Jump to content


SWI Community News - September 2007

  • This topic is locked This topic is locked
2 replies to this topic

#1 Budfred


    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,636 posts

Posted 08 September 2007 - 08:45 PM

Howdy everyone...

Welcome to the 4th Edition of SWI Community News!! We missed August, but hope to get back on a monthly track starting now, due to the clamoring of our dedicated fans (thanks Aegonis :rofl: ). Again this month we have some interesting lists and my rant on the state of the Internet. We hope you enjoy our newsletter and find it helpful. Please comment so we can find out what you want to see and what you find most helpful. We will put up another poll in a few months to see how people are responding, but you can comment at any time. Please do let us know if you don't like something and let others know if you do like something.

And here is the usual disclaimer:

Opinions and information expressed in this publication are not the responsibility of SpywareInfo.Com or it's owner, administrators or hosting services. Information and opinions posted here are the property of the respective author.

That also means that the material is subject to the copyright of the author and you need to cite the author if you quote any material from this publication elsewhere.

And as usual -- to get notification when a new SWI Community News is available, subscribe to the subscription topic and we will add notices of publishing to that topic so you will receive an email notice if you are set to receive notices of topics you are subscribed to.

Budfred's Rant
Criminals, Heroes and Vigilantes

If you spend much time online at all, you have seen that all of us are under attack by criminals. It started even before the Internet existed. In the early days it was mostly angry people who were invested in making life more difficult for other people by creating viruses and other garbage. Sometimes they did it just to get even with a world that they thought had treated them badly and sometimes they did it to compete with other angry people to see who could do the most damage, but it really wasn't about money. After a while, they figured out that they could make money as they messed with people's lives. Once the Internet got running full force, they were ready to start invading computers to steal information, redirect to "adult" sites, advertise all sorts of products you have no interest in and make you rich (yeah, right) by transferring funds for Nigerian princes. As the Internet evolved, the criminals evolved with it. At first, someone who was careful could easily avoid being exploited with some basic precautions. The criminals mostly exploited the most vulnerable people who visited risky sites and didn't use protection programs. Viruses evolved along with the Internet and became worms, trojans, adware, spyware, spam, phishing and so on. They have gotten much more sophisticated at playing on the psychology of the Internet users, but still mostly exploit the vulnerable who really aren't very computer literate. Today, it takes multiple protection programs and extreme care to prevent infection. Once infected, it is much more difficult to fix the problems they create and they very aggressively make efforts to disable the protection programs and the tools we use to remove the garbage they install. They have created huge "botnets" with enormous power at their disposal by infecting millions of computers with software that allows them to use those computers in their own networks. They then do things like attacking other computers or companies. For the last couple of weeks, a number of sites that are involved in fighting them have been under attack and the smaller ones are in danger of being wiped out. Even the larger sites are having to work hard to keep from being shut down and it is very expensive for them to maintain the strength to continue. All the while, the criminals are making billions of dollars while ruining lives all over the world.

An update since I started writing this: the biggest site under attack was not giving in, so they also began a "reputation attack" by using access to PayPal accounts they had stolen to send donations to that site. The owners of those accounts assumed the site had stolen their information and complained viciously in some cases. This means that the criminals became so desperate to hurt this site that they gave away some of their stolen accounts to attack them. Unfortunately for them, the site had very good contacts with law enforcement and PayPal that allowed them to not only prevent most of the damage, but also help the people whose accounts were stolen and provides some leads that may help to take the criminals down. This won't stop the criminals, but it may slow them down.

Then there are the heroes. I consider anyone who fights these criminals to be heroes, starting with the staff of this forum who donate a huge amount of their spare time every week to help people who come to SpywareInfo with infected computers looking for help. For many, it is like a second job, except that they do not get paid for it at all. Every thing we do at SWI is on a volunteer basis and that is true of most of the heroes fighting the criminals. While the criminals make billions exploiting people, we give away hours and hours of time to fight them. There are a lot more of our heroes than there are of their criminals, but, unfortunately, it only takes one criminal to steal the life savings of dozens or even hundreds of victims. We clean computers one at a time, they infect them by the hundreds. And they do this as their only job, probably on a part time basis so that they have time to maintain drug habits and other criminal activities. If you want to get an idea of the extent of the heroes, visit the Alliance of Security Analysis Professionals website where many of the malware fighting sites are registered. In addition to SWI, one of the most important sites to know about is CastleCops. They maintain the PIRT service which is involved in documenting and shutting down phishing sites. They are not simply trying to shut down individual sites, they are looking to gather the evidence to have the criminals brought to justice. They also now have the SIRT, MIRT and another service that is in development to fight the criminals. These are designed to go after "spam" scams, malware and another kind of attack. The MalwareComplaints site is involved in collecting your experiences with malware to report to various authorities who have the power to take action once they understand the magnitude of the problem. At SWI, we maintain a "Submissions for CastleCops databases" reporting forum for people to post about malware they have identified so that they can be added to lists maintained at CastleCops for the use of the malware fighting heroes and distributed to companies that make protection programs. The list goes on and on for the sites that host heroes and almost none of them are paid a penny for their efforts. The sites collect donations to keep them online, but the staff are almost always volunteers. Occasionally one of the heroes will be recognized with an award or even get a job from the work he or she does, but that is more of an exception than a rule. Many are not even computer professionals, but they have taken time to learn and give back to others struggling with malware. The main reward they receive is an occasional "Thank you" from someone they have helped.

Finally, there are the vigilantes. All of us who fight with the criminals would like to see them pay by spending a good long time behind bars or giving back for what they have stolen. Most of us have thought about ways to make that happen. However, some believe they need to take on this task themselves rather than rely on governments and law enforcement to do the job. Even as the attack goes on against the sites mentioned earlier, some of these vigilantes are bragging about attacking back. When it was pointed out that innocents will be harmed with the reverse attack, at least one of them insisted that it is the fault of the victim for not adequately protecting his or her computer. As a malware fighter, I am embarrassed by this. As much as I would like to shut down the criminals and even have angry thoughts about hurting them as they have hurt others; even in my angriest moment, I would not be able to justify hurting innocents. I also do not believe that taking on the same behavior of the criminals is in the best interest of the fight. When we use their tools to fight them and we hurt innocents, who is the criminal?? Most importantly, they will not actually succeed in causing harm to the criminals, except maybe to reduce receipts for one day. The heroes, who fight with legitimate tools and cooperate with the officials who are also trying to deal with the problem, have saved the public millions or even billions of dollars over the years. While we haven't been able to stop them, we have at least slowed them down which is why they attack our sites when they could be using their botnets to steal more money. The vigilantes are throwing buckets of water into the desert so that they embarrass themselves and malware fighters through their actions. Vigilantes in the comic books are exciting, in real life they are just another form of criminal.

So please, support your heroes here and in other forums. Protect your computer and your finances. And please do not try to strike back at the criminals with their methods or you will simply become another enemy for the heroes to fight.

Other things you can do to support your heroes:

Read the article "So how did I get infected in the first place?" which is linked at the top of each page at SWI and protect yourself.
Support your heroes with donations to their forums and let them know you appreciate them.
Post your complaints at Malware Complaints.
When you know about a new infection, report it for our database.


Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#2 jedi


    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 September 2007 - 01:34 PM

Jediís Software (and Website) Reviews

Hello again,

Itís that time again! Iíve been scouring the internet at great personal risk to bring you my pick of the crop for this month. As always, Iíve picked only freeware programs and, as usual, these programs are my own choice. I welcome (constructive) feedback and criticism on my choices.

In these reviews Iíve so far avoided looking at security programs, as there is a wealth of information and opinion on these forums about major security programs such as anti-trojans, anti-viruses and firewalls. However, if you would like me to review particular security programs or search for a good specific security tool, (as long as they're available for free) please reply in the SWI Community News topic.

The first program Iím looking at this time is KeePass


So many passwords, so little time. Many programs and websites want a password these days. Many spyware programs want to steal them from you. KeePass is a genuine Open Source award winning password manager. Itís resource-light, has an easy to understand GUI and is user friendly. It runs on all Windows versions apart from Win95, i.e. Windows 98/98SE, WinME, WinNT, Win2000, WinXP, Win2003 and Vista (both 32-bit and 64-bit).
ďYou can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).Ē
There are versions for portable applications and for PocketPC, Linux, Mac, and so on:
KeePass is an excellent way to protect your data, work and identity; whether youíre on your home PC or carrying data with you.

Next, is StartUpLite.


One of the range of tools from Malwarebytes; StartupLite is a lightweight and easy to use start-up manager.
It states that it: "can disable or remove all known unnecessary startup entries from your computer and thus quicken the startup procedure of your system."
Though this is may be a slightly ambitious statement, it certainly detects a wide selection of unnecessary items and its ease of use makes it a handy addition. It's compatible with Windows 2000, NT, XP and Vista. It can be a good 'quick fix' for sluggish startups.

Next, the latest addition to the Firefox Add-on Corner is CustomizeGoogle.


This is an excellent extension for Firefox users. It not only improves Googleís search features, it adds security and anonymity too. I wonít list all the features here; follow the link and check them out for yourself. But for myself, the single best feature is Google Suggest, which starts to give you a drop-down list of suggestions as soon as you start to type in the Google search box. I now simply cannot live without this feature. If youíre a big Google user, and of course a Firefox user, youíll love this.

And in conjunction with the above, (and a slight digression as this is a webpage rather than software) check out:

Seven ways to keep your search history private at PC Advisor:


It includes a recommendation for CustomizeGoogle and other useful tips to keep your Search History private.

That's all from me -- more next month. Surf safe.




My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#3 TheJoker


    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,487 posts

Posted 22 September 2007 - 11:34 AM

The Good, Bad and Ugly News from TheJoker

The Good (relatively speaking)

German police have arrested 10 people suspected of being involved in an international Internet scam which could have cost victims hundreds of thousands of euros. An 18-month-long probe resulted in raids in several German cities and the arrests of 10 Russians, Ukrainians and Germans who police think were involved in phishing.

Three U.S. men and one man living in France have pleaded guilty to charges related to a stock manipulation scheme that included sending out tens of millions of spam messages to pump up the stock value of 15 companies, the U.S. Department of Justice said Thursday.

A Seattle man has been arrested in what the Justice Department described as its first case against someone accused of using file-sharing digital data to commit identity theft, using Limewire's file-sharing program to troll other people's computers for financial information, which he used to open credit cards for an online shopping spree.

A recent graduate of Texas A&M University is charged with hacking into the school's computer system and illegally accessing information on 88,000 current and former students, faculty and staff members.

The Bad

IBM has reported an increase in malware volume and sophistication as part of its security statistics report for the first half of the year. So far this year, IBM's X-Force research and development team has identified and analyzed more than 210,000 new malware samples, which is more than the total number of malware samples observed over the entirety of last year.

Layered Technologies has been targeted by malicious hackers who may have stolen passwords and other personal details on as many as 6,000 of its clients, the Texas-based web host provider warned. It is advising customers to change login credentials for all host details submitted in the past two years.

Hackers are taking credit for at least three breaches at anti-piracy firm MediaDefender. The newly revealed attacks threaten to turn what started as an embarrassing e-mail leak into a full-blown security meltdown for the company.

Zero-day vulnerabilities in AOL and Yahoo instant messaging products could put millions of computer users at risk of malicious hacker attacks. Exploit code has been released for the more serious of the two flaws ó a gaping hole in Yahoo Messenger ó that could expose users to code execution attacks.

Kaspersky says they have discovered a nasty virus that came pre-installed on Maxtor external hard drives sold in the Netherlands. The virus, dubbed Virus.Win32.AutoRun.ah, was found on the Maxtor 3200 Personal Storage.

MPack, an easy-to-use malware toolkit that sells for as much as $1,000, has gone on to infect as many as 500,000 websites, according to some estimates. From January to June, Symantec counted slightly more than 212,000 new samples of malicious code, an almost three-fold increase from the last six months of 2006 and a more than four-fold increase from the first half of that year.

Arbor Networks' third annual worldwide infrastructure security report found that, for the first time, botnets surpassed distributed denial of service attacks as the top operational threat identified by service providers.

Stolen bank account numbers are commanding the highest price in an underground trade of personal details stolen by hackers, according to a survey released Monday by security vendor Symantec.

TD Ameritrade Holding, an online brokerage that manages more than 6.3 million accounts, said hackers broke into a database containing detailed information about clients. While the thieves had access to social security numbers, birth dates and account numbers, Ameritrade said it has no evidence such information was ever retrieved.

In a new round of targeted attacks, phishers are sending messages directly to selected top executives and luring them to download the malware inside. Researchers at security company MessageLabs today said they intercepted some 1,100 messages targeted toward high-ranking executives at a variety of companies during a 16-hour period between Sept. 12 and Sept. 13.

The Truly Ugly

Security firm Sunbelt, which recently discovered that the Bank of India's hacked website was serving dangerous malware, has said the infamous Russian Business Network ó an ISP linked to child pornography and phishing ó is behind the attack.

An ad company that Yahoo owns, Right Media, served up some particular advertisements several million times that ended up being loaded with Trojans. The banner ads, which were brokered by Right Media, were served an estimated 12 million times over a three-week period starting in early August, according to ScanSafe, a managed security provider.

TD Ameritrade Holding, an online brokerage that manages more than 6.3 million accounts, said hackers broke into a database containing detailed information about clients. While the thieves had access to social security numbers, birth dates and account numbers, Ameritrade said it has no evidence such information was ever retrieved.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005

Member of UNITE
Support SpywareInfo Forum - click the button