Everybody knows the big names in the battle against malware - Adaware, Spybot, HijackThis. Today we're going indie, focusing on lesser known ways to avoid and remove all that bothersome software that your "friend" crapped up your rig with!
First things first. Try not to get infected in the first place.
It's common sense that if you can keep malware from getting its nasty little claws on your OS you won't have to bother with fancy removal tools anyway. But how to do it? Sure, real-time scanning will catch a lot of garbage, but why not give your PC a little extra help? Here are two really simple methods.
Outfox malicious sites using a hosts file. By making use of the lmhosts file win Windows, you can trick your computer into never seeing sites where a lot of malware originates. Our favorite is MVPS.org's; it's one of the most complete, frequently updated files you'll find on the net. All the nefarious domains are redirected to 127.0.0.1 - good ol' localhost - so any links to their evil apps just won't work because chances are pretty good that your PC isn't serving up WinSuperSpyRemover 2008. Gold.
The internet is a scary place. No, we're not talking about predators out to rob you or offer candy to your kids. We're talking about malware like viruses, worms, and trojans. According to security company Symantec, the amount of malware on the internet has reached an all-time high, with over 1 million malicious programs in circulation.
A surprsingly large number of those threats were developed in the last year, with 711,912 new pieces of malware coming out in 2007 compared with 125,243 in 2006.
The good news for Linux and OS X users is that most of these threats are targeted at computers running Windows. And the good news for Windows users is that most of these applications are variations of older threats, which means if your anti-virus software is up to date, you should be relatively safe.
Of course, Symantec puts reports like this out there in order to sell its own security software. But there are several excellent free anti-virus suites that will also help protect your computer from most threats.
There's nothing special about Windows Mobile, Palm, or Symbian devices that make them virus-resistant. It's just that for the most part malicious hackers haven't tried to target mobile devices because there hasn't been that much information worth stealing. But as people put more and more valuable data on their cellphones and PDAs, those devices are becoming more attractive targets.
And so we probably shouldn't be surprised that McAfee released an alert this week that a virus targeting the Windows Mobile operating system is making the rounds. The WinCE/InfoJack trojan has been packaged with several Windows Mobile programs, including a version of Google Maps, and a game collection.
McAfee has traced the program back to a single web site, whose maintainer says it was designed to track what type of devices people are using to run applications. But it has a ton of properties of a virus. For example, if it's on a memory card it will automatically install itself on a Windows Mobile device when that memory card is inserted. It backs itself up to protect itself from deletion. It installs itself as an autorun program, and allows unsigned applications to install without asking for permission first.
While there are a handful of anti-virus applications for Windows Mobile out there, something tells us we're about to see a lot more of them soon.
If you thought the Y2K bug had a lot of world ending potential, you might want to skip this post right now. If we don't blow ourselves up by 2038, the end of the world is going to have little to do with nukes and a lot to do with Unix because Unix systems can't keep track of the date past January 19, 2038.
According to Y2K38.info, Unix keeps track of the date and time using a four byte integer that represents the number of seconds past January 1, 1970. The integer can only get so big before having to restart from zero. If a machine can't restart it's time, which may be the case for many Unix systems, it will crash. Hackosis confirms this problem has the potential to affect Linux boxes too. Unfortunately, machines running on *nix operating systems act as the backbone for much of the cyber-world, meaning we may see anything from planes falling out of the sky to the internet shutting down when this hits.
Are you scared yet? Probably not, and neither are we. 2038 is far, far away, and it's very unlikely that we'll be using the same technology for pretty much anything when the year comes. Also, there's way too much money to be lost to a simple little bug, and no company's going to stand by and let that happen. Finally, keep in mind that Y2K38.info has been around since before the year 2000, meaning the author wrote much of the content on the site without seeing the results of the Y2K bug. However, the site is still up, so the author must believe it's still a problem. For those interested, the site is headlined by a countdown timer in binary, decimal, and date forms, which are definitely worth checking out if you're into ones and zeros.
Late last week, Intego Security released a press release detailing a new Trojan web variant, aimed at Mac users. A Trojan, known as OSX.RSPlug.A (or OSX/Puper), is installed on the system by the user, under the guise that it is a video codec, required for playing a free video file.
The installer, under the clever name MacCodec, requires administrative access to install (meaning the user has to not only specifically agree to download the file, he/she has to enter in the admin password before it will install), and instead of installing a codec, it runs a script that creates a scheduled task that changes the DNS server, in an attempt to redirect users to malicious phishing sites. Unsurprisingly, this Trojan seems to be almost exclusively targeting porn sites that offer those always-hard-to-resist "Download Sample Now" or "Free movie clip" downloads.
Like clockwork, the pandering , the hysteria and the schadenfreude has already hit the web. Many of these articles fail to adequately underscore a few points that, we at Download Squad, think are pretty important for users to consider:
ZoneAlarm has launched a public beta of a new security tool that basically puts your web browser into a sandbox. Visit sites you know are unsafe, check your bank statements on a computer that you know is infected with viruses and spyware.
We caught up with ZoneAlarm Director of Consumer Product Management John Gable at ShowStoppers in New York, and he told us a bit about the new product. ZoneAlarm ForceField sets up a "virtualized surfing" system, that prevents your PC from downloading malicious code from the web. It also prevents keylogging, blocks spyware, and scans downloads. There's also a private browsing feature that immediately erases all details of your browsing session once you shut down the browser.
ZoneAlarm ForceField is free while in beta, but will cost $30 when it's officially launched next year. The program works with Internet Explorer and Firefox (but not Opera), and is Windows only.
If you're like most computer users, you probably have nearly 900 MP3s on your computer. If you're like most Download Squad readers you probably have closer to 9,000. Either way, they could all be gone in the blink of an eye.
A new worm called W32.Deletemusic is moving from computer to computer in search of tasty MP3 files to eat (ie: delete). That's pretty much all this worm does. It won't steal your credit card information or other personal data. It won't send spam to everyone on your contact list. But it could remove hundreds or even thousands of files that you've paid to download or rip from your own CD collection.
It's not clear whether the worm was written by some amateur hacker looking to see what he could accomplish or someone hoping to spread an anti-piracy message, you know by deleting legitimate music files. Because that'll show you.
Anyway, the worm can Windows machines running Windows 95 through Vista. The worm can be removed, but by the time you discover your computer's been infected it may be too late. So you might want to disable autorun on your PC until you've updated your virus definitions.
Trojan horses are a nasty breed. They infect and hide, usually not letting on their presence to the user. One particularly nasty new Trojan is making its unwelcome presence known, and in a rather creative and underhanded way.
Both Sinowal.FY and Gpcode.ai encrypt a user's data, leaving in place a text file demanding $300 for a tool to decrypt your precious files. No word on what happens when you contact the culprits, but we can only imagine it's not a cash and carry sort of deal. Oh brother.
You know how most anti-virus/anti-spyware software can take up to an hour to run, bogging down your computer in the process? Turns out there's a faster (if slightly less thorough) way to give your computer a quick checkup.
Panda NanoScan is a browser-based program that scans for viruses, trojans and spyware. Since the database sits on Panda's servers, there are definitions for you to download. You just need to install a 400kb plugin the first time you run NanoScan with Internet Explorer or Firefox.
NanoScan doesn't search every single file on your computer for malware. Instead it takes a look at all your active processes and a set of crucial files and folders. The result is a blazing fast inspection, which takes just about a minute to run. If you want a more complete scan, you can run Panda TotalScan, which is larger, takes longer, but performs a more thorough search.
Now the downsides. There's no support for Vista yet, although it's in the works. Also, NanoScan and TotalScan find problems, they doesn't fix them. Obviously these browser-based solutions also don't offer real time protection if you download an infected file. So they're not replacements for a PC-based anti-malware program like AVG Free.
Edit: TotalScan does have a disinfect feature. You have to register (free) in order to activate it.
Google has another aquisition under its belt and this one is a little green. Not in the environment sense, but in a secure sense.
GreenBorder, based in Mountain View, California, has developed a way to isolate each internet session from the rest of a users PC. This way threats like viruses, spyware, trojans and malware can be secluded and tossed when users close down their browser window instead of potentially infecting machines. A green border displays around safe pages, and files that are downloaded from the internet can be opened in a virtual environment so as not to infect the rest of the user's machine.
The application is available for use in both Internet Explorer and Firefox. With over 100,000 downloads since October 31st 2006, the Windows version of the software is currently available on Download.com for $29.95, but knowing Google, this will be down to free in no time at all.
There is no word yet on the final purchase price of GreenBorder.
If you are looking for some kind of product information for your new DVD player or Samsung TV, beware. Samsung's website has a keylogging Trojan lurking around. Please, what ever you do, be careful (as if I need to tell you) . It really sucks to have your computer compromised, not to mention your identity due to someone else's security breach. In general most users should be okay going directly to Samsung's site, but those going through IM or email links may have trouble. The Trojan also requires that a user accept a download (which may seem legitimate) so it isn't like you'll have no choice in the matter. Another thing is please alert your less-savvy friends and relatives, because things like this are tricky to gauge when they look but aren't in fact legitimate. This public service announcement (not) brought to you by the news.
When will they ever learn? Poker blogger and self-avowed geek Wil Wheaton has a note about Rakeback calculator, which F-Secure says contains a trojan. Apparently when RBCalc.exe is run, it drops the payload on your machine, which then proceeds to snatch your logins to familiar poker websites. The distributor, Checkraised.com, has disavowed any knowledge, and put up a welcome how-to for removing the suspect payload. Looks like this was the work of a lone coder, but will online poker ever carry the same feeling of comfort and safety ever again? I hope Checkraised is a little more careful in the future...
Turns out it is
possible to teach an old horse new tricks. It seems there's a Trojan horse going around that, if run, will put your
files into an encrypted zip file and delete the originals. It also leaves a file called AUTO_ZIP_REPORT.TXT that
contains instructions on getting your files back: send $300 ransom to an E-Gold account. The text file says, "If you really care about documents and
information in encrypted files you can pay using electonic currency $300. Reporting to police about a case will not
help you, they do not know password. Reporting somewhere about our E-Gold account will not help you to restore files.
This is your only way to get yours files back." The Trojan is apparently not widespread, having been sent by
e-mail to relatively few victimgs, and is not considered a major threat, though the virus' originator is using scores
of E-Gold accounts to avoid shutdown.
Maybe this isn't enough to sound the bell across
the land, but, as expected, there are still security vulnerabilities out there hitting the Linux and Mac folks. Last
week there was that Mac
Trojan, which was just a proof-of-concept (and not a good one at that). There's still a nasty Safari hole that Ars Technica is insisting is a major problem. I'm
inclined to agree, shell scripts can do some damage. And then I see a worm
for Linux that targets Mambo and PHP. The PHP fix has been out for a while (provided you update things regularly),
but the Mambo hole is still there. Ah security, will it ever end? As long as people use computers, I think not. My
first virus (and hence, exposure to the need for security) was on a Mac, what was yours?
It was nothing if not inevitable: Mac Rumors
is reporting that the first virus targeting Mac OS X has been spotted in the wild. The site is
careful to classify the virus as a trojan because it doesn't exploit any hole in the OS but instead tricks the victim
into executing it. The trojan spreads by masquerading as an archive called "latestpics.tgz" containing
screenshots of OS X 10.5 Leopard. The archive contains a files presents themselves with a standards JPEG icon but is in
fact an executable that, when opened, infects other executable files on the machine. Once executed, the trojan spreads
itself via iChat. Sophos has named the virus "OSX/Leap-A" and given it a low prevalence rating.
Late last week, Intego Security released a 
When will they ever learn? Poker blogger and self-avowed geek Wil Wheaton has a note about 
Maybe this isn't enough to sound the bell across
the land, but, as expected, there are still security vulnerabilities out there hitting the Linux and Mac folks. Last
week there was that 
