• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Budfred

SWI Community News - September 2007

3 posts in this topic

Howdy everyone...

 

Welcome to the 4th Edition of SWI Community News!! We missed August, but hope to get back on a monthly track starting now, due to the clamoring of our dedicated fans (thanks Aegonis :rofl: ). Again this month we have some interesting lists and my rant on the state of the Internet. We hope you enjoy our newsletter and find it helpful. Please comment so we can find out what you want to see and what you find most helpful. We will put up another poll in a few months to see how people are responding, but you can comment at any time. Please do let us know if you don't like something and let others know if you do like something.

 

And here is the usual disclaimer:

 

Opinions and information expressed in this publication are not the responsibility of SpywareInfo.Com or it's owner, administrators or hosting services. Information and opinions posted here are the property of the respective author.

 

That also means that the material is subject to the copyright of the author and you need to cite the author if you quote any material from this publication elsewhere.

 

And as usual -- to get notification when a new SWI Community News is available, subscribe to the subscription topic and we will add notices of publishing to that topic so you will receive an email notice if you are set to receive notices of topics you are subscribed to.

 

Budfred's Rant

Criminals, Heroes and Vigilantes

 

If you spend much time online at all, you have seen that all of us are under attack by criminals. It started even before the Internet existed. In the early days it was mostly angry people who were invested in making life more difficult for other people by creating viruses and other garbage. Sometimes they did it just to get even with a world that they thought had treated them badly and sometimes they did it to compete with other angry people to see who could do the most damage, but it really wasn't about money. After a while, they figured out that they could make money as they messed with people's lives. Once the Internet got running full force, they were ready to start invading computers to steal information, redirect to "adult" sites, advertise all sorts of products you have no interest in and make you rich (yeah, right) by transferring funds for Nigerian princes. As the Internet evolved, the criminals evolved with it. At first, someone who was careful could easily avoid being exploited with some basic precautions. The criminals mostly exploited the most vulnerable people who visited risky sites and didn't use protection programs. Viruses evolved along with the Internet and became worms, trojans, adware, spyware, spam, phishing and so on. They have gotten much more sophisticated at playing on the psychology of the Internet users, but still mostly exploit the vulnerable who really aren't very computer literate. Today, it takes multiple protection programs and extreme care to prevent infection. Once infected, it is much more difficult to fix the problems they create and they very aggressively make efforts to disable the protection programs and the tools we use to remove the garbage they install. They have created huge "botnets" with enormous power at their disposal by infecting millions of computers with software that allows them to use those computers in their own networks. They then do things like attacking other computers or companies. For the last couple of weeks, a number of sites that are involved in fighting them have been under attack and the smaller ones are in danger of being wiped out. Even the larger sites are having to work hard to keep from being shut down and it is very expensive for them to maintain the strength to continue. All the while, the criminals are making billions of dollars while ruining lives all over the world.

 

An update since I started writing this: the biggest site under attack was not giving in, so they also began a "reputation attack" by using access to PayPal accounts they had stolen to send donations to that site. The owners of those accounts assumed the site had stolen their information and complained viciously in some cases. This means that the criminals became so desperate to hurt this site that they gave away some of their stolen accounts to attack them. Unfortunately for them, the site had very good contacts with law enforcement and PayPal that allowed them to not only prevent most of the damage, but also help the people whose accounts were stolen and provides some leads that may help to take the criminals down. This won't stop the criminals, but it may slow them down.

 

Then there are the heroes. I consider anyone who fights these criminals to be heroes, starting with the staff of this forum who donate a huge amount of their spare time every week to help people who come to SpywareInfo with infected computers looking for help. For many, it is like a second job, except that they do not get paid for it at all. Every thing we do at SWI is on a volunteer basis and that is true of most of the heroes fighting the criminals. While the criminals make billions exploiting people, we give away hours and hours of time to fight them. There are a lot more of our heroes than there are of their criminals, but, unfortunately, it only takes one criminal to steal the life savings of dozens or even hundreds of victims. We clean computers one at a time, they infect them by the hundreds. And they do this as their only job, probably on a part time basis so that they have time to maintain drug habits and other criminal activities. If you want to get an idea of the extent of the heroes, visit the Alliance of Security Analysis Professionals website where many of the malware fighting sites are registered. In addition to SWI, one of the most important sites to know about is CastleCops. They maintain the PIRT service which is involved in documenting and shutting down phishing sites. They are not simply trying to shut down individual sites, they are looking to gather the evidence to have the criminals brought to justice. They also now have the SIRT, MIRT and another service that is in development to fight the criminals. These are designed to go after "spam" scams, malware and another kind of attack. The MalwareComplaints site is involved in collecting your experiences with malware to report to various authorities who have the power to take action once they understand the magnitude of the problem. At SWI, we maintain a "Submissions for CastleCops databases" reporting forum for people to post about malware they have identified so that they can be added to lists maintained at CastleCops for the use of the malware fighting heroes and distributed to companies that make protection programs. The list goes on and on for the sites that host heroes and almost none of them are paid a penny for their efforts. The sites collect donations to keep them online, but the staff are almost always volunteers. Occasionally one of the heroes will be recognized with an award or even get a job from the work he or she does, but that is more of an exception than a rule. Many are not even computer professionals, but they have taken time to learn and give back to others struggling with malware. The main reward they receive is an occasional "Thank you" from someone they have helped.

 

Finally, there are the vigilantes. All of us who fight with the criminals would like to see them pay by spending a good long time behind bars or giving back for what they have stolen. Most of us have thought about ways to make that happen. However, some believe they need to take on this task themselves rather than rely on governments and law enforcement to do the job. Even as the attack goes on against the sites mentioned earlier, some of these vigilantes are bragging about attacking back. When it was pointed out that innocents will be harmed with the reverse attack, at least one of them insisted that it is the fault of the victim for not adequately protecting his or her computer. As a malware fighter, I am embarrassed by this. As much as I would like to shut down the criminals and even have angry thoughts about hurting them as they have hurt others; even in my angriest moment, I would not be able to justify hurting innocents. I also do not believe that taking on the same behavior of the criminals is in the best interest of the fight. When we use their tools to fight them and we hurt innocents, who is the criminal?? Most importantly, they will not actually succeed in causing harm to the criminals, except maybe to reduce receipts for one day. The heroes, who fight with legitimate tools and cooperate with the officials who are also trying to deal with the problem, have saved the public millions or even billions of dollars over the years. While we haven't been able to stop them, we have at least slowed them down which is why they attack our sites when they could be using their botnets to steal more money. The vigilantes are throwing buckets of water into the desert so that they embarrass themselves and malware fighters through their actions. Vigilantes in the comic books are exciting, in real life they are just another form of criminal.

 

So please, support your heroes here and in other forums. Protect your computer and your finances. And please do not try to strike back at the criminals with their methods or you will simply become another enemy for the heroes to fight.

 

Other things you can do to support your heroes:

 

Read the article "So how did I get infected in the first place?" which is linked at the top of each page at SWI and protect yourself.

Support your heroes with donations to their forums and let them know you appreciate them.

Post your complaints at Malware Complaints.

When you know about a new infection, report it for our database.

Share this post


Link to post
Share on other sites

Jedi’s Software (and Website) Reviews

 

Hello again,

 

It’s that time again! I’ve been scouring the internet at great personal risk to bring you my pick of the crop for this month. As always, I’ve picked only freeware programs and, as usual, these programs are my own choice. I welcome (constructive) feedback and criticism on my choices.

 

In these reviews I’ve so far avoided looking at security programs, as there is a wealth of information and opinion on these forums about major security programs such as anti-trojans, anti-viruses and firewalls. However, if you would like me to review particular security programs or search for a good specific security tool, (as long as they're available for free) please reply in the SWI Community News topic.

 

 

The first program I’m looking at this time is KeePass

 

http://keepass.info/

 

So many passwords, so little time. Many programs and websites want a password these days. Many spyware programs want to steal them from you. KeePass is a genuine Open Source award winning password manager. It’s resource-light, has an easy to understand GUI and is user friendly. It runs on all Windows versions apart from Win95, i.e. Windows 98/98SE, WinME, WinNT, Win2000, WinXP, Win2003 and Vista (both 32-bit and 64-bit).

“You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).”

There are versions for portable applications and for PocketPC, Linux, Mac, and so on:

http://keepass.info/download.html

KeePass is an excellent way to protect your data, work and identity; whether you’re on your home PC or carrying data with you.

 

Next, is StartUpLite.

 

http://www.malwarebytes.org/startuplite.php

 

One of the range of tools from Malwarebytes; StartupLite is a lightweight and easy to use start-up manager.

It states that it: "can disable or remove all known unnecessary startup entries from your computer and thus quicken the startup procedure of your system."

Though this is may be a slightly ambitious statement, it certainly detects a wide selection of unnecessary items and its ease of use makes it a handy addition. It's compatible with Windows 2000, NT, XP and Vista. It can be a good 'quick fix' for sluggish startups.

 

 

Next, the latest addition to the Firefox Add-on Corner is CustomizeGoogle.

 

http://www.customizegoogle.com/

 

This is an excellent extension for Firefox users. It not only improves Google’s search features, it adds security and anonymity too. I won’t list all the features here; follow the link and check them out for yourself. But for myself, the single best feature is Google Suggest, which starts to give you a drop-down list of suggestions as soon as you start to type in the Google search box. I now simply cannot live without this feature. If you’re a big Google user, and of course a Firefox user, you’ll love this.

 

And in conjunction with the above, (and a slight digression as this is a webpage rather than software) check out:

 

Seven ways to keep your search history private at PC Advisor:

 

http://www.pcadvisor.co.uk/news/index.cfm?newsid=8658

 

It includes a recommendation for CustomizeGoogle and other useful tips to keep your Search History private.

 

That's all from me -- more next month. Surf safe.

 

jedi

 

=========================

 

Share this post


Link to post
Share on other sites

The Good, Bad and Ugly News from TheJoker

 

The Good (relatively speaking)

 

German police have arrested 10 people suspected of being involved in an international Internet scam which could have cost victims hundreds of thousands of euros. An 18-month-long probe resulted in raids in several German cities and the arrests of 10 Russians, Ukrainians and Germans who police think were involved in phishing.

http://news.yahoo.com/s/nm/20070913/wr_nm/...ime_internet_dc

 

Three U.S. men and one man living in France have pleaded guilty to charges related to a stock manipulation scheme that included sending out tens of millions of spam messages to pump up the stock value of 15 companies, the U.S. Department of Justice said Thursday.

http://www.infoworld.com/article/07/09/06/...es-fraud_1.html

 

A Seattle man has been arrested in what the Justice Department described as its first case against someone accused of using file-sharing digital data to commit identity theft, using Limewire's file-sharing program to troll other people's computers for financial information, which he used to open credit cards for an online shopping spree.

http://apnews.myway.com/article/20070907/D8RG9DPG1.html

 

A recent graduate of Texas A&M University is charged with hacking into the school's computer system and illegally accessing information on 88,000 current and former students, faculty and staff members.

http://apnews.myway.com/article/20070907/D8RGJP3G0.html

 

 

The Bad

 

IBM has reported an increase in malware volume and sophistication as part of its security statistics report for the first half of the year. So far this year, IBM's X-Force research and development team has identified and analyzed more than 210,000 new malware samples, which is more than the total number of malware samples observed over the entirety of last year.

http://www.computerworld.com/action/articl...rc=news_ts_head

 

Layered Technologies has been targeted by malicious hackers who may have stolen passwords and other personal details on as many as 6,000 of its clients, the Texas-based web host provider warned. It is advising customers to change login credentials for all host details submitted in the past two years.

http://www.theregister.co.uk/2007/09/19/la...ach_disclosure/

 

Hackers are taking credit for at least three breaches at anti-piracy firm MediaDefender. The newly revealed attacks threaten to turn what started as an embarrassing e-mail leak into a full-blown security meltdown for the company.

http://www.wired.com/politics/security/new...9/mediadefender

 

Zero-day vulnerabilities in AOL and Yahoo instant messaging products could put millions of computer users at risk of malicious hacker attacks. Exploit code has been released for the more serious of the two flaws — a gaping hole in Yahoo Messenger — that could expose users to code execution attacks.

http://blogs.zdnet.com/security/?p=523

 

Kaspersky says they have discovered a nasty virus that came pre-installed on Maxtor external hard drives sold in the Netherlands. The virus, dubbed Virus.Win32.AutoRun.ah, was found on the Maxtor 3200 Personal Storage.

http://www.theregister.co.uk/2007/09/19/ma..._include_virus/

 

MPack, an easy-to-use malware toolkit that sells for as much as $1,000, has gone on to infect as many as 500,000 websites, according to some estimates. From January to June, Symantec counted slightly more than 212,000 new samples of malicious code, an almost three-fold increase from the last six months of 2006 and a more than four-fold increase from the first half of that year.

http://www.theregister.co.uk/2007/09/17/sy..._threat_report/

 

Arbor Networks' third annual worldwide infrastructure security report found that, for the first time, botnets surpassed distributed denial of service attacks as the top operational threat identified by service providers.

http://www.theregister.co.uk/2007/09/18/arbor_botnet_survey/

 

Stolen bank account numbers are commanding the highest price in an underground trade of personal details stolen by hackers, according to a survey released Monday by security vendor Symantec.

http://www.infoworld.com/article/07/09/17/...#036;400_1.html

 

TD Ameritrade Holding, an online brokerage that manages more than 6.3 million accounts, said hackers broke into a database containing detailed information about clients. While the thieves had access to social security numbers, birth dates and account numbers, Ameritrade said it has no evidence such information was ever retrieved.

http://www.theregister.co.uk/2007/09/15/am...tabase_burgled/

 

In a new round of targeted attacks, phishers are sending messages directly to selected top executives and luring them to download the malware inside. Researchers at security company MessageLabs today said they intercepted some 1,100 messages targeted toward high-ranking executives at a variety of companies during a 16-hour period between Sept. 12 and Sept. 13.

http://www.darkreading.com/document.asp?do...ing_section_296

 

 

The Truly Ugly

 

Security firm Sunbelt, which recently discovered that the Bank of India's hacked website was serving dangerous malware, has said the infamous Russian Business Network — an ISP linked to child pornography and phishing — is behind the attack.

http://news.zdnet.co.uk/security/0,1000000...9057,00.htm?r=3

 

An ad company that Yahoo owns, Right Media, served up some particular advertisements several million times that ended up being loaded with Trojans. The banner ads, which were brokered by Right Media, were served an estimated 12 million times over a three-week period starting in early August, according to ScanSafe, a managed security provider.

http://www.techspot.com/news/26961-yahoo-a...banner-ads.html

 

TD Ameritrade Holding, an online brokerage that manages more than 6.3 million accounts, said hackers broke into a database containing detailed information about clients. While the thieves had access to social security numbers, birth dates and account numbers, Ameritrade said it has no evidence such information was ever retrieved.

http://www.theregister.co.uk/2007/09/15/am...tabase_burgled/

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0