SYMANTEC REPORTED RECENTLY ON A Tojan horse that mimics the Microsoft I Windows activation interface. Called trojan.Kardphisher, it doesn’t do most of the technical things that Trojans usually do: It’s purely a social-engineering attack, aimed at stealing credit card information.

In a sense, it’s a standalone phishing program. Once you reboot, Kardphisher asks you to reactivate your copy of Windows, citing piracy issues at and telling you that another user has activated your copy. Though it assures you that you will not actually be charged, it asks for credit card information. If you don’t enter the credit card information, Kardphisher shuts down the PC.

The Trojan also disables the Windows Task Manager, which makes it more difficult to shut the malware down.

Running on the first reboot is clever. It makes the process look more like a legitimate message coming from Microsoft, and it won’t seem to occur as a result of the user clicking on a new file. The program even runs on versions of Windows that were made prior to XP and do not require activation. That’s a bit of a red flag, although I bet there’s a strong correlation between people running pre-XP versions of Windows and people who aren’t as well educated about malware as they could be.

With a nearly 1MB executable. Kardphisher is not a sneak attack. But if you find yourself infected, disable the Trojan in Windows Safe mode by removing the Registry keys described in Symantec’s write up (at www.symantec.com. search on the malware name) and deleting the program they point to. Updated anti-virus software should also remove it.

Awareness in Installing Some Types of Software

Generally considered as some kind of potentially unwanted programs (PUP) by the Internet Security Company (McAFee,) adware and spyware could pause as a menace to original computer owners, web developers, and IT of certain corporations.  Advertisements (adware) already included and mainstay of the program could present a threat or traffic nuisance for reason of its vulnerability to information disseminations, causing notorious cases of “identity theft,” that’d been threatening risk on the loss of personal properties, finances, bank’s credibility, financiers, and other financial institutions over the globe.

In the United States alone there is a rampant of identity theft to personal properties thru the process of transfer of ownership to a wrong person because of stolen Credit Card numbers, passwords, and other personal identifications robbed thru the internet in forms of spywares that camouflaged use-legalities that are merely ignored by users and computer owners.

Adware and Spyware software present a totally different usage in program inclusions, and for the user.  While adware is a legal part of the computer’s administrative settings, spyware is ironically a deceptive method, that’ll not directly pause as illegal for it may be included in some software that fronts acceptance.  By the time it reaches the user’s end it reacts like semblance of some kinds of virus or worms; at times just ignored not to be serious and obvious, but with motives, to invade the accessibility and manipulations of some confidential information from the computer, to be transmitted to other end users who may just wait for any advantage taken from this kind of traffic interference.

When the adware database link discovers the effects of detailed interference on some confidential records, those that need financial consideration of return-payments in nature, and wherein, exclusive website agenda had already been diverted to the other end without having to pay from the mother source, it’d be too late to reconstruct to normal settings.  It is expensive to replenish and change to untarnished software.  At times immune anti-virus is also out there, but anywhere it goes about entails some extra expense on part of the developer.

Spyware is software that support adware usage by PC espionage on different activities in a computer such as e-mail or chat logging, but could easily cause to detour web traffic that’s detrimental to e-commerce if abused or used without consent; therefore, by no means the deceiving technology in adverse adware usability.

A number of adware companies seem to feel bias about PC surveillance (spyware) for reason that, although, they had already disclosed specific data collections and transmissions on account of privacy security from their database link, it can’t totally control the chances of any outgoing data, where, and to whom it might be sent.  Spyware technology has the capability to send not just the banner data from the mother PC, but could channel it to other interested parties that could even install-in to a new program.

The spyware technology is by far infused into the database without the owner’s awareness or consent, however, they come in as “drive-by downloads” or the user goes to click in options in “pop-up” windows, and immediately detoured to some other programs, either pornographic, or anything else without essence.

The adverse effect of adware is the fact that when it is installed in the computer and the user consents to include tracking features, it automatically becomes a “spyware” when used by another user who interacts with the “adware” outside any database link.

The Need for Adware and Spyware Blocker

There is this one law school student whose thesis is about money laundering so oftentimes she would google the term to come up with a ready list of online references. This proved to be useful to her and the entire process of writing her paper. After several months of doing so, she was confronted with problems like being directed to a weird page totally not related to money laundering every time she types the same words.

At first she thought it was just a glitch in the internet system and then she rationalized that no it maybe a glitch in the search engine she is using but the persistent occurrence of such a thing made her think that someone bugged her. We all hate bugging people us but people we can fend of. What this law student is confronted with is a computer bug that she cannot fend off. In the first place she is not a technology savvy person and in the second place she never uses her laptop for any other things than academic research and actual writing of her papers.

The situation above is not an isolated case. There are many people who find themselves caught up in technology problems that are mind boggling but actually can be answered with two words and those two words are spyware and adware. The infamous term of spyware was first coined in the year 1995 but it was popularized in the year 2000. Spyware is a computer software innocently infiltrated in a personal computer to be able to access personal information of the user.

This is done by studying logging keystrokes, web browsing history and even scanning a user�s hard drive. Sounds like something we see only in James Bond movies but apparently we are wrong for anyone can be a victim of spyware. It is safe to use the word victim because no one wants to be monitored of all their online activities. Spyware can understandably be used to spy on criminals because such use is beneficial to society but how about the use of spyware to intercept credit card details and the like. There is simply no excuse for the lax of the use of spyware.

What ordinary people can do to protect themselves is to block spyware and all other software programs similar to it like adware and malware. This can easily be done by availing adware and spyware blocker programs online. The role of these blocking programs include to remove or disable existing spyware programs or to avoid the installation of these malicious software programs.

Spyware, adware, malware are not like virus or worms that self replicate but they can be just as hassle as their counterparts for whoever wants to be disrupted of their normal personal computer activities. One of the more popular hassles cause by these infectious software programs is the slowness of the computer which can really be annoying because when you are at work you tend to want to finish things quick not just because you are required but also because you want more done or you want to be able to go home early.

In some infections, spyware is not even evident as the bad guy so it can get away with its crime. It is best then to have a ready blocker to at least do something for preventing any infection to occur in the first place.
Tags: computer software

The Difference of Adware, Spyware and Anti-virus

Adware, spyware and computer virus share some similarities, one of which is that all three are major nuisances for computer users. Let’s differentiate the three.

Spyware is software that does not intentionally harm your computer. What they do is that they create pathways wherein someone else aside from the computer owner can communicate with the computer. Normally spywares record the various types of web sites you visit which are later used by web advertisers to allow them to send you unwanted emails and pop-ups.

This is why spyware are usually frowned upon and greatly avoided. They are more intrusive than adware. Spyware have their own separate executable programs which allow them to record your keystrokes, scan files on your hard disks and look at other applications that you use including but not limited to chat programs, cookies and Web browser settings.

The spyware then will send the information that it had gathered to the spyware author. The agent will then use this information for advertising and marketing purposes. They even sell the information to advertisers and other parties.

Adware, on the other hand, are more legitimate form of freeware. Similar to spyware, adwares are advertising materials which are packaged into a software or program and are installed automatically once that particular program or software is added into the computer system. Some forms of adware, on the other hand, download advertising contents as a particular application is being utilized. It is quite unfortunate that most of the adware programs take the form of spywares that is they track and report user information to program authors.

Some signs of spyware infections include pop-up ads that seem to be not related to the site you are viewing. More often than not, spyware pop-ups are advertisements about adult contents. Also if you notice your computer slowing down, there’s a big chance that spywares and its other components have found their way in your operating system. When the Windows desktop also takes a longer time to load, its best to scan your computer for possible spyware infections.

Meanwhile, viruses are destructive form of software. They were purely designed and created for one purpose alone: to wreck havoc to your computer. They destroy whatever they come in contact to and will initiate self replication and infect as many components of the computer’s operating system or network as possible.

Nowadays, a lot of anti-virus software also provides spyware and adware scanning and removal utilities. Some programs, however, are focused on located and deleting or destroying spyware and adware programs. Whether is an anti-virus software or a anti-spyware dedicated scanner, they both search your computer and identify any spyware and virus installed on your system.

They then remove it as well as their components located in the system registry among other places in your computer. It is therefore, good to regularly update your virus or spyware scanner to ensure that your computer is protected from the thousands of spyware and viruses in the internet. Never be fooled from ads that claim that their products only contain adware.

These adware maybe spyware in disguised and are just waiting to be deployed for them to gather your information. Learn to setup firewall systems and always block pop-up blockers to minimize computer infection and ensure the security of all your computer files.
Tags: anti-virus pc maintenance

What can you do to ensure that your hard drive you want to copy keeps the security permissions?

The follow article contains a few tools that can help save a Windows Operating System Administrator time of a very large scale permission security dilema.

Lets use an exampe for the Extended Change Access Control List (XCACLS) tool so we can provide a visual picture to get a better understanding. You’re in a position now where you need to copy your hard drive data over to another that has around 100GB of data on it, which holds thousands of files and folders. These type of operating systems happen to be a part of a Microsoft Windows 2000 OS domain System, and the permissions are quite rough in definition. To start this process we first need to make a duplicate copy of this data we are having security problems with and then start using a synchronization to some other sort of duplication tool and leave it be for the day. As you return the next day everything seems to be copied and looks ok. When you try to access the data, there’s a problem.

Now the information has been replicated on to the new hard drive we can’t acess it any more: permissions security problem.

What you probably didn’t get straight away until now is the information you just copied is the data from the root directory of the hard drive and it had the incorrect permissions declared for it. To add, the allocation of the permissons were configured in such a way that any information that is added to the hard drive is over written with the same security permissions of the root directory. It was an old profile that didn’t exist any more. You may believe this or not, this can happen. Windows Administrators might know what I’m referring to. After all of this fiddling around we’re now left to figure out what we need to do. Do I need to make the necessary changes to the root hard drive so that this time they’ll contain the precise permissons we need to use to access the data and wait hours and hours for the settings to proganate. Or shall I go ahead and re format the newer hard drive then change the inheritance permissions on the root directory and try this again?
Why even bother when there’s a much simplier way. We can get around this by using the SUBINCAL too that helps display or modify Access Control Entries (ACEs) for file and folder Permissions, Ownership and Domain. Or we can use the previously mentioned tool XCACLS, the choice is yours.

To take the time comuming process away to reset file and directory permissions, XCALCS allows you to do this effectively and very fast.

Please note that because time is a limited for me right now I can’t go into great details about how to use the other tool SUBINCAL which you will need to use for complex permission structures.

You will find that the XCALCS tool is a very fast in which it will allow you to remove, change, add and set the security permission settings on directories and files. For instance it allows the replacement of all of the old permissions within the profile account with that of “computingsolutions.txt” on the file “file.txt” with read-only access: “xcalcs file.txt /Y /T /G domaincomputingsolutions:r”.
Although that is easy and very helpful to us, how about changing all of the files and directories that a lot of PC users have thousands of to allow the domaincomputingsolutions profile have complete and full access?
To do this very quickly one could enter the following from the root directory of the hard drive: “for /d %g IN (*.*) DO xcalcs “%g” /Y /T /G domaincomputingsolutions:f”
Then it will then proceed to go through every one of your directories, including sub directories and then file and replace the current permissions with computingsolutions giving it to the full access we wanted to let it have to the object.
Please also take note that I also added double quotes to the start and end of the %g command. Really you don’t need to have this there, however should you have a lot of files that have spaces between each word as your directory name in them you’ll need to have the double quotes. I think it’s best to leave it with the double quotes any way just to make sure that we do not miss those folders that have spaces in between the words.

Are there any other ways we can use XCALCS to help us modify the Security Permissions?

Here’s a few handy tips that you can use when using the Extended Change Access Control List (XCACLS) tool. Take note of the command prompt that allows the means for changing, updating and getting rid of profile accounts and its permissions from a huge number of files and directories.

The following instruction set will replace the existing permission access rights to a profile that contains the permissions with read only access.

for /d %g IN (*.*) DO xcacls “%g” /Y /T /G domaincomputersolutions:r

You can use this example that will not change existing profile permissions, however it does add account, for example in hte local admin account wtih read only permissions.

for /d %g IN (*.*) DO xcacls “%g” /Y /E /T /G administrator:r

You can also try using this which will remove the account “administrator” permissions from all directories, sub directories and files:

for /d %g IN (*.*) DO xcacls “%g” /Y /E /T /R administrator

And the following command will update every one of the directories and their contents you have to allow Domain Admins full access:

for /d %g IN (*.*) DO xcacls “%g” /Y /T /G “Domain Admins:f”

I tried this test on my Windows Operating system, it allowed me to change the profile account permissions on about 20000 directories and files in less 50 seconds. On one of my web servers I was able to get around a 300% increase in speed. Now it’s really fast.

Whether they call them canaries, monkeys, or guinea pigs, more security companies are using virtual PCs to protect users.

Miners learned to love the humble canary. After a mine fire or explosion, miners would descend with the birds to possibly dangerous areas. The canaries’ high metabolism made them the first succumb if significant amounts of carbon monodixe or methane were present, thus giving miners warning of unsafe areas so they could escape alive.

Security companies are now applying the same theory into the online world.
Using thousands of virtual Pcs, systems whose processors, memory, and hard drives are all emulated in software, McAfee’s SiteAdvisor, Mircosoft’s research arm, and other groups have automated the process of going into the unsafe areas of the Web. If a site hosting malicious code compromises one of the virtual PCs, the site’s address is recorded for further investigation, the virtual machine is erased, and a new virtual machine is set up in its place. Pretty neat stuff eh?

Some security companies refer to the virutal PCs as canaries or guinea pigs, or by the technical term, client-side honeypots. Microsoft calls them honeymonkeys in reference to the million-monkeys theorem. The theorem says that a million monkeys typing random characters on a million typewriters for an infinite period of time can evenutally produce the complete works of William Shakespeare…lol

Though it’s unlikely that a million monkeys could every write a Shakespares’ play, they most certainly could help to secure the Web. Today, tens of thousands of virtual machines are crawling the Internet, clicking on untrusted links, getting compromised, being deleted, and the doing it all over again. How cool is that?

Various Companies are pursuing different plans for the technology. Mircosoft uses its honeymonkey system to research threats to Windows and map out the links connecting to malicious Web sites - a part of the Internet that its researchers refer to as the ExploitNet. McAfee’s SiteAdvisor ues the resulting database of bad sites as one component of its Web site ratings, accessible through free plug-ins for Internet Explorer and Firefox.
Easy, cheap virtualisation software is the key to the technology. Mircosoft and SiteAdvisor both run thousands of virtual PCs with management servers capable of cataloging sites. The virtual PC, which almost always runs Mircosoft Windows, appears to malicious software to be a normal, albeit vanilla, PC. The latest Trojan horses, spyware, and the Web viruses infect the virtual system without detecting that it is really a sterile environment that will quickly be deleted. How sweet is that.

Yet the attackers are adapting to security methods such as virtual PCs. Some are working on ways to detect virtual machines by creating software for exactly that purpose; if a virtual machine is detected, they avoid infecting that system in order to delay exposure. Other attackers are identifying major Web sites that have a type of flaw known as cross-site scripting. This essentially allows an attacker to load malicious code on a victim’s machine from another Web site while the user believes he/she is still browsing safely on the orginal trusted Web site.

Despite the arms race that continues between attackers and defenders, virtual PCs promise to automate the patrol of the Web for malicious Web sites. In the end, we may come to appreciate the automated monkeys of the Web as much as miners appreciated the canary.