An Unofficial guide to spywares and online safety ..

Discussion in 'Tutorials' started by it_waaznt_me, Dec 14, 2004.

Thread Status:
Not open for further replies.
  1. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    How to remain safe while being online:

    First of all you should understand what types of threats are there on the net...
    While most users are aware of virus and worms threat, they usually overlook the other biggest threat ie the spywares.

    What are spywares ?
    Spywares are programs that get installed on your computer without your knowledge and collect data about your usage patterns like what sites you visit, what programs you run, even your personal details like age, gender and financial details too : all those things that can be useful for a marketing company to send you customized advertising. These programs send this data back to their websites where they are given to spammers and advertisers. All these things happen without the user's knowledge and that is the most ironical point of the story.

    Categories of spywares:

    :arrow: Adwares:
    Adwares usually monitors your usage patterns and show you ads corresponding to them. Adwares are usually installed as freewares and it is quoted in their EULA (End User License Agreement) that the program will show relevant ads.
    Many of the adwares are freeware version of programs which are availible as paid versions. Examples of these programs : Opera, Divx, Download Accelerator Plus, Flashget etc. While these programs specifically tells the user that they can upgrade to their paid version if they dont want to get these advertisements but not every adware is like that.

    :arrow: Browser Hijackers:
    This is a broad category in which parasites like home page hijackers and search hijackers can be included.
    :arrow: Home page hijackers change the start page of the user's browser to some specific sites and some notorious of these are very difficult to remove.
    :arrow: Search hijackers change the search behaviour of the user's browser and when user searches for something on the Internet, these search sites give them the results.

    Usually both of the hijackers stated above work on clickthrough systems. Here they are affiliates to other companies which give them money according to the hits they recieve through them. So, the ultimate goal of hijackers is to make the users click on the links through which they earn their revenue. As this is a difficult task, the program authors go extreme ways to achieve it and create difficult to remove parasites. Recent examples of such parasite are CoolWebSearch and AboutBlank.

    :arrow: Dialers:
    Dialers are programs that promise to make some "premium content" availible to the users by making calls through them. All their objective is to make the users dial the number which are usually long distance numbers of their affiliates.

    :arrow: Tracking Cookies:
    Cookies were meant to be used for customizing the websites according to the user's preferences. But marketing companies found another use of them. This useful feature is being abused by marketing companies by putting "third party cookies". Third party cookies means cookies stored by websites other than you are visiting - most often put through banners and ad rotators. These cookies can keep track of what sites you visit that contains their ads.

    :arrow: Keyloggers:
    Keyloggers arent thankfully installed by marketing companies. Usually they are installed by some trojans or hackers. Here hackers refer to those breed of computer users who use such programs to break into other's computers to steal passwords or to destroy those systems. These programs monitor each keypress on your system and keep track of them and send it back to their originators. There are many sophisticated keyloggers which have their own SMTP engine to mail back the tracking records.

    Sources of Spywares:
    How do these programs get installed ?
    These programs are usually installed as bundled with other programs. While most users dont care to read the Terms and Conditions of the programs they are installing, third party tools such as these are installed easily.
    Browser hijackers are usually installed as ActiveX controls while the user is visiting their affiliate's websites. The most common source of spywares are porn and cracks websites. These websites promise the user to enable them to view their content if they install these add ons.
    A new class of them is called betraywares. These programs promise to remove spywares but they are themselves housing many of them. A whole new breed of search assistants, pop up blockers, online form filling tools, password keepers comes under this list.

    How to tell you are infected ?
    Usually when spywares are installed on your system, your network traffic increases. If you feel your computer is not behaving the way it was supposed to be, most probably you are infected. You should check what programs are getting loaded when the computer is starting up and what programs are running in the task manager. If you notice some suspicious entries in task manager or startup list, look out what programs are these. If you are on an always on connection, you should monitor the network traffic of your computer.

    How to remain safe from spywares ?
    :arrow: Spywares will not get installed if the user himself will not allow it to install. If the user is careful in monitoring what programs get installed to his computer, it become very difficult for spywares to get installed.
    The user should pay attention to the Terms and Conditions or EULA of them program being installed. Reference to third party installation should be given more attention.

    :arrow: Not every freeware is a spyware. But those free programs which utilize the internet to deliver their objectives should be looked at suspicously. Usually Search Assistants or popup blockers apart from reputable companies should be avoided.
    The user should remain careful of sites he visits. Most of the users get infected while browsing the "underground" sites. Websites that provides cracks or porn websites are often source of dialers and hijackers. The user should use his intuition while browsing these sites. They will not come to you if you dont go to them.

    :arrow: Use antispywares:
    Programs like Spybot Search & Destroy and Ad Aware are considered reputed in removing spywares. Spyware Blaster is a great utility that will not let the spywares getting installed in the first place. All these program should be updated regularly as new parasites gets discovered daily.

    :arrow: Use Firewall:
    Firewalls have become a necessity these days. And those with with always on connection should enable firewall on their systems. Firewall monitors the network traffics and blocks unnecessary connections. They are also effective against worms propogating through random ip addresses.

    :arrow: Use Antivirus:
    Antivirus are now just as essentials as operating systems are. Antivirus should be updated regularly too as new virus are discovered on daily basis.

    :arrow: Use Windows Update regularily:
    As new vulnerabilities are discovered, parasites exploiting them too arise. So patches to fix them should be installed regularily.

    [Edit]This thread isnt closed. This was a part of an assignment I had to submit to my Univ .. I am working on more of it .. So keep a watch on it ..

    Edit 2:

    [Edit Batty] Edit 3: Removed the **** so called source which is a full copy paste of my article.
     
    Last edited: May 9, 2007
    Vishal Gupta and hard_rock like this.
  2. theraven

    theraven Active Member

    Joined:
    May 5, 2004
    Messages:
    2,912
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    off to "never ever" land
    WAH BAT WAH !!
    amazing guide ... kudos to u
    and no i aint spamming
    why ?
    lets add a security software guide and a lil more info on security threats shall we ?
    if i may ofcourse !!

    DEFINITIONS:

    A Biological Virus: an entity that attatches itself to a healthy cell and uses the infected cell to infect other cells

    a computer virus works in a similar way
    it NEEDS to attatch itself to something before it can infect and spread
    there has to be a mechanism to run this virus automatically
    this is explained below

    Malware: MALicious softWARE, including viruses, worms, Trojans, Denial of Service and other such attacks. Sometimes referred to as rogue programs

    Denial of service (DoS) attacks: cause thousands of access attempts to a Web site over a very short period of time, overloading the target site and shutting it down.

    Identity theft: is the impersonation by a thief of someone with good credit.

    Macro viruses: are viruses that spread by binding themselves to software like Word or Excel.

    Malware: is malicious software that is designed by people to attack some part of a computer system.

    Worm: is a computer virus that spreads itself, not only from file to file, but from computer to computer via e-mail and other Internet traffic.



    How A Virus Can Attach / Two Types of Virii

    1.) Boot-Sector Virii: infects boot sector executables. affects MBR's / Partition Tables .
    once its loaded in the memory .. it sits and waits

    2.) Macros / Macro Virii: A macro is a series of commands and instructions that you group together as a single command to automate a task.

    Go Here for more

    Guide To AntiVirus Software :

    an extensive shootout performed Here
    Detailed Reports: Here in .RAR format

    im posting the top 10 with final rank ( acc. to how many virii out of the 76556 it detected ) here:
    Code:
    1. Kaspersky Personal Pro version 4.5.0.58 - 99.09%
    2. F-Secure 2004 version 4.71.5 - 98.77%
    3. Extendia AVK Pro version 11.0.4 - 98.68%
    4. AVK version 14.0.7 - 98.50%
    5. Kaspersky Personal version 5.0.149 - 97.88%
    6. eScan 2003 Virus Control version 2.6.484.8 - 96.75%
    7. McAfee version 8.0.41 - 93.59%
    8. Norton version 2004 Professional - 93.38%
    9. RAV version 8.6.105 - 93.14%
    10. F-Prot version 3.15 - 91.85%
    
    Steps that should be taken ?

    :arrow: use IE's inbuilt pop-up blocker and Info Bar (IF ur still using IR and SP2 Required)
    tho most of the browsers have pop up blockers now .. for those still on IE and SP1 u can use
    MSN Toolbar
    Google Toolbar
    other software like POP UP COP
    in my experience the latter 2 were VERY effective

    :arrow: block activeX components ( set them on 'prompt' )

    :arrow: use a better browser ;) like maxthon (still based on IE tho), FireFox, Opera [top 3]

    :arrow: use a firewall.
    zone alarm and sygate are good personal firewalls
    then in shareware u have
    NIS, McAfee's Firewall and ZoneAlarm the PRO version
    personally i think ZAPro rocks ... i put my trust in it
    get ZAP tips Here
    personal firewalls compared Here

    :arrow: use a good AV . ( this should be a top rankin point but i already covered an AV shootout )

    :arrow: spyware adware removers L like adaware and spybot like bat mentioned
    in addition other good ones are
    BPS ( Bullet Proof Software ) spyware remover<== i love this. got immunisation for 150 threats for ur browser. Plus inbuilt HiJack This
    Spyware remover
    spyware doctor

    :arrow: speaking of HJT learn how to use it and use it well here

    :arrow: DO NOT neglect trojans ... DO Treat them as SEPARATE YET MALICIOUS threats
    DO use separate Trojan removers like Anti Trojan Shield


    Other links:
    Spyware Glossary but we have a better one here
    Some More Spyware Tools recommended from Download.com

    DISCLAIMER: i am not responsible for the quality of this post
    it was written in half hour
    i have made a lot of repeat points from bats post ... ive just made a few additions
    be safe
     
  3. swatkat

    swatkat New Member

    Joined:
    Mar 12, 2004
    Messages:
    2,058
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Shimoga/ಶಿವಮೊಗ್ಗ
  4. OP
    OP
    it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Lately I ve been very busy and cant access net from home .. So I have opened this thread for others to post .. But Please do not post replies like Spybot S n D rox or something .. .. Keep the thread alive with relevant replies .. Thanx ..

    Btw .. I forgot that icerock's Firewall comparison link .. So please post it too .. Okay .. take care ..
     
  5. theraven

    theraven Active Member

    Joined:
    May 5, 2004
    Messages:
    2,912
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    off to "never ever" land
    heres the firewall leak detector test
    http://www.firewallleaktester.com/tests.htm
    link courtesy : icecoolz

    there is another relevant link
    i forget
    digen ? dude .. what was that link for the firewall bypass by key strokes ?
     
  6. swatkat

    swatkat New Member

    Joined:
    Mar 12, 2004
    Messages:
    2,058
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Shimoga/ಶಿವಮೊಗ್ಗ
    What is a BHO?
    BHO stands for Browser Helper Object.This is a small program, usually a DLL file, originally developed to enhance or customise the features of the Internet Explorer.Whenever a BHO is installed, this is registered in Windows Registry. When Internet Explorer is started, it checks the Registry for the entries of BHOs (which indicates the installation of BHO), these entries are known as CLSID's.
    So, whenever the Internet Explorer is opened, the BHO is instantiated (created), and then this BHO has full access to the Page that is bieng viewed.
    For example, if you have Google Toolbar, it installs a BHO, through which it can provide functions such as "Search within the Page", "Auto Fill", "Page Info" etc. Another one,a BHO from Adobe Acrobat Reader, which enables to open .pdf directly in the IE windows itself or Downloading Softwares such as DAP, DEX will create one BHO to integrate with IE and to catch the Clicks on the download link.
    So, using BHOs IE can be tweaked so that, it will be one mean browser....

    If BHO enhance the functionality of IE, then why is it avoided?
    Now, time for some bad news about BHO.
    Windows does not provide any direct way to see the installed BHOs.This adds some amount of stealth capability to the BHOs.Actually, if we know the CLSIDs, we can view the installed BHOs through Registry using tools such as RegCleaner.
    Due to this stealthy nature of the BHOs, it provides an easy way for Spywares, Adwares, Trojans or Viruses to attack.Lets see the effects of these bad programs on IE and your Computer.

    Some Spywares add a BHO without the knowledge of the user.So what happens is, whenever IE is opened that SpywareBHO will run and it keep an eye on what you do in that browsing session.It can monitor, what pages do you visit frequently, which services are used by you etc.Even worse case is that, they can hijack the Browser, that is they can chnge the Default or Search page, and they can not be easily recovered.
    Adwares go one step furthur and they can bring you PopUp Ad's or Bad tasted Webpages randomly or they even can bring you context sensitive Ad's, that is Ad's based on the content of the Web pages you were viewing.
    Trojans/Viruses can contact thier creator's website and download latest version of Trojans to your system.

    If you see any HijackThis Log of Spyware/Trojan affected system, you will certainly see some BHOs, which will have links to suspicious Websites and also they will have links to download some files.
    So, in all the cases, your privacy is at stake and your computer/data is at risk.

    Since BHOs have virtually full access to the system, they can do anything.Some improperly coded or deliberately coded can cause Runtime Errors or Illegal Operation errors.
    From Windows 98 onwards, MS has extended the support for BHOs to not only IE but also Windows Explorer. As you might be knowing Windows Explorer (Explorer.exe) is THE application that should be running anytime to use Windows.If any bad BHOs are installed, then they will get loaded whenever Explorer.exe starts.This is certainly not desirable.

    What to do?
    BHOs can be removed manually or by using any tools.
    Manual removal can be done in two ways:-
    1]By renaming the DLL file corresponding to the BHO which is to be disabled.
    2]By deleting the DLL file and removing CLSID entry in the Registry.
    We can make use of HijackThis to know the installed BHOs and delete thier Registry entries and then we can delete the DLL file associated with it.
    A typical CLSID and DLL file of a BHO (Google Toolbar, in this case ) is shown here,
    Code:
    CLSID    = {AA58ED58-01DD-4d91-8333-CF10577473F7}
    DLL File=  c:\program files\google\googletoolbar1.dll
    But, using some tools BHOs can be directly dealt with.There are many tools to view the BHOs installed in the system directly.Some of them are BHODemon, BHOInfo.These tools list all the BHOs present in the system, so that user can decide which one to keep or remove.
    A popular tool is BHODemon, which runs in System Tray ,and scans for existing BHOSs and continuously monitor the system for any BHO installs.It provides the list of installed BHOs, and it also has some extra inforamtion about the most common good and not-so-good BHOs, so any new user can know about them.

    Conclusion
    So, BHOs are powerful means through which anything can be done, be it good or bad.
    So be careful, while browsing, while installing suspicious looking softwares etc.Upadate AntiViruses regularly and run full system scans.Use Anti-Spywares and tools mentioned above to ward off Spywares, Adwares from your system.

    Links to Tools
    BHODemon
    BHOInfo
    HijackThis


    Hope this info helps....
     
  7. navjotjsingh

    navjotjsingh Active Member

    Joined:
    Feb 12, 2005
    Messages:
    1,924
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Delhi, India
    I have taken content from above , added some extra content and now it looks like much better.

    Thanks to swatkat, theraven, it_waaznt_me for inspiring me to add my content to theirs.

    What is Spyware?
    Spywares are programs that get installed on your computer without your knowledge and collect data about your usage patterns like what sites you visit, what programs you run, even your personal details like age, gender and financial details too : all those things that can be useful for a marketing company to send you customized advertising. These programs send this data back to their websites where they are given to spammers and advertisers. All these things happen without the user's knowledge and that is the most ironical point of the story.
    Categories of spywares:

    ActiveX:
    ActiveX control is not a spyware but still it has been listed here and you will know soon. ActiveX is a Microsoft technology that allows Internet applications that are more powerful than simple scripts. ActiveX applications do work only in Internet Explorer, so the use of ActiveX on websites is not recommended. Due to the huge amount of influence ActiveX apps can have on the system (ActiveX apps have access to the same files you have access to, meaning all files in the case of most private computers), it is recommended to be very careful if dealing with ActiveX.

    There are two types of ActiveX apps - signed and unsigned. The code of unsigned ActiveX apps hasn't been certified and should never be trusted. Signed ActiveX apps are certified, but can still contain malicious code! Signed ActiveX apps should be trusted only if coming from trusted websites and only on a prompt base (meaning that IE settings will ask every time a website wants to load an ActiveX app).

    Many dialers and hijackers install themselves using ActiveX applications. Now you know!

    Adwares: Adware is generally software that displays advertisements. Adwares usually monitors your usage patterns and show you ads corresponding to them. Adwares are usually installed as freeware and it is quoted in their EULA (End User License Agreement) that the program will show relevant ads.

    Many of the adwares are freeware version of programs which are available as paid versions. Examples of these programs : Opera, Divx, Download Accelerator Plus, Flashget etc. While these programs specifically tells the user that they can upgrade to their paid version if they don’t want to get these advertisements but not every adware is like that.

    Low Risk Adware: Low risk adware is an adware application that is designed to display advertisements through pop-up windows. However, this type of adware program is installed with your knowledge and conforms to the program’s End User Licensing Agreement which is usually presented to your prior to download and during installation. A low risk adware program will not transmit personal or identifiable information.

    Browser Hijackers:
    This is a broad category in which parasites like home page hijackers and search hijackers can be included.
    Home page hijackers change the start page of the user's browser to some specific sites and some notorious of these are very difficult to remove.
    Search hijackers change the search behavior of the user's browser and when user searches for something on the Internet, these search sites give them the results.

    Usually both of the hijackers stated above work on clickthrough systems. Here they are affiliates to other companies which give them money according to the hits they receive through them. So, the ultimate goal of hijackers is to make the users click on the links through which they earn their revenue. As this is a difficult task, the program authors go extreme ways to achieve it and create difficult to remove parasites. Recent examples of such parasite are CoolWebSearch and AboutBlank.

    Browser Plug-in: A browser plug-in is an application that can be installed in your Web browser. Plug-ins can come in the form of a toolbar that is included in your Web browser, a search or navigation feature, or extra task buttons on the browser. Although most plug-ins are designed to perform necessary functions, some plug-ins are harmful to your computer because they have complete access to your Web browser and can log, modify, and redirect any task you perform.

    Browser Redirector: Browser redirectors are programs that change your Web browser settings, often altering designated default start and search pages. In addition, a browser redirector can modify almost every aspect of a Web browser including adding bookmarks, and redirects search traffic to alternative sites.

    Dialers:
    Dialers are programs that promise to make some "premium content" available to the users by making calls through them. Their entire objective is to make the users dial the number which are usually long distance numbers of their affiliates.

    File Sharing Program: File sharing programs, also known as peer-to-peer, are popular applications used to share files of any type such as movies and music across the Internet. Many freeware and shareware file sharing programs install different types of adware and even some spyware software with them. Although most file sharing programs are not harmful, the adware and spyware programs contained in their bundle could be.
    Only Shareaza 2.1 is spyware free and is open source. So go ahead and use it.

    Layered Service Provider: It is also not a spyware and is very essential for your PC but is still exploited by Spywares. A Layered Service Provider is a system driver linked deep into the networking services of Windows. It has access to every data entering and leaving the computer, as well as the ability to modify this data. A few such LSPs are necessary to allow Windows to connect you to other computers, including the Internet. But Spyware may also install itself as an LSP, thus having access to all the data you transmit. LSP are currently used by CommonName, New.Net, NewtonKnows and webHancer.

    Keyloggers:
    Keyloggers aren’t thankfully installed by marketing companies. Usually they are installed by some trojans or hackers. Here hackers refer to those breed of computer users who use such programs to break into other's computers to steal passwords or to destroy those systems. These programs monitor each keypress on your system and keep track of them and send it back to their originators. There are many sophisticated keyloggers which have their own SMTP engine to mail back the tracking records.

    Commercial Keylogger: A commercial keylogger is a program that is installed by one user of a computer to explicitly monitor the activity of other users. These types of program can be installed using stealth tactics to hide themselves from other users. These programs can be purchased from commercial organizations.

    RAT: A remote administration tool (RAT) is a Trojan type of software that when run, provides an attacker with the capability of remotely controlling your computer over the Internet. The attacker usually has full access to functions on your computer.

    Remote Installer: A remote installer is a program that is installed on your computer without your knowledge. Once the program is installed it can connect to a remote server and download additional programs and files, installing them on the computer without your knowledge.

    Spyware: Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware is usually silently downloaded onto your computer and performs covert activities. Spyware programs are often bundled as an unknown component of other programs downloaded from the Internet.

    Tracking Cookies:
    Cookies were meant to be used for customizing the websites according to the user's preferences. But marketing companies found another use of them. This useful feature is being abused by marketing companies by putting "third party cookies". Third party cookies means cookies stored by websites other than you are visiting - most often put through banners and ad rotators. These cookies can keep track of what sites you visit that contain their ads.
    Trojan Horses: Even though a trojan horse is sometimes also called Trojan, it's more a Greek. The Greeks build the so-called 'trojan horse' in the fight about Trojan to get into the town, so they are the real snoops.

    A trojan is a program that has gotten onto your machine without your knowledge and contains malicious code that would for example allows persons using another computer to connect to yours over a network.

    Typical trojans are open to anyone trying to connect (any person on your local network or even the internet). Special trojans are designed to make you machine accessible just to the person who infected your computer with the trojan.

    The access an outsider can gain using a trojan on your machine can be nearly anything. From watching all your behavior (like a keylogger) to manipulating your computer to basically doing anything you can also do using your keyboard and mouse.

    Your computer can get infected with a trojan by multiple ways. A person with physical access to your machine can place it there, but you can also accidentally install it yourself by opening an unknown email attachment that by chance contains a trojan.

    According to some definitions, trojans are also programs that sneak into other programs, for example to gain access. As these programs are consciously used by the other, they are not trojans, but are backdoors.

    Usage tracks: Usage tracks are your fingerprints in your system. Whenever you visit a page with your browser, or just open any file, that information is stored deep inside Windows. In most cases that is very useful – if you want to open that file again, you can select it from a list instead of typing the whole filename or browsing the whole directory structure again. But in some cases you may want to hide your activity, because spyware and internet attackers may use that information.

    Browser Helper Objects (BHO): BHO stands for Browser Helper Object. This is a small program, usually a DLL file, originally developed to enhance or customize the features of the Internet Explorer. Whenever a BHO is installed, this is registered in Windows Registry. When Internet Explorer is started, it checks the Registry for the entries of BHOs (which indicates the installation of BHO), these entries are known as CLSID's.
    So, whenever the Internet Explorer is opened, the BHO is instantiated (created), and then this BHO has full access to the Page that is being viewed.
    For example, if you have Google Toolbar, it installs a BHO, through which it can provide functions such as "Search within the Page", "Auto Fill", "Page Info" etc. Another one, a BHO from Adobe Acrobat Reader, which enables to open PDF directly in the IE windows itself or Downloading Softwares such as DAP, DEX will create one BHO to integrate with IE and to catch the Clicks on the download link.
    So, using BHOs IE can be tweaked so that, it will be one mean browser....

    If BHO enhance the functionality of IE, then why is it avoided?
    Now, time for some bad news about BHO.
    Windows does not provide any direct way to see the installed BHOs.This adds some amount of stealth capability to the BHOs. Actually, if we know the CLSIDs, we can view the installed BHOs through Registry using tools such as RegCleaner.
    Due to this stealthy nature of the BHOs, it provides an easy way for Spywares, Adwares, Trojans or Viruses to attack. Lets see the effects of these bad programs on IE and your Computer.

    Some Spywares add a BHO without the knowledge of the user. So what happens is, whenever IE is opened that SpywareBHO will run and it keep an eye on what you do in that browsing session. It can monitor, what pages you visit frequently, which services are used by you, etc. Even worse case is that, they can hijack the Browser, that is they can change the Default or Search page, and they can not be easily recovered.
    Adwares go one step further and they can bring you PopUp Ad's or Bad tasted WebPages randomly or they even can bring you context sensitive Ad's, that is Ad's based on the content of the Web pages you were viewing.
    Trojans/Viruses can contact their creator's website and download latest version of Trojans to your system.

    If you see any HijackThis Log of Spyware/Trojan affected system, you will certainly see some BHOs, which will have links to suspicious Websites and also they will have links to download some files.
    So, in all the cases, your privacy is at stake and your computer/data is at risk.

    Since BHOs have virtually full access to the system, they can do anything. Some improperly coded or deliberately coded can cause Runtime Errors or Illegal Operation errors.
    From Windows 98 onwards, MS has extended the support for BHOs to not only IE but also Windows Explorer. As you might be knowing Windows Explorer (Explorer.exe) is THE application that should be running anytime to use Windows. If any bad BHOs are installed, then they will get loaded whenever Explorer.exe starts. This is certainly not desirable.

    What to do?
    BHOs can be removed manually or by using any tools.
    Manual removal can be done in two ways:-
    1]By renaming the DLL file corresponding to the BHO which is to be disabled.
    2]By deleting the DLL file and removing CLSID entry in the Registry.
    We can make use of HijackThis to know the installed BHOs and delete their Registry entries and then we can delete the DLL file associated with it.
    A typical CLSID and DLL file of a BHO (Google Toolbar, in this case ) is shown here,

    Code:
    CLSID = {AA58ED58-01DD-4d91-8333-CF10577473F7}
    DLL File= c:\program files\google\googletoolbar1.dll
    But, using some tools BHOs can be directly dealt with. There are many tools to view the BHOs installed in the system directly. Some of them are BHODemon, BHOInfo and Browser Sentinel. These tools list all the BHOs present in the system, so that user can decide which one to keep or remove.

    So, BHOs are powerful means through which anything can be done, be it good or bad.

    Common Spyware Terminology and Definitions

    Adware
    Any software application that displays advertising banners while the program is running is called adware. Adware tracks your online browsing habits and displays advertising based on your browsing activities on a Web site. Web sites often deposit adware on your computer during a visit. An adware program should be considered spyware when it was installed without your knowledge or consent and sends information to unauthorized parties.

    Anti-spyware software
    Anti-spyware software protects a computer from spyware infection. Spyware protection software can find and remove spyware without system interruption.

    Drive-by download
    A so-called “drive-by download� is when programs are downloaded and installed without your knowledge or consent. Most often accomplished when the user clicks to close or eliminate a random advertisement or other dialogue box.

    Firewall
    A firewall prevents computers on a network from communicating directly with external computer systems. A firewall typically consists of hardware or software that acts as a barrier between internal networks or computers and external systems. The firewall software analyzes information passing between the two and rejects it if it does not conform to pre-configured rules. Firewalls provide effective protection against worm infection, but not against spyware like Trojans, which hide in legitimate applications, then install secretly on your computer when the application is started.

    Home Page Redirector or Browser Redirector
    A redirector is a program that can change settings in your Internet browser including your search page to redirect all searches to a specified pay-per-search site, and your default home page to redirect you to the attackers Web page, often an adult content site.

    Hosts file
    The hosts file could be described as an address book. While the normal user is used to access other computers on the internet using names (for example www.security.kolla.de ), every computer is accessed by a numeric address at a lower level. You may already have seen this numeric addresses; they look like 127.0.0.1 for example.
    Every time you try to access another computer by using his name, your computer looks up his address in an address book. First it looks into a local address book (the hosts file), and only if it cannot find the address there it looks in a very big address book in the internet.
    So if you want to block an internet website, you could simply redirect this sites name to a place where nothing will be delivered from. Such a place would be your computer for example. The address I already mentioned, 127.0.0.1 is an address that will always point to the local - your - computer. By adding an entry to the hosts file (your local address book) that redirects an ad site to your machine, you would trick your internet browser to think that ad site would be on your machine, and as your machine doesn't deliver ads, it wouldn't get the ad and it will not be displayed.
    Another way of using the hosts file is if you want to access computers that are not listed in any address book yet. For example if you have a local network, you would not list your local computers in any internet address book, if only because that would be very expensive. So you could just enter them into the local address book (your hosts file).

    Information Privacy
    An ethical issue that is concerned with what information an individual should have to reveal to others through transactions such as Web browsing or online shopping and how that information is handled.

    Java applet
    A Java applet is capable of doing more than just a JavaScript, but does not have the full access to your machine like a full Java application. An applet still needs the browser to be run in, while a full Java application could run stand-alone (using just the runtime engine).

    Java Script
    A Java script is a very small program that is running on your computer when visiting websites that have defined such a script. Java scripts have little access to your computer, but can modify your browser.

    Operating System
    The operating system is usually the underlying software that enables you to interact with the computer. The operating system controls the computer storage, communications and task management functions. Examples of common operating stems include MS-DOS, MacOS, Linux, and Windows.

    Passwords
    You surely know what a password is. When accessing private data on a protected system, you need a password (sometimes also called passphrase) and most often a username to tell the system your identity.
    Most things about passwords have already been said, but some things cannot be repeated to often.
    1. Do not tell your passwords anyone. If you are asked by anyone to tell them your password, say no. There is simply no reason. If sometime tells you he is an admin and needs to know your password, he lies.

    2. When choosing your password, do not choose something that others could simply guess. Do not use the name of your spouse or cat, or the company name printed on your computer or monitor. While the best thing would be a random string of characters and numbers and even special characters, if you really need something that is easy to remember, take parts of words and combine them into something that you can still speak, but that gives no sense. Attach a few numbers to it to be on the saver side.

    3. Don't write your password down on a sticky attached to your screen, or anywhere on your workspace. If you need to write it down, put the paper with it into your wallet, but never anywhere the computer.

    4. Don't save a file with all your passwords on your computer. If you cannot remember them all, write them down. If you really want to save them in a file, encrypt that file.

    Personally Identifiable Information (PII)
    Personally Identifiable Information is information such as name, address, phone number, credit card information, bank account information, or social security number.

    Privacy
    Privacy is an ethical and often-legal issue that is concerned with an individual’s right to have areas of his or her life that are free from interference and scrutiny by other people and organizations.

    Privacy Policy
    A privacy policy is the responsibility of the organization that is collecting personal information. A privacy policy should clearly explain why personal information is being collected, how it will be used, and what steps will be taken to limit improper disclosure.

    Opt-out
    A misleading option that is often found in spam. That is, if you respond to a request for removal, you very well may be subjecting yourself to more spam, because by responding, the sender knows that your e-mail account is active. A 2002 study performed by the FTC demonstrated that in 63% of the cases where a spam offered a "remove me" option, responding either did nothing or resulted in more e-mail.

    Shareware
    Shareware is software distributed for evaluation without cost, but that requires payment to the author for full rights. If, after trying the software, you do not intend to use it, you delete it. Using unregistered shareware beyond the evaluation period is considered software piracy.

    Spam
    Spam is unsolicited commercial e-mail. It is sent, usually in bulk, through open-relays to millions of people. Spam is cost-shifted advertising. It takes a toll on Internet users' time, their resources, and the resources of Internet service providers (ISPs). Most recently, spammers have begun to send advertisements by text message to cell phones.

    Spyware
    Spyware is software that transmits information back to a third party without notifying you. Some privacy advocates also call legitimate access control, filtering, Internet monitoring, password recovery, security, or surveillance software spyware because it can be used without notifying you.

    How Does Spyware Get Installed?
    Spyware finds many ways to install itself on your computer, sometimes with your permission but usually without it by hiding in other programs or claiming to be something useful. However, before something can be installed on your computer, you usually have to click on or open some object or program.
    Below are a few of the most common methods used to encourage you to install spyware:

    Opening spam e-mail

    Clicking on deceptive pop-ups

    Downloading free utilities, games, toolbars, or media players

    File sharing programs

    Visiting corrupt Web sites

    Mainstream software applications

    While there is content available on the Internet that is not designed to covertly monitor your actions, there are many free and over-the-counter software that contains spyware. Spyware not only gives advertisers information about your online activities, it can also lead to disclosure of sensitive personal data. Here is how spyware ends up on your hard drive and what you can do to prevent it.

    One mistake when browsing the Web is to have your Internet browser security settings set too low. A low security setting allows spyware programs to be stored in your computer memory. A few things that you can do in order to keep spyware off your computer includes setting your Internet browser security at the default level or higher, scrutinizing what you download, keeping current on operating system updates, and finally, installing an anti-spyware program on your computer to catch all that you miss. Anti-spyware software can help to locate, quarantine, and then delete spyware that your computer unwittingly accepts.
    Follow your instincts! If the source does not seem familiar or trustworthy, then do not open the e-mail, click the pop-up, or visit the Web site. Get your utilities from a source you trust— sometimes the free ones are not worth the price you pay in headaches. Look for a motive when you see an enticing offer. Why would anyone want to offer you regular free atomic clock updates for your computer anyway?

    Below are various types of spyware installations:
    Drive-by Download

    A drive-by download is a program that is automatically downloaded to your computer, often without your knowledge or consent. Unlike a pop-up download, which asks for consent (albeit in a calculated manner likely to lead to a yes), a drive-by download is carried out invisibly: it can be initiated by simply visiting a Web site or viewing an HTML e-mail message. Frequently, a drive-by download is installed along with another application. For example, a file sharing program might include downloads for a spyware program that tracks and reports user information for targeted marketing purposes, and an adware program that generates pop-up advertisements using that information. If your computer's security settings are lax, it may be possible for drive-by downloads to occur without any action on your part.

    Commercial product installation bundling
    When you download a commercial or shareware program you might get the program plus spyware installed. For example, the installation of some popular peer-to-peer file sharing programs can lead to the installation of a lot of adware and spyware.

    Misrepresentation of intention
    A product that promises to block advertisements should not deliver them. A product that promises to stop spyware should not be spyware.

    Misrepresentation of source
    If a product claims to be from a company, usually a trustworthy company like Microsoft, but is not it is misrepresentation of source. Spyware might prompt you from a Web page to accept installation of a Microsoft product when it is not a Microsoft product but is actually spyware.

    Silent Download and Execution of Arbitrary Code
    This occurs when an installed program downloads and installs without your knowledge or consent, usually spyware or adware.

    Commercial spyware and key loggers
    Some spyware and key loggers are designed to be small enough to be attached to e-mail. A key logger can log Internet conversation, window activity, application activity, clipboard activity, printing, keystrokes, Web site activity, and may also capture screenshots and Web-cams. Such products can be quite stealthy, for example, many spyware programs do not show up as an icon, do not appear in the Windows system tray, do not appear in Windows Programs, do not show up in the Windows task list, cannot be uninstalled without a pre-specified password, and do not slow down the operation of the computer it is monitoring.

    What are the Signs Your Computer is Infected with Spyware?
    Below are five signs that your computer might be infected with spyware:
    1. Your Web browser's homepage is reset to an undesirable Web site and you cannot change it back.

    2. You are experiencing problems with pop-up advertisements both when you are browsing the Internet and when you are offline and your Internet browser is closed.

    3. Your computer is running slower then normal and your connection to the Internet is not as fast as it used to be. You might also be experiencing abnormal network activity coming from your modem or broadband connection device (cable or DSL modem).

    4. When you are using your favorite search engine your searches are being redirected to an unfamiliar search engine or unrelated Web site.

    5. You notice strange additions to your Favorites list or you have a Start menu item that you never added.

    How to fight with the Spywares?
    Your PC becomes a battlefield when you are confronted with all those naughty spywares. You have to first gear up for fighting up with them. You need to know some important information so that you can create a virtual shield around your PC so that spywares cannot penetrate into your PC.

    The spywares take advantages of the open doors in your PC through which they enter your PC. They can be : using older versions of certain softwares, not updating your Windows regularly, not updating your anti-virus software and not having proper anti-spyware software and many more. You should first close these doors for which I have given methods in Avoiding Spyware Topic below.

    Avoiding Spyware: Ambush
    Below are some simple tips on how to avoid spyware:
    1. Make sure the Windows Update Service is always running to stay current with the latest security updates and service packs.

    2. Use additional backup protections. In addition to AntiSpyware softwares, make sure to run software or hardware firewalls and up-to-date antivirus applications to protect yourself against redirectors and viruses. AntiSpyware softwares are not a replacement for these.

    3. Beware of peer-to-peer file-sharing services. Many popular applications include spyware in their installation procedures. Also, never download executables over peer-to-peer sharing networks, because you cannot be absolutely certain what they are. Actually, it is a good idea to avoid downloading executables from anywhere but vendors or major well-known sites.

    4. Avoid “web bugs.� Web bugs are spies that are activated when you open contaminated HTML e-mail. They can work in many ways, but a very common example is sending an HTML email with a reference to a JPG or other graphic. When the recipient opens the mail, and the HTML is drawn, it obtains the picture from across the Internet as specific by the HTML mail’s author. This allows the mail’s author to effectively see when a mail is actually read. In addition, by sending a unique picture link to each mail address, they mail’s author can even tell which email address is valid, and at what time that particular user read the mail! Get rid of unsolicited e-mail without reading it when you can; turn off the preview pane to delete messages without opening them. In Outlook 2003, on the Tools menu, click Options, click on the Security tab and click Change Automatic Download Settings. Make sure you do not download pictures or other content automatically in HTML before the e-mail is checked.

    5. Beware of spam. Spam can use exploits in Internet Explorer or your e-mail client to download spyware to your computer.

    6. Do not install anything without knowing exactly what it is. This means reading the end-user license agreement (“EULA�) carefully, as some EULAs will actually tell you that, if you install the program in question, you have also agreed to install some spyware with the software. Check independent sources as well, as some EULAs will not tell you about spyware.

    7. Protect yourself against automatic downloads. Make sure your browser settings are stringent enough to protect you. In Internet Explorer, this means your security settings for the Internet Zone should be at least set to medium. Deny the browser permission to install any ActiveX control you have not requested. Optimum settings should be to disable unsigned ActiveX and option of scripting unsafe ActiveX Controls. You can find these settings in IE at
    Tool>>Internet Options>>Security>>Custom Level
    Here you should disable unsigned ActiveX and unsafe ActiveX. Also you should block cookies through Tool>>Internet Options>>Privacy. Also check Block Popups if you have IE 6 with SP2 on Windows XP.

    8. There is another alternative to tip no. 7 above which is to change the browser. Yes switch from IE to any other browser. The best alternative to IE is Mozilla Firefox or Opera.

    Ammunition Required:
    There are many softwares pretending to fight spywares and viruses but only few of them dare to do that and stand out. Here I am listing World famous Anti-Spyware, Anti-virus and other security softwares and will tell you who actually won the battle.
    The numbers shown are the actual rankings.

    Anti-Virus Softwares:
    1. McAfee VirusScan Pro 9.0
    2. Norton Anti-Virus 2005
    3. Panda Titaniun Antivirus 2005
    4. Kaspersky Anti-Virus Personal Pro 5.0
    5. avast! Antivirus v4.6
    6. Trend Micro PC-Cillin Internet Security 2005
    7. F-Secure Anti-Virus 2005
    8. AntiVir Personal Edition 6.0
    9. AVG Anti-Virus 7.0
    The brand name Symantec makes Norton the leader but sometimes truth is bitter to digest. Norton Anti-Virus is too heavy in terms of memory and CPU usage and loses sometimes in fast detection of viruses. I like McAfee for its fast response, easy usage and detection of almost all types of viruses. A real surprise is the New Panda Titanium Antivirus 2005 which has won my heart. If you want some free and good antivirus protection go in for Antivir Personal or AVG Free Editions. AVG is better in this case. According to a survey I read somewhere Kaspersky can detect maximum number of viruses so it is not a bad option either but I don’t like it.
    Conclusion is that go in for any one but McAfee, Norton or Panda are the true winners.

    Firewalls:
    1. ZoneAlarm 5.5
    2. McAfee Personal Firewall Plus 6.0
    3. Sygate Personal Firewall 5.5
    4. Kerio Personal Firewall
    5. Norton Personal Firewall 2005
    6. Windows XP Firewall
    ZoneAlarm wins because of easy usage and highly configurable but loses to McAfee in terms of a feature called Port Blocking. Sygate is also very good. Now, the real losers are Norton and Windows XP Firewall. Windows XP Firewall is not configurable and does not block outbound events and Norton – much better alternatives exist. Kerio Personal is also a good one.

    Internet Security Suites(Firewall+Antivirus)
    1. McAfee Internet Security 7.0
    2. Norton Internet Security 2005
    3. Kaspersky Internet Security 1.0
    4. ZoneAlarm Security Suite 5.5
    No discussions as there is only one undisputed winner: McAfee that has a right mix of all elements plus an antihacker. Rest of the two are also very good but not as McAfee. ZoneAlarm lost because of poor Antivirus capability.

    Anti-Spyware Softwares:
    1. Spybot - Search & Destroy 1.3
    2. Ad-aware SE 1.05 Personal
    3. Ad-aware SE 1.05 Professional
    4. Microsoft AntiSpyware 1 Beta
    5. SpySubtract
    6. SpywareBlaster 3.3
    7. Webroot Spysweeper
    In the free category Spybot and Ad-aware Personal and in the shareware category Ad-aware Pro wins. Microsoft has done really good work in releasing AntiSpyware program which has many rock solid features and real time detection but misses small utilities like Shredder. Also SpywareBlaster is a very good anti-spyware for protection from cookies and Internet Attacks.


    Now a special Mention of Browser Sentinel 2.0
    . It is a very good software for protecting your IE. It can detect all types of softwares, extensions, toolbars, bands and context menu extensions lingering to your browser and can remove the unneeded. It can also detect startup changes and that too in real time. A must download.
     
  8. shaunak

    shaunak Tux Fan

    Joined:
    Mar 5, 2004
    Messages:
    1,218
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Mumbai
    SAVE YOUR SELF FROM SPAM
    Spam is not only the inbox filling menance we all know but it can get pretty dangerous too. It resource hogs ISP(internet servive providers) and Spam can use exploits in Internet Explorer and download stuff into your pc that you might not want.
    1)make two email ids one private for friends and relations.DONOT circulate this id to strangers and websites for their newsletters.
    2)make another id providing false info and crazy usernames like "deadpope_xi"(no offence ment to anyone) etc. to circulate among websites for their newsletters.
    3)If your writing a walkthrough,post like this one,whitepaper,tutorial etc. where you must include the email id in the TEXT(not refering to the ones in your profile which must be clicked to be veiwed) use the following format:
    "xyz(a)abc.com
    replace (a) with @"
    this keeps mialerbots at bay. also for increased security include your public id here and not your private one.
    4) Some sites state in their privacy policies that even after you unsubscribe trom their newsletter or similar service which requiers them to mail stuff to you they will take 70-90 days to "process your request". indirectly it means be preparde to face spam from them for over a month. Best provide such sites with the 2nd email id which is your public mail id.
    5)lastly for god's sake lookfor email service providers with spam filters.

    those with already existing id where they recieve a mix of improtant and junk mails take the pains of making a new id and mailing it mannually to all your inportant contacts so that only important mails land up in it.
    _________________

    :arrow: :arrow: surf safe :arrow: :arrow:
     
  9. theKonqueror

    theKonqueror CCIE# 20863

    Joined:
    Dec 24, 2004
    Messages:
    166
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Outside the Matrix
    If you use internet in linux, most of the spywares can not be installed, and you get protected from these spywares. I use internet on both, WindowsXP, and Red Hat Enterprise Linux at my home. I scan regularly in Windows XP, and each 7-8 days, there is something spying the PC, or adware. But in linux, there are no spywares till today. :)
     
  10. navjotjsingh

    navjotjsingh Active Member

    Joined:
    Feb 12, 2005
    Messages:
    1,924
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Delhi, India
  11. aditya.shevade

    aditya.shevade Console Junkie

    Joined:
    Jun 29, 2006
    Messages:
    990
    Likes Received:
    3
    Trophy Points:
    0
    Location:
    USA
    Thnk you very much. It was very good to give the types of the spyware.

    Aditya
     
  12. –•(–•Raghav™•–)•–

    –•(–•Raghav™•–)•– New Member

    Joined:
    Oct 28, 2006
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    0
    I Doubt About Mcaffe..

    Even Aftr Having The L8st Updates..

    I Scanned My System Aftr 6 Months After The First Scan

    And Was Amazed To Find around 40 infected Files...
     
  13. abhijangda

    abhijangda New Member

    Joined:
    Jan 17, 2007
    Messages:
    834
    Likes Received:
    3
    Trophy Points:
    0
    Location:
    In your hearts
    Raghav you will find 40 infected files coz. you have done scan after 6 months. That's why it is said that we should do a full systm scan once a week. Coz imagine you are surfing a website which contains virus which have not been discovered yet but in the next day it is discovered and update is provided. You download it but haven't done full system scan then how av will be able to detect it if you will not done scan. So done full system scan once a week.
     
  14. Asfaq

    Asfaq Keyboard addict

    Joined:
    Feb 25, 2007
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Bombay, India
    What is HijackThis, and how do I use it?

    HijackThis is a program designed to identify malicious software and remove it from computers running the Windows operating system.
    HijackThis gathers information about web browser settings, certain areas of the Windows registry, and background processes that run every time the computer is powered on. Other programs like Ad-Aware and Spybot - Search & Destroy identify and remove only specific software that is known to be malicious. HijackThis differs from these programs because it provides a comprehensive list of registry entries, browser settings, etc., that identify legitimate settings and programs as well as malicious ones. Because of this, you must be extremely cautious when using HijackThis to fix your computer. The wrong change may cause more harm than what you are trying to remove.
    To run HijackThis, follow these steps:
    1. Download the HijackThis installer from the program's web site at: http://www.spywareinfo.com/~merijn/downloads.html Save the installer to your computer.
    2. Find where the program was saved. Double-click it; it will be unzipped with the default program used for this purpose.
    3. Locate hijackthis.exe and double-click it.
    4. Click OK through the warning.
    5. Click the button labeled Do a system scan and save a log file.
    6. HijackThis will display the results of the scan, or log file, in its own window. It will also open Notepad and automatically output the results to a new Notepad document.
    7. In the HijackThis scan results window, you can fix items (remove or delete them) by checking the box that corresponds to an item, and then clicking fix checked at the bottom of the window.
    For help in understanding the log file that HijackThis produces, you can use a service available at:
    http://www.hijackthis.de To use this service, follow these steps:
    1. Open the log file that HijackThis produced.
    2. Press Ctrl-a to select all text.
    3. Press Ctrl-C to copy the text.
    4. Visit: http://www.hijackthis.de
    5. Click once in the text box in the lower center of the page.
    6. Press Ctrl-V to paste the text in the text box.
    7. Click the Analyze button further down on the page.
    The resulting page will display thorough information about each item in the HijackThis log file, and will describe whether an item needs to be fixed or not.




    Source
     
  15. Shalu_Sharma

    Shalu_Sharma Guest

    Hmm.. Great page.. Like an encyclopedia...of sorts...

    I use KasperSky antivirus. Will try softwares you mentioned.
     
  16. QwertyManiac

    QwertyManiac Commander in Chief

    Joined:
    Jul 17, 2005
    Messages:
    6,656
    Likes Received:
    10
    Trophy Points:
    0
    @Asfaq - Not sure if I got your editing reason for a source right but this is Bat's original work right? That source of yours should have this place as its source, its a pure copy paste inclusive of the smiley used. Just right click on those smileys and click Copy Image Location and paste it in the address bar to find out :|
     
  17. Quiz_Master

    Quiz_Master * Teh Flirt King *

    Joined:
    Dec 31, 2005
    Messages:
    973
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Originally From : Ratlam M.P., Currently in: Hyder
    ^^ Yeah. You are right. THIS IS THE ORIGINAL .

    ASFAQ You should have checked content.
     
  18. OP
    OP
    it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Bloody **** .. They copied the whole article without any source at all ..



    Heck .. I wrote this article when people didnt even know what spywares were and you claimed my article is the one plagiarised .. this suck
     
    Last edited: May 7, 2007
  19. Liggy

    Liggy Is actually a real word..

    Joined:
    Jun 5, 2007
    Messages:
    443
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    cEhnEHdEH
    Good to see people know how to cut and paste... would be better if they included the source... would be better if they just gave the title and then provided the source (instead of filling up space here...)...
     
  20. ax3

    ax3 Cool as a CUCUMBAR ! ! !

    Joined:
    Dec 14, 2003
    Messages:
    5,388
    Likes Received:
    5
    Trophy Points:
    38
    nice tut .......... credits 2 u .......
     
Thread Status:
Not open for further replies.

Share This Page