sladehk
le random
- Joined
- Jul 26, 2004
- Messages
- 1,000
- Gender
- Undisclosed
- HSC
- 2006
Home Computer Security
Combating Virus, Spyware & Spam on the Internet
Information on Threats
To understand computer threats, I will quickly go over the few web threats/ “baddies” out there. The main three types of threats are Virus, Worm, and Spyware. All three of these threats contain malicious codes to steal data or damage files on your computer. They may also steal your passwords (through keyloggers) and allow easy assess of your computer to hackers. This thread basically describes the threats and provides suggestions on how to prevent such things from happening. A general rule of having a clean system is to regularly use and update your security programs (including Windows), avoid pirated
software, going to serialz/warez sites and do not open/ accept files/emails from people you do not trust.
Viruses
Viruses are programs that are often self-replicating and cause some undesirable effects on your computer. It can corrupt programs, crash the operating systems, alter/ damages the boot sequence, destroy files and generally wrecks havoc in the system. They can also allow hackers to easily access your computer.
Worms
Worms contains malicious code that propagates through infected emails. They often alter the boot sequence and re-spawn each time the machine is booted. They can corrupt programs, sometimes the operating system itself, and worse still, steals your email account and randomly sends out infected emails to all those listed in your address book. A recent well-known worm is the Bropia worm that spread through MSN messenger.
Spyware
Spyware refers to parasitic software that often hides itself as a helper object (toolbar, hot-bar, Active X component, etc) or packaged with some P2P software (like Kazaa). It can steal and send out your private and even secured information to advertisers, data mining firms, and tracks your online activity. Spyware typically also incorporates pop-ups and in-browser advertisement signals from servers. These are typical symptoms of spyware. Data-miners and tracking cookies are a common parasite that jumps into the computer each time you go online.
Trojans
A trojan is a program that looks innocent but carries a dangerous payload, like the Trojan Horse of Greek mythology. It may be disguised as a game or some other kind of executable program, in the same way that viruses are often disguised. The payload it carries is a backdoor program (or maybe just a few lines of code that create a security hole so a backdoor program to be installed later). Trojans can also be keyloggers.
Backdoor
A backdoor program allows the hacker access to your computer whenever it's on the Internet. It's a remote control, and usually a very thorough one with full access to every facility and file on your computer. In the popular press the distinction between a trojan and a backdoor (or more specifically the client element of a backdoor program) has been lost and the two are often used interchangeably.
Hackers
Hackers are computer experts who trying to breach the security of networks, Web servers and email servers. Usually they use a selection of specialist software to identify weaknesses, which are then exploited. They often do this as a challenge and target the big companies and authorities. There are just two aspects of hacking that you have to worry about as a private individual. One is that your details are on various company databases, and when these are cracked, information about you can be stolen.
Keyloggers
Keyloggers are programs that are used to log all your keystrokes and generally, used to steal passwords.
Downloaders
Downloaders are programs exploit security flaws in your operating system to download unwanted programs in the background. Viruses often use downloaders to update themselves.
Phishers
Phishers are emails that come disquised as coming from a respectable business with the purpose of stealing information(usually your credit card details). The email may ask you to "Update/ Renew your account". Don't fall for teh trick . If in doubt, call the business and ask.
Malware
Malware is a general term used to describe te web "nasties." It is basically software designed specifically to damage or disrupt a system. They may also feature phoney licenses and attempt to trick the user into installing unwanted programs alongside purposely installed software.
Dealing with the threats
To deal with these threats, you should implement software such as anti-virus programs, anti-spyware programs, firewalls and keep your system constantly updated and regularly scanned. A common misunderstanding is that an anti-virus program will detect and kill all viruses and spyware. Actually, it may kill viruses, but it won't kill spyware at all. Spyware is not a virus, and hence anti-virus program will not kill it. To kill a spyware implant in your system, you need an anti-spyware program
Dealing with Viruses
Anti-virus programs can detect and destroy viruses in your system. As each anti-virus program is not perfect, two is always better than one. One may find viruses that the other has missed. Professional anti-virus and anti-spyware program can be purchased off the shelf by anyone. There are also free alternatives available.
AVG Anti Virus (Free)
PcCillin Anti Virus
Norton Anti Virus
Dealing with Worms
Worms usually work through exploits in the security of the system. To deal with worms, get some good anti-virus program and firewall (hopefully with an active shield like AVG). However, the most effective way is to update your system(OS) like by installing Service Pack 2 for Windows.
To update Microsoft > Update Now
Dealing with Spyware
Spyware is often bundled with programs, especially free ones. Many P2P programs are free to download but are bundled with a lot of spyware(like Kazaa). To deal with spyware, get good anti-spyware software. There are professional programs but sometimes, the free ones are just as good(or even better).
Ad-aware SE Personal (Free)
Spybot Search & Destroy (Free)
Javacool's SpywareGuard Javacool's SpywareBlaster
IE-SPYAD
HijackThis
Note: Hijackthis is not a easy to use spyware removal tool. It's strength is in creating a logfile which computer experts can check whether the files are geniune or part of the spyware family
Dealing with Browser Hijacks
There are some types of spyware that "hijack" your browser so that your search engine or homepage is set to a certain page and you can't reset it.
HijackThis
BHO Demon
Dealing with Spam
One of the most annoying things you will have to deal with. In this case, prevention is definitely better than cure. If they never find your email, they can't spam you. Therefore, you should never give you email out to sign up for any unneccessary things. Now if you have got a heavy stream of spam coming to you daily, you should configure your Junk Filter setting. Otherwise you may want to purchase some profession off-the-shelf products avaliable.
Defending against the armies of evil
To defend your computer against the myriad of malware and hackers trawling the web for victims, get a firewall. Basically a firewall prevents unauthorized access to your computer. If you run a permanent (always-on) Internet connection, especially a broadband cable connection or DSL, you are under more risk than the poor dial-up guys. These connections are always on so they are indefinitely more useful to hackers. If you are not a dial-up person then you will need to install additional security. Firewalls are then a necessity.
ZoneAlarm Personal Firewall (Free)
Sygate Personal Firewall (Free)
Browsing Safely & Security
“Prevention is better than cure.” The simplest defence against spyware infection is to not to catch it in the first place. The mere fact that just visiting certain malicious web sites can be in itself the first step to becoming infected with a virus. This is usually done through an Active X component, or even a so-called Browser Helper Object file installation to view the page.
Whenever a dialog box pops up asking whether you want ot donwload a file or install some Active X component say "No" unless you are 100% sure it is safe. You just don’t know what the Active X or BHO contains. Your credit card details could be at stake!
It is recommended to use a non IE browser as IE is the number 1 target of hackers and virus creators because it simple has the most people using it. Mozilla Firefox is a great browser that has tabbed pages, built in pop-up blocker and also safer due to automatic “disallowing” of ActiveX unless it is specifically allowed.
NEWAccepting & Running files
Do not accept and/or run files unless you are very sure that the files are safe. The recent Bropia worm spread through MSN messenger like that. PIF (Program Information File) runs a DOS program while SCR (Screensaver File) similarly allows the program to run its executable code. Due to the recent worm, I have included a list of files which you shoudl watch out for (or files that can run independently once you double-click them):
*.BAS
*.BAT
*.CMD
*.COM
*.EXE
*.INF
*.ISP
*.LNK
*.MST
*.PCD
*.PIF
*.REG
*.SCR
*.URL
Some sites
These are some sites that may be useful to you when you suddenly find yourself unable to deal with the problems(or when the above solutions do not work)
http://www.wilders.org/
http://forums.techguy.org/f54-s.html
http://www.firewallguide.com/spyware.htm
http://housecall.trendmicro.com/ (online virus scan)
http://www.helponthe.net (diagnose hijackthis logs, virus's and give further aid)
http://www.techsupportforums.com (diagnose hijackthis logs, virus's and give further aid)
http://forums.spywareinfo.com/index.php?b=1(diagnose hijackthis logs)
http://computercops.biz/CLSID.html(diagnose hijackthis logs)
Acknowledgements
MedNez
polok
Comments and suggestions welcome!
I will add more to this as I go on. Hope someone will sticky this!
Combating Virus, Spyware & Spam on the Internet
Information on Threats
To understand computer threats, I will quickly go over the few web threats/ “baddies” out there. The main three types of threats are Virus, Worm, and Spyware. All three of these threats contain malicious codes to steal data or damage files on your computer. They may also steal your passwords (through keyloggers) and allow easy assess of your computer to hackers. This thread basically describes the threats and provides suggestions on how to prevent such things from happening. A general rule of having a clean system is to regularly use and update your security programs (including Windows), avoid pirated
software, going to serialz/warez sites and do not open/ accept files/emails from people you do not trust.
Viruses
Viruses are programs that are often self-replicating and cause some undesirable effects on your computer. It can corrupt programs, crash the operating systems, alter/ damages the boot sequence, destroy files and generally wrecks havoc in the system. They can also allow hackers to easily access your computer.
Worms
Worms contains malicious code that propagates through infected emails. They often alter the boot sequence and re-spawn each time the machine is booted. They can corrupt programs, sometimes the operating system itself, and worse still, steals your email account and randomly sends out infected emails to all those listed in your address book. A recent well-known worm is the Bropia worm that spread through MSN messenger.
Spyware
Spyware refers to parasitic software that often hides itself as a helper object (toolbar, hot-bar, Active X component, etc) or packaged with some P2P software (like Kazaa). It can steal and send out your private and even secured information to advertisers, data mining firms, and tracks your online activity. Spyware typically also incorporates pop-ups and in-browser advertisement signals from servers. These are typical symptoms of spyware. Data-miners and tracking cookies are a common parasite that jumps into the computer each time you go online.
Trojans
A trojan is a program that looks innocent but carries a dangerous payload, like the Trojan Horse of Greek mythology. It may be disguised as a game or some other kind of executable program, in the same way that viruses are often disguised. The payload it carries is a backdoor program (or maybe just a few lines of code that create a security hole so a backdoor program to be installed later). Trojans can also be keyloggers.
Backdoor
A backdoor program allows the hacker access to your computer whenever it's on the Internet. It's a remote control, and usually a very thorough one with full access to every facility and file on your computer. In the popular press the distinction between a trojan and a backdoor (or more specifically the client element of a backdoor program) has been lost and the two are often used interchangeably.
Hackers
Hackers are computer experts who trying to breach the security of networks, Web servers and email servers. Usually they use a selection of specialist software to identify weaknesses, which are then exploited. They often do this as a challenge and target the big companies and authorities. There are just two aspects of hacking that you have to worry about as a private individual. One is that your details are on various company databases, and when these are cracked, information about you can be stolen.
Keyloggers
Keyloggers are programs that are used to log all your keystrokes and generally, used to steal passwords.
Downloaders
Downloaders are programs exploit security flaws in your operating system to download unwanted programs in the background. Viruses often use downloaders to update themselves.
Phishers
Phishers are emails that come disquised as coming from a respectable business with the purpose of stealing information(usually your credit card details). The email may ask you to "Update/ Renew your account". Don't fall for teh trick . If in doubt, call the business and ask.
Malware
Malware is a general term used to describe te web "nasties." It is basically software designed specifically to damage or disrupt a system. They may also feature phoney licenses and attempt to trick the user into installing unwanted programs alongside purposely installed software.
Dealing with the threats
To deal with these threats, you should implement software such as anti-virus programs, anti-spyware programs, firewalls and keep your system constantly updated and regularly scanned. A common misunderstanding is that an anti-virus program will detect and kill all viruses and spyware. Actually, it may kill viruses, but it won't kill spyware at all. Spyware is not a virus, and hence anti-virus program will not kill it. To kill a spyware implant in your system, you need an anti-spyware program
Dealing with Viruses
Anti-virus programs can detect and destroy viruses in your system. As each anti-virus program is not perfect, two is always better than one. One may find viruses that the other has missed. Professional anti-virus and anti-spyware program can be purchased off the shelf by anyone. There are also free alternatives available.
AVG Anti Virus (Free)
PcCillin Anti Virus
Norton Anti Virus
Dealing with Worms
Worms usually work through exploits in the security of the system. To deal with worms, get some good anti-virus program and firewall (hopefully with an active shield like AVG). However, the most effective way is to update your system(OS) like by installing Service Pack 2 for Windows.
To update Microsoft > Update Now
Dealing with Spyware
Spyware is often bundled with programs, especially free ones. Many P2P programs are free to download but are bundled with a lot of spyware(like Kazaa). To deal with spyware, get good anti-spyware software. There are professional programs but sometimes, the free ones are just as good(or even better).
Ad-aware SE Personal (Free)
Spybot Search & Destroy (Free)
Javacool's SpywareGuard Javacool's SpywareBlaster
IE-SPYAD
HijackThis
Note: Hijackthis is not a easy to use spyware removal tool. It's strength is in creating a logfile which computer experts can check whether the files are geniune or part of the spyware family
Dealing with Browser Hijacks
There are some types of spyware that "hijack" your browser so that your search engine or homepage is set to a certain page and you can't reset it.
HijackThis
BHO Demon
Dealing with Spam
One of the most annoying things you will have to deal with. In this case, prevention is definitely better than cure. If they never find your email, they can't spam you. Therefore, you should never give you email out to sign up for any unneccessary things. Now if you have got a heavy stream of spam coming to you daily, you should configure your Junk Filter setting. Otherwise you may want to purchase some profession off-the-shelf products avaliable.
Defending against the armies of evil
To defend your computer against the myriad of malware and hackers trawling the web for victims, get a firewall. Basically a firewall prevents unauthorized access to your computer. If you run a permanent (always-on) Internet connection, especially a broadband cable connection or DSL, you are under more risk than the poor dial-up guys. These connections are always on so they are indefinitely more useful to hackers. If you are not a dial-up person then you will need to install additional security. Firewalls are then a necessity.
ZoneAlarm Personal Firewall (Free)
Sygate Personal Firewall (Free)
Browsing Safely & Security
“Prevention is better than cure.” The simplest defence against spyware infection is to not to catch it in the first place. The mere fact that just visiting certain malicious web sites can be in itself the first step to becoming infected with a virus. This is usually done through an Active X component, or even a so-called Browser Helper Object file installation to view the page.
Whenever a dialog box pops up asking whether you want ot donwload a file or install some Active X component say "No" unless you are 100% sure it is safe. You just don’t know what the Active X or BHO contains. Your credit card details could be at stake!
It is recommended to use a non IE browser as IE is the number 1 target of hackers and virus creators because it simple has the most people using it. Mozilla Firefox is a great browser that has tabbed pages, built in pop-up blocker and also safer due to automatic “disallowing” of ActiveX unless it is specifically allowed.
NEWAccepting & Running files
Do not accept and/or run files unless you are very sure that the files are safe. The recent Bropia worm spread through MSN messenger like that. PIF (Program Information File) runs a DOS program while SCR (Screensaver File) similarly allows the program to run its executable code. Due to the recent worm, I have included a list of files which you shoudl watch out for (or files that can run independently once you double-click them):
*.BAS
*.BAT
*.CMD
*.COM
*.EXE
*.INF
*.ISP
*.LNK
*.MST
*.PCD
*.PIF
*.REG
*.SCR
*.URL
Some sites
These are some sites that may be useful to you when you suddenly find yourself unable to deal with the problems(or when the above solutions do not work)
http://www.wilders.org/
http://forums.techguy.org/f54-s.html
http://www.firewallguide.com/spyware.htm
http://housecall.trendmicro.com/ (online virus scan)
http://www.helponthe.net (diagnose hijackthis logs, virus's and give further aid)
http://www.techsupportforums.com (diagnose hijackthis logs, virus's and give further aid)
http://forums.spywareinfo.com/index.php?b=1(diagnose hijackthis logs)
http://computercops.biz/CLSID.html(diagnose hijackthis logs)
Acknowledgements
MedNez
polok
Comments and suggestions welcome!
I will add more to this as I go on. Hope someone will sticky this!
Last edited by a moderator: