top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

(Malware/Spyware cont)

 

Riskware: This type of malware includes all applications that increase the user’s security risk when running. As with spyware and adware installation, riskware installation may be confirmed by license agreement. “Dialers” are a common example of Riskware–programs that divert connection to a preset paid number. Such programs can be legally used for Internet service payments, but they are often misused and the diverting occurs without the user’s awareness.


Dangerous applications: A dangerous application is the term used for legal programs that, though installed by the user, may subject him/her to security risks. Examples include commercial keylogging or screen capture, remote access tools, password-cracking and security testing programs.
 

Hoaxes: A hoax is deliberate misinformation sent by email and spread with the help of an unsuspecting or uninformed public. Hoaxes are typically designed to get a user to do something they should not do. Malicious hoaxes often advise users to delete valid operating system files, claiming that the file is a dangerous virus.

In many cases, hoaxes refer to a credible institution/company in order to gain the reader’s attention. For example, “Microsoft warns that…” or “CNN announced”. These messages often warn of disastrous or even catastrophic consequences. The warnings have one thing in common – they urge users to send the messages to everyone they know, which perpetuates the life-cycle of the hoax. 99.9% of these types of messages are hoaxes.

Hoaxes cannot spread by themselves, the only way to protect yourself is to verify the authenticity of an email message's claims before taking any action.
 

Scams: Broadly defined, scams are deceptions perpetrated on computer users for the purpose of financial gain or identify theft. One of the most common scams involves an unsolicited fax, email, or letter from Nigeria or other West-African nation. The letter will appear to be a legitimate business proposal, but will require an advanced fee from the target. The proposal is of course fraudulent, and any fees paid by the target are immediately stolen.

Another common form of scamming includes phishing email messages and websites. The purpose of these scams is to gain access to sensitive data such as bank account numbers, PIN codes, etc. Access is usually achieved by sending email masquerading as a trustworthy person or business (financial institution, insurance company).

The email (or website that the user is directed to) can look very genuine and will contain graphics and content that may have originally come from the source that it is impersonating. The user will be asked to enter personal data such as bank account numbers or usernames and passwords. All such data, if submitted, can easily be stolen and misused.

It should be noted that banks, insurance companies, and other legitimate companies will never request usernames and passwords in an unsolicited email. For more information on hoaxes, scamming, and phishing, click here.

 


Remote attacks

Special techniques which allow attackers to compromise remote systems. These are divided into several categories:
 

DoS attacks: DoS, or Denial of Service, is an attempt to make a computer or network unavailable for its intended users. DoS attacks obstruct communications between affected users, preventing them from continuing in a functional way. One common method of attack involves saturating the target machine with external communications requests, so that the target machine cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. Such attacks usually lead to a server overload. Computers exposed to DoS attacks usually need to be restarted in order to work properly.

The targets of DoS attacks are web servers and the aim is to make them unavailable to users for a certain period of time.
 

DNS Poisoning: Using DNS (Domain Name Server) poisoning, hackers can trick the DNS server of any computer into believing that fake data is legitimate and authentic. The fake information is cached for a certain period of time, allowing attackers to rewrite DNS replies of IP addresses. As a result, users trying to access DNS poisoned websites will download computer viruses or worms instead of the website's original content.
 

Port scanning: Port scanning is often used by hackers attempting to compromise security. Port scanning is used to determine which computer ports are open on a network host. A port scanner is software designed to find such ports.

A computer port is a virtual point which handles incoming and outgoing data – this is crucial from a security point of view. In a large network, the information gathered by port scanners may help to identify potential vulnerabilities. Such use is legitimate.

 

TCP desynchronization: TCP desynchronization is a technique used in TCP Hijacking attacks. It is triggered by a process in which the sequential number in incoming packets differs from the expected sequential number. Packets with an unexpected sequential number are dismissed (or saved in buffer storage if they are present in the current communication window).

 

SMB Relay: SMBRelay and SMBRelay2 are special programs that are capable of carrying out attacks against remote computers. The programs take advantage of the Server Message Block file sharing protocol which is layered into NetBIOS. A user sharing any folder or directory within the LAN most likely uses this file sharing protocol. Within local network communication, password hashes are exchanged.

 

ICMP attacks: ICMP (Internet Control Message Protocol) is a popular and widely-used Internet protocol. It is used primarily by networked computers to send various error messages.

Remote attackers attempt to exploit the weaknesses of ICMP protocol. ICMP protocol is designed for one-way communication requiring no authentication. This enables remote attackers to trigger DoS (Denial of Service) attacks, or attacks which give unauthorized individuals access to incoming and outgoing packets.

Typical examples of an ICMP attack are ping flood, ICMP_ECHO flood and smurf attacks. Computers exposed to an ICMP attack will experience significantly slower performance in applications that use the Internet and have problems connecting to the Internet.

 

 

List of Bad Software/Programs

 

Ongoing list of unwarranted programs. Typically one install will allow others to follow without your knowledge. List gets updates as I discover them. Some of these are very sophisticated and sometimes difficult or impossible to remove.

 

- Any Protect    - Appbario12 toolbar     - App Enable      

- BlockAndSurf

- Consumer Input

- DoowinSave     - Driver Restore     - Driver Support

- EaxstrrASavingsis

- fst_us_118

- Gorillaprice (Can only be removed via the registry editor)     - Groovorio

- Highlighty

- Installer     - iWebar

- LiveSupport

- MinimuimPriCie     - My PC Backup

- Object Browser     - Optimizer Pro     - Optimizer Pro vX.X

- PastaQuotes     - PC Clean Maestro     - PC Fix Speed     - PC Performer     - PC Powerspeed     - PC Speed Clean     - PC Tech Hotline

- PCSpeedCleaner     - Price Gong     - PriceMeter    

- saave On     - ScanTack     - Search module     - Search Protect     - Shopper Pro     - Smart Media - Converter

- Software updater by Glorysoft Ltd.     - SO_Booster     - SO_Sustainer     - Speed Analysis     - Supra savings

- Unchecky

- Wajam     - WeatherBug     - Weathewrbug     - Webcake     - WSE_Vosteran

- Youtube Ad Blocker

 

There are many more similar programs like these. Be sure to watch what gets installed and uncheck or cancel unwarranted programs.

 

To remove these;

1. Go start, then to 'Control Panel', then 'Add/Remove programs' or 'Programs'. In Windows 8 use the search feature to the right for control panel. 

2. Sort by 'date installed' because typically they get installed around the same time.

 

Lastly, always keep your Anti-Virus and Ati-Malware programs up to date!

bottom of page