Adware
Adware is any software "package" that will cause advertising material to automatically display, or download advertising material to the infected computer once it has been installed, or while the software package is being used. The creators of these software packages include software code that will deliver the ads using annoying "pop-up" screens or title bars.
Why should you be concerned if adware is installed on your computer(s)? Adware usually includes software code that tracks your personal information and passes it on to third parties and usually without your authorization or knowledge. Now unless you authorized this type of activity by accepting a license agreement associated with the adware that included a clause authorizing this type of activity, you should consider this behavior to be a form a spyware, which is essentially information theft.
When adware is present on your computer, the end result is very similar to your telephone ringing off the hook because of the relentless onslaught of telemarketers calling to sell you something you did not ask for or want. It would be hard to imagine that anyone in their right mind would knowingly give their personal information to marketing companies to distribute, just to be inundated with endless pop-up ads and banners. If you are like most other people who would not like their personal information stolen through adware, then you would probably like to know how to minimize or eliminate adware completely. Many of the techniques in our eBook, "Home Network Security" will help you greatly reduce and maybe even eliminate adware on your computer(s).
Some of the well-known adware packages include:
- 123 Messenger
- 180 Solutions
- 180SearchAssistant
- Zango
- Bonzi Buddy
- ClipGenie
- CometCursor
- Cydoor
- Direct Revenue
- Aurora
- Dope Wars
- Ebates MoneyMaker
- Gator
- PornDigger!
- WinFixer
|
Alternate Data Streams
Alternate Data Streams (ADS) is a feature found in NTFS partitions that was intended to allow for compatibility with the Macintosh file system and is commonly found on Windows 2000 and newer Windows operating systems. The danger with ADS is that it provides hackers an avenue to hide root kits or other hacker tools on compromised computers, which gives the hackers the ability to control the compromised computer without being detected by conventional means. If employed, ADS allows the hacker to "hide" files behind legitimate programs such as Notepad without affecting the program’s original functionality. Since the file is hidden, you will not be able to see or detect it using Windows Explorer or other traditional files browsing utilities.
Unfortunately, there is no method available to turn off this built-in Windows feature; however, you can install a program to scan for and detect ADS files. The F-Secure Anti-virus/Anti-spyware program does provide users with the ability to scan their computers for Alternate Data Streams and you can download and purchase this fine program
from F-Secure.com.
|
Blended Threats
A blended threat is a computer network attack with the sole purpose of maximizing the severity of damage and speed of contamination by combining different infection methods. For example, by combining characteristics of viruses and worms, an attacker could take advantage of certain vulnerabilities in computers, networks, or other network-connected devices that may not have adequate protection. For example, an attack using a blended approach could embed a virus in an e-mail attachment, along with a Trojan horse embedded in an HTML file that could cause damage to the recipient's computer. The Nimda, CodeRed, and Bugbear exploits were all examples of blended threats.
Blended threats typically include:
-
Multiple avenues of propagation -- for example, distributing a hybrid virus/worm via e-mail that will self-replicate and also infect a Web server, so that contagion will spread through all visitors to a particular site.
-
Exploitation of vulnerabilities, which may be preexisting or even caused by malware distributed as part of the attack.
-
The intent to cause real harm (rather than just causing minor computer problems for victims). For example, by launching a denial of service (DOS) attack against a targeted web site or delivering a Trojan horse that will be activated at some later date.
-
Automation that enables the threat to spread without requiring user actions, such as opening attachments.
To guard against blended threats, you should make sure your software always has the latest patches and hot fixes, use and maintain good firewall products, use software to detect malware, and educate anyone using your computer(s) about proper e-mail handling and online behavior. Our eBook, "Home Network Security", is a great resource for software recommendations and considerations, as well as safe e-mail guidelines.
|
Botnets
A Botnet is a large number of computers, known as "Zombies" that have
been set up to forward transmissions (including spam and viruses)
to other computers connected to the Internet. This large grouping of computers
is usually controlled remotely by one or more master computers and these
zombies are commonly used to attack other Internet-connected computers in
a coordinated effort. This is where the "Bot" part of the name comes from,
because the zombie computer serves the wishes of some master spam or virus
originator; thus the computer becomes one robot in large army of many robot
computers. Botnets are capable of:
• stealing personal information,
• distributing spam and viruses using the infected zombie computers,
• using the infected computers to store illegal software, such as pornography,
and
• Launching Denial of Service attacks against other Internet-connected computers
and Servers
There are many who believe that Botnets currently pose the biggest threat
to the Internet because they are difficult to detect and literally thousands
or hundreds of thousands of Zombie computers can be instructed to carry
out the malicious activity of the Bot Master at any given time. On the command
of the master computer, the "army" of zombie computers in a Botnet can be
ordered to send transmissions to a specific website, which could close the
site down because of the enormous volume of traffic hitting it all at once.
This type of attack is known as a Distributed Denial of Service (DDoS) attack.
Another important thing worth noting is that the attackers use stealth techniques
to hide their tracks; thus it becomes incredibly difficult to find and prosecute
the perpetrators.
Authorities have been reacting to this growing threat by shutting down the
Botnet servers as they are discovered; however, it is very difficult for
them to keep up with the growing threat. Implementing a "Layered Defense"
for your computer(s) and network will go a long way in helping to protect
against this threat.
You can reduce your computer's chances of becoming a "zombie" in a Botnet
by installing a good software-based firewall, a good anti-virus program,
and one or more Anti-spyware programs. The better Software-based firewalls
are capable of being configured to prevent outgoing Internet traffic over
the ports which are known to carry out such attacks. You should also consider
installing a good hardware-based firewall at the perimeter to block all
incoming traffic and hide your computer from outside scans. For more information
on choosing firewalls and other security software, purchase and download
our eBook, "Home Network Security" from our "Products"
page and start building your defenses.
You may also wish to download trial versions of the software we recommend
from our Products page. After you download and
install the trial versions, read the documentation that accompanies each
program to help you configure each of them for optimal security, as well
as help you better understand how each product works. You can find the documentation
on the "Help" menu for each program. We are convinced you will be very happy
with each program you try and at the end of the trial period, you may purchase
the program using the instructions accompanying each program, or you can
simply uninstall the program if you are not satisfied with any of the products. |
Browser Hijacker
Browser hijackers change your computer's browser settings so that you are redirected to Web sites that you had no intention of visiting. So when you open your Internet browser, such as Microsoft's Internet Explorer, you may notice that it no longer opens to the site it usually does. If this is the case, you have probably been infected with a Browser Hijacker.
Some of the highly undesirable Browser Hijackers could redirect you to pornographic Web sites; they could cause questionable pop-ups to occur that keep popping open as quickly as you close them; and they can also degrade your computer's performance and cause your browser to freeze.
This type of malware is commonly installed with software that is available to download for free; therefore, be very careful when downloading and installing free programs from the Internet. If you do feel that a program is safe to download, make sure you read the license agreement very carefully; often, you will find that by downloading and installing many programs, you also give consent to this type of undesirable content.
Protect yourself by installing at least two very good anti-spyware programs and one good anti-virus program. These types of programs can be configured to prohibit unauthorized changes to your browser's settings. We recommend the following programs:
CounterSpy by Sunbelt Software and F-Secure Anti-virus 2006
or newer versions.
|
Cookies
Cookies, are text files containing information sent by a server to a Web browser [such as Internet Explorer] and then sent back by the browser each time it accesses the server that placed the cookie on the computer. The server associated with the cookie is the same server that produces the web pages for the site that was visited. HTTP cookies are used for user authentication, user tracing and maintaining user-specific information such as the user's preferences, the items a user may have placed into an electronic shopping cart, the sites the user may have visited, etc.
Since cookies may contain sensitive information about you, including your user name, any authentication information associated with you, etc., your personal information could also be compromised! How? Cookies that are sent through ordinary HTTP sessions are visible to all users "listening" in on the network by using a device known as a "packet sniffer". Always make sure that sites requiring login information are "Https" sites, because these are secure channels and are very difficult to break into with packet sniffers.
As you can see, anyone who collects information found in cookies about you and your online habits is invading your privacy! It is for this reason that you should configure your web browser to allow ONLY "session" cookies when browsing the Internet and under no circumstances, should you ever allow "Third Party" cookies to be saved to your computer! By allowing third party cookies to be saved to your computer, you are inviting trouble! Many third-party cookies come from advertising and marketing companies who can, and often do, use the information contained within the cookie to flood you with unwanted email and other garbage like pop-up advertising.
Our eBook, Home Network Security, will show you how to disable first and third party cookies, as well as show you techniques to protect yourself from other potentially dangerous code.
|
Dialers
Dialers are malicious programs capable of changing your dialup connection settings, which causes your computer to place calls to expensive toll numbers or international numbers.
Dialers can have stealth capabilities, making it very difficult for the computer user to detect them. As always, make sure you run at least two good Anti-spyware programs, install a good Anti-virus program, use personal firewalls capable of logging incoming and outgoing traffic, and use extreme caution when surfing the Internet or opening email.
|
Drive-by Downloads
A drive-by download is a harmful program that is automatically downloaded to your computer when visiting certain Web sites or viewing HTML e-mail messages containing malicious code.
File sharing programs are popular vehicles for drive-by-downloads and are often used to track and report user information for targeted marketing purposes.
If you notice that your home page has changed and you are being redirected to a new site, you may have been infected by a drive-by-download package. In some cases, the infection may initiate other programs to launch. If you do become infected with a drive-by-download, as with other forms of spyware, these types of programs can be very difficult to clean and may require an expert to remove the program(s).
If you would like to minimize your chances of being infected by a drive-by-download, you should ensure that you have a couple of very good Anti-spyware programs installed that are configured for optimum security. Additionally, you should tighten up your Windows and Internet Explorer security settings. Our eBook, "Home Network Security" will guide you step-by-step through the process of securing your computer, as well as provide guidance in choosing good Anti-spyware programs.
|
Instant Messaging
Instant Messaging is a user-deployed client software program that allows
one or more people to communicate in real time over an Internet connection.
This type of software is not a security risk by itself, but because of the
popularity of Instant Messaging, it is a more attractive target to hackers
and virus writers. Malicious code writers tend to focus their attention
on areas that will produce the highest returns and with IM growing in popularity,
this is a very attractive avenue for them to pursue. IMLogic, an enterprise
software company for Instant Messaging, released the following facts and
predictions report about Instant Messaging threats early in 2006:
- In 2005, there were 2,403 unique IM and P2P threats, including IM-specific
attacks and blended threats targeting IM and P2P applications
- Also in 2005, 90% of IM-related security attacks included worm propagation;
9% delivered viruses; 1% of reported incidents exploited known client
vulnerabilities or exploits
For 2006, IMLogic released a report predicting:
- Network interoperability and continued IM adoption will accelerate
the volume of IM threats. "Forecasted growth of both consumer and enterprise
IM, combined with the increasingly connected nature of disparate IM
systems, will lay the groundwork for large-scale IM attacks that reach
across disparate networks."
- Expanded IM functionality will increase the number of attack vectors
-- "The convergence of IM, VoIP, virtual conferencing and other real-time
communication capabilities will provide new opportunities for the propagation
of sophisticated IM attacks."
- More sophisticated and even "intelligent" worms will increase infection
rates -- "The increasing complexity and agility of IM threats will result
in attacks being less likely to be immediately detected by an end-user
making these types of attacks more dangerous and costly."
- Instant messaging will continue to attract online criminals -- "Cyber-criminals
will increasingly be drawn to IM because of its proven ability to efficiently
deliver malicious payloads via social engineering tactics."
These statistics and predictions are sobering and you should be very careful
when choosing to install and use Instant Messaging software or Point-to-Point
software on your computer(s) and network(s). If you do not wish to allow
Instant Messaging software to run on your computer(s), make sure other people
who have access to your computer(s) do not have the ability to install this
type of software by giving them limited access, which can be done by making
them members of the "Users"group only. Firewalls also provide you with an
avenue to block these types of software from communicating outside your
network. |
Keylogger
Keyloggers, also known as Keystroke loggers, are small programs capable
of monitoring each and every keystroke a user types while using their computer's
keyboard.
This is a very dangerous type of spyware, because when a user types, the
program will record each keystroke and upload the information over the Internet
to the cyber criminal who installed the program.
Keyloggers are commonly downloaded unknowingly to the user’s computer via
a root kit or Trojan. Since Keyloggers record a user's keystrokes, they
are capable of stealing user account logon information, such as the user's
account name and password, as well as other confidential information. Armed
with this information, the cyber thief could impersonate the user and log
on to their online banking account or other types of online accounts and
steal their money, redirect funds elsewhere, lock them out of their own
accounts, change their personal information, and many other harmful things.
For these reasons, you should install a least two good anti-spyware programs,
a good software-based firewall that will inform you when a new application
is trying to run or send information outside to the Internet, and of course,
a very good anti-virus program.
We recommend CounterSpy Anti-spyware, the Kerio Personal Firewall, and the
F-Secure Anti-virus/Anti-Spyware programs. |
Phishing Scams
Phishing attacks (scams) are quickly becoming one of the fastest growing
crimes. The cyber criminals have figured out that it is much easier to steal
someone's money if the person from whom they are stealing, willingly offers
their personal information to them, without realizing what they had done.
People are curious and since the criminals know this; they will use very
deceptive and very clever tactics to get people to divulge their personal
information to them.
Cyber criminals have devised very clever methods using email and other means,
to get people to divulge their user account login and password information
by sending fraudulent emails to the victims appearing to be legitimate by
using accurate graphic images. Customers of banks, brokerage houses, and
other financial institutions are now prime targets for cyber criminals and
by using emails and web sites that have accurately impersonated the "real"
company's sites, they are tricking people into logging into rogue sites
and are capturing their login information. Once they have this information,
they could easily steal the victim's financial assets. Human carelessness
is what allows this type of activity to be successful.
Your main defense is to be very careful and realize that legitimate businesses
will usually never ask you to login in to your account via email and click
a hyperlink embedded within the email to view and/or change any part of
your account information. Legitimate businesses will also not threaten to
close your account via email, which are common tactics used by "Phishers".
Should you ever receive an email asking you to click a link to verify your
account information or change your password, or anything else - DO NOT CLICK
ON IT! If you feel compelled to click the link, you should first call the
institution that is being referenced and ask them if they did in fact send
the email; chances are...they did not. The institution would probably ask
you to forward the fraudulent email to their fraud department so they could
investigate and track down the phishers.
The lesson here is simply this...never click any link embedded within an
email!
Our book,
Home Network Security, discusses this threat
and shows you how you can securely read an email in Microsoft Outlook Express
without opening it and shows some examples of legitimate and fraudulent
emails. You can purchase and download your copy here for only $19.95 USD.
|
Pop-up Download
While surfing the Internet, certain pop-up windows may appear, enticing you to download a “necessary” program to your computer's hard drive. This type of program must "trick" the user into thinking it is required to view a certain site's content or provide protection for your computer; but be very careful, because if you click "Yes" to install the program, it may be a form of spyware and be very difficult to remove. There have been instances where a pop-up offered a free security scan and if the user took advantage of the offer, the scan results showed spyware present on the computer and instructed the user to purchase the software to remove the spyware. What is disturbing is that by clicking the “free scan” link, it downloaded the spyware to the user’s computer.
Pop-up Downloads are capable of tracking your online behavior and could cause other pop-ups to appear on your computer.
Always be very cautious when clicking "Yes" to anything on the Internet and make sure you have good Anti-virus and Anti-spyware programs installed. These types of programs are designed to help protect you from this type of malware and may even be able to stop or remove the malicious content if it does get installed on your system.
|
Rootkits
Rootkits are quickly becoming one of the most serious threats to computer security and confidential information stored on the hard drives. If your computer becomes infected with a Rootkit, the person who placed it on your system could have complete control to do anything they wish, including stealing your personal information or using your computer to attack other computers connected to the Internet. Hackers often gain access to your system through unpatched software and are now placing Rootkits on compromised computers because of security holes in the unpatched software. If someone is successful in placing a Rootkit on your computer, it is often very difficult or even impossible to detect and remove.
A couple of things you could do to protect yourself from this type of compromise is to ensure that all of your software is continuously patched with the latest updates and make sure all administrative computer accounts have very strong passwords. Microsoft release monthly patches on the second Tuesday of each month, and sometimes, they issue “out-of-cycle” patches when necessary. Other programs you should check periodically for security updates include Adobe software, Sun’s Java, and your anti-virus/anti-spyware programs. You should also consider installing a very good Anti-virus program capable of detecting Rootkits. Unfortunately, if you do detect a Rootkit on your computer, the only sure method of cleaning it is to completely erase your hard drive using a DoD or better method, reformat it, and reinstall your operating system, security updates, and all of the programs you had previously installed. There are many good programs capable of securely erasing your hard drive; but remember, if it is free…it could be dangerous. You are better off purchasing a legitimate program such as DriveScrubber by Iolo Technologies.
As you can imagine, it would be a better option to protect your computer and use good judgment when viewing emails, opening attachments, navigating the Internet, and downloading and installing software. The choices you make will impact your overall security posture!
Our eBook,
Home Network Security, will guide you through configuring strong passwords and setting up the Windows 2000 or later operating system to continuously check for and install updates as they become available from Microsoft. You can purchase your copy of Home Network Security
from our Products page.
|
Spyware
Spyware is software installed on a computer that is designed to gather information about a person or organization without their knowledge or consent and then sends that data back to the originating source. This collecting of information is also known as Data Mining and is commonly used for targeted advertising. In today's world, spyware normally makes its way on to a victim’s computer via the Internet using any number of possible infection methods. The victim may have visited a malicious web site; they may have opened an infected email; they may have downloaded an infected program; or may have been exploited through vulnerabilities in their system, among other things.
Spyware comes in many varieties, with each designed to perform a specific purpose. Here some properties commonly found in Spyware:
- Capable of downloading and installing other malicious software
- Allows remote connection to your computer
- Allows remote control of your computer using a "backdoor"
- Attacks security software designed to protect your computer
- Changes browser settings and redirects you to undesirable sites
- Connects to the internet
- Dials toll numbers that charge your telephone account
- Evasive Network Behavior to connect to the Internet using non-standard techniques
- Consume High Bandwidth and slows network connections considerably
- Exploits vulnerable software programs that have not been patched with the latest security updates
- Logs Applications ran or executed by the computer user
- Logs keystrokes typed by the computer user
- Logs URLs of web pages visited by the user
- Opens ports to communicate outside to the Internet or allow incoming malicious traffic
- Overwrites Affiliate tracking links and steals referral money from affiliate site
- Redirects Searches web sites that would not have normally appeared
- Reports False Data to coerce the user into purchasing misleading software
- Sends logs of the user's computer activity to malicious computer
- Shows pop-up ads
- Stays Resident and can be very difficult to remove
Cookies, adware, Trojans, and other types of programs can all be considered spyware.
Be careful when downloading "cute" programs, such as the "Elf Bowling" download or ANY toolbar. These types of amusing programs are quite often sources of spyware. You can protect yourself however to a very high degree if you install at least two very good Anti-spyware programs and configure them for HIGH protection. Our eBook, Home Network Security, can provide you with suggestions and guidelines for choosing and installing anti-spyware programs.
|
Trojanhorse
|
History has shown us that Trojan horses were used by the Greeks to conceal soldiers inside and then placed in an area whereby, after a short period of time, the soldiers would emerge and overtake the city.
As you might guess, the Trojan horse program obtained its name from the Greek Trojan horse, because of how it works. Once a Trojan horse is installed on to a computer, it could take control of the system and do quite a bit of damage, including stealing your personal information and disabling your security software.
For this reason, it is imperative that you install a good anti-virus program and make sure it functioning as it should by ensuring it downloads and installs all available virus definitions or updates as they are released. Our eBook Home Network Security offers suggestions on choosing a good anti-virus program or if you choose, we recommend the F-Secure Anti-virus/Anti-spyware program and you could purchase it
from F-Secure.com.
|
Virus
Computer viruses are programs capable of spreading by copying themselves to other computers via infected attachments in email messages, infected downloads from websites, and other methods such as infected floppy diskettes or CDs.
When a virus makes its way onto a computer, it may or may not launch immediately and when it does execute, it is capable of many things. Viruses can simply be annoying in nature by displaying unwanted graphics or pop-ups, or they can be very malicious and do things like erase your files or entire hard drive.
Since viruses can be easily by introduced into your computer, it is in your best interest that you only download and execute programs from trusted sources. Additionally, if you wish to execute a program you received in an email or downloaded from a website, you should first save the download to your computer, and then scan it with your anti-virus program to ensure it is safe to open, BEFORE you install it. We also recommend using an anti-virus program that is capable of scanning all incoming and outgoing email messages for harmful content and attachments.
Our eBook, "Home Network Security" offers suggestions to help you find a good anti-virus program, as well as recommendations to consider when configuring your program for optimum computer protection.
|
Web Bugs
A Web Bug is a graphic on a web page or HTML email and usually invisible because of their extremely small size, that is capable of monitoring and tracking visitors of certain web pages and e-mails. Web bugs can transmit your IP address, the page(s) and time(s) you visited certain web pages, the type and version of internet browser you are using, and other information found within cookies on your computer. An IP address is similar to your "house" address in that it is unique to your location; therefore, if someone has that information, they could use it in an unethical manner...such as selling the information to marketing companies. Armed with your IP address, unethical companies could direct advertising and even malicious content to your computer, even if you use software that makes you appear "anonymous"!
Fortunately, there are techniques you can employ and software you can install to limit or even stop this activity from occurring on your computer. Our eBook, "Home Network Security" offers recommendations of software capable of disabling Web bugs in email and web pages, as well as a simple technique to safely read emails, which ultimately limits your exposure to web bugs embedded in e-mail messages.
|
Worms
Worms are malicious programs capable of reproducing and spreading by sending copies of itself to everyone in your address book. One of the things you can do to limit replication is limit the number of emails that can be sent at one time to no more than five addresses. Worms generally impact network traffic by consuming the bandwidth as it replicates and spreads to other users. Think of this bandwidth consumption like a freeway during rush hour...as more automobiles flood the freeway, traffic slows. Bandwidth is like a freeway in that it can only accommodate a certain amount of traffic and if this limit has been reached, the network slows to a crawl.
Worms can be harmful in other ways - they can delete files on your hard drive, send information from your computer somewhere else using your email account, and they can contain other types of harmful code capable of doing other damage.
What are some vulnerabilities that worms exploit?
-
Poorly designed software programs
-
Computer software containing vulnerabilities that have not been patched with available security updates
-
Improper computer configuration, such as weak passwords and unnecessary services running in the background
Having a good Anti-virus software program that is continuously updated is an important defense against worms. For more information on Anti-virus software and guidance on choosing a good solution, purchase our eBook, "Home Network Security". You will not be disappointed!
|
|
