To blog or not to blog? Well, why not? Lots of people like either to write or to read blogs — sometimes both. The much-quoted survey by the Pew Internet & American Life Project, says 27 percent read blogs. 38 percent of all Internet users at least know what a blog is. The survey was made in November 2004 and estimated that 32 million Americans to be blog readers by the end of 2004. So now there must be much more blog readers and writers.

But there has recently been bad news that spoiled bloggers’ mood. The security firm Websense found that blogs are "being used as a safe haven by hackers for storing and distributing malicious code, including identity-stealing keyloggers." Since January, Websense Security Labs has discovered hundreds of blogs set by hackers.

There have been scores of articles on this topic since last week. See, for example, the article by Gregg Keizer "Hackers Use Blogs To Spread Worms, Keyloggers" April 13, 2005 at http://informationweek.com/story/showArticle.jhtml?articleID=160702505

The general idea of all these articles is the same: hackers turn to blogs. Blogs are suitable for them: there are large amounts of free storage space, no identity authentication is required to post, and there is no scan of posted files for viruses, worms, or spyware in most blog hosting services.

Such blogs experts from Websense Security Labs call "toxic". In its press-release "Toxic Blogs Distribute Malcode and Keyloggers" http://ww2.websense.com/global/en/PressRoom/PressReleases/PressReleaseDetail/index.php?Release=050412889 they explained how some malevolent individuals use blogs for their own gain.

In some cases cybercriminals create a blog on a legitimate host site and post viral code or keylogging software at the page. Then they attract traffic to the toxic blog by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering.

In other cases, a blog can be used only as a storage mechanism which keeps malicious code (for example, updates) for Trojan horses that have already been hidden on the users’ computers.

"To read or not to read blogs — that’s a question?" Of course to read them, to write them — blogs are already a part of our culture. But be careful.

While PC users can do little to stay aside of toxic blogs except not following links in spam and spim messages, leading to these blogs. If a blog is used as a storage for malicious code, users can do nothing at all about it.

It is up for blogging tool operators to add security, such as anti-virus and anti-spyware protection, to blog hosting service. They can also limit the types of files that can be stored. And it is high time they made their service more secure, because literally millions of Americans might be in danger of picking malicious code, such as a virus, worm or Trojan horse, simply by reading a blog.

Alexandra Gamanenko currently works at Raytown Corporation, LLC — an independent software developing which created a technology capable of disabling the very processes of information capturing — keylogging, screenshoting, etc. It makes the company’s anti-keylogging software a solution against information-stealing programs and modules.

Learn more — visit the company’s website http://www.anti-keyloggers.com

Beware of a New Scam Aimed at Bargain-Hunters

Trying to buy something cheap is absolutely natural–and online crooks set traps for unwitting bargain-hunters. On April 6 Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. Several websites offering cheap airline tickets in fact weren’t selling anything; the aim was to cheat users out of credit card details.

Of course, these sites have already been identified and disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products.

The scam is very simple; the thieves simply wait until some unsuspecting user who is searching for airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV).

As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order.

Luis Corrons, the director of PandaLabs, comments on this scam: "This kind of online fraud differs from those witnessed previously. The malicious user does not contact the person interested in buying the product, but it is actually the buyer, in searching for the best prices online, who goes to the fraudulent web page. This creates a false sense of security that can lead users to proceed with the transaction".

This makes such a scam very dangerous. It is the user who finds the "bargain"; no spam or pop-up ad is involved– actually, nobody either forces or tries to persuade the user to buy something. This tactic is bound to be "effective", if such a word is appropriate here. That is why it is extremely likely that there will be other websites and other scams using the same pattern.

Too Cheap to be a Bargain? You’d Better Steer Clear

How to avoid this kind of fraud? "Users are best advised to treat ‘bargains’ with suspicion, and only make online purchases from trusted sites. In any event, if in doubt, it is a good idea to search for information about the website in question on the Internet. Users should be able to find opinions and experiences of other users who have used the same service," says Luis Corrons.

That’s all users can do so far — to steer clear of suspicious bargains and to check the firm one is going to buy from. Of course, the authorities are informed; these cybercriminals will be tracked, caught and sent to jail.

But this entire story gives a strong impression that cybercrooks are becoming more and more shameless. People get cheated when they expect it the least — just remember bogus appeals to make donations for tsunami victims.

Such criminals are impudently taking advantage over majority of people — over those who remember the Golden rule and expect others to behave the same way. That is why everybody who either falls the victim of this –or any other–scam, or learns about such incidents, should make this information public. This will be a small contribution that may help to curb growing cybercrime.

Alexandra Gamanenko currently works at Raytown Corporation, LLC — an independent software developing company that provides various solutions for information security.

Learn more — visit the company’s website http://www.anti-keyloggers.com

Adware. Spyware. Pesky pop up ads. Internet congestion. Computer malfunctions of every kind. Obviously, you’re infected!

Regardless of the brand name anti-virus software(s), ninety percent of all personal computers have to deal with computer problems. Unfortunately,most of the effective software(s) cost $20 to $250.

Folks, there’s no need to be scammed any longer. Don’t ever make the mistake of paying big dollars!

On second thought, just continue to pay me your undivided attention, and together, we can eliminate these problems.

Step 1: Go ahead and uninstall all of your current anti-virus security options (except for your current firewall). Don’t be afraid. Remember, you can always reinstall them at a later date if you so choose. Next: go online and type Tudogs into your local search engine. Afterwards, run the engine by simply pressing the Search button.

Step 2: Enter your email address into the Tudogs email address prompt. Then press the submit button. Now you are ready to enter the Tudogs website.

Step 3: Type Avast into the Tudogs search engine. Then press the Search engine button. Once you are on the next page: Click onto the icon that says: avast! 4 Home.

Step 4: Scroll down to the very bottom of the next page where it says in bold blue letters: avast! 4 Home Edition Download. Click onto this icon. This will promptly take you to the next page. Once you are on the next page: scroll down to the very bottom of the page and then press the download icon that says: Avast! 4 Home English version (or whatever your language of preference might be.). Disregard the file download that says: This file can potentially damage your computer. The reason they issue this warning is because Avast is not one of the brand name software(s), such as: Windows XP, Google Tool Bar, Norton Anti-Virus, McAfee, et…). Press the Run button. Now all you have to do is to follow all of the ensuing set up prompts.

Installation will take a few short minutes. It is really that simple. Once you have completed the installation process, I strongly recommend that you immediately log off and run your first Avast scan. You might be shocked at the number of hidden worms, viruses, and trojans that Avast is able to detect.

HOW TO RUN AN AVAST SCAN

You have three areas of choice in order to run an Avast scan: the removable media scan (CD’s and floppies), the hard disk scan (the C drive), and the user defined folder scan. First, you need to make sure that you are not online. You only want to scan what is on your personal computer, not the infinite black holes of cyberspace. The C drive is the main drive that contains all of the necessary components that govern and run your personal computer. Therefore, this is always, by far, the most important drive to scan.

Step 1: In order to initiate an Avast C scan, you first need to double click onto the Avast icon that is now installed on your personal computer. When the Avast scanner appears notice that in the top right hand corner of the Avast scanner, there are three very distinctive icons: (+) (?) (x). Look to the far right hand side of the Avast scanner. Just below the minus sign (-) and the (x) is a square button. Press this button.

Step 2: Immediately out of the top of the Avast scanner should appear an icon that says: Standard Scan/Scan archive files. Once this icon appears look to the far left hand side of the Avast scanner. There you will see a large triangular button. By pressing this button you will initiate the Avast C drive scanner.

Step 3: Once an Avast scan has been completed, if Avast finds any questionable files, it will automatically ask you what you want to do with the file(s) in question. For example: you may opt to have a particular file moved to the Avast virus chest; there, it can no longer harm your computer; OR, you can rename and have any particular file moved into another location on your computer; OR, you can attempt to have an infected file repaired; OR, you can simply have it deleted. I always opt for deletion.

ALLEVIATING POP UP ADS

Step 1: Using your mouse, go down to the bottom left hand corner of your computer and press the start button.

Step 2: When the program options appear go directly to the control panel.

Step 3: Next: click onto internet options.

(Note: These directions might very slightly from computer to computer.).

Step 4: After you have clicked onto internet options you are going to see an icon. At the very top of this icon it is going to say something to this effect: internet properties: general, security, content, privacy, et…

Step 5: Next: Look for the phrase that says: Temporary Internet Files. This is what you want to delete. This is a major source of those pesky pop up ads. In my opinion, you don’t need a temporary internet file in order to get back to a website that you just visited. Unfortunately, this is where a lot of junk is stored, such as: dangerous cookies, adware, spyware, and various tools for hackers to hijack your personal information. Also, the more of this junk that you allow to build up over a period of time, the slower your computer is going to run.

Step 6: Next: within this same icon you should see another icon that says: History. We are now going to delete your computers history for the exact same reasons as mentioned in step five.

Step 7: Go ahead and delete the cookies option within this same icon for the exact same reasons as mentioned in step five. (Note: If you are not a regular cookie deleter the chances are very good that you now have multiple thousands of cookies that are congesting your computer.).

Step 8: While you are within this same icon you will see a phrase that says something to this effect: Days To Keep History. Most computers are already preset at 20 to 30 days. This is very bad because this means that your computer will wait 20 to 30 days before it automatically deletes your recent history. Remember: every time you go online you are going to acquire five to ten cookies. These cookies will then replicate themselves many times over. Some of these cookies are extremely dangerous. If it takes 20 to 30 days to delete all of the hidden junk that you are going to acquire online, is it any wonder that you are now experiencing difficulties?

Step 9: You guessed it! Change the number of Days To Keep Your History to 7 or less. This will alleviate an awful lot of internet congestion.

YOU ARE NOW IN FOR A REAL TREAT. ZONE ALARM IS THE MOST AWESOME FIRE WALL IN THE WORLD!

Step 1. Go to the Download.com website.

Step 2. Type Zone Alarm into the Download.com search engine. Then press Go.

Step 3. Once on the next page proceed to scroll downward until you find three versions of Zone Alarm that are currently being offered. Two of these versions offer free trial periods with an option to buy after the duration of these trial periods. The third version has a free licence. That means that this version is totally free. I strongly recommend that you start off with this version.

Step 2: Click onto the blue letterings of whichever version of Zone Alarm you so choose to install.

Step 3: On the next page you will see a caption in blue letters that says: Download Now. Click onto this icon.

Step 4: Disregard the Security Warning that says: This file can potentially damage your computer. The reason they issue this warning is because Zone Alarm is not one of the brand name software(s). Now go ahead and press Run button. Now all you have to do is to follow all of the ensuing set up prompts. Installation will take a few short minutes.

My name is Eric J. Nelson. I am on a personal mission to eliminate computer problems. I hate to see others get scammed. There is more software/protection available. Please check out my website at: Computer Problem Solutions

A friend called me one day and asked if I would stop by to look at his computer. He said it was running abnormally slow and he had found something on his hard-drive he could not explain. I could almost guess what it was he found. Have I been hacked?

You see, his computer had been hacked. Actually, in his case, his computer had been tagged. Similar to the image you see here.

Tag, You’re It!
—————
The file transfer protocol, commonly referred to as "FTP", has been around for many years. In the early days of the Internet, it was one of the few ways to easily upload and download files from one computer to another. Many commercial operating systems come with an FTP server installed. In other cases, the option for FTP services is selected by a user when they are installing or updating their operating system. If this service is not setup properly, or you don’t have an adequately configured software or hardware firewall, it is an open invitation for a hacker or intruder.

FTP Tagging - The most common purpose for someone to compromise your FTP server is for the storage and distribution of illegally obtained software and files. This could include cracked software, stolen movies, audio files, and pornography. Removing this type of contraband from your computer can be difficult, particularly if you are using a Microsoft Windows platform. Hackers use sophisticated scripts to create a maze of directory structures to house their wares on your computer. They may use a combination of names with spaces in them, and in some cases use extended characters (characters outside the normal alpha-numeric range). Deleting these directories through normal means may be difficult, if not impossible, for the average user. Many people wind up wiping their system and re-installing it, and that is if they’re lucky enough to find out their system has been compromised.

The above is a perfect example of why the statement, "I’m not worried about being hacked. What do I have that a hacker would want?" is not a good position to take. The fact is, you do have something they want, your computers resources. Why should a hacker store tons of illegally obtained files on their systems when they can use yours.

The Good, The Bad, And The Ugly
——————————-

The Good
——–
When I was young I use to spend hours upon hours on the Internet Relay Chat, also know as the IRC. The IRC is another method of Internet communication, which has been around for quite a long time. When I was a frequent user of the IRC, it was just plain fun. You would meet all kinds of people from all over the world. It was the instant messenger of the time.

The Bad
——-
Today, the IRC is a huge communications network. It is made up of thousands of channels, and can be accessed by pretty much any operating system platform. It is also a favorite means of communication for hackers. They can discuss new exploits, methods of compromise, and even send and receive files. Many hacker groups use a cryptic language to communicate with each other on the IRC channels. Unless you know the language constructs they use, their conversations can look like a bunch of nonsense.

There are many exploits, backdoors, and Trojans that effect, or are contained in, the myriad of IRC clients on the Internet. Making sure you choose one that’s relatively safe to use is not an easy task. As an example, take a look at this list of IRC safety and security info at irc.org.

The Ugly
——–
It’s not just the exploits and security risks associated with using the IRC, which need to concern you. If a hacker is able to install an IRC relay agent on your computer, it can become a conduit through which they communicate and distribute information. In my line of work, I’ve identified many systems with IRC backdoors or relay agents installed. The only thing the end user typically experiences is a decrease in system performance and Internet access.

Just Open The Door And Let Them In Peer-to-Peer File Sharing
———————————-
If a total stranger were to knock on your door, and ask to come in to just hang out for awhile, would you let them in?; Most likely not. If you’re using peer-to-peer file sharing software to locate and download files on the Internet, you’re opening the door to destruction. Many of the file sharing services and software available on the Internet now tout themselves as being "safe" and "clean". This is as far from the truth as you can get. If you’re a regular user of these services, the chance of your computer being back-doored or hacked is significant.

If you have anti-virus software installed (and up-to-date), you’ve undoubtedly received messages regarding viruses when downloading files from peer-to-peer services. These are not the only things you could be downloading. Many hackers imbed root-kits in files and distribute them using peer-to-peer file sharing. Root kits contain many types of tools used by hackers to gain control over computers. If the installation of the kit on your computer goes undetected and is successful, it’s only a matter of time before your computer is completely compromised.

I can’t tell you how many times I’ve found company employees (and technical personnel) using peer-to-peer file sharing services. Any organization that permits this is putting itself at risk. And, the risk is much greater as compared to a single home computer because of the number of potential internal targets.

Conclusion
———-
Of course, the above is just a few examples of different methods and types of computer compromise. There are many ways your computer can be hacked. Your best defense is a good offense along with education and awareness. When you configure your computer make sure you enable only the software and services that you need. Many programs have known exploits and / or require additional steps be taken to adequately secure them.

Don’t make the assumption that you are not a target just because you don’t think you have anything of interest on your computer.

If our computer becomes unstable or dramatically decreases in performance, don’t assume it’s just a quirk or that it’s time to upgrade.

Make sure you have a software or hardware firewall in place to protect you from the Internet. Your firewall should be configured not to allow anonymous inbound access from the Internet. This is the default configuration for most firewalls, but you should make sure the one you are using is properly configured.

Make sure you have adequate virus and spyware protection, and your pattern signatures are up-to-date. Many anti-virus applications work on a subscription basis. It’s not uncommon to find out your subscription expired. If it is expired, your software may not protect you from new and emerging threats.

And, do what ever you can to stay away from any type of Internet peer-to-peer file sharing service. No matter how safe the developer claims it is.

About The Author
—————-
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Darren you can e-mail him at Darren.Miller@ParaLogic.Net or DefendTheNet@ParaLogic.Net.

If you would like to know more about computer security please visit us at our website. If someone you know has sent you this article, please take a moment to visit our site and register for the free newsletter at Newsletter Subscribe.

Original URL
————
http://www.defendingthenet.com/NewsLetters/HaveYouBeenHacked.htm

The most frustrating part of having Spyware on your computer is the sheer feeling of helplessness that is invoked. Your computer slows down, it no longer does what you instructed it to, it seems to have a mind of its own. You effectively have lost control of your computer. Spyware (also referred to as Adware or Malware) is software that is installed on your computer without your consent. Spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your Internet surfing, or record your keystrokes, which, in turn, could lead to identity theft.

Here are some of the symptoms that indicate Spyware is on a computer:

•a barrage of pop-up ads

•a hijacked browser — that is, a browser that takes you to sites other than those you type into the address box

•a sudden or repeated change in your computer’s Internet home page

•new and unexpected toolbars

•new and unexpected icons on the system tray at the bottom of your computer screen

•keys that don’t work (for example, the “Tab” key that might not work when you try to move to the next field in a Web form)

•random error messages

•sluggish or downright slow performance when opening programs or saving files

Follow these precautions in order to help prevent Spyware installation:

•Update your operating system and Web browser software. Your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that Spyware could exploit.

•Download free software only from sites you know and trust. It can be appealing to download free software like games, peer-to-peer file-sharing programs, customized toolbars, or other programs that may change or customize the functioning of your computer. Be aware, however, that some of these free software applications bundle other software, including Spyware.

•Don’t install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software. If the EULA is hard to find — or difficult to understand — think twice about installing the software.

•Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the “Medium” setting for Internet Explorer. Keep your browser updated.

•Don’t click on any links within pop-up windows. If you do, you may install Spyware on your computer. Instead, close pop-up windows by clicking on the “X” icon in the title bar.

•Don’t click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs Spyware.

•Install a personal firewall to stop uninvited users from accessing your computer. A firewall blocks unauthorized access to your computer and will alert you if Spyware already on your computer is sending information out.

You may freely reprint this article provided the author’s biography remains intact:

John Mussi is the founder of Direct Online Loans who help UK homeowners find the best available loans via the http://www.directonlineloans.co.uk website.

Fishing on the Internet has come a long way. However, we TechWeb junkies like to call it Phishing. What I am talking about here is not going after your ordinary, everyday catch. Yet a fine catch it indeed may be to those thieving bandits if they can lure you into giving up your personal and private information. Trickery is vast and common on the World Wide Web. Beware, I say, beware!

Email schemes, called “phishing” or “carding”, attempt to trick consumers into disclosing personal and/or financial information. The emails appear to come from legitimate companies with whom consumers may regularly conduct business. I have seen scams appear to come from such noteworthy corporation as AOL, Earthlink, Paypal, eBay, or major credit card issuers. Often times the email threatens termination of accounts unless consumers update billing information.

Phishing comes around in all forms. How many of you have had some Nigerian Prince that just inherited 35 million US dollars offer to share it with you for one reason or another? How many of you have received an e-mail supposedly from your bank that for “security reasons” requests you to click a link that takes you to an online form to fill out, requesting all your personal and confidential information about your bank account?

A word to the wise: there is no Prince in Nigeria that needs your help, and your bank will never ask you for that info in an e-mail!

The latest Internet scam appears to come from the South African Department of Mining. “Resources and we are in dire need of a foreign partner to assist us in the receipt and investment of US$15,500,000.00…” All they request is a secure place to deposit the lump sum on US territory, and you will gain a large piece of the pie. WOW, what a deal!

Another I received comes from Johnson Mgabe, the son of the leader of the Republic of Zimbabwe Agricultural Commission. His father has just been assassinated, and he, the only remaining heir, is trying to escape. If you help him, he will give you lots of dough! Right on! “Please e-mail and tell me of your decision. I am ready to pay you 25% of the money [$45.5 Million] for your help, 5% shall go for expenses you might incur during the transaction. The remainder [70%] shall be mine.”

Ok, ok, I am convinced; here is my private bank account, my SSN, DL# and address. Please tell me what I need to do next. Are they for real? Seriously though, if people didn’t fall for these types of stunts, there wouldn’t be so many floating around. Identity theft has become more and more rampant in this techno traveling world.

Again I say, beware.

Many of these email schemes contain links to “look-alike” websites that are loaded with actual trademarked images. The websites then instruct consumers to “reenter” their credit card numbers, social security numbers, bank PINs, or other personal information. If consumers actually provide the information requested, the data goes to scammers, not the legitimate company whose name is on the site. Thereafter, the data is often used to order goods or services and/or to obtain credit in the name of the consumer and potentially, steal your identity.

Again, I say, beware!

Rule for the road:

If you receive a precarious e-mail asking you for personal information, chances are it is a scam. It is better to be safe than sorry.

By Greg Richburg
Netricks, Inc.

All past articles written by Greg Richburg are available at http://www.netricks.com/news. Please address article suggestions to: info@netricks.com.

Greg Richburg is a Microsoft Certified Systems Engineer and the owner of Netricks, Inc. a network consulting, web design and hosting company located in Fresno, CA.

Visit Netricks at http://www.netricks.com Richburg also runs KlickCommerce, anInternet based marketing system for Ujena brand clothing. See http://www.klickcommerce.com for details.

More of Richburg’s work may be seen at http://www.valley411.com

Virus damage estimated at $55 billion in 2003. "SINGAPORE - Trend Micro Inc, the world’s third-largest anti-virus software maker, said Friday that computer virus attacks cost global businesses an estimated $55 billion in damages in 2003, a sum that would rise this year. Companies lost roughly $20 billion to $30 billion in 2002 from the virus attacks, up from about $13 billion in 2001, according to various industry estimates." This was the story across thousands of news agencies desk January 2004. Out of $55 billion, how much did it cost your company? How much did it cost someone you know?

I. The Why
There is an average of 10-20 viruses released every day. Very few of these viruses actually make ?Wild? stage. Viruses are designed to take advantage of security flaws in software or operating systems. These flaws can be as blatant as Microsoft Windows NetBIOS shares to exploits using buffer overflows. Buffer overflows happen when an attacker sends responses to a program longer then what is expected. If the victim software is not designed well, then the attacker can overwrite the memory allocated to the software and execute malicious code.

People make viruses for various reasons. These reasons range from political to financial to notoriety to hacking tools to plain malicious intent.

Political: Mydoom is a good example of a virus that was spread with a political agenda. The two targets of this virus were Microsoft and The SCO Group. The SCO Group claims that they own a large portion of the Linux source code threatened to sue everyone using Linux operating systems (with "stolen" programming source). The virus was very effective knocking down SCO’s website. However, Microsoft had enough time to prepare for the second attack and efficiently sidestepped disaster.

Financial: Some virus writers are hired by other parties to either leach financial data from a competitor or make the competitor look bad in the public eye. Industrial espionage is a high risk/high payout field that can land a person in prison for life.

Notoriety: There are some that write viruses for the sole purpose of getting their name out. This is great when the virus writers are script kiddies because this helps the authorities track them down. There are several famous viruses that have the author’s email in the source code or open script

Hacking Hackers sometimes write controlled viruses to assist in the access of a remote computer. They will add a payload to the virus such as a Trojan horse to allow easy access into the victims system.

Malious: These are the people that are the most dangerous. These are the blackhat hackers that code viruses for the sole intention of destroying networks and systems without prejudice. They get high on seeing the utter destruction of their creation, and are very rarely script kiddies.

Many of the viruses that are written and released are viruses altered by script kiddies. These viruses are known as generations of the original virus and are very rarely altered enough to be noticeable from the original. This stems back to the fact that script kiddies do not understand what the original code does and only alters what they recognize (file extension or victim’s website). This lack of knowledge makes script kiddies very dangerous.

II. The How
Malicious code has been plaguing computer systems since before computers became a common household appliance. Viruses and worms are examples of malicious code designed to spread and cause a system to perform a function that it was not originally designed to do.

Viruses are programs that need to be activated or run before they are dangerous or spread. The computer system only becomes infected once the program is run and the payload has bee deployed. This is why Hackers and Crackers try to crash or restart a computer system once they copy a virus onto it.

There are four ways a virus can spread:
1.) Email
2.) Network
3.) Downloading or installing softwarev 4.) Inserting infected media

Spreading through Email
Many emails spread when a user receives an infected email. When the user opens this email or previews it, the virus is now active and starts to immediately spread.

Spreading through Network
Many viruses are network aware. This means that they look for unsecured systems on the network and copy themselves to that system. This behavior destroys network performance and causes viruses to spread across your system like wildfire. Hackers and Crackers also use Internet and network connections to infect systems. They not only scan for unprotected systems, but they also target systems that have known software vulnerabilities. This is why keeping systems up to date is so important.

Spreading through manual installation
Installing software from downloads or disks increase the risk of infection. Only install trusted and scanned software that is known to be safe. Stay away from freeware and shareware products. These programs are known to contain Spyware, Adware, and viruses. It is also good policy to deny all Internet software that attempts to install itself unless explicitly needed.

Spreading through boot sectors
Some viruses corrupt the boot sector of disks. This means that if another disks scans the infected disk, the infection spreads. Boot sector viruses are automatically run immediately after the disk is inserted or hard drive connected.

III. Minimizing the effect of viruses and worms
We have all heard stories about the virus that destroyed mission critical company data, which cost companies months to recover and thousands of dollars and man-hours restoring the information. In the end, there are still many hours, costs, and would be profits that remain unaccounted. Some companies never recover fully from a devastating attack. Taking simple precautions can save your business

Anti-virus Software
Another step is to run an antivirus program on the local computer. Many antivirus programs offer live update software and automatically download the newest virus definitions minutes after they are released (Very important that you verify these updates weekly if not daily). Be careful of which antivirus program you chose. Installing a PC antivirus on a network can be more destructive on performance than a virus at work. Norton makes an effective corporate edition specifically designed for Windows NT Server and network environments. When using antivirus software on a network, configure it to ignore network drives and partitions. Only scan the local system and turn off the auto protection feature. The auto-protect constantly scans your network traffic and causes detrimental network issues. Corporate editions usually have this disabled by default. PC editions do not.

Email Clients Do not open emails from unknown sources. If you have a website for e-commerce transactions or to act as a virtual business card, make sure that the emails come up with a preset subject. If the emails are being sent through server side design instead of the users email client, specify whom it is coming from so you know what emails to trust. Use common sense when looking at your email. If you see a strange email with an attachment, do not open it until you verify whom it came from. This is how most MM worms spread.

Disable preview panes in email clients. Email clients such as Outlook and Outlook Express have a feature that will allow you to preview the message when the email is highlighted. This is a Major security flaw and will instantly unleash a virus if the email is infected.

It is also a good idea to turn off the feature that enables the client to view HTML formatted emails. Most of these viruses and worms pass by using the html function "< i f r a m e s r c >" and run the attached file within the email header.

We will take a quick look at an email with the subject header of "You’re now infected" that will open a file called readme.exe.

"Subject: You’re now infected MIME-Version: 1.0 Content-Type: multipart/related;

type="multipart/alternative";

boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 To: undisclosed-recipients:;

–====_ABC1234567890DEF_==== Content-Type: multipart/alternative;

boundary="====_ABC0987654321DEF_====" *** (This calls the iframe)

–====_ABC0987654321DEF_==== Content-Type: text/html;

charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

< H T M L > < H E A D > < / H E A D > < B O D Y b g C o l o r = 3 D # f f f f f f > < i f r a m e s r c = 3 D c i d : EA4DMGBP9p height=3D0 width=3D0> *** (This calls readme.exe) < / i f r a m e > < / B O D Y > < / H T M L >

–====_ABC0987654321DEF_====–

–====_ABC1234567890DEF_==== Content-Type: audio/x-wav;

name="readme.exe" *** (This is the virus/worm) Content-Transfer-Encoding: base64 Content-ID: *** (Notice the < i f r a m e s r c = ? >)

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9u YWwvL0VOIj4NIDxodG1sPg08aGVhZD4NPHRpdGxlPldobydzIHRoZSBiZXN0LS0tLS0tPyAt IHd3dy5lemJvYXJkLmNvbTwvdGl0bGU+DQ0NDTxzY3JpcHQgbGFuZ3VhZ2U9amF2YXNjcmlw dCBzcmM9aHR0cDovL3d3dzEuZXpib2FyZC5jb20vc3BjaC5qcz9jdXN0b21lcmlkPTExNDc0 NTgwODI+PC9zY3JpcHQ+DTxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPg08IS0tDWZ1 bmN0aW9uIE1NX29wZW5CcldpbmRvdyh0aGVVUkwsd2luTmFtZSxmZWF0dXJlcykgeyAvL3Yy

*** Broken to protect the innocent. (Worm is encoded in Base64)

aHJlZj1odHRwOi8vY2l0YWRlbDMuZXpib2FyZC5jb20vZmNhbGhpc3BvcnRzZnJtMT5Gb290 YmFsbDwvYT4NIA08Zm9udCBjb2xvcj0jRkYwMDAwPiAtIDwvZm9udD4NDTxicj48YnI+PGJy Pjxicj5Qb3dlcmVkIEJ5IDxhIGhyZWY9aHR0cDovL3d3dy5lemJvYXJkLmNvbS8+ZXpib2Fy ZK48L2E+IFZlci4gNi43LjE8YnI+Q29weXJpZ2h0IKkxOTk5LTIwMDEgZXpib2FyZCwgSW5j Lg08L2NlbnRlcj4NPC9ib2R5Pg08L2h0bWw+DQ0NDQoNCj==

–====_ABC1234567890DEF_====–"

Email Servers The first step to minimizing the effect of viruses is to use an email server that filters incoming emails using antivirus software. If the server is kept up to date, it will catch the majority of Mass Mailer (MM) worms. Ask your Internet Service Provider (ISP) if they offer antivirus protection and spam filtering on their email servers. This service is invaluable and should always be included as the first line of defense.

Many companies house an internal email server that downloads all of the email from several external email accounts and then runs an internal virus filter. Combining an internal email server with the ISP protection is a perfect for a company with an IT staff. This option adds an extra layer of control, but also adds more administration time. Sample specs for an internal email server are:

Setup #1
* Linux: OS
* Sendmail: mail server
* Fetchmail: Grabs email from external email addresses
* F-prot: Antivirus
* SpamAssassin: Spam Filter

Setup #2
* Win 2003 Server: OS
* Exchange: Email server
* Symantec antivirus: Antivirus
* Exchange Intelligent Message Filter: Spam Filter

Software Updates Keep you software up to date. Some worms and viruses replicate through vulnerabilities in services and software on the target system. Code red is a classic example. In august 2001, the worm used a known buffer overflow vulnerability in Microsoft’s IIS 4.0 and 5.0 contained in the Idq.dll file. This would allow an attacker to run any program they wanted to on the affected system. Another famous worm called Slammer targeted Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000.

When updating your software, make sure to disable features and services that are not needed. Some versions of WinNT had a web server called IIS installed by default. If you do not need the service, make sure it is turned off (Code red is a perfect example). By only enabling services you need, you decrease the risk of attack.

Telecommunications Security Install a firewall on the network. A firewall is a device or software that blocks unwanted traffic from going to or from the internal network. This gives you control of the traffic coming in and going out of your network. At minimum, block ports 135,137,139,445. This stops most network aware viruses and worms from spreading from the Internet. However, it is good practice to block all traffic unless specifically needed.

Security Policies Implementing security policies that cover items such as acceptable use, email retention, and remote access can go a long way to protecting your information infrastructure. With the addition of annual training, employees will be informed enough to help keep the data reliable instead of hinder it. Every individual that has access to your network or data needs to follow these rules. It only takes one incident to compromise the system. Only install proven and scanned software on the system. The most damaging viruses come from installing or even inserting a contaminated disk. Boot sector viruses can be some of the hardest malware to defeat. Simply inserting a floppy disk with a boot sector virus can immediately transfer the virus to the hard drive.

When surfing the Internet, do not download untrusted files. Many websites will install Spyware, Adware, Parasites, or Trojans in the name of "Marketing" on unsuspecting victims computers. Many prey on users that do not read popup windows or download freeware or shareware software. Some sites even use code to take advantage of vulnerability in Internet explorer to automatically download and run unauthorized software without giving you a choice.

Do not install or use P2P programs like Kazaa, Morpheus, or Limewire. These programs install server software on your system; essentially back dooring your system. There are also thousands of infected files floating on those networks that will activate when downloaded.

Backups & Disaster Recovery Planning Keep daily backups offsite. These can be in the form of tape, CD-R, DVD-R, removable hard drives, or even secure file transfers. If data becomes damaged, you would be able to restore from the last known good backup. The most important step while following a backup procedure is to verify that the backup was a success. Too many people just assume that the backup is working only to find out that the drive or media was bad six months earlier when they were infected by a virus or lost a hard drive. If the data that you are trying to archive is less then five gig, DVD-R drives are a great solution. Both the drives and disks have come down in price and are now a viable option. This is also one of the fastest backup methods to process and verify. For larger backups, tape drives and removable hard drives are the best option. If you choose this method, you will need to rotate the backup with five or seven different media (tapes, CD/DVD, removable drives) to get the most out of the process. It is also suggested to take a "master" backup out of the rotation on a scheduled basis and archive offsite in a fireproof safe. This protects the data from fire, flood, and theft.

In the Internet age, understanding that you have to maintain these processes will help you become successful when preventing damage and minimizes the time, costs, and liabilities involved during the disaster recovery phase if you are affected.

Resources

Virus Resources F-PROT: http://www.f-prot.com/virusinfo/ McAfee : http://vil.nai.com/vil/default.asp Symantec Norton: http://www.symantec.com/avcenter/ Trend Micro: http://www.trendmicro.com/vinfo/ NIST GOV: http://csrc.nist.gov/virus/

Free software AVG Anti-Virus - http://free.grisoft.com Free F-Prot - http://www.f-prot.com Free for home users

Free online Virus scan BitDefender - http://www.bitdefender.com/scan HouseCall - http://housecall.trendmicro.com McAffe - http://us.mcafee.com/root/mfs Panda ActiveScan - http://www.pandasoftware.es/activescan/activescan-com.asp RAV Antivirus - http://www.ravantivirus.com/scan

Free online Trojan scan TrojanScan - http://www.windowsecurity.com/trojanscan/

Free online Security scan Symanted Security Check - http://security.symantec.com/sscv6 Test my Firewall - http://www.testmyfirewall.com/

More Security Resources Forum of Incident Response and Security Teams: http://www.first.org/ Microsoft: http://www.microsoft.com/technet/security/current.aspx SANS Institute: http://www.sans.org/resources/ Webopedia: http://www.pcwebopedia.com/ Definitions

Adware: *A form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user’s browsing patterns.

Software that is given to the user with advertisements already embedded in the application

Malware: *Short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.

Script Kiddie: *A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability.

Spyware: *Any software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer’s memory resources and also by eating bandwidth as it sends information back to the spyware’s home base via the user’s Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers.

Trojan: *A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

The term comes from a story in Homer’s Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse’s hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

Virus: *A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.

Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

Worm: *A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer’s resources and possibly shutting the system down.

* Definitions provided by Webopedia

A special thanks goes out to the CISSP community, various Chief Information Security Officer (CISO)s, and to those in the Risk assessment specialty of Information Systems Security for their help in proof reading and suggestions.

Jeremy Martin CISSP,CHS-III,CEH
http://www.infosecwriter.com

A crowded marketplace can lead to unethical webmasters using underhand techniques to get ahead of their competitors and online plagiarism is one of the easiest.

I had worked hard on the copy for my sales page at Watch Live Football (http://www.watchlivefootball.com), ensuring the copy was relevant to potential customers and contained keyword rich phrases to assist with search engine ranking.

Understandably, I was incensed when I found not one, but two websites selling a similar service had not just pinched a few key phrases here and there from my website, but had reproduced the entire text verbatim!

I found these offending websites by using Copyscape (http://www.copyscape.com) which is an invaluable, free tool, in the battle against online plagiarism.

It highlighted that my competitors had stolen 254 words from my sales copy despite there being a clear copyright logo at the foot of each page of my website. However, this alone does not prevent an unscrupulous webmaster and CTRL & C command in full flow.

Fortunately, dealing with plagiarism on the internet can be a straightforward process and incidents resolved quickly and amicably before any real ‘action’ needs to be taken.

This is how I ensured my sales copy was removed from the two offending websites in less than 24 hours of discovery.

Write a polite, but firm email to the webmaster of the offending website and explain that you have found your copyrighted work has been illegally reproduced on it. If you have used Copyscape to detect plagiarism you could even include the link that highlights the illegally used copy and states an actual word count.

Inform the webmaster your material should be removed from their website within a certain time frame, I chose 48 hours, or you will take the following action:

1. Contact their web hosting company and inform them of the webmaster’s abuse. A WHOIS search (e.g. http://www.whois.sc) can reveal plenty of information about a particular website, including hosting information and also contact details of the individual or company that registered the website.

A personal introduction, for example, ‘Dear Mr Smith’, is very effective when making the first contact to combat plagiarism, especially if this information is not readily available on the ‘Contact’ section of the offending website!

2. In case the offending webmaster does not take the prospect of the above action seriously then you should also clearly state you intend to file a notice of Digital Millenium Copyright Act (DCMA) infringement with search engines such as Google and Yahoo.

This action can potentially ruin a web business as the search engines take a dim view of plagiarism and can remove an offending site from their search results should an infringement claim be justified.

You can also point out that you can prove your website is the originator of the copy by using the Internet Archive (http://web.archive.org/).

These simple procedures should be enough to persuade an offending webmaster to remove your material without the need for legal action which can be a long, drawn out and expensive process.

© 2005 David Walker

David Walker is the Managing Director of Magic Hat Ltd (http://www.magichatltd.co.uk), a company which provides webmasters with a range of brand new sports, gambling and entertainment affiliate programmes to promote.

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to 34. Capable of creating chaos worldwide."

The above description is the profile of the average computer-virus writer, according to Jan Hruska, the chief executive of British-based Sophos PLC, the world’s fourth-largest anti-virus solutions provider.

"They have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self- replicating codes. It’s a form of digital graffiti to them," Hruska added.

To create and spread cyber infections, virus writers explore known bugs in existing software, or look for vulnerabilities in new versions.

With more and more new OS (operating system) versions, there will be more new forms of viruses, as every single software or OS will carry new features, and new executables that can be carriers of the infection.

Executables are files that launch applications in a computer’s operating system, and feature more prominently in new platforms like Microsoft’s Windows 2000 and Windows XP than they did in the older DOS or Windows 3.1.

Virus writers also share information to create variants of the same infection, such as the Klez worm, which has been among the world’s most prolific viruses.

The Klez, a mass-mailing worm that originated in November 2001, propagates via e-mail using a wide variety of messages and destroys files on local and network drives.

But the news gets worse. Recent events have uncovered what may be a new trend: spammers paying virus writers to create worms that plant an open proxy, which the spammer then can use to forward spam automatically. Many suspect this occurred with the SoBig virus.

The Sobig worms, began spreading in the early part of 2003. The unusual thing about them was they contained an expiration date and were given a short life cycle to see how features worked in the wild.

Having an expiration date also makes the virus more dangerous, because most people would have been alerted to the new worm within a few weeks and anti-virus definitions would have been updated.

A variant of Sobig, Sobig-F was so efficient that just a few infected machines could send thousands of messages. Sobig-F created a denial-of-service effect on some networks, as e- mail servers became clogged with copies of the worm.

According to Mikko Hypponen, manager of anti-virus research for Finland-based F-Secure Corp, Sobig-F sent an estimated 300 million copies of itself.

Computer Economics, Inc. states, "Nearly 63,000 viruses have rolled through the Internet, causing an estimated $65 billion in damage." However criminal prosecutions have been few, penalties light and just a handful of people have gone to prison for spreading the destructive bugs.

Why is so little being done? Antiquated laws and, for many years, as crazy as it sounds, a "wink, wink" or even admiring attitude toward virus creators.

One person has been sent to prison in the United States and just two in Britain, authorities say. But the low numbers are "not reflective of how seriously we take these cases, but more reflective of the fact that these are very hard cases to prosecute," said Chris Painter, the deputy chief of computer crimes at the U.S. Department of Justice.

So what can you do to protect yourself against computer viruses?

Well, first and foremost, make sure you have proven anti-virus protection like like Symantec’s Norton Anti-Virus or McAfee’s ViruScan.

In addition, If you haven’t already done so, I highly recommend installing Microsoft’s Service Pack 2. SP2 tightens your PC’s security with a new Windows Firewall, an improved Automatic Updates feature, and a pop-up ad blocker for Internet Explorer. Plus, the newly minted Security Center gives you one easy-to-use interface for keeping tabs on your PC’s security apps.

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to 34. Capable of creating chaos worldwide."

Now, I’m no psychiatrist, but to me, the above description sounds more like someone with a few "bats in the belfry!"

About The Author

Dean Phillips is an Internet marketing expert, writer, publisher and entrepreneur. Questions? Comments? Dean can be reached at mailto: dean@lets-make-money.net

Visit his website at: http://www.lets-make-money.net

Spyware protection software is the easiest way of removing spyware from your computer and keeping it away. It detects and removes all pieces of spyware and adware automatically. Spyware is extremely difficult to remove manually and should only be removed with spyware protection software.

Spyware protection software is designed to not only get rid of spyware viruses but will shield you and your computer from destructive hackers, data thieves, malicious e-mail attachments, and other emerging Internet threats. It keeps these dangerous viruses from getting into your computer in the first place.

You might be asking if there are free spyware cleaners available why would you want to purchase spyware protection software. The free spyware cleaners are good programs to get rid of spyware viruses you already have on your computer now. But how much of your personal information, passwords and even credit card numbers did these programs send out before they were removed?

Also, many spyware programs automatically reinstall themselves even after they are removed. So you have a false sense of security because the hacker designed the spyware program to start right back up again. Free spyware cleaners should be a warning to you and not a permanent solution to solve spyware and adware problems.

Spyware protection software is designed to find all of these hidden programs and disable them before they have a chance to work. It is the best way of removing spyware and adware from your computer and keeping it away. Whether you take our recommendations or someone else’s it’s important that you get spyware protection software installed immediately.

Spyware dangers have become so common, they have now moved ahead of viruses as the number one danger facing computer users today. It’s worth a little time and a little cost now to invest into quality spyware protection software. Your personal information and computer are at risk until you do.

Copyright © 2005 Spyware Information.com All Rights Reserved

This article is provided by http://www.spyware-information.com where you will find free spyware cleaners, downloads, removal software, valuable tips and updated articles about adware and spyware removal programs to protect your identity. For other informative spyware and adware articles go to http://spyware-information.com/articles_1.html