components, often hiding pieces of code from Windows to make removal even harder. The instructions below will wipe out most forms of spyware, but your machine's infestation may resist these measures. If so, you may have to consult a professional PC repair person. Or you can start afresh by reformatting your hard drive and then reloading Windows, your apps, and your data files.
Note too that if you perform certain removal steps improperly, your PC could become inoperable. Our instructions call out these danger spots, but if you don't feel confident about performing them, ask for help from a knowledgeable friend or from the experts on a spyware-removal Web forum.
Make Sure It's an Infection
How do you know whether your PC has an active spyware infestation? Slower-than-normal performance is the most common symptom people report, but such behavior can also be due to any number of factors unrelated to spyware, such as running too many applications with too little system memory, having a full or very fragmented hard drive, or running buggy software that fails to free up the memory it uses after you close the application. Your first task is to determine whether you have a spyware-related problem or just a slow machine.
Download the latest versions of these tools:
Microsoft's Malicious Software Removal Tool. This program is updated monthly, so always download the latest version before you use it.
Microsoft's Windows Defender. Windows Vista has Defender built-in, but if you suspect that you have spyware on your PC, update the program so it can find the newest bad stuff.
Avira Antivir PersonalEdition Classic, a free antivirus program--if you don't already have up-to-date antivirus software.
Since some spyware applications prevent you from downloading these tools, or from visiting the Web sites that host them, download the programs to another PC that you know is free of spyware. Then copy the installers to a portable USB drive, and plug that drive into the machine you suspect is infected.
Start by running the Malicious Software Removal Tool. This program is designed to search for and destroy only a small fraction of malware, but the ones it finds are the most serious strains of spyware and virus you can get.
If that program doesn't find anything, run the installer for Windows Defender (if it isn't already installed on your PC) and make sure that the program downloads its updates. Then click the downward-pointing arrow to the right of the word 'Scan' at the top of the Defender window and choose Full Scan. If Defender finds malware, follow the on-screen instructions to delete the harmful files. This may require one or more reboots, because some spyware won't let you uninstall it while Windows is running.
If Defender fails to find anything, or if it finds spyware that it can't delete, it's time for a full antivirus scan. If you're using an antivirus program that is already loaded on your system, make sure that it's updated. If you're using AntiVir, run the installer, and then reboot. When AntiVir is running, you'll see an icon in your system tray showing an open umbrella inside a red square. Right-click the icon and choose Start AntiVir. Click the Start Update link in AntiVir's program window, and when the update is complete, click the Scanner tab, choose the Local Drives option in the lower pane, and press the
spyware and its dangers
What is Spyware? Spyware is any software that: 1. installed on your computer without your knowledge or consent; 2. tries to make it difficult (or impossible) for you to remove it; 3. sends information about you, your computer, your files or your Internet use to someone without your knowledge or consent; 4. sends information about you and discloses this to you in an obfuscated way. What is Adware? Adware is very similar to spyware (for example, it will often embed itself deep within your computer and make it almost impossible for you to remove it). Its main difference is that Adware pops up ads on your desktop constantly -- it makes its money from ads, not necessarily from selling information about you. where does Spyware / Adware come from, and how do your computer get it? The answer to this question is probably as large as spyware / adware programs are numerous. Spyware / Adware often comes packaged with other software, File-sharing and music-sharing programs (often called "P2P") are the most serious offenders. or Some spyware / adware you may download willingly, not knowing that it does more than originally meets the eye. there are other methods as well. Some spyware is downloaded by your web browser pseudo-automatically. If you visit certain websites, those sites will try to send spyware / adware as a plug-in for your browser. Your browser will ask you if you want to install the plug-in; if you say yes, your computer is open to whatever that site wants to install. And even worse than that, some spyware / adware acts like a virus to force its way onto your computer. This type of spyware / adware is often used by hackers and can cause all manner of problems on your computer. And some spyware / adware is commercially sold. It is used by employers to spy on employees, family members to spy on each other; anyone who has access to your computer can install this spyware / adware software and can then watch everything you type or everything you look at on your screen What is the dangers of Spyware / Adware ? The dangers of spyware / adware is obvious: companies are building databases about the sites you visit and the things you search for, people can watch everything you do on your computer, advertisers can shove pop-ups in your face even when you're not surfing, and hackers can even wreck your computer.
Spyware / Adware software is often poorly written. If your computer runs more and more slowly as it gets older, and you haven't made any changes to it to make it run more slowly, there's a good chance that it's getting clogged up with spyware / adware. Since spyware / adware watches everything you surf, or everything you type, and since there are many types of spyware / adware that can all be installed on your computer at once, spyware / adware can really kill your computer's performance.
With these concerns and many others too numerous to list here, spyware / adware is considered by many to be on par with viruses in terms of the power to harm your computer. And on top of that, spyware / adware jeopardizes your privacy, something viruses don't do. For all these reasons, the danger of spyware / adware is great.
Spyware / Adware software is often poorly written. If your computer runs more and more slowly as it gets older, and you haven't made any changes to it to make it run more slowly, there's a good chance that it's getting clogged up with spyware / adware. Since spyware / adware watches everything you surf, or everything you type, and since there are many types of spyware / adware that can all be installed on your computer at once, spyware / adware can really kill your computer's performance.
With these concerns and many others too numerous to list here, spyware / adware is considered by many to be on par with viruses in terms of the power to harm your computer. And on top of that, spyware / adware jeopardizes your privacy, something viruses don't do. For all these reasons, the danger of spyware / adware is great.
Thursday, July 12, 2007
History of Spyware
Spyware” has evolved into the cyber era as the most dangerous, damaging and menacing technological appliance in current history. It is no aggravation of statement that if you are linked to the Internet, there’s every chance of being affected by this nuisance. So, it is in good time we should possess a peripheral view about “spyware”.
It was on 16th October 1996, when the word “spyware” was used in the public for the first time. It appeared on the Usenet. Basically it was on an article sarcastically aimed at the business strategies of the global leader Microsoft. Later still, around about the year 1999, its usage was synonymous to spy equipment like microphone bugs or miniature cameras. Thorough survey by Lexis/Nexis confirms this theory. But later that year in a press release of Zone Alarm Personal Firewall by the Zone Labs Company it was used in the meaning we know it today.
The word “spyware" was an instant hit in the mass media and among the general mass and soon in the month of June, 2000 the first anti-spyware application OptOut was released by Steve Gibson. Gibson planned to market its OptOut for a very competitive price but they faced tough competition from Lavasoft, around the middle of 2000 with their version 1.0, as they offered their version of anti-spyware absolutely for free. Lavasoft’s application was more competent as a spyware removal component and already was performing multi-tasking applications. As a result Gibson had to abscond from the race leaving their OptOut with no more development. Nevertheless, OptOut could be termed as the pioneer of anti-spyware applications.
But it must be stated that the term “spyware” yields a bit of confusion for though the word renders a notion of information being send back to certain individuals it is true that not all spyware applications may perform this job. So, many computer personnel dealing with the data security management prefer the word “malware” in place of “spyware” as it indicates a software that is particularly detrimental to the computer system. Another word “adware” is also popular to specify software applications like keyloggers and Trojans, which are nothing but “spyware” in usage.
According to a once celebrated cyber report, a explicit spyware application was put forward to numerous internet users under the covering of a free, exceedingly user friendly and a mass alluring game software named “Elf Bowling”. This occurrence took place in around the 1999s. At present, and in general, the Windows operating system is the more favorable target of the spyware applications. To name a few of the most iniquitous spyware programming are Xupiter, Gator, XXXDial, DirectRevenue, Euniverse, CoolWebSearch, 180 Solutions, Bonzi Buddy and Cydoor. One thing is to be noted. All these applications always attack only Microsoft Windows operating systems. Platforms like Linux and Mac OS X are never ever reported to be affected in anyway by these spyware applications.
America Online and the National Cyber-Security Alliance performed a survey in October, 2004. The result was startling. About 80% of the entire internet users have their system affected by spyware and about 93% of spyware components are present in each of the computers and 89% of the computer users were unaware of their existence. Out of the affected parties almost all, about 95% confessed that they never granted permission to install them.
Legally speaking, spyware cannot be entitled as a virus as it never replicates itself. As a result it remains undetected when anti-virus application is used. What’s more, you actually agree to be spied upon while you click the ‘I agree’ button on the screen while you intend to install spyware software. It is very practical to state that people rarely reads the agreement while downloading. People never carry a lawyer while doing such things as downloading or installing.
So, to safely enumerate what spyware actually is, we can easily quote what Dick Hazeleger, famous for his "Spyware List", rightly said, "Spyware is the name which was given to software that - without the user of the program knowing that the software performs this kind of action - traces the user's usage of the internet and sends this information - again without the user knowing this is happening - to a computer ("Server") designated by the developer of the Spyware software. By performing these actions, detailed user profiles may be collected - without the user's knowledge and approval - which then can be used for commercial or other purposes. By gathering and sending this information both resources on the user's computer as well as bandwidth on the Internet is abusively used, not to mention the breach of privacy such a User profile would be."
The state of Utah has already gone a step ahead of others and announced that several usage performed by spyware would be strictly proscribed. Even the US Congress is preparing to follow the same line of operation. House Resolution 2929--the Spy Act has been prepared to control this menace.
This is what Utah’s antispyware law, the Spyware Control Act, has to say, “At BA Venture Partners, we would not consider any application that uses pop-ups, is distributed through file sharing such as Kazaa or is not removable. Beyond that, we would look for applications that provide consumers value and would be installed on their own if people knew about them. The aggressive tactics of some advertising-supported software has given the whole sector a bad name. But if the software is fully disclosed and doesn't rely on intrusive methods such as pop-ups, the consumer should have a choice to view ads in return for software.
What's more, the developer should have a right to make money. Beyond these guidelines, the legal risks and moral problems become clear, and legitimate businesses should stay away from these practices. So we certainly would not consider anything beyond Circle 3. ”At present Microsoft can champion about its anti spyware application release and it is mandatory for the software developers to be certified by the International Charter as Spyware Free.
Like i promised just keep following me i will let you know on every information on spyware and its removal,and as i promise i will be including new spyware removals i have used and believe me they are trustworthy,try this http://nedbertini.noadware.hop.clickbank.net/
It was on 16th October 1996, when the word “spyware” was used in the public for the first time. It appeared on the Usenet. Basically it was on an article sarcastically aimed at the business strategies of the global leader Microsoft. Later still, around about the year 1999, its usage was synonymous to spy equipment like microphone bugs or miniature cameras. Thorough survey by Lexis/Nexis confirms this theory. But later that year in a press release of Zone Alarm Personal Firewall by the Zone Labs Company it was used in the meaning we know it today.
The word “spyware" was an instant hit in the mass media and among the general mass and soon in the month of June, 2000 the first anti-spyware application OptOut was released by Steve Gibson. Gibson planned to market its OptOut for a very competitive price but they faced tough competition from Lavasoft, around the middle of 2000 with their version 1.0, as they offered their version of anti-spyware absolutely for free. Lavasoft’s application was more competent as a spyware removal component and already was performing multi-tasking applications. As a result Gibson had to abscond from the race leaving their OptOut with no more development. Nevertheless, OptOut could be termed as the pioneer of anti-spyware applications.
But it must be stated that the term “spyware” yields a bit of confusion for though the word renders a notion of information being send back to certain individuals it is true that not all spyware applications may perform this job. So, many computer personnel dealing with the data security management prefer the word “malware” in place of “spyware” as it indicates a software that is particularly detrimental to the computer system. Another word “adware” is also popular to specify software applications like keyloggers and Trojans, which are nothing but “spyware” in usage.
According to a once celebrated cyber report, a explicit spyware application was put forward to numerous internet users under the covering of a free, exceedingly user friendly and a mass alluring game software named “Elf Bowling”. This occurrence took place in around the 1999s. At present, and in general, the Windows operating system is the more favorable target of the spyware applications. To name a few of the most iniquitous spyware programming are Xupiter, Gator, XXXDial, DirectRevenue, Euniverse, CoolWebSearch, 180 Solutions, Bonzi Buddy and Cydoor. One thing is to be noted. All these applications always attack only Microsoft Windows operating systems. Platforms like Linux and Mac OS X are never ever reported to be affected in anyway by these spyware applications.
America Online and the National Cyber-Security Alliance performed a survey in October, 2004. The result was startling. About 80% of the entire internet users have their system affected by spyware and about 93% of spyware components are present in each of the computers and 89% of the computer users were unaware of their existence. Out of the affected parties almost all, about 95% confessed that they never granted permission to install them.
Legally speaking, spyware cannot be entitled as a virus as it never replicates itself. As a result it remains undetected when anti-virus application is used. What’s more, you actually agree to be spied upon while you click the ‘I agree’ button on the screen while you intend to install spyware software. It is very practical to state that people rarely reads the agreement while downloading. People never carry a lawyer while doing such things as downloading or installing.
So, to safely enumerate what spyware actually is, we can easily quote what Dick Hazeleger, famous for his "Spyware List", rightly said, "Spyware is the name which was given to software that - without the user of the program knowing that the software performs this kind of action - traces the user's usage of the internet and sends this information - again without the user knowing this is happening - to a computer ("Server") designated by the developer of the Spyware software. By performing these actions, detailed user profiles may be collected - without the user's knowledge and approval - which then can be used for commercial or other purposes. By gathering and sending this information both resources on the user's computer as well as bandwidth on the Internet is abusively used, not to mention the breach of privacy such a User profile would be."
The state of Utah has already gone a step ahead of others and announced that several usage performed by spyware would be strictly proscribed. Even the US Congress is preparing to follow the same line of operation. House Resolution 2929--the Spy Act has been prepared to control this menace.
This is what Utah’s antispyware law, the Spyware Control Act, has to say, “At BA Venture Partners, we would not consider any application that uses pop-ups, is distributed through file sharing such as Kazaa or is not removable. Beyond that, we would look for applications that provide consumers value and would be installed on their own if people knew about them. The aggressive tactics of some advertising-supported software has given the whole sector a bad name. But if the software is fully disclosed and doesn't rely on intrusive methods such as pop-ups, the consumer should have a choice to view ads in return for software.
What's more, the developer should have a right to make money. Beyond these guidelines, the legal risks and moral problems become clear, and legitimate businesses should stay away from these practices. So we certainly would not consider anything beyond Circle 3. ”At present Microsoft can champion about its anti spyware application release and it is mandatory for the software developers to be certified by the International Charter as Spyware Free.
Like i promised just keep following me i will let you know on every information on spyware and its removal,and as i promise i will be including new spyware removals i have used and believe me they are trustworthy,try this http://nedbertini.noadware.hop.clickbank.net/
Tuesday, July 10, 2007
Spyware,a big internet problem.But it can be reduced and eliminated if you stay with me on this.
The majority of people who use computers simply do not have the time to invest in researching all of the potential problems and solutions and it is about time that we turned to real professionals for help. Most of us do not even recognize a quality security program when we see it which is why it is time for a change in our awareness. We do not need to accomplish years of training in order to protect ourselves from unscrupulous online criminals. We must simply turn to others who have placed their careers in the hands of this type of training and who are dedicated to predicting the possibility of cyber attacks, locating the source of these problems, eradicating them and enabling us to secure ourselves from future threats.
Lets talk about some dangers of spyware.A lot of the danger of spyware is obvious -- companies are building databases about the sites you visit and the things you search for, people can watch everything you do on your computer, advertisers can shove pop-ups in your face even when you're not surfing, and hackers can even wreck your computer.
But much of the danger is hidden. Perhaps not surprisingly, spyware software is often poorly written. If your computer runs more and more slowly as it gets older, and you haven't made any changes to it to make it run more slowly, there's a good chance that it's getting clogged up with spyware.
Since spyware watches everything you surf, or everything you type, and since there are many types of spyware that can all be installed on your computer at once, spyware can really kill your computer's performance. Some computers can even be rendered unusable by spyware, so slow and so unstable that it's impossible to do anything constructive on them. And since spyware almost always hides itself, you never realize that your computer is perfectly capable of doing what you need it to do -- you assume it's broken or too old, you might buy a new computer without realizing you could just clean the spyware out of the old one.
With these concerns and many others too numerous to list here, spyware is considered by many to be on par with viruses in terms of the power to harm your computer. And on top of that, spyware jeopardizes your privacy, something viruses don't do. For all these reasons, the danger of spyware is great.
Some companies are out to try and stop spyware efficiently and am here to keep you some of thos sites i use,i will give you one that i have personal reviewed and used.I hope you take advantage of it till i come your way again.http://nedbertini.xoftspyse.hop.clickbank.net/
The majority of people who use computers simply do not have the time to invest in researching all of the potential problems and solutions and it is about time that we turned to real professionals for help. Most of us do not even recognize a quality security program when we see it which is why it is time for a change in our awareness. We do not need to accomplish years of training in order to protect ourselves from unscrupulous online criminals. We must simply turn to others who have placed their careers in the hands of this type of training and who are dedicated to predicting the possibility of cyber attacks, locating the source of these problems, eradicating them and enabling us to secure ourselves from future threats.
Lets talk about some dangers of spyware.A lot of the danger of spyware is obvious -- companies are building databases about the sites you visit and the things you search for, people can watch everything you do on your computer, advertisers can shove pop-ups in your face even when you're not surfing, and hackers can even wreck your computer.
But much of the danger is hidden. Perhaps not surprisingly, spyware software is often poorly written. If your computer runs more and more slowly as it gets older, and you haven't made any changes to it to make it run more slowly, there's a good chance that it's getting clogged up with spyware.
Since spyware watches everything you surf, or everything you type, and since there are many types of spyware that can all be installed on your computer at once, spyware can really kill your computer's performance. Some computers can even be rendered unusable by spyware, so slow and so unstable that it's impossible to do anything constructive on them. And since spyware almost always hides itself, you never realize that your computer is perfectly capable of doing what you need it to do -- you assume it's broken or too old, you might buy a new computer without realizing you could just clean the spyware out of the old one.
With these concerns and many others too numerous to list here, spyware is considered by many to be on par with viruses in terms of the power to harm your computer. And on top of that, spyware jeopardizes your privacy, something viruses don't do. For all these reasons, the danger of spyware is great.
Some companies are out to try and stop spyware efficiently and am here to keep you some of thos sites i use,i will give you one that i have personal reviewed and used.I hope you take advantage of it till i come your way again.http://nedbertini.xoftspyse.hop.clickbank.net/
Subscribe to:
Posts (Atom)
RSS Feed (xml)