Slashdot Mirror

http://www.networkworld.com/ne...
http://www.dshield.org/diary/U...
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2...
http://www.networkworld.com/ne...
http://politics.slashdot.org/s...
http://www.theregister.co.uk/2...
http://blog.cloudflare.com/dee...
http://threatpost.com/dns-base...
http://www.webroot.com/blog/20...

APK

P.S.=> Router DNS issues are next... apk

More times ads have infected MILLIONS of users http://www.webroot.com/blog/20...
http://nakedsecurity.sophos.co...
http://dshield.org/diary/Malic...
http://slashdot.org/story/1964...
http://it.slashdot.org/story/1...

APK

P.S.=> Now, what's that you said about "they don't hurt that much"? They've INFECTED MILLIONS dozens of times over the past decade which I've shown evidences of ontop of those above, here http://developers.slashdot.org... & here too http://developers.slashdot.org... !!! apk

That's exactly what Mebromi malware does. Its BIOS rootkit component restores infected Master Boot Record (MBR): http://www.webroot.com/blog/20...

Don't know if it's the best, but it's the one the WSJ recommended a year or so ago. Yet for the last few months a pretty bad bug, failure to update, has affected many users: http://community.webroot.com/t5/Webroot-Mobile-for-Android/Definition-Update-Failed/td-p/9404 A fix is finally due this week, they say.

The problem is that many phones have very little volatile memory available. On my phone, apps like Facebook and Youtube and Twitter and Poynt cannot be deleted, nor the detested music content app of my provider. These are among the apps constantly demanding updates, and probably memory.

Otherwise it's a pretty good deal at $35/month for phone service & data, no contract (Sprint reseller), so it's a tradeoff

Useless apps clogging up the ability to scan for current viruses
vs.
reasonable cost
vs.
rooting the phone.

The latter is confusing enough from what I can tell, but might allow tethering.

"Security-by-Obscurity"/lack of usership + marketshare allows for this from you, but, nothing more:

"That's because they generally *don't* get VIRUSES (see what I did there?)." - by ilsaloving (1534307) on Thursday April 05, @10:00AM (#39584241)

See my subject-line, & realize something: Today's 'hacker/cracker' isn't using TRADTIONAL VIRUSES (the type that attach to an executables' "tail" & alter its jump tables for functions used, and increases an executable's size in doing so).

They're instead using things like ADOBE products flaws, &/or JAVA known flaws in security issues.

That's what MOSTLY everyone who is "hit" by malware is hit by from today's "malware makers" (script kiddies mostly using tools for automating creation of exploits no less).

These malware makers are JUST LIKE THE PICKPOCKET - they will NOT spend efforts targetting a least used platform.

On less used computing platforms of ANY kind?

There's just NOT enough "ROI" for said effort in malware creation, AND, not enough users to target for monetary thieving returns (and yes, they are after your monies &/or personal information like credit card #'s... it's not a kid's game anymore, but REAL crime).

Just like pickpockets do? They go to where the CROWDS ARE on any computing platform (more on THAT below, with a *NIX variant no less)... to the "crowded malls, train & bus stations, & city streets" of Windows on PC's &/or Servers combined... this is where the "easy meat" noob users who are simpler to victimize, are.

Period/Point-blank.

---

"The security settings on unix based systems are usually more strict than on windows machines." - by ilsaloving (1534307) on Thursday April 05, @10:00AM (#39584241)

Tell that to the ANDROID folks... Android IS a Linux variant (it uses a Linux kernel/core, but isn't as secured for 'ease of use' by end users) on another computing platform: THE SMARTPHONE!

There, Android (a linux variant) is "king"... what happens to it? Ok, some examples (from reputable security sites etc.):

3,325% increase in malware targetting ANDROID:

http://blog.webroot.com/2012/02/17/report-3325-increase-in-malware-targeting-the-android-os/

Security firms: Android malware set to skyrocket @ The Register:

http://www.theregister.co.uk/2011/09/15/android_malware_skyrockets/

Android Malware May Have Infected 5 Million Users - Slashdot

http://yro.slashdot.org/story/12/01/28/0431251/android-malware-may-have-infected-5-million-users

More than $1 million stolen from Android users in 2011, mobile threats to increase in 2012:

http://www.bgr.com/2011/12/14/more-than-1-million-stolen-from-android-users-in-2011-mobile-threats-to-increase-in-2012/

Android bug lets attackers install malware without warning @ The Register:

http://www.theregister.co.uk/2011/09/20/google_android_vulnerability_patching/

APK

P.S.=> Would you like MORE such examples? I have, oh, roughly another 100++ or thereabouts... apk

"Despite Microsoft attempting to buy scare stories with free phones, malware on Android is rare and generally easily removed." - by ozmanjusri (601766) on Monday April 02, @03:24AM (#39546627)

So is Windows malwares (even rootkits): What was your point? To show that my point, that the MOST USED OS on any given computing platform will be attacked & abused?? Thank you then I suppose for helping me make my point!

* Trying to make it out like some "M$ CON$PIRACY" though, on YOUR PART in "buying stories"? Please... lol! It's a FACT & widely known that ANDROID, a linux variant (because it surely doesn't use Windows or MacOS X @ its core) is being torn up... why?? See my original posts on 'the most used OS on any given computing platform will become the preferred target of malware makers'... period.

APK

P.S.=> Here's some "food 4 thought" on that very account since you like posting links? I can too, by the truckload (from reputable sources including the security community):

3,325% increase in malware targetting ANDROID:

http://blog.webroot.com/2012/02/17/report-3325-increase-in-malware-targeting-the-android-os/

Security firms: Android malware set to skyrocket â The Register

http://www.theregister.co.uk/2011/09/15/android_malware_skyrockets/

Android Malware May Have Infected 5 Million Users - Slashdot

http://yro.slashdot.org/story/12/01/28/0431251/android-malware-may-have-infected-5-million-users

More than $1 million stolen from Android users in 2011, mobile threats to increase in 2012

http://www.bgr.com/2011/12/14/more-than-1-million-stolen-from-android-users-in-2011-mobile-threats-to-increase-in-2012/

Android bug lets attackers install malware without warning â The Register

http://www.theregister.co.uk/2011/09/20/google_android_vulnerability_patching/

(Would you like MORE? I have, oh, roughly another 100++)...

... apk

There's some very useful info about Mebromi here:
http://blog.webroot.com/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/

It only affects Windows machines with Award BIOS's and seems to be pretty hard to get rid of. Maybe this level of infection will someday force Microsoft to consider implementing a permissions-based filesystem to reduce the possibility of this type of infection in the first place.

Cheapest/easiest solution: buy a new mobo.
You may also be able to flash a backup using a Linux live CD as Mebromi is a Windows infector. If the virus infects Linux, use an MS-DOS boot disk (assuming there's an MS-DOS fversion of your BIOS flash utility). Never used it, but there's some info here:
http://www.bay-wolf.com/bootcd-bios.htm

Best prevention: disable BIOS flashing in your setup (if YOU need to flash your bios, enable it, flash, and then disable again).

It's not just that it was first discovered by a Chinese security firm. It also appears to be targeted at Chinese PCs. From the original post:

The infection is clearly focused on Chinese users, because the dropper is carefully checking if the system it’s going to infect is protected by Chinese security software Rising Antivirus and Jiangmin KV Antivirus.

Makes one wonder who developed it and what the intent was.

Could you perhaps provide an example of a search query that Google does substantially better than Bing?

Bing's problems are well known.

Could you provide a reason you've been living under a rock for the past 6 months, but suddenly decided to pop out to troll for MS?

http://www.sysinternals.com/Utilities/RootkitRevea ler.html has a tool that can help flesh out all those registry and file system API discrepancies for further study.

Of course it's always safe to run AdAware[ http://www.lavasoft.com/ ] and if you have the budget, purchase WebRoot[ http://www.webroot.com/ ] for a fast, centralized cleaning in the enterprize environment.

It is so easy to blame someone else when people fail to keep their system updated and use a little common sense.

IMO, the big problem with Microsofts' automatic updates is that often you will get a new EULA that you have to agree to in order to get the update. I just did a fresh WinXP install that already had SP2 on it. There were a ton of post-sp2 updates and during those updates, I had to agree to a new EULA if I wanted to be patched. It is pretty sad that MS uses their auto update to force users to new licensing agreements.

My computer was infected by this exploit 2 weeks ago and I could remove it using Web Root's Spy Sweeper. The free version detected it and the payable one ($29.95) removed it.

But still I can't access the Task manager. I got an error message stating is was deactivated by the administrator.

http://www.webroot.com/

I am the IT director for a private university and we currently use Symantec's AV (enterprise edition) for desktop, server, and email protection. When I arrived in 2001, I inherited Command AV and it was a complete POS. My department spent more time cleaning viruses than anything else. Moving to Norton made an unbelievable improvement. We went from daily virus outbreaks to no virus problems for months. The administration console was great and it has been a mostly hands-off solution.

That said, I'm now looking for a new answer. As others have said, I've found a few machines infected in the past few months despite updated def files. The client is unable to clean most new viruses, instead only notifying us (so that we can download Stinger and fix it for real). The types of threats have changed and their product has failed to adequately keep up. We have more problems with spyware, adware, and other malware than viruses (and no, I'm not overlooking that our great AV product hides the actual level of viral threat) and Symantec's attempts to address this have been horrible. We finally purchased another product that has helped this problem. Symantec's Mail Security for Exchange has caused us numerous problems on our Exchange server and is noticeably resource intensive, plus it offers very little to combat spam, so we are in the process of moving to a Barracuda spam and AV firewall device.

Norton/Symantec's AV product was great when we moved to it almost four years ago, but it just isn't as impressive these days. Given other options available now, I do not intend to renew my licensing when it expires next year. I hope AVG's enterprise product continues to mature between now and then.

Webroot just announced $108 million in venture capital funding. I guess they're already starting to deploy it to drum up business.

Their expert is the Vice President of Threat Research at Webroot. That much is from the article. The article doesn't take the next logical step, however, and point out that Webroot is in the business of developing and selling software to prevent, detect and eleminate spyware. So it's certainly in this guy's interest for people to think that spyware is still a problem.

Their other expert is also from a company that makes similar software. So people who make anti-spyware software agree: you need anti-spyware software.

I'll be more concerned when independent parties think spyware in Firefox is an issue.

Funny how as Giant software it received top honors in recent spyscanner shootoffs, but now labeled as Microsoft it just can't get a top spot. I would be interested in seeing how the old Giant freeware compares to the new Microsoft Antispyware to see if people are just being blinded by their Microsoft bias in both directions.

One reader pointed out that the older article meant the software was tops, but in truth Spybot and Ad-aware, while they are great together for spyware removal, are not sufficient on their own and just not enterprise-ready. Webroot Spysweeper however, has a version of their software that serves the corporate market and is the right tool to compare against Microsoft's which is bound to get woven into Active Directory for centralized management. Webroot is being heavily marketed compared to Spybot and Ad-aware, so I no longer have faith that they will be the top scanners in a year's time. I've seen Webroot everywhere from a Dell configuration page to a WalMart shelf.

Another tool I would like to see it compared against is Sunbelt Counterspy because it was licensed from Giant and is still functionally identical in the GUI to what I'm seeing in the new Microsoft Antispyware. A test like this against identically infected systems would give an indication of whether Microsoft had altered the internal workings of the scan engine. If I recall, Counterspy did scan for tracking cookies, so it is possible that we are witnessing Microsoft's disassembly and reassembly of the product to better fit into the OS. Keep in mind that Microsoft Antispyware is still in beta, so any comparisons should be taken with a grain of salt until we have true apples to apples for comparison.

HOWEVER, if this product is made available to plug holes in their operating system, why is it that the information known about these holes (known holes!!!) cannot be used to either fix them permanently, or apply patches to the OS that effectively provide the same monitor agent functionality? I would also prefer that in the case of browser hijackings the browser just gets reset to "about: blank". Frankly, on alternate browser hijackings, I would prefer Microsoft to police their own turf and leave other products to manage their own security issues. While I love Mozilla products, I recognize that the Mozilla folks tend to live off the "we have no bugs" marketing, so if they have a problem with their browser getting homepage hijacked, they should fix the issue and not rely on Microsoft.

At the enterprise level we are using a Barracuda spam firewall, which since we installed it in Oct of 2004 has caught 789,000 infected emails. In addition we are running Symantec Antivirus on our domino servers. In addition we just rolled out Webroot Spysweeper Enterprise, and it all works great!

No more headaches due to virus and spyware!

Spy Sweeper Try this program in addition to SpyBot & AdAware. Spyware is one area where you need to seemingly use more and more programs to keep your system clean. Its one of the few known good pay-for-AntiSpyware products. Maybe even try Microsofts spyware? It surprises me how much stuff you find with each additional product you use. Crazy.

Since you seem to know what's going on I'm also going to suggest HiJackThis! Use it to find exactly what programs are opening on boot, and tons more information. If this is too much info for you just search google for HiJackThis Log Forums. Proffesional Nerds volunteer to help talk people thru the logs. Use it carefully as it is a powerfull tool.

I'm assuming you have some flavor of anti-virus and firewall.

If all else fails, maybe you need to format and upgrade to XP? Not sure if that's an option for ya tho.

I stopped using SpyBot & Adaware a long time ago.
They're most admirable projects, however, neither are comprehensive.
Often times, you have to run both to try to remove something, and there is still spyware installed.
Neither offers a preemptive system either (filtering web, watching the registry etc)

The *most* comprehensive program I have found is webroot SpySweeper.

It is incredibly thorough, has staff dedicated to finding new spyware strains, the ability to report suspicious files, the works.

You're right, the set of spyware tools tested is not among the best or even popular ones.

He should have tested these:

* Ad-Aware from Lavasoft
* Pest Patrol from Computer Associates
* Spy Sweeper from Webroot Software
* McAfee AntiSpyware from Network Associates
* Spyware Blaster from Javacool software

Check this out for a *real* review: http://spywarewarrior.com/asw-test-guide.htm

So where does this guy get his "paid" spyware removal applications? Clicking on popups? Oh... wait...

many of these utilities use aggressive marketing tactics in pop-up ads, spam, and keyword ads appearing alongside Google search results

Though I suppose this is how they sucker a lot of people and some people expect results if they pay for a utility, I would probably do at least a LITTLE research before paying for any app like that. The thing is, I would hardly consider this "most commercial anti-spyware software." So as far as this "test," he might as well do an article about Virtual Bouncer and how it removed his parasites for him.

Why didn't he test something like Spy Sweeper or Giant AntiSpyware? Those are paid ones that I would probably recommend if someone did want to pay for a program. At least that way, people would see that not ALL commerical products are crap - it does almost sound like that.

But really, Spybot isn't even cutting it anymore, IMO. AdAware is still doing well, but I've actually been more impressed with the other two I mentioned above - worth a look if you haven't checked them out - both have free trials that you would have no problems doing a removal with.

I've seen a lot of people mention AdAware and Spybot, but I figured I'd throw a couple other recommendations in. For the computers we get in at work, we use a combination of

Autoruns (Kind of like MSConfig on crack)
HiJack This
and some other scanner, usually Ad-Aware or SpySweeper.

SpySweeper makes for some impressive numbers, but it's unclear to me why these numbers are any higher than what other software detects. Maybe it counts too many cookies.

This is actually becoming a really common problem. I'm a senior in a four year B.S. in IT degree and at my summer job I spent almost the entire summer doing research and testing of various programs for global deployment.

In the end my recommendation and deployment was Webroot Software's SpySweeper Enterprise. After exhaustive testing it came out on top. DOn't get me wrong it has some problems too,b ut it's far and above better than anything else I could find and test.

Frankly, I would be surprised if the major corporate antivirus companies didn't jump in this market. The technology for detection and removal is quite similar and the antivirus products are much more mature than the current spyware removal products.

Remember, Ad-Aware and Spybot may be great for home, but they just don't scale well for global enterprise deployment. There is still time and a real need for a great enterprise spyware control client and server. As companies get other IT problems in order and they start talking to helpdesk employees who spend hours and hours every week removing spyware that's slowing down PCs they come to see this as a big need. It's too bad no one has magic software to fix it yet, but for my money and as of my testing this summer Webroot's SpySweeper enterprise just can't be beat. It's the most anti-virus like solution in terms of management and deployment. As an added bonus the sales and engineering teams at Webroot were more than responsive to our needs and worked with us to improve the product.

See: here for Pest Patrol, and here for Spy Sweeper. There was an article this month in Information Security Magazine.

I took a look at enterprise antispyware software for a client and particularly liked Webroot's Spy Sweeper Enterprise product. It provides centralized management and automatic deployment though you can do it manually as well. Definition upgrades as well as version upgrades of the sofware is also automated. Take a look at this page from their website. Lavasoft also has an enterprise product that is pretty good though I think Webroot has a slight edge.

for anyone interested, this is the spyware scanner tool that was by used EarthLink to come up with their stats.

I also highly recommend WebRoot SpySweeper. It is a bit expensive, but in my experience works even better than SpyBot - high praise indeed. Too bad the GUI sucks.

It's not free, but it works better than anything else I've tried, including AdAware and SpyBot. Too bad the interface sucks.

SpySweeper

I had been using both Lavasoft's Ad-Aware and Kolla's SpyBot Search and Destroy to keep my box free of crapware, before my boss turned me onto Webroot's Spy Sweeper.

I've been SpySweeper as my primary spyware scanning tool ever since, with Ad-Aware as a 2nd-scan chaser. On the rare occasion that Spy Sweeper misses something, Ad-Aware always gets it, with a 0% margin of error (when using Spybot S&D as a 3rd-round scanner). Conversely, there were a few occasions that Spy Sweeper missed something in Round #1, but Spybot S&D also missed a few in Round #2, so that it was necessary to run a 3rd scan at all using Ad-Aware.

To summarize: Spy Sweeper rocks. If you want even more security, run periodic Ad-Aware scans, and you should be spyware-free (assuming you keep your product definitions updated).

Yikes, having a bad day? Take a break, go for a walk or something! :)

1) Yes, the keylogger really was that bad. My machine running "ACertainOS 98SE(TM)" was rather stable (and fast) up until it was installed.

I agree, they are normally very simple programs. This one however was (is) quite bloated. It was trying to take snapshots of the desktop every few seconds and saving them as a JPEG (in C:\ also). It was called WinGuardian. Check it out sometime.

2) When I discovered what caused the crashing (googled for the file that crashed, 'sysctrl.exe', found out it was a keylogger), I went looking. Wasn't hard to find.

3) Oh c'mon, I'm allowed a few typos. :P

Now take a deep breath, drink a nice glass of warm milk and get some sleep mate!

But beyond amusement, this wouldn't serve much purpose IF you could pull it off. On a large enough scale, it might amount to a form of protest, but why? Okay...Doubleclick has become the poster child of the profiling evil empire. And now Coremetrics has received the brunt of the privacy policy ignorance of its clients, putting the spotlight on third party data-mining. In either case, cookies represent an essential tool to get their jobs done. If you don't like it...your options are simple:

• Configure your browser.
• Use a local proxy or filter. Adsubtract is a good one. I like Proxomitron.
• Use a browser "companion". IDcide works well. It's free.
• Use a proxy service that manages cookies like Privada or Freedom (yep, sneaking my affiliate ID in that URL). Zapada is a clever Java applet approach to keeping Doubleclick et.al. out.
• Periodically clean out your cookie files, either manually or using any number of file tools like Webroot's WindowWasher.
• Just install Doubleclick's opt-out cookie. I've assembled the URLs in one convenient location at http://webveil.com/optout.html.
• Or physically edit your cookie file/directory to be read only...after installing the cookies you want in order to get personalized service...like here at Slashdot.