Detect and Remove Spyware

Detect and Remove Spyware

by: Mitch Johnson

The increasingly common computer and internet threat known as spyware is designed to gather information about personal and business computer users. The private information spyware is capable of obtaining about you can include your click stream, usage habits, passwords, credit card number and social security information. It is almost guaranteed that all PC computers have been infected with spyware.

A spyware infection is not primarily intended to alter a computer’s function but as a ขside effectข your computer will begin malfunctioning in obvious ways when some types of spyware invade. Possible signs include continuous pop ups, browser crashes and unauthorized start page changes. Users who have downloaded music and game programs are likely to have been infected as well as those who use shareware and/or freeware.

To clear your computer of malicious spyware computer users must download or purchase one of the many spyware scan tools. Proven and effective spyware tools can scan your computer and catch spyware, adware, keyloggers, dialers, Trojans, malware and more. Once the infected files are identified the spyware scan tools can safely remove them while keeping a back up of the file in case restoration is needed later. Spybot Search and Destory has become one of the most advanced and used free spyware scanning tools. Spy Doctor can be purchased and begin actively protecting against future spyware infections.

You computer should be scanned for spyware infections on a regular basis so as to avoid serious problems that could arise from deep infection. Nearly any of the many antispyware programs include free updates that will bring the program’s database of spyware definitions to the latest known for ultimate computer protection. Finding and using a good antispyware tool will help protect your private information from being snatched and used against you. Spyware removal tools will also stop annoying and intrusive advertisements from interrupting your internet activity.

About The Author

Mitch Johnson is a successful freelance author that writes regularly for http://www.spywareremovalmadeeasy.com/, a site that focuses exclusively on spyware removal software, as well as tips on how to prevent spyware from popping up on your computer. This site articles on has spyware guard, http://www.spywareremovalmadeeasy.com/spyware_guard.htm as well as spyware scanner, http://www.spywareremovalmadeeasy.com/spyware_scanner.htm

[email protected]

This article was posted on August 02

by Mitch Johnson

Countering the Spread of Spyware on your Computer

Countering the Spread of Spyware on your Computer

by: Mitch Johnson

Spyware has boomed into the top internet threat in no time and it continues to affect more computer users each day. Spyware is best described as a rogue application that latches to your system so it can record personal information and monitor internet usage. As spyware has grown it has become much easier to be infected with it.

In some instance computer can be infected with spyware just by visiting the wrong web site. Most spyware is installed without the user’s knowledge.

The most serious form of spyware comes as keyloggers which record each keystroke made on an infected computer. Each account number, password, email address, chat or email message or social security number you key into your computer is being duplicated and sent back to the intruder. Keyloggers are often responsible for identity theft and its spread.

Adware is thought to be a form of spyware because it still records and submits to intruders your personal and computer usage information. The information adware gathers about a person is used by companies to target you with advertisement they have dubbed appropriate for your interests. Spyware in the form of adware and other less harmful spyware usually finds its way into your computer by being bundled in with freeware and shareware downloads. To avoid spyware and adware you must proceed with caution when considering a freeware download.

Computers can be infected by visiting the wrong web sites because at insecure sites, hackers are able to take advantage of security vulnerabilities through the browser. This happens most often through Internet Explorer, however Microsoft tries to release patches to these security vulnerabilities once they have been found but users are still at risk until then. Users also remain at risk because once the patch is released they either do not know about the vulnerability or about the fix.

Law makers are striving to find regulations for these spyware privacy invasions but until then users must protect themselves.

To secure your computer now you can download several free and purchasable programs that will scan and remove spyware infections. Many of the new versions of spyware tools also offer ขalways onข protection that blocks spyware from downloading while you surf the internet.

About The Author

Mitch Johnson is a successful freelance author that writes regularly for http://www.1stinremovespyware.com/, a site that focuses primarily on spyware detection software, as well as tips on how to avoid spyware from popping up on your computer. His articles have also been featured on related spyware sites such as, http://www.bestinspywaredetection.com/ as well as http://www.bestsypwareremovalreviews.com/.

[email protected]

This article was posted on September 05

by Mitch Johnson

The MOve to e New AntiVirus Model

The MOve to e New AntiVirus Model

by: Tim Klemmer

This is the second in a series of articles highlighting reasons why we need a new model for antivirus and security solutions.

Reason #1: the Basic Model

Antivirus software vendors still rely on yesterday’s methods for solving today’s problems: they wait for the next virus to wreak havoc and then produce a solution. That worked for a long time when a virus would take years to traverse the world. But in this fastpaced Interetcrazed world we live in today, this type of solution is no longer applicable. Now a virus can traverse the world and infect millions of computers in minutes.

In the good old days a virus traveled by floppy disk. Put a floppy in your computer and save some data to it and the virus would infect the floppy. Then unwittingly put the infected floppy in another computer and presto the new computer would become infected. (I’m skimming over a lot of detail here to make a point). So the virus’ progress was slow and steady. Antivirus vendors had time on their side. They had the time to get a copy of the virus, dissect it, run it through a series of tests to come up with a signature string (see below for definition), put the string into a database of strings to search for when scanning your hard drive (and floppies) and release the new database to the public. Ten years ago this system worked very well.

But now everyone is connected via the Internet. Now, using email as a transport point, it doesn’t take years to gather momentum, instead it takes a matter of minutes. And here is where the model breaks. Step back and ask yourself the following question: if vendors can catch ขknown and unknown virusesข as their literature states, how then is it that we continue to have virus problems?

The answer lies in the fact that virus authors have been more creative in coming up with new ways to infect and wreak havoc and the software industry has not responded in kind, preferring to stay embedded in its old fashioned methodologies.

Why don’t the old ways work any more, you might ask? It’s relatively simple. Let’s go through the steps.

A virus author unleashes NewVirus via email. He mass mails his virus to thousands of people. Some, not all, unwittingly open the attachment thinking it’s from a friend or the subject is so enticing that they are fooled into opening it without thinking it’s a problem (cf. nude pictures of Anna Kournikova). The email attachment immediately starts emailing everyone in his contact list and embeds itself into his operating system so that it’s activated every time he turns on his computer.

The folks he emails in turn get fooled into thinking the email is valid and they open the attachment. Very quickly all hell breaks loose. Agencies which monitor Internet traffic see problems arising with the sudden spikes in email traffic and they begin to get calls or emails alerting them to the fact that there’s a new problem. Samples are obtained and sent off to antivirus vendors. They pass the emails through a series of tests to analyze what exactly the virus does and how it does it. Additionally analysis is performed to extract a unique string of 1’s and 0’s to identify this attachment as none other than NewVirus. This is called the signature string. It’s important that whatever string is arrived at does not exist in any other program or piece of software; otherwise, you will get what is commonly called a false positive.

Quick digression on ขfalse positivesข: if a vendor arrives at a unique string that just happens to be embedded in Microsoft Word, then every time a user runs a scan of their hard drive, Microsoft Word will be identified as being infected with NewVirus. Users will uninstall Word and reinstall only to learn that they are still infected. There will be complaints; the vendor will be forced to reassess the signature string and rerelease his list of strings and admit the error.

Typically signature strings are matched against a whole boatload of commonplace software just to protect against this occurrence, but it still happens and vendors learn to add new software to their test beds.

OK, so the vendor has arrived at a signature string. Next? Implement the string into their string database so that when their scanners are scanning they will match what’s on your hard drive to what’s in the database. After the database has been updated they release the database to their customers in what’s commonly called a ขpushข where they send the updates to their primary users.

If you did not buy into this service, you must know enough to log into your antivirus vendor and update your software so that you stay current.

So where are we? The bad guy –or problem teenager has unleashed NewVirus. NewVirus has infected thousands of computers; vendors have been alerted; NewVirus continues to infect; solutions are achieved and ขpushedข to corporate clients; NewVirus continues to infect hundreds and thousands of computers; corporate clients breathe a sigh of relief and alert their users as to the new threat.

Thousands, if not millions, of computers become infected and need to be cleaned because the best way to solve the virus problem is to wait for each new virus to come along and solve on a case by case basis.

But if you sat back and said: what if? What if you categorized all the things a virus can do (or could do), built a series of computers to allow any email attachment or program to have full rein of a computer (much like it would have on your own computer – such a computer is called ขhoneypotข) and then analyze that computer for unwelcome behavior?

That would be a true preemptive strike against all malicious software. This is the behaviorbased model. Such a model would actually protect you unknown viruses, along with all the known 70,000 viruses.

In part 2 we’ll discuss the risks and security failures of having distributed vendor software on your desktop.

About The Author

Tim Klemmer

CEO, OnceRed LLC

http://www.checkinmyemail.com

Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behaviorbased solution to malicious software.

[email protected]

This article was posted on December 07, 2004

by Tim Klemmer

SOBIG.F Virus Promises กIกll Be Backก

SOBIG.F Virus Promises กIกll Be Backก

by: Karin Manning

On 21 August 2003 Symantec Security Response upgraded the W32.SOBIG.F threat to a category 4.

It is the sixth version of this worm.

SOBIG.F follows a computer worm known as กBlaster,ก or กMSBlaster,ก which infected at least 500,000 computers all over the world only a week ago. The ขNachiข worm which is designed to protect pcs from ขBlasterข caused its own havoc including infiltrating unclassified computers on the NavyMarine intranet and the collapse of the checkin system of Air Canada.

Associated Press has stated that 1 in 17 emails sent around the world has been infected.

According to Paul Wood of MessageLabs it took antivirus companies at least 12 hours to release updated software to combat the worm.

W32.Sobig.F@mm is, in fact, a worm, not a virus. This worm sends itself to every email address it finds in files with the following extensions:

.TXT

.WAB

.MHT

.HTML

.HTM

.HLP

.EML

.DBX

The ขSOBIGข worm is found in emails in your inbox with the following subject headings:

RE: DETAILS

RE: THANK YOU!

RE: YOUR APPLICATION

RE: YOUR DETAILS

RE: DETAILS

RE: APPROVED

RE: THAT MOVIE

RE: WICKED SCREENSAVER

I have personally received emails with all of these subject headings on a daily basis. The body of the email simply refers you to an attached file. It is absolutely critical that you DO NOT open this attachment. It is this attachment that contains the ขSOBIGข worm.

The ขSOBIGข worm is attached to files with the following names:

Movie0045.pif

Your_document.pif

Thank_you.pif

Document_all.pif

Details.pif

Document_9446.pif

Wicked_scr.scr

Application.pif

The last day on which the ขSOBIGข worm will spread is 9 September, 2003. Although this means email address collection and massmailing will stop at that date a computer infected with the worm will still try to download updates from master servers even after this date.

The worm affects Windows 95, 98, Me, Nt, 2000 and XP but leaves Unix, OS/2, Windows 3.x, Macintosh and Linux unaffected.

Thankfully Symantec Security Response has created a removal tool which is free to clean an infected computer. To access Symantec’s free removal tool visit: http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

For a free virus scan visit: http://www.stopsign.com

This past month’s computer attacks follows a historical trend – virus activity surges when college students have free time on their hands in the summer.

However, there is a suspicion that these kind of virus attacks may be driven by profit motives because worms such as SOBIG.F place a ขtrojan horseข on infected drives of unsuspecting pc owners which allows spammers to quickly distribute millions of unsolicited emails around the world.

Poorly designed software is declared the main cause of increased virus activity by computer designers as software is often distributed without appropriate amounts of testing.

Microsoft last year announced its intention to slow down software development so that software can be made more safe from infiltration.

Regardless of the cause, here is the reality:

Sobig.A was found on January 9 2003 with no expiry.

Sobig.B was found on May 18, expiring May 31 2003.

Sobig.C was found on May 31, expiring on June 8 2003.

Sobig.D was found on June 18, expiring on July 2 2003.

Sobig.E was found on June 25, expiring on July 14 2003.

Sobig.F was found on August 19, to expire 10 September 2003.

The spread of the SOBIG.F worm is being hailed the fastest ever.

History, therefore, tells us that Sobig.G is, in fact, just around the corner, faster and stronger than each of its predecessors.

As Sobig.F nears its expiry on 10 September 2003 I can almost envisage its evil grin as it declares, ขI’ll be back.ข

About The Author

Copyright 2003. Karin Manning. All Rights Reserved. Karin Manning is the webmistress of http://www.reprintrights4u.com and the publisher of Net Wealth, filled with up to the minute tips and techniques for growing your business online. To subscribe visit http://www.reprintrights4u.com and fill in the Newsletter Popunder on entry.

[email protected]

This article was posted on August 24, 2003

by Karin Manning