We've been tracking the Conficker worm since it launched itself into the wild last November; despite the best efforts of security officials worldwide, the worm still hasn't been completely crushed. The original flavor and its nastier follow-up (Conficker.A and Conficker.B) have been locked down, but the worm's creators have a third version (Conficker.C, naturally) prepared to hit the tubes come April 1. The new "C" twist won't have all of the tools "B" used to replicate, but it will be able to detect and kill certain system processes designed to find and remove it.
Ars spoke with Don DeBolt, CA's Director of Threat Research, to get some additional information on Conficker.C, its threat profile, and why the gosh-darned thing isn't dead yet. CA (formerly Computer Associates) has published an extensive guide to Conficker.C, which includes information on its attack vectors, behavioral analysis, and how to tell if the "C" variant of Conficker is running on your system. This last part could pose a challenge—unlike previous versions, C adopts what DeBolt refers to as a "defensive stance" and throws up a number of roadblocks, all of which are aimed at hindering user detection of the worm.
The security industry was collectively able to put the brakes on Conficker.B's expansion when they managed to reverse-engineer the virus and determine which domains it would attempt to register and dial home to on particular dates. With Conficker.A and B, the worm chose to contact 32 addresses out of a possible 250 on any given attempt. With their algorithm broken, the malware authors went a step beyond updating their randomization/selection code—they also vastly increased both the number of domains the worm could generate as well as the number it will randomly select. Conficker.C will select 500 domains out of a randomized pool of 50,000 instead of the previous 32/250.
This will drive up the cost of operating the botnet (we've previously covered how vulnerable malware networks can be to changes in their cost structure) but will also significantly increase the cost of attempting to monitor and prevent botnet registrations, even once the randomizing algorithm has been broken.
Once installed, Conficker.C implements a variety of nasty behaviors. The worm will attempt to disable Windows Automatic Update and stop access to the Windows Security Center, can detect and kill SysInternals' Process Explorer program, and will interfere with the operation of a number of other search-and-destroy programs including WireShark and SysClean.
It will also reset and delete system restore points, disable various services (including WinDefend, BITS (Background Intelligent Transfer Service) ERSvc (Error Reporting Service) and WerSvc (Windows Error Reporting Service, Vista-only). In a final fit of pique, Conficker.C will prevent any attempt to connect to a variety of antivirus software services or websites. This behavior is nothing new to malware in general, but it's the first time we've seen it from our Conf(l)ickt-causing little friend.
The security industry's battle against Conficker is unlikely to resolve this go-round—we'll probably see at least a "D" variant before this is done—but DeBolt believes the coordinated response and organized counter-attack from Team White Hat has dramatically retarded the virus' ability to infect new systems. In the meantime, Romanian researchers from BitDefender have released a tool that should remove Conficker, though it's not clear if this will clean versions A, B, and C, or just the first two.
From : ars technica
Tampilkan postingan dengan label Virus Info. Tampilkan semua postingan
Tampilkan postingan dengan label Virus Info. Tampilkan semua postingan
Fake Windows Support Spam
This is probably the type of support one wouldn’t want to have.
Spammed email messages were found pretending to come from Microsoft Windows Support and claiming that Microsoft Service Pack 1 and Service Pack 2 have been discovered to have an error that can damage the computer’s software or even the hardware.
Figure 1. Spammed messages purporting to come from Windows Support
These messages encourage users to download and install a file in order to fix the problem. When users click the download button they are redirected to a site and are asked to download a file which Trend Micro detects as TROJ_DLOADER.CUT.
Figure 2. User is prompted to download a malicious file
TROJ_DLOADER.CUT connects to a certain URL to download another malicious file, which in turn is detected by Trend Micro as TSPY_BANKER.MCL. TSPY_BANKER.MCL monitors the affected user’s online transactions and steals banking related information.
Not too many TSPY_BANKER variants have been reported to be related to notable attacks recently, and this incident may pretty much mark the end of the hiatus. Users are advised to ignore spammed messages and, more importantly, to never click links embedded in these messages.
Trend Micro users are protected from this attack by the Smart Protection Network, as the related files, spam, and URL are already detected and blocked.
Read more: "Fake Windows Support Spam Brings Forth an Info-Stealer | Malware Blog | Trend Micro"
Spammed email messages were found pretending to come from Microsoft Windows Support and claiming that Microsoft Service Pack 1 and Service Pack 2 have been discovered to have an error that can damage the computer’s software or even the hardware.
These messages encourage users to download and install a file in order to fix the problem. When users click the download button they are redirected to a site and are asked to download a file which Trend Micro detects as TROJ_DLOADER.CUT.
TROJ_DLOADER.CUT connects to a certain URL to download another malicious file, which in turn is detected by Trend Micro as TSPY_BANKER.MCL. TSPY_BANKER.MCL monitors the affected user’s online transactions and steals banking related information.
Not too many TSPY_BANKER variants have been reported to be related to notable attacks recently, and this incident may pretty much mark the end of the hiatus. Users are advised to ignore spammed messages and, more importantly, to never click links embedded in these messages.
Trend Micro users are protected from this attack by the Smart Protection Network, as the related files, spam, and URL are already detected and blocked.
Read more: "Fake Windows Support Spam Brings Forth an Info-Stealer | Malware Blog | Trend Micro"
Malware Info: February 2009
Two Top Twenties have been compiled from data generated by the Kaspersky Security Network (KSN) throughout February 2009.
The first Top Twenty is based on data collected by Kaspersky Lab’s version 2009 antivirus product. The ranking is made up of the malicious programs, adware and potentially unwanted programs most frequently detected on users’ computers.
Posisition............
1. Virus.Win32.Sality.aa
2. Net-Worm.Win32.Kido.ih
3. Packed.Win32.Krap.b
4. Packed.Win32.Black.a
5. Trojan.Win32.Autoit.ci
6. Worm.Win32.AutoRun.dui
7. Packed.Win32.Krap.g
8. Trojan-Downloader.Win32.VB.eql
9. Packed.Win32.Klone.bj
10. Virus.Win32.Alman.b
11. Trojan-Downloader.WMA.GetCodec.c
12. Worm.Win32.Mabezat.b
13. Trojan-Downloader.JS.SWFlash.ak
14. Worm.Win32.AutoIt.ar
15. Virus.Win32.Sality.z
16. Trojan-Downloader.JS.SWFlash.aj
17. Email-Worm.Win32.Brontok.q
18. Packed.Win32.Tdss.c
19. Worm.Win32.AutoIt.i
20. Trojan-Downloader.WMA.GetCodec.u
February’s Top Twenty features a number of important changes compared to our previous rankings.
First of all, the network worm Kido, which caused an epidemic that started in January and is still going strong, has gained impressive ground. Detection routines for this worm were added to antivirus databases in mid-January, and therefore the bulk of infected files were detected in February.
Secondly, there are three interesting newcomers to the ranking: Packed.Win32.Krap.g, Packed.Win32.Klone.bj and Packed.Win32.Tdss.c. These are associated, respectively, with detections for:
* a variant of a compression utility (packer) for Magania Trojans – a very common family which steals passwords to online games.
* a certain type of obfuscation for AutoIt scripts. Notably, the functionality of the original scripts is limited only by the constraints of the script language itself.
* an entire class of programs encrypted using the new malicious packer TDSS.
The last of the three pieces of malware is interesting in that the original, unencrypted malicious programs can be of any type, including but not limited to Trojans, worms and rootkits.
Trojan-Downloader.WMA.GetCodec.r, which gained 10 positions in January, was replaced in February by a similar multimedia downloader, GetCodec.u, while last month’s newcomer, Exploit.JS.Agent.aak, was superseded by two script downloaders, SWFlash.aj и SWFlash.ak, which take advantage of various Flash Player vulnerabilities.
All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threats which we detect. There has been almost no shift in the balance between these classes since January. Statistics for the past several months show that the number of self-replicating programs has remained uniformly high.
In total, 45396 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in February. This is not significantly different from last month’s figure.
The second Top Twenty presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.
Position....
1. Virus.Win32.Sality.aa
2. Worm.Win32.Mabezat.b
3. Net-Worm.Win32.Nimda
4. Virus.Win32.Virut.ce
5. Virus.Win32.Xorer.du
6. Virus.Win32.Sality.z
7. Virus.Win32.Alman.b
8. Virus.Win32.Parite.b
9. Trojan-Clicker.HTML.IFrame.acy
10. Trojan-Downloader.HTML.Agent.ml
11. Virus.Win32.Virut.n
12. Virus.Win32.Virut.q
13. Virus.Win32.Parite.a
14. Email-Worm.Win32.Runouce.b
15. P2P-Worm.Win32.Bacteraloh.h
16. Virus.Win32.Hidrag.a
17. Worm.Win32.Fujack.k
18. Virus.Win32.Neshta.a
19. Virus.Win32.Small.l
20. P2P-Worm.Win32.Deecee.a
The second Top Twenty includes an important newcomer – Virus.Win32.Virut.ce, a new variant of the sophisticated polymorphic virus Virut. This modification features, among other things, infection of HTML files on the user’s computer with a malicious iframe block. Such pages are detected by our antivirus product as Trojan-Clicker.HTML.IFrame.acy. In February, the number of files infected using this method was quite large. The symbiosis between Virus.Win32.Virut.ce and Trojan-Clicker.HTML.IFrame.acy has resulted in the two malicious programs ranking 4th and 9th respectively.
It should also be noted that, although the Sality family is still prominent in the ranking, no new variants of this dangerous malicious program have been detected. This, of course, is not the case with the Virut family mentioned above.
From : www.kaspersky.com
The first Top Twenty is based on data collected by Kaspersky Lab’s version 2009 antivirus product. The ranking is made up of the malicious programs, adware and potentially unwanted programs most frequently detected on users’ computers.
Posisition............
1. Virus.Win32.Sality.aa
2. Net-Worm.Win32.Kido.ih
3. Packed.Win32.Krap.b
4. Packed.Win32.Black.a
5. Trojan.Win32.Autoit.ci
6. Worm.Win32.AutoRun.dui
7. Packed.Win32.Krap.g
8. Trojan-Downloader.Win32.VB.eql
9. Packed.Win32.Klone.bj
10. Virus.Win32.Alman.b
11. Trojan-Downloader.WMA.GetCodec.c
12. Worm.Win32.Mabezat.b
13. Trojan-Downloader.JS.SWFlash.ak
14. Worm.Win32.AutoIt.ar
15. Virus.Win32.Sality.z
16. Trojan-Downloader.JS.SWFlash.aj
17. Email-Worm.Win32.Brontok.q
18. Packed.Win32.Tdss.c
19. Worm.Win32.AutoIt.i
20. Trojan-Downloader.WMA.GetCodec.u
February’s Top Twenty features a number of important changes compared to our previous rankings.
First of all, the network worm Kido, which caused an epidemic that started in January and is still going strong, has gained impressive ground. Detection routines for this worm were added to antivirus databases in mid-January, and therefore the bulk of infected files were detected in February.
Secondly, there are three interesting newcomers to the ranking: Packed.Win32.Krap.g, Packed.Win32.Klone.bj and Packed.Win32.Tdss.c. These are associated, respectively, with detections for:
* a variant of a compression utility (packer) for Magania Trojans – a very common family which steals passwords to online games.
* a certain type of obfuscation for AutoIt scripts. Notably, the functionality of the original scripts is limited only by the constraints of the script language itself.
* an entire class of programs encrypted using the new malicious packer TDSS.
The last of the three pieces of malware is interesting in that the original, unencrypted malicious programs can be of any type, including but not limited to Trojans, worms and rootkits.
Trojan-Downloader.WMA.GetCodec.r, which gained 10 positions in January, was replaced in February by a similar multimedia downloader, GetCodec.u, while last month’s newcomer, Exploit.JS.Agent.aak, was superseded by two script downloaders, SWFlash.aj и SWFlash.ak, which take advantage of various Flash Player vulnerabilities.
All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threats which we detect. There has been almost no shift in the balance between these classes since January. Statistics for the past several months show that the number of self-replicating programs has remained uniformly high.
In total, 45396 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in February. This is not significantly different from last month’s figure.
The second Top Twenty presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.
Position....
1. Virus.Win32.Sality.aa
2. Worm.Win32.Mabezat.b
3. Net-Worm.Win32.Nimda
4. Virus.Win32.Virut.ce
5. Virus.Win32.Xorer.du
6. Virus.Win32.Sality.z
7. Virus.Win32.Alman.b
8. Virus.Win32.Parite.b
9. Trojan-Clicker.HTML.IFrame.acy
10. Trojan-Downloader.HTML.Agent.ml
11. Virus.Win32.Virut.n
12. Virus.Win32.Virut.q
13. Virus.Win32.Parite.a
14. Email-Worm.Win32.Runouce.b
15. P2P-Worm.Win32.Bacteraloh.h
16. Virus.Win32.Hidrag.a
17. Worm.Win32.Fujack.k
18. Virus.Win32.Neshta.a
19. Virus.Win32.Small.l
20. P2P-Worm.Win32.Deecee.a
The second Top Twenty includes an important newcomer – Virus.Win32.Virut.ce, a new variant of the sophisticated polymorphic virus Virut. This modification features, among other things, infection of HTML files on the user’s computer with a malicious iframe block. Such pages are detected by our antivirus product as Trojan-Clicker.HTML.IFrame.acy. In February, the number of files infected using this method was quite large. The symbiosis between Virus.Win32.Virut.ce and Trojan-Clicker.HTML.IFrame.acy has resulted in the two malicious programs ranking 4th and 9th respectively.
It should also be noted that, although the Sality family is still prominent in the ranking, no new variants of this dangerous malicious program have been detected. This, of course, is not the case with the Virut family mentioned above.
From : www.kaspersky.com
Koobface Worm Attack Facebook
I just received a Facebook message from a friend; it was a pretty standard one that is beginning to look familiar to a lot of us I am sure
What surprised me though, was the page that the link led to. On the face of it is a very familiar looking spoofed version of YouTube, complete with bogus comments from “viewers”.
Take a second look though, the link had taken me to a site supposedly hosting a video posted by the same person that I had received the Facebook message from. In fact not only was the malicious landing page displaying his name, it had also pulled the photo from his Facebook profile. A very neat little piece of social engineering.
Clicking the Install button redirects to a download site for the file setup.exe which is the new Koobface variant detected as WORM_KOOBFACE.AZ. It is hosted on an IP address in another part of the world, and in the last hour, we’ve seen 300+ different unique IP addresses hosting setup.exe and we’re expecting more. All seen IP addresses hosting the said malicious file are now detected as HTML_KOOBFACE.BA.
Analysis by our engineers reveal that WORM_KOOBFACE.AZ propagates through other social networking sites as well. It first searches for cookies created by the following sites:
* facebook.com
* hi5.com
* friendster.com
* myyearbook.com
* myspace.com
* bebo.com
* tagged.com
* netlog.com
* fubar.com
* livejournal.com
The worm connects to a respective site using login credentials stored in the gathered cookies. It then searches for an infected user’s friends, who are then sent messages containing a link where a copy of the worm is downloaded. It also sends and receives information from an infected machine by connecting to several servers. This allows hackers to execute commands on the affected machine.
Users of the Trend Micro Smart Protection Network are protected from this threat, as both URL and malicious file are blocked and detected, respectively. Other users are advised to ignore such messages, and refrain from clicking links in unsolicited messages, even out of curiosity.
Read more: "Koobface Worm Spreading on Facebook | Malware Blog | Trend Micro"
What surprised me though, was the page that the link led to. On the face of it is a very familiar looking spoofed version of YouTube, complete with bogus comments from “viewers”.
Take a second look though, the link had taken me to a site supposedly hosting a video posted by the same person that I had received the Facebook message from. In fact not only was the malicious landing page displaying his name, it had also pulled the photo from his Facebook profile. A very neat little piece of social engineering.
Clicking the Install button redirects to a download site for the file setup.exe which is the new Koobface variant detected as WORM_KOOBFACE.AZ. It is hosted on an IP address in another part of the world, and in the last hour, we’ve seen 300+ different unique IP addresses hosting setup.exe and we’re expecting more. All seen IP addresses hosting the said malicious file are now detected as HTML_KOOBFACE.BA.
Analysis by our engineers reveal that WORM_KOOBFACE.AZ propagates through other social networking sites as well. It first searches for cookies created by the following sites:
* facebook.com
* hi5.com
* friendster.com
* myyearbook.com
* myspace.com
* bebo.com
* tagged.com
* netlog.com
* fubar.com
* livejournal.com
The worm connects to a respective site using login credentials stored in the gathered cookies. It then searches for an infected user’s friends, who are then sent messages containing a link where a copy of the worm is downloaded. It also sends and receives information from an infected machine by connecting to several servers. This allows hackers to execute commands on the affected machine.
Users of the Trend Micro Smart Protection Network are protected from this threat, as both URL and malicious file are blocked and detected, respectively. Other users are advised to ignore such messages, and refrain from clicking links in unsolicited messages, even out of curiosity.
Read more: "Koobface Worm Spreading on Facebook | Malware Blog | Trend Micro"
Downadup A.K.A Conficker worm
The Downadup worm—also called Conficker—has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon.
"It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs," says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes. Many experts anticipate that could occur soon.
What that darker purpose might be is a source of speculation, but Jackson theorizes that it will may well end up being "rogue antivirus malware" that demands the user buy it to eliminate the worm. "It's basically extortion," he says.
Like SecureWorks, IBM notes that it's the second stage payload of the Downadup worm that is a source of concern. "Right now it's not destroying or stealing,--it's just hanging out," comments Tom Cross, X-Force researcher in the IBM ISS division. "It's building its network of hosts."
While no one knows exactly what stage two payload will bring, one reason for the worm's somewhat slow but steady progress is its use of Windows "AutoRun" to copy itself through Windows file-sharing and USB tokens, Cross says.
"If it copies itself to a file share, and if the user clicks on a file, the user's computer will get infected," Cross says. "Even if the computer is patched, you can still get infected if you access one of the infected USB drives or file shares." Cross advises that AutoRun be disabled.
This is an additional means of the worm spreading beyond exploiting the Windows RPC flaw identified last October, for which a patch is available. The worm also has a password-cracker that is adept at cracking administrative accounts or other computers, though very strong passwords should make that much harder, Cross says.
Taken From NETWORK WORLD
"It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs," says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes. Many experts anticipate that could occur soon.
What that darker purpose might be is a source of speculation, but Jackson theorizes that it will may well end up being "rogue antivirus malware" that demands the user buy it to eliminate the worm. "It's basically extortion," he says.
Like SecureWorks, IBM notes that it's the second stage payload of the Downadup worm that is a source of concern. "Right now it's not destroying or stealing,--it's just hanging out," comments Tom Cross, X-Force researcher in the IBM ISS division. "It's building its network of hosts."
While no one knows exactly what stage two payload will bring, one reason for the worm's somewhat slow but steady progress is its use of Windows "AutoRun" to copy itself through Windows file-sharing and USB tokens, Cross says.
"If it copies itself to a file share, and if the user clicks on a file, the user's computer will get infected," Cross says. "Even if the computer is patched, you can still get infected if you access one of the infected USB drives or file shares." Cross advises that AutoRun be disabled.
This is an additional means of the worm spreading beyond exploiting the Windows RPC flaw identified last October, for which a patch is available. The worm also has a password-cracker that is adept at cracking administrative accounts or other computers, though very strong passwords should make that much harder, Cross says.
Taken From NETWORK WORLD
Computer Virus Malware
The term Malware is used to describe any program that is designed to do harm, although there are different schools of thought as to what is actually harmful.
Adware, Spyware, Viruses, Trojans, Pop-Ups, and even spam have all qualified as computer virus malware.
There are two distinct flavours of Adware. Software supported with advertising is one form or the other more malicious sort. The latter is often termed an Adware Virus whereas the first is just called Adware.
The first could be a useful utility released free of charge but using advertising to generate revenue to support development - similar to TV advertisments. You do not have to watch but if you do you get commercials along with content. Often this type of software is also available in an advertisment free version for a modest price.
The more malicious flavour of Adware virus monitors your browsing and then delivers so called targeted advertisements. This category of software may be considered a type of spyware, especially if it's installed without your knowing and agreement.
When does adware become spyware - well that a somewhat gray area. A number of software vendors claim that disclosing the inclusion of this type of software in the user agreement grants legal consent for its installation. Having said that, how many of us actually read the small print before installing software!
A Spyware virus on the other hand, can have a more insidious meaning. The term Spyware, can refer to software which does much more than simply monitor a user's browsing habits. It can often redirect your browser to completely different sites the majority of which are advertising sites.
This form of Spyware virus is nearly always installed without the user's knowledge and hidden within another program. It can also arrive as the payload of a worm or virus. It's also illegal in many countries. In the U.S. the Federal Trade Commission or FTC has indicted, and in some cases convicted, several purveyors.
Some software suppliers will require that the user install spyware as part of a package. Its inclusion is declared in the user agreement but users do not have the option of not installing it. If the user wants the main program they have to install the spyware as well. File sharing utilities like Kazaa or BearShare are notorious for this practice.
The spyware installed with these, and many other, programs collect information in respect of web browsing habits and then deliver targeted advertising to the user. Targeted advertising is designed to be presented to specific groups, selected by analyzing their buying or browsing habits. Selections are made by discovering gender, age or frequently visited sites or by various other undisclosed criteria.
Spyware vendors argue that it does not collect specific personal information and there is an active debate as to whether it constitutes legitimate market analysis or a violation of personal privacy..
The majority of users find it annoying and intrusive. However, advertisers claim it to be the best way to deliver products and services to potential new customers who may actually end up buying what is offered. Legally, they assert, it is just another form of free speech. Users on the other hand respond that the advertisers free speech does not reach to their browser or email Inbox.
Adware, Spyware, Viruses, Trojans, Pop-Ups, and even spam have all qualified as computer virus malware.
There are two distinct flavours of Adware. Software supported with advertising is one form or the other more malicious sort. The latter is often termed an Adware Virus whereas the first is just called Adware.
The first could be a useful utility released free of charge but using advertising to generate revenue to support development - similar to TV advertisments. You do not have to watch but if you do you get commercials along with content. Often this type of software is also available in an advertisment free version for a modest price.
The more malicious flavour of Adware virus monitors your browsing and then delivers so called targeted advertisements. This category of software may be considered a type of spyware, especially if it's installed without your knowing and agreement.
When does adware become spyware - well that a somewhat gray area. A number of software vendors claim that disclosing the inclusion of this type of software in the user agreement grants legal consent for its installation. Having said that, how many of us actually read the small print before installing software!
A Spyware virus on the other hand, can have a more insidious meaning. The term Spyware, can refer to software which does much more than simply monitor a user's browsing habits. It can often redirect your browser to completely different sites the majority of which are advertising sites.
This form of Spyware virus is nearly always installed without the user's knowledge and hidden within another program. It can also arrive as the payload of a worm or virus. It's also illegal in many countries. In the U.S. the Federal Trade Commission or FTC has indicted, and in some cases convicted, several purveyors.
Some software suppliers will require that the user install spyware as part of a package. Its inclusion is declared in the user agreement but users do not have the option of not installing it. If the user wants the main program they have to install the spyware as well. File sharing utilities like Kazaa or BearShare are notorious for this practice.
The spyware installed with these, and many other, programs collect information in respect of web browsing habits and then deliver targeted advertising to the user. Targeted advertising is designed to be presented to specific groups, selected by analyzing their buying or browsing habits. Selections are made by discovering gender, age or frequently visited sites or by various other undisclosed criteria.
Spyware vendors argue that it does not collect specific personal information and there is an active debate as to whether it constitutes legitimate market analysis or a violation of personal privacy..
The majority of users find it annoying and intrusive. However, advertisers claim it to be the best way to deliver products and services to potential new customers who may actually end up buying what is offered. Legally, they assert, it is just another form of free speech. Users on the other hand respond that the advertisers free speech does not reach to their browser or email Inbox.
Spyware and Adware
As well as being an annoyance, badly programmed adware and spyware can interfere with other programs and can even cause your computer system to become unstable. Issues of Privacy also come into play as well.
This type of software is usually installed without a user's consent and many times cannot be uninstalled without special tools. When distributors use tricks and deceit to install uninvited software, trust is destroyed.
Instead of having to use a Spyware Remover or Remove Adware as a last resort, you can and should take steps to protect yourself from the threat.
The first line of defense against adware and spyware is to be cautious when installing software. Understand what is being downloaded and also where you are downloading from. A lot of so called freeware and shareware programs have spyware embedded in them, which is not always disclosed.
Before downloading any new software, look for guarantees that it is adware and spyware free. Even so, be on your guard. For instance, the file sharing program Kazaa has been claiming to be spyware free for years but anyone who installs this software soon has an chance to test this claim.
How can you tell if you have adware or spyware on your system? You may see pop up advertisements even when you are not browsing the web. Your browser home page may have been changed without your knowledge. New toolbars may appear on your browser which you did not install. Your computer may be very slow or unexplainably reboot on its own. although, the last effect is most often a virus.
If you find that your computer system bogged down with adware or spyware, don't give up hope. There are some spyware remover utilities specifically designed to remove adware and from your computer. They rely on regularly updated databases which hold signature files of all known adware and spyware. The program will scan all of the files on your hard drive and alert you if anything untoward is discovered.
Many of these spyware remover utilities are free, although sometimes the paid versions have more automation features such as remove adware on receipt rather than requiring a manual scan. None will find every piece of spyware on your computer system, since they rely on a database which has to be populated according to someone's judgment. And, one man's spyware is sometimes another's welcomed advertiser.
You may find that even with a spyware remover utilty, some spyware is next to impossible to remove. Alterations to system settings and the installation of files in different places makes the job of detection and removal very difficult. Sometimes it is only possible to remove this type of spyware manually.
To remove adware from your computer is a skilled job and should only be performed by users who know what they are doing as the deletion of the wrong files can potentially damage your programs and even your operating system.
One spyware remover utility that can be of big assistance in your quest to remove difficult spyware is called 'HijackThis'. This utility creates a list of files which may have been altered by spyware. The list is very comprehensive and also includes system files and files installed by legitimate software, so be very careful when using it.
Although HijackThis was not initially designed to be a spyware remover tool, it can be used to great effect in locating persistent and hard to remove spyware. It requires a good knowledge of various system settings and you must be extra careful when changing them. Making the wrong setting can quite easily disable your computer system. However, there is a community of HijackThis experts on the Internet that are more than willing to give free advice about suspicious entries.
Once your system is spyware free help keep it that way. Some spyware remover software used to remove adware also includes additional utilities that will protect your computer in real time. Similar to virus scanners, they monitor for any changes to your system files and alert you of any suspicious activity that is detected.
This type of software is usually installed without a user's consent and many times cannot be uninstalled without special tools. When distributors use tricks and deceit to install uninvited software, trust is destroyed.
Instead of having to use a Spyware Remover or Remove Adware as a last resort, you can and should take steps to protect yourself from the threat.
The first line of defense against adware and spyware is to be cautious when installing software. Understand what is being downloaded and also where you are downloading from. A lot of so called freeware and shareware programs have spyware embedded in them, which is not always disclosed.
Before downloading any new software, look for guarantees that it is adware and spyware free. Even so, be on your guard. For instance, the file sharing program Kazaa has been claiming to be spyware free for years but anyone who installs this software soon has an chance to test this claim.
How can you tell if you have adware or spyware on your system? You may see pop up advertisements even when you are not browsing the web. Your browser home page may have been changed without your knowledge. New toolbars may appear on your browser which you did not install. Your computer may be very slow or unexplainably reboot on its own. although, the last effect is most often a virus.
If you find that your computer system bogged down with adware or spyware, don't give up hope. There are some spyware remover utilities specifically designed to remove adware and from your computer. They rely on regularly updated databases which hold signature files of all known adware and spyware. The program will scan all of the files on your hard drive and alert you if anything untoward is discovered.
Many of these spyware remover utilities are free, although sometimes the paid versions have more automation features such as remove adware on receipt rather than requiring a manual scan. None will find every piece of spyware on your computer system, since they rely on a database which has to be populated according to someone's judgment. And, one man's spyware is sometimes another's welcomed advertiser.
You may find that even with a spyware remover utilty, some spyware is next to impossible to remove. Alterations to system settings and the installation of files in different places makes the job of detection and removal very difficult. Sometimes it is only possible to remove this type of spyware manually.
To remove adware from your computer is a skilled job and should only be performed by users who know what they are doing as the deletion of the wrong files can potentially damage your programs and even your operating system.
One spyware remover utility that can be of big assistance in your quest to remove difficult spyware is called 'HijackThis'. This utility creates a list of files which may have been altered by spyware. The list is very comprehensive and also includes system files and files installed by legitimate software, so be very careful when using it.
Although HijackThis was not initially designed to be a spyware remover tool, it can be used to great effect in locating persistent and hard to remove spyware. It requires a good knowledge of various system settings and you must be extra careful when changing them. Making the wrong setting can quite easily disable your computer system. However, there is a community of HijackThis experts on the Internet that are more than willing to give free advice about suspicious entries.
Once your system is spyware free help keep it that way. Some spyware remover software used to remove adware also includes additional utilities that will protect your computer in real time. Similar to virus scanners, they monitor for any changes to your system files and alert you of any suspicious activity that is detected.
Kaspersky Two Top Twenties Virus
Pingin tahu urutan Virus/Worm di dunia?
Berikut ini saya kutip dari www.kaspersky.com
======== Kaspersky Two Top Twenties Virus ==========
Two Top Twenties Virus have been compiled from data generated by the Kaspersky Security Network (KSN) throughout January 2009.
The first Top Twenty is based on data collected by Kaspersky Lab’s 2009 antivirus product and gives details of malicious, advertising, and potentially unwanted programs detected on users’ computers.
1. Virus.Win32.Sality.aa
2. Packed.Win32.Krap.b
3. Worm.Win32.AutoRun.dui
4. Trojan-Downloader.Win32.VB.eql
5. Trojan.Win32.Autoit.ci
6. Trojan-Downloader.WMA.GetCodec.c
7. Packed.Win32.Black.a
8. Virus.Win32.Alman.b
9. Trojan.Win32.Obfuscated.gen
10. Trojan-Downloader.WMA.GetCodec.r
11. Exploit.JS.Agent.aak
12. Worm.Win32.Mabezat.b
13. Worm.Win32.AutoIt.ar
14. Email-Worm.Win32.Brontok.q
15. Virus.Win32.Sality.z
16. Net-Worm.Win32.Kido.ih
17. Trojan-Downloader.WMA.Wimad.n
18. Virus.Win32.VB.bu
19. Trojan.Win32.Agent.abt
20. Worm.Win32.AutoRun.vnq
There were no major changes to the composition of the first Top Twenty during the first month of 2009. Exploit.JS.Agent.aak took the place of Trojan.HTML.Agent.ai and Trojan-Downloader.JS.Agent.czm which appeared in the December ratings. The AutoRun.eee worm, which has vanished from this month’s Top Twenty, has now been replaced by Worm.Win32.AutoRun.vnq. This is not surprising, as frequent new modifications are characteristic of these types of malicious program.
Trojan-Downloader.WMA.Wimad.n, which dropped out of the ratings in November, has also returned to the game. The result of this activity is a Top Twenty Virus with three non-standard downloader programs; evidence of the mass spread of this type of Trojan program, and the trusting attitude users have towards multi-media files. The sharp rise of Trojan-Downloader.WMA.GetCodec.r by ten places confirms that the propagation method described in last month’s Top Twenty, whereby malicious programs use peer-to-peer networks and multimedia downloaders to spread has been very effective.
While Sality.aa still retains its leading position, it has been joined by Sality.z, making Sality one of the most widespread and dangerous families of the recent past.
The notorious Kido family, network worms which use a critical vulnerability in Microsoft Windows to spread, is also present. The current epidemic, the propagation method used, and the number of potentially vulnerable computers mean the appearance of Kido variants in this month’s Top Twenty are no surprise.
All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threats which we detect. Self-replicating programs again prevail over Trojan programs.
In total, 46014 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in January. It should be noted that the holiday period did not result in a drop in threats found “in-the-wild”; on the contrary, there were 7800 more “in-the-wild” samples detected than in December (38190).
The second Top Twenty Virus presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.
1. Virus.Win32.Sality.aa
2. Worm.Win32.Mabezat.b
3. Net-Worm.Win32.Nimda
4. Virus.Win32.Xorer.du
5. Virus.Win32.Alman.b
6. Virus.Win32.Sality.z
7. Virus.Win32.Parite.b
8. Virus.Win32.Virut.q
9. Trojan-Downloader.HTML.Agent.ml
10. Virus.Win32.Virut.n
11. Email-Worm.Win32.Runouce.b
12. Worm.Win32.Otwycal.g
13. P2P-Worm.Win32.Bacteraloh.h
14. Virus.Win32.Hidrag.a
15. Virus.Win32.Small.l
16. Virus.Win32.Parite.a
17. Worm.Win32.Fujack.bd
18. P2P-Worm.Win32.Deecee.a
19. Trojan.Win32.Obfuscated.gen
20. Virus.Win32.Sality.y
Sality.z was the latest representative of Virus.Win32.Sality to make it into the first Top Twenty. Sality.y has appeared in the second Top Twenty, confirming again the high activity of this family of self-replicating programs.
An interesting newcomer to the second rating is P2P-Worm.Win32.Deecee.a. This worm spreads via the DC++ peer-to-peer network, and is capable of downloading other malicious files. It has gained a place in the second Top Twenty Virus not so much because of the number of machines it has infected, but because of the number of copies of itself on every infected computer - it copies itself multiple times when installing. Once installed, this worm makes the copies of itself publicly accessible. The executable files which spread in this way have names which follow a set pattern: a prefix such as “(CRACK)”, “(PATCH)”, then the name of a popular application: “ADOBE ILLUSTRATOR (All Versions)”, “GTA SAN ANDREAS ACTION 1 DVD”, etc.
Worm.VBS.Headtail.a, which returned to the rankings in November, has disappeared again, continuing to exhibit the unstable behaviour which we noted towards the end of 2008.
=================== End =================
Semoga Bermanfaat.
Berikut ini saya kutip dari www.kaspersky.com
======== Kaspersky Two Top Twenties Virus ==========
Two Top Twenties Virus have been compiled from data generated by the Kaspersky Security Network (KSN) throughout January 2009.
The first Top Twenty is based on data collected by Kaspersky Lab’s 2009 antivirus product and gives details of malicious, advertising, and potentially unwanted programs detected on users’ computers.
1. Virus.Win32.Sality.aa
2. Packed.Win32.Krap.b
3. Worm.Win32.AutoRun.dui
4. Trojan-Downloader.Win32.VB.eql
5. Trojan.Win32.Autoit.ci
6. Trojan-Downloader.WMA.GetCodec.c
7. Packed.Win32.Black.a
8. Virus.Win32.Alman.b
9. Trojan.Win32.Obfuscated.gen
10. Trojan-Downloader.WMA.GetCodec.r
11. Exploit.JS.Agent.aak
12. Worm.Win32.Mabezat.b
13. Worm.Win32.AutoIt.ar
14. Email-Worm.Win32.Brontok.q
15. Virus.Win32.Sality.z
16. Net-Worm.Win32.Kido.ih
17. Trojan-Downloader.WMA.Wimad.n
18. Virus.Win32.VB.bu
19. Trojan.Win32.Agent.abt
20. Worm.Win32.AutoRun.vnq
There were no major changes to the composition of the first Top Twenty during the first month of 2009. Exploit.JS.Agent.aak took the place of Trojan.HTML.Agent.ai and Trojan-Downloader.JS.Agent.czm which appeared in the December ratings. The AutoRun.eee worm, which has vanished from this month’s Top Twenty, has now been replaced by Worm.Win32.AutoRun.vnq. This is not surprising, as frequent new modifications are characteristic of these types of malicious program.
Trojan-Downloader.WMA.Wimad.n, which dropped out of the ratings in November, has also returned to the game. The result of this activity is a Top Twenty Virus with three non-standard downloader programs; evidence of the mass spread of this type of Trojan program, and the trusting attitude users have towards multi-media files. The sharp rise of Trojan-Downloader.WMA.GetCodec.r by ten places confirms that the propagation method described in last month’s Top Twenty, whereby malicious programs use peer-to-peer networks and multimedia downloaders to spread has been very effective.
While Sality.aa still retains its leading position, it has been joined by Sality.z, making Sality one of the most widespread and dangerous families of the recent past.
The notorious Kido family, network worms which use a critical vulnerability in Microsoft Windows to spread, is also present. The current epidemic, the propagation method used, and the number of potentially vulnerable computers mean the appearance of Kido variants in this month’s Top Twenty are no surprise.
All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threats which we detect. Self-replicating programs again prevail over Trojan programs.
In total, 46014 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in January. It should be noted that the holiday period did not result in a drop in threats found “in-the-wild”; on the contrary, there were 7800 more “in-the-wild” samples detected than in December (38190).
The second Top Twenty Virus presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.
1. Virus.Win32.Sality.aa
2. Worm.Win32.Mabezat.b
3. Net-Worm.Win32.Nimda
4. Virus.Win32.Xorer.du
5. Virus.Win32.Alman.b
6. Virus.Win32.Sality.z
7. Virus.Win32.Parite.b
8. Virus.Win32.Virut.q
9. Trojan-Downloader.HTML.Agent.ml
10. Virus.Win32.Virut.n
11. Email-Worm.Win32.Runouce.b
12. Worm.Win32.Otwycal.g
13. P2P-Worm.Win32.Bacteraloh.h
14. Virus.Win32.Hidrag.a
15. Virus.Win32.Small.l
16. Virus.Win32.Parite.a
17. Worm.Win32.Fujack.bd
18. P2P-Worm.Win32.Deecee.a
19. Trojan.Win32.Obfuscated.gen
20. Virus.Win32.Sality.y
Sality.z was the latest representative of Virus.Win32.Sality to make it into the first Top Twenty. Sality.y has appeared in the second Top Twenty, confirming again the high activity of this family of self-replicating programs.
An interesting newcomer to the second rating is P2P-Worm.Win32.Deecee.a. This worm spreads via the DC++ peer-to-peer network, and is capable of downloading other malicious files. It has gained a place in the second Top Twenty Virus not so much because of the number of machines it has infected, but because of the number of copies of itself on every infected computer - it copies itself multiple times when installing. Once installed, this worm makes the copies of itself publicly accessible. The executable files which spread in this way have names which follow a set pattern: a prefix such as “(CRACK)”, “(PATCH)”, then the name of a popular application: “ADOBE ILLUSTRATOR (All Versions)”, “GTA SAN ANDREAS ACTION 1 DVD”, etc.
Worm.VBS.Headtail.a, which returned to the rankings in November, has disappeared again, continuing to exhibit the unstable behaviour which we noted towards the end of 2008.
=================== End =================
Semoga Bermanfaat.
Langganan:
Postingan (Atom)