Skip to content

*13-12-08* Security for your Personal Computer! 4/5

16-2-2005

Preventing Internet and Spyware Attacks

February 16, 2005 – by Ric Dörner

Latest Security Hazards HAZARDOUS SECURITY ALERT

Internet Storm Center Infocon Status

Hohes Risiko

The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

Revised 13-12-08

Due to the fact a former link here to spywareinfo HAD to be removed!!
See this Link please!

http://www.temerc.com/forums/viewtopic.php?f=4&t=6261


~~~~~~~~~~~~~~~~~

Please Note… I have to open other sites in a new window, so please allow Pop-ups for this site. I do not know why some experience this problem but if you click on some thing and it does not show you another window, please allow pop ups for this site (deigratia.wordpress.com) ONLY.*OR* Use the roller button (middle of your mouse) to open it on your browser to open a NEW TAB )

GBAr

Thank you for that cleaning first, this will assist you in what you really require and the stuff here are security programs this should ensure that the program functions the way it should. Also note these programs are being used from Win 98 to XP no problem but Ram is require best upgrade for your computer and not expensive. )

GBAr

Warning!

I once said I ran BitDefender Antivirus and Avast together although one is not actively scanning, Donna told me this, Please read.

  • *I have to thank Donna for this update*
  • Please remember that one antivirus program is enough. Just make sure that the antivirus program that you are using is UP-TO-DATE and SUPPORTED.SUPPORTED means the maker of the antivirus software continues in providing product updates and upgrades. An antivirus (or any security tool) that do not have development (updates/upgrades) is in my humble opinion, a product to stay away. Malware isn’t using old tricks so your antivirus program should continue to support the software by providing detections and program updates and upgrades. Sticking with old version shouldn’t be put into practise just because it is the one you like/prefer and/or it is free. Old versions is usually not supported. There are times unsupported versions is OK to use but be sure it is not a security tool. A security tool prevents malware.UP-TO-DATE means your antivirus software (or any security tool) has the latest detections. Running an antivirus with old detections is useless. You are are putting your computer at HIGH RISK and you are posing a threat to other users because your computer is maybe sending out malware to some of your contacts. You should also run a malware scan regularly. It is also a good idea to use the program’s scheduler or Windows Schedule Task to manage the scan schedule. As for getting all the protection you can get… it depends on how a person is using the internet and the computer but the best thing to do is follow the best practise that were published by: * Sophoshttp://www.sophos.com/virusinfo/bestpractice/* Microsofthttp://www.microsoft.com/athome/security/viruses/intro_viruses_protect.mspx Like you, I don’t want to use a computer by only maintaining it everyday but I want to enjoy using the computer and the internet so one of my practises is by keeping a good full system backup twice a month or whenever I feel like backing-up. If anything happens, I don’t have to worry of losing any settings, files and the system. Learn more about backups in: * Data Backup vs System Backuphttp://dozleng.com/internetsecurity/?p=73* Why you should backuphttp://www.microsoft.com/athome/security/update/backup.mspx Again, *one (1) antivirus program is enough*. No user is getting extra protection by installing more than 1 antivirus program. If you need to know whether the system is infected and you want to use another antivirus scanner, run an online virus scan:

  • Other Things You Can Do…
  • Protecting your system against spyware and adware involves more than just installing one of the anti-spyware programs listed above. What follows below is a set of recommended additional steps for protecting for your PC. If your PC is already infested with spyware or adware, see these instructions for getting help. Also, since there are MANY trojans this program is freeware for all windows and seeks spyware also.Trojan Finder – (A-Squared)A2

  • Lock down your browser
  • One of the most prevalent means for spyware and adware to be installed is through Internet Explorer. To prevent spyware and adware from installing without your knowledge and permission, you need to “lock down” Internet Explorer. There are several ways to do this. Securely configure the Internet zone. First, you can securely configure the Internet zone of Internet Explorer and add sites that you trust to the Trusted sites zone. This means that by default web sites will not be able to use “active content” (i.e., ActiveX controls, Java applets, and scripting) until you explicitly choose to trust those web sites. See this page for instructions on how to securely configure Internet Explorer:Internet Explorer Privacy & Security SettingsYou could also use this free program, which will automatically configure Internet Explorerfor you: Enough is Enough! One potential downside to securely configuring the Internet zone is that some web sites will not work properly until you add them to the Trusted sites zone — a process that some users find cumbersome. Add bad sites to the Restricted sites zone.

  • Second,
  • you can use another approach to “locking down” Internet Explorer which avoids the hassle of broken web sites by adding known ;nasty; sites to the Restricted sites zone. Doing so gives your PC protection against known threats while still allowing most web sites to work by default. To put the clamp down on a long list of undesirable web sites, you can install and use this free program:IE-SPYAD If you choose to use the Restricted sites approach of IE-SPYAD, be sure to update your copy of IE-SPYAD regularly, as new web sites are constantly being added to the list.

  • Use an alternative browser

  • Internet Explorer is not only the most popular browser on the Net, it is also the browser most widely and easily exploited by spyware pushers to install spyware and adware behind users’ backs. Thus, you might decide that Internet Explorer is simply not worth the hassle or risk. In that case, you can install and run an alternative, non-IE browser such as Netscape , Mozilla , Firefox . Opera . All of these browsers are mature, robust, and fast. Moreover, they have built-in pop-up blocking and several other nice features that Internet Explorer simply lacks. More importantly, these browsers are much less susceptible to unwanted adware and spyware installations. And all three are free. Note: even if you do switch to an alternative browser, you should still lock down Internet Explorer, as described above. Given that Internet Explorer has effectively been integrated into Windows, it can still be exploited by adware and spyware that gets installed to your system through other means. Thus, locking down Internet Explorer remains important even if you’re not regularly using Internet Explorer to browse the internet.

  • When writing e-Mails PLUS ANOTHER THING!!!!!!!!!!!!

  • Use BCC field when addressing mass mail

    PLEASE READ and become a better E-mail user. This information is intended not only to make you a neater “E-mailer” but one that is more considerate and more thoughtful… Your friends will be thankful.

    Would you write your friends’ phone numbers on the walls of public places? If you answer no, then why would you share their private E-mail addresses with a group of strangers, many of whom will CARELESSLY forward the same addresses to even more strangers? Don’t do it! Instead, use the BCC feature of your E-mail program.

    BCC means Blind Carbon Copy. It is a way of addressing mail to more than one person so that everyone’s address is not displayed for all to see. Every E-mail program (including the free, web-based E-mail services) allow you to address messages using BCC, in other words, to “BCC” one or more recipients. Some require that you provide at least ONE address in the TO: field. If this is the case, place YOUR OWN address in the TO: field and all your recipients’ addresses in the BCC field.

    WHY:

    * Using BCC protects your recipients’ E-mail addresses from being spread to strangers.
    * Using BCC helps prevent SPAM (Unsolicited Commercial E-mail)
    * When using BCC, messages will be easier on your readers because they will be smaller, with fewer addresses on each message.
    * They will download faster and will use less bandwidth.
    * Using BCC shows your consideration of others by not publishing hundreds of your friends’ addresses to strangers and potentially, SPAMMERS or maybe even stalkers.

    How to BCC:

    * AOL does not have a dedicated BCC field. To send mail via BCC, place addresses and screen names in the CC field surrounded by parentheses. For example: (billyg@msn.com, SteveCase, lunchmeat@spam.net)
    * Outlook Express: To turn on the BCC field:
    Create a New message and choose View, All Headers.
    * MS-Outlook: To turn on the BCC field
    Create a New message and choose View, BCC.
    * Netscape Messenger: To send via BCC, type the first address, click the To: button on the left of the name and choose BCC from the drop-down list. After pressing ENTER, each subsequent address
    you type will be Blind Carbon Copied.
    * Lotus Notes – the BCC field is right there. Nothing to “turn on”, no hoops to jump through, just use it!
    * Juno Mail – Juno versions earlier than 3.0 do not allow BCC. However with Juno 3.0, the BCC feature exists and works just like AOL.
    There is no dedicated BCC field. Instead, place alias/nickname, mailing list name, or e-mail address in CC field and surround entire collection in parentheses.
    * In Gmail and Yahoo! Mail: click Add BCC while in a new message. The BCC field in Hotmail is staring you right in the face.
    From this page http://www.hamra.net/fun/bcc.htm

    Using the BCC (Blind Carbon Copy)feature of one’s email client to send messages to more than one recipient is also recommended, as it helps protect against the spread of viruses as well as protect the privacy of recipients’ addresses. More info on this and on how to BCC here:http://www.cs.rutgers.edu/~watrous/bcc-for-privacy.html

    bcc.png

    For many people, it is wise to use BCC in your email client rather than using the to field for all to see everyone you mailed it to. Care to learn a bit more here is a great page from CERT. Although in many situations it may be appropriate to list email recipients in the To: or CC: fields, sometimes using the BCC: field may be the most desirable option.What is BCC?BCC, which stands for blind carbon copy, allows you to hide recipients in email messages. Unlike addresses in the To: field or the CC: (carbon copy) field, addresses in the BCC: field cannot be seen by other users.

    cluster-2304488.gifE-Mail forwarding is almost too easy!

    Please read Brett’s article or any of the following to see what is really being done. Simply said FORWARDING E-Mail is not a good Idea. Please STOP.http://www.hoax-slayer.com/forward-responsibly.htmlhttp://www.us-cert.gov/cas/tips/ST04-010.htmlhttp://www.net4tv.com/VOICE/story.cfm?StoryID=1823http://channelmarker.blogs.techtarget.com/2007/01/15/hitting-forward-an-email-security-nightmare/http://www.theregister.co.uk/2001/03/05/australia_outlaws_email_forwarding/

  • Read Licenses & Privacy Policies
  • Anti-spyware applications alone can’t protect you entirely from unwanted spyware and adware. You have to do your part as well by being vigilant in your online behaviour. One of the more common sources for spyware and adware is freeware (e.g., Grokster or KaZaA) that bundles unwanted third-party applications. Another common source involves third-party web sites that automatically start the installation of spyware and adware when you visit those sites. These auto-installed spyware and adware programs may initially appear to be plug-ins necessary for the web site itself, though usually they are not. Wherever you happen to encounter spyware and adware, you will usually be presented with a EULA (End User License Agreement) and/or Privacy Policy. Do not blindly click through these documents. Read them carefully and look for the tell-tale language that discloses the presence of adware or spyware. For tips on what to look for, see these pages DSLReports.com – EULAs & Privacy Policies, Practice Safe Hex! , EULAlyzer™ 1.1 from javacoolsoftware

  • The Problem with Privacy Policies
  • Ben Edelman – Grokster and Claria Take Licenses to New LowsBen Edelman – Gator’s EULA Gone BadMost if not all of the adware-supported or advertising-supported applications on the Net have adware-free equivalents. There’s simply no need to use advertising-supported applications.

    If you have come this far congrats!!! and lets hope these signs below no longer show your info, then you can skip the next part about If Your PC is Already Infested w/ Spyware & Adware…. BUT if they still show your ISP then time you do something….

    These signs are created and served by danasoft.com’s webserver in real-time for each person that views them. Your IP address and other information are only visible to YOU, not to others, but because people see their own IP address and computer information displayed on a blog or in a public forum, they think that their information can be seen by everyone!

    Read the privacy policy for more details. Click Here!

  • If Your PC is Already Infested w/ Spyware & Adware…
  • If your PC is already infested with spyware and adware, resist the temptation to succumb to impulse buys of anti-spyware products that you see on the Net, esp. those included in the rogue/suspect list . Instead, you can get help online from a corps of savvy volunteers who specialize in busting spyware.To get help with a spyware infestation:Clean your PC as best you canYou should also scan and clean your computer with whatever anti-virus program you happen to have installed on your computer. If you don’t have an anti-virus program, you can scan your computer with one of these online anti-virus scanners:BitDefender Scan Online , Panda ActiveScan , Command on Demand , eTrust AntiVirus Web Scanner , TrendMicro HouseCall , McAfeeFree Scan , Microsoft Malicious Software Removal Tool…or download and run one of these free standalone virus removal tools:avast!Virus Cleaner , Panda PQRemove , McAfee AVERT Stinger , Sophos SAV32CLI

  • Visit a spyware removal forum
  • Other Anti-Spyware Tools I request that you post a HijackThis! log. HijackThis! (HJT) is a free program that will scan key system settings on your PC and generate a plain text log that you can copy and paste into a post. Once you’ve cleaned your PC as best you can, visit one of the following spyware removal forums:Only after running HJT program:You can DL HijackThis from HERE. Save the zip file to your desktop. Then create a new folder on your C drive, called either ‘HJT or ‘HijackThis’ and extract the files to that folder. Right click on the “hijackthis.zip” to extract the files. If your running Win 98 or before google winzip. The reason for installing it into its own folder is that when you have it ‘Fix’ anything that a trained HJT analyst has asked you to ‘Fix’, HJT makes backups and puts them into that folder which we can access easily, should we need to do so for recovery. [u]Do not, in any instance use HJT to fix anything yourself[/u]. One wrong item removed, and you can paralyse your box. Let us do it in the forums. Now your ready to post your log intoThe volunteers at the above forums will examine that HJT log and recommend a course of action to fix your PC.Each forum has its own set of instructions and procedures for requesting help and posting a HJT log, so abide by the requirements of the forum you’re visiting. Also, do not attempt to use HJT on your own to fix problems. Let one of the expert volunteers examine your HJT log and advise you on what to fix.

  • Start a new discussion topic/thread.
  • Give your discussion topic/thread a distinctive title.
  • Describe the symptoms and problems you’re experiencing.
  • Describe what you’ve already done to solve the problem.
  • Copy and paste your HJT log into your post.
  • Be patient while waiting for a response.
  • Note that some of the forums listed above may require you to register for free before posting.Once a volunteer does give you advice for cleaning your PC, follow those instructions precisely and report back what the results are. Also, you may be asked to download and run other specialized anti-spyware tools to remove the particular spyware that’s on your computer.The volunteer spyware busters who work these anti-spyware forums do this kind of thing all day long, so you’ll be in good hands. At times they can be a bit overwhelmed, so please be patient while waiting for help.*****In order to help you clean your system, the volunteers at these anti-spyware forums need a good sense for what’s going on with your computer. When you’re ready to post and request help… Spybot S&D , Aumha , Bleeping Computer , Spyware Warrior , CastleCops , Cexx.org TomCoyote
    Download and run one (or all) of these free anti-spyware scanners and remove whatever spyware and adware it finds.Ad-aware Personal EditionSpybot Search & DestroySpyCatcher Express

  • Upload Infected Files for Research Analysis
  • CastleCops has opened its [UnknownFiles Forum] to all guests. Upload any unknown, questionable, or infected files to this forum for staff review and vendor distribution.

  • *Stop Spam*
  • Spam – What exactly is it? In order to combat spam effectively it is necessary to define exactly what spam is. Most people believe that spam is unsolicited email. However, this definition is not entirely correct and confuses some types of legitimate business correspondence with true spam. Spam is anonymous, unsolicited bulk email. This is the description that is being used today in the USA and Europe as a basis for the creation of anti-spam legislation. Let’s take a closer look at each component of the definition:Anonymous: real spam is sent with spoofed or harvested sender addresses to conceal the actual sender.Mass mailing: real spam is sent in mass quantities. Spammers make money from the small percentage of recipients that actually respond, so for spam to be cost-effective, the initial mails have to be high-volume.Unsolicited: mailing lists, newsletters and other advertising materials that end users have opted to receive may resemble spam but are actually legitimate mail. In other words, the same piece of mail can be classed as both spam and legitimate mail depending on whether or not the user elected to receive it.It should be highlighted that the words ‘advertising’ and ‘commercial’ are not used to define spam.Many spam messages are neither advertising nor any type of commercial proposition. In addition to offering goods and services, spam mailings can fall into the following categories:Political messages, Quasi-charity appeals, Financial scams, Chain lettersFake spam being used to spread malware Unsolicited but legitimate messages A legitimate commercial proposition, a charity appeal, an invitation addressed personally to an existing recipient or a newsletter can certainly be defined as unsolicited mail, but not as spam.Legitimate messages may also include delivery failure messages, misdirected messages, messages from system administrators or even messages from old friends whohave previously not corresponded with the recipient by email. Unsolicited – yes. Unwanted – not necessarily.How to deal with spamBecause unsolicited correspondence may be of interest to the recipient, a quality antispam solution should be able to distinguish between true spam (unsolicited, bulk mailing) and unsolicited correspondence. This kind of mail should be flagged as ‘possible spam’ so it can be reviewed or deleted at the recipient’s convenience. Companies should have a spam policy, with system administrators assessing the needs of different departments. Access to different unsolicited mail folders should be given to different user groups based on this assessment. For instance, the travel manager may well want to read travel ads, whereas the HR department may wish to see all invitations to seminars and training sessions.*Marks favs*AntiSpam Tools– *K9* http://lists.thedatalist.com/pages/AntiSpam_Tools.htm#K9– *POPFile* http://lists.thedatalist.com/pages/AntiSpam_Tools.htm#POPFileSpamCop http://lists.thedatalist.com/pages/AntiSpam_Tools.htm#SpamCop Mail Tools– *MailWasher Pro*http://lists.thedatalist.com/pages/Mail_Tools.htm#MailWasher%20Pro THREE KEY TIPS FOR COMBATING SPAMhttp://stopspamhere.ca/

    *ROOTKIT Removal !! *

    The latest trend is these people that try to get into your computer are attempting to create a rootkit that is undetectable. OR so they say. Regardless I am going to post here just a couple of good Rootkit finders. there are many more. So if your not satisfied with what is here write or call me. I will give you some more sites that are creating these root kit finders.The reality is that at the present time, full protection against rootkits may require the use of multiple products and complete removal may require a system rebuild. For more details see my introductory article on rootkitshttp://www.pandasoftware.com/products/antirootkit/ Freeware, Windows 2K, XP.353KBhttp://www.f-secure.com/blacklight/ Free beta,Windows 2K/ XP/Vista, 667KB http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx Freeware, All Windows, 231KBhttp://www.sysinternals.com/Forum/default.asphttp://www.gmer.net/ Freeware,Windows NT/ 2K/XP/Vista, 450KB http://majorgeeks.com/Icesword_d5199.html Freeware,Windows NT/2K/XP, 2.1MBhttp://www.softpedia.com/get/Antivirus/DarkSpy-Anti-Rootkit.shtml Windows 2K/XP/2003, 626KBhttp://www.techsupportalert.com/rootkits.htm How to deal with the threat of rootkits

  • IM= Instant Messenger programs.

  • ALSO equals huge security hazard! please get the fixes and update frequently. Today being Aug there has been sightings of silly nasty worms being spread through these “chat” and communication programs. Trojans are like worms, regardless of what is in your computer you find one thing with your computer I can assure you they that want to get in have found a way too. Messenger service is only going to get through on insecure computers, but that is the kind of computer we are generally concerned with. It doesn’t install programs and it doesn’t change system settings. It works using existing software on their system for its originally intended purpose (and of course doesn’t work if that software is blocked or (disabled). This bypasses those abuse desks that ignore escalation emails, so it is a second path that is not going to fail for the same reason as the escalation emails. And in the case of a massive outbreak, where abuse desks are overloaded, it allows operatorsof infected machines to seek help immediately, rather than a couple of days later. While people sitting at home surfing the web without pop-up stoppers might be used to disregarding pop-ups, at work for many (most) of us they are a rarity, so in these situations they will stand out. A lot depends on what goes at the top of the message: does it begin with a long technical explanation, or “this is a friendly warning that you seem to have the XXX virus”.The Windows Messenger Service vulnerability can be exploited by a single UDP broadcast, allowing a wholesale c compromise of all vulnerable systems on the targeted network. [Techweb]To permanently Turn off the Messenger Service: For Windows 2000 and XP only. Click Start, and then click Control Panel (or point to Settings, and then click Control Panel). Double-click Administrative Tools. Double-click Services. Double-click Messenger. In the Startup type list, click Disabled.Click Stop, and then click OK. To turn it off permanently right click on properties then change startup type from Automatic to Manual or Disabled.

    Zonealarm has some products that assist you with this, IM Secure one is Pro that can protect more than one messenger address. Please read this page for a bit more info on their product for the free program is a straight download from them. and there is IM Secure Free that protects only one messenger address.

    • Acrobat Reader?! NO! Foxit reader smaller better and no active “X”

    Foxit Reader 2.1.2

    Please when at the Software site pleaseJUST click “Downloads” NOT the free download button. Thanks

    Just simpler easier to use simple updater, and not as huge as the other. Foxit Reader 2.0 has just been released. This new version introduces many exciting features, including multi-language UI, dynamic downloading of add-ons, form filler, better look and feel and much more.See this PAGE to learn more.

  • How is this possible?

  • Many worms today use your address book to replicate themselves on other systems. If you are infected we will receive notice and respond back to your email including the name of the worm, and how to clean it. In addition, you can send any file you wish to have scanned to this address, and we will notify you of our results.This is a free service brought to you by Computer Cops.

    Currently not available

    http://castlecops.com/modules.php?name=News&file=article&sid=770

  • New to Web Security?

  • Then you should visit this site…Free Privacy and Security tests at AuditMyPC.com

  • Answers that work…..

  • A useful site. http://www.answersthatwork.com/Especially the task list library for looking up some background programs that you might be wondering about. Eg: I found netdde.exe running and I knew I never downloaded anything so I typed it into a search box query and this site gave info on it. It turns out that my “Hearts” game automatically runs it (it was installed on my system with my Windows (games) install) and it is used for multiplayer chat within the game. It can be disabled or deleted from the start up manager.

  • Greetings and Welcome to the CoU-niversity!

  • This first class is our Freshman Course. This course will help you clean up your computer. This course is designed for the novice computer user. There is one thing I must mention here is run the three Online scans above to be sure your system is cleaned of most baddies prior to taking this course.*ALSO NOTE* Although they say click run, I would no longer suggest this I would save it in a “!DOWNLOADS!” folder feel free to copy the name and create a folder. Please be sure this folder does not goto your desktop. Easiest is to take your check mark out of the box when download completes. Then you can simply open the folder “!DOWNLOADS!” and it will highlight the program and you then can scan it with your Antivirus program & A-squared program which finds those nasty worms and trojans that are on the internet today. Try this course you’ll be flabbergasted…LOL click Here)~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-“It takes one fish to go downstream, but five to swim against the current.”

  • Periodic reminder of best practices for cleaning up after infection.

  • The short answer, is that once you’ve been infected by malware that installs a backdoor or connects to a botnet, simply cleaning up the initial infection (and the hole through which the infection occurred) isn’t sufficient because you can’t be sure what secondary infections you may also have. Although most people don’t want to hear it, at this point your best bet is to nuke the machine and reinstall (and patch) from scratch.Here are some of the stories on the subject from the past.http://isc.sans.org/diary.php?date=2004-05-16 by Pat Nolan andhttp://isc.sans.org/diary.php?date=2004-05-03 by Jim Clausing.Remember the two benefits of failure. First, if you do fail, you learn what doesn’t work; and second, the failure gives you the opportunity to try a new approach. – Roger von OechRic:^D.Trojans are often not caught by virus scanning engines, because these are focused on viruses, not Trojans. Catching such threats would require the use of a Trojan scanner (a.k.a Trojan cleaner, Trojan remover, anti-Trojan, a-Squared). see, http://www.windowsecurity.com/trojanscan/


    GBAr

    *****************************************************************************************

    Some more reading on alert awareness pages!

    Advertisements
    No comments yet

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    %d bloggers like this: