ComputerWorld - Programs covering the full range of hacking software, from Trojans to keyloggers to step-by-step tutorials on how to effectively hack Web sites and personal information, are now available on eBay Inc.’s online auction site, raising the concerns of one security company.
“It’s a simple matter of searching for it now” said Magida Ezzat, marketing communications manager at PC Tools.
“It’s also very, very cheap — it’s possible to even get it for free.” Although the programs are readily available on the Internet outside of eBay, the concern is that, since eBay is accessed by the general public, new audiences could become aware of how easy it is to get hacking tools. “People don’t need to be highly technical to access and use hacking software,” Ezzat said.
Although awareness of how to obtain and use hacking software is on the rise, policing and preventing the sale of the software remains difficult.
“For a Web site as large as eBay, policing is a near impossible task,” Ezzat said. Nonetheless, security-focused Web sites such as eBay are aware of the problem. “Hacking software that was available yesterday has been taken off the auctions today,” Ezzat said.
The good news is that hacking software auctions aren’t very popular at this stage. A search of the eBay Web site reveals that very few auctions featuring hacking software have any bids.
![[Slashdot]](http://slashdot.org/favicon.ico)
![[Digg]](http://digg.com/favicon.ico)
![[Reddit]](http://reddit.com/favicon.ico)
![[del.icio.us]](http://del.icio.us/favicon.ico)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
The four Chinese cyber-criminals behind the Fujacks worm have been jailed by a Chinese court.
Fujacks caused havoc earlier this year when it covertly stole usernames and passwords from online gamers, and converted icons of infected programs into a picture of a panda burning joss-sticks.
Li Jun, who confessed to writing the worm and selling it to 12 clients for more than ¥100,000 yuan (£6,250) was sentenced to four years in prison by a court in Xiantao in Hubei province.
Wang Lei, Zhang Shun and Lei Lei were sentenced to between one year and two and a half years in jail for their part in the scheme.
“Chinese cyber-criminals are not just hitting PCs in their own country, but affecting computer users worldwide, so it is encouraging to see the authorities taking action against the perpetrators,” said Graham Cluley, senior technology consultant at Sophos.
“A surprising proportion of malware written in China is designed to steal credentials from players of massively multi-player online role-playing games.”
Chinese authorities said that the majority of the Fujacks infections have been dealt with after police persuaded Li Jun to write a counter-agent to his program to clean-up infected computers.
“Despite the worm’s author writing a program to clean up his infestation, it does not seem to have gained him much sympathy from the authorities,” noted Cluley.
Chinese hackers have been making the headlines recently. Online attacks on governments in the US, UK and Germany have been blamed on Chinese hackers working for the Chinese People’s Liberation Army (PLA), a claim that China has strongly denied.
Today, more and more new antispyware programs are created. Some are good products, come from reputable company, such as Trend Micro antispyware or maybe Webroot Spy Sweeper. However, new companies in this industry creates products called rogue antispyware.
These are bad antispyware products - they use certain tricks in their trial version to force users to buy their product. The most common way is by using false positive technique. That is by saying the computer is infected, even tough the system is perfectly clean. Worst of all, these malicious antispyware even install trojan horse in victims’ computer - in order to remove that, victim must purchase the license.
What raise my concern, is that such programs is on the rise. Over two hundreds suspected programs, and still counting. So, how do these companies spread their malicious programs to the world? You can guess it - one easy way is by using affiliate marketing. That’s how they can market these programs to thousands victims worldwide.
Actually, there’s nothing wrong earning money from affiliate program. If you’re a spyware specialist, or perhaps had years of experience cleaning infected computer, promoting antispyware programs would give a chance to earn money from your talent and knowledge. I also earning money by promoting antispyware programs. However, my advice is simple - watch what you’re promoting. Log on to spyware warrior rogue antispyware list - http://spywarewarrior.com/rogue_anti-spyware.htm and see if the program that you’re going to promote is inside the suspected list.
Some of spyware remover program that was in the list, is removed from the list (delisted), after certain correction is made and that apps is no longer shows false positive scan result.
How do you evaluate an antivirus program? The best antivirus software is not necessarily suit for everyone. It depends on certain factor; for example the ease of use, the quality of each scanning, additional feature set and the price.
The AVG antivirus by Grisoft is the free version that is quite popular nowadays. It has been awarded VB 100% award for six yeas consequently. The free version only provide basic scanning and update. No real-time protection, no auto scanning and no customer support. For most home users, this one is just good enough, since they don’t get infected by malware frequently. Plus, it is better since it’s free.
However, in my opinion, the interface for AVG free edition is somewhat not attractive. Some functions can’t be accessed that easy. If you’re looking for free antivirus, I recommend Bit Defender Free edition. Bit Defender has the scan engine that pass VB100% award and ICSA Labs. Plus, the interface is very neat, and easy to understand. Just like most free antivirus, it’ll scan only on demand and no additional features, such as firewall or antispyware.
These are list of free antivirus software:
What is widget?
In short, widget is small application that ease users to follow their favorite blog using RSS feed, monitor stocks, view news, check weather forecast, make desktop more attractive.
Type of Widgets:
There are two type; the desktop type and web widgets. Desktop widgets are application that runs on desktop. By default, Windows Vista already had installed desktop widgets. This is known as gadgets, it appears in Windows Vista’s sidebar. This would be an ease for Vista’s users since they can follow the feeds subscribe using Internet Explorer.
Web widget is another type that can be installed in any webpage or blog, with ease. Users can utilize Web Widgets to enhance a number of web-based hosts, or drop targets. Categories of drop targets include social networks, blogs, and personal homepages.
Security Issues
Recently, it is known that widgets are highly vulnerable to malware attacks. For one reason, widgets are built using Javascript and AJAX technology, making them exposed to cross-site scripting attacks. The developers also don’t concern a lot about the security of these apps. Just like browser, client e-mail and messenger program, widgets could possibly being hijacked, monitor users activity and creating botnets. Hence, savvy cyber criminals sees widget as a choice to execute malware and hijacker attacks.
In August, a vulnerability was identified that enabled a remote attacker to run codes on victims’ computer without his permission. For example, if a user add RSS feed from malicious websites, add malicious contact file, in the gadget, the attacker had a chance to run malicious program in that system. Because of this, Microsoft security update was released to addresses the vulnerability by improving validation code within Feed Headlines and Contact.
For Yahoo! Widgets, a vulnerability was discovered in version 4.0.3 that also allow attacker to run malicious codes in user’s PC. The flaws is caused by an error within ActiveX control that could cause a stack-based buffer overflow. Users can fix this problem by downloading the latest update to version 4.0.5. If not, the vulnerability will still exist.
Be careful, think twice before widget.
It is a good idea to run stay away from untrusted sources of widgets. Then, users should always takes malware prevention steps and having a good security software installed.
Today, keeping your computer safe becomes is a big challenge. More threat is created. Long time ago, before the internet takes over the world, virus threat is feared among computer users. But now, since all computer are connected to the internet, the threat is getting more complicated and it spread faster. Today, not only virus, we also got trojan Horse, worms, keylogger, spam and spyware.
The question now, how can we handle all these threat? To counter the virus threat, lots of labs are dedicated to create anti-virus software. Hence, to fight back the spyware threat, it is important to install a good anti-spyware.
However, as you can see, today, there are lots of anti-spyware programs. Which one is the best? Which one give the protection and removal that you need? Most importantly, some of these programs are fake. How can you differentiate between the good and the bad ones?
Well, to find a good anti-spyware, you must take certain factors into consideration. First of all, the effectiveness. An effective anti-spyware program must have lots of spyware in the definition. Then, it must be updated at least once per day. Most importantly, the support must be excellent. Yes, without a good support from the publisher, even the best spyware remover program can’t guarantee that your computer is 100% clean. Good support team will help you, and will clean your computer, in case you got serious spyware problem.
Then, one more thing to be considered is the protection level. Some spyware remover only care about removal part, but not the protection part. Some of them only block unwanted objects in Internet Explorer. A good anti-spyware must be able to defend you registry itself. Why? Because registry is the main target of most malware. Any hijacker that is going to change your Internet Explorer homepage, must access the registry first. Any spyware that wants to run on Windows Startup also must access the registry. Adware that wants to install toolbar on your browser will have to access registry. In short, find an anti-spyware program that guard your registry. There could be lots of program, but too little that provide registry guard.
There are lots of fake or rogue spyware remover program today. Some of them trick users by saying that your computer is infected, some of them even install trojan, in order to make users buy their product. How to avoid these fake apps? One simple thing - see the certification. Like Better Business Bureau (BB Online) Badge. Or perhaps high rating from a reputable lab, such as CNet or Tucows.
One more thing, your program must be user friendly. The interface must be neat and easy to navigate. The program must be easy to load. It also must not create conflict with your anti-virus software. Also, don’t install a program that slows down your system.
In summary, a good anti-spyware program must have good support, daily update, have a good rating from popular labs, guard system registry and must be user friendly. Is there any spyware remover program that has such features? Is there any company that create almost perfect anti-spyware program? There is. It is Sunbelt CounterSpy. It has daily update, good support and highly rated by CNet and Tucows lab. Also, the interface is user friendly and it won’t slow down your system. What I like most about this program, is the Active Protection will guard both registry and IE browser.
In short, if you’re looking for an anti-spyware product, you should try CounterSpy.
Copyrights (C) 2007 by Azlan. All rights reserved. Do not copy this without my permission.
August 30, 2007 (Computerworld) — A second line of USB drives sold by Sony Electronics Inc. that uses rootkit tactics to hide files has been identified, and the devices’ software remains on the Web, a researcher said today.
Hackers using just one of the package’s files can mask their attack code from some security scanners, said Mikko Hypponen, chief research officer at Helsinki, Finland-based F-Secure Corp. “This new rootkit [which can still be downloaded] can be used by any malware author to hide any folder.”
On Monday, F-Secure announced that the fingerprint-reader software included with Sony’s MicroVault USM-F flash drives stores files in a hidden directory that could be used by hackers to cloak their malicious code. F-Secure noted that the USM-F models were difficult, but not impossible to find. Sony has since confirmed that the line has been discontinued.
But its replacement, the USM512FL, is widely available, and shares the rootkit-like techniques of its predecessor. “They have the same functionality in the latest as well,” said Hypponen.
Sony has removed the download links for the USM-F and USM512FL software from its MicroVault support site, but Computerworld was easily able to locate a live link — and download the software — by searching through Google’s cache.
Since F-Secure disclosed Sony’s newest rootkit snafu, several other research teams have confirmed the company’s findings. On Tuesday, McAfee Inc. analysts agreed that hackers could use one of the executable files in the USB drive software to hide any folder, and all the files in that folder, from the prying eyes of security scanners. “Alternately, [attackers] could simply hide their malicious creations in the default installation directory itself,” McAfee researchers Aditya Kapoor and Seth Purdy said in a post to the Avert Labs’ blog.
Kapoor and Purdy also identified FineArt Technology Co., a Taiwanese developer, as the makers of the fingerprint-reading MicroVault software. On its Web site, FineArt touts Fingerprint Disk, a suite of tools for authenticating fingerprint-access and encrypting files and folders. FineArt could not be reached Thursday because of time zone differences.
“[Their] apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives,” said Kapoor and Purdy. “However, in this case the authors apparently did not keep the security implications in mind.”
U.K.-based Sophos PLC also confirmed the presence of rootkit technologies in the FineArt-created software bundled with the MicroVault drives.
Sony, meanwhile, was still looking into the claims as of late Wednesday, said spokesman Tom Di Nome, who had little to share. “We are still investigating this and are taking the issue very seriously,” he said.
These latest rootkit charges are not the first to be leveled against Sony. Nearly two years ago, security researchers spotted rootkit-like cloaking technologies used by the copy-protection software that Sony BMG Music Entertainment installed on PCs when customers played the label’s audio CDs. The Federal Trade Commission later alleged that Sony had violated federal law and settled with the company earlier this year. Before that, Sony paid out nearly $6 million to settle cases with the U.S.
The concern now is that attackers will use the FineArt/Sony files — which can still be downloaded from Sony’s Web site — to add invisibility to their exploits.
But in a blog posting this morning, F-Secure’s Hypponen stressed that while the MicroVault and Sony BMG cases are similar, this newest security breakdown is not as flagrant. “The fingerprint driver does not hide its folder as ‘deeply’ as does the XCP [the rootkit-style software developed by Fortium Technologies Ltd. for use by Sony BMG] folder,” said Hypponen. “The MicroVault software probably wouldn’t hide malware as effectively from [some] real-time antivirus scanners.”
computerworld.com
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.
The purposes:
The main purpose is to hide files, network connections, registry entries - in short, malicious codes from other programs used by system administrators. Generally, rootkit is just a technology, it may be used for good or bad purposes. However, lately, lots of spyware used this technology in order to trick users.
Type:
There are different kinds of rootkits:
Persistent Rootkits
A persistent rootkit is one associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in, they must store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.
Memory-Based Rootkits
Memory-based rootkits are malware that has no persistent code and therefore does not survive a reboot.
User-mode Rootkits
There are many methods by which rootkits attempt to evade detection. For example, a user-mode rootkit might intercept all calls to the Windows FindFirstFile/FindNextFile APIs, which are used by file system exploration utilities, including Explorer and the command prompt to enumerate the contents of file system directories. When an application performs a directory listing that would otherwise return results that contain entries identifying the files associated with the rootkit, the rootkit intercepts and modifies the output to remove the entries.
The Windows native API serves as the interface between user-mode clients and kernel-mode services and more sophisticated user-mode rootkits intercept file system, Registry, and process enumeration functions of the Native API. This prevents their detection by scanners that compare the results of a Windows API enumeration with that returned by a native API enumeration.
Kernel-mode Rootkits
Kernel-mode rootkits can be even more powerful since, not only can they intercept the native API in kernel-mode, but they can also directly manipulate kernel-mode data structures. A common technique for hiding the presence of a malware process is to remove the process from the kernel’s list of active processes. Since process management APIs rely on the contents of the list, the malware process will not display in process management tools like Task Manager or Process Explorer.
But experts say new features still aren’t true anti-rootkit technologies
By Kelly Jackson Higgins
Senior Editor, Dark Reading
Intel today rolled out a new desktop processor for business machines with hardware-based security features that it says can help prevent stealth malware attacks and better secure virtual machines.
The new vPro 2007 Platform, which was code-named Weybridge by Intel, also comes with an upgraded feature that better tracks and logs network traffic for malicious patterns, as well as support for 802.1x and Cisco NAC platforms so that if the operating system is down, you can still manage the endpoints because network security credentials are stored in hardware. Intel’s new vPro platform also comes with new built-in management and energy-efficiency features.
Mike Ferrin-Jones, Intel’s director of digital office platform marketing, says attackers increasingly are writing stealthier malware that evades detection by software-based tools, and some that even disable them: “That gives them free rein over the system.” That has held some enterprises back from going with virtualization technology, he says.
Intel’s new processor — via its so-called Trusted Execution Technology (TXT) and Intel Virtualization Technology for Directed I/O features — can better protect virtualized software from these kinds of attacks by detecting any changes to the virtual machine monitor; restricting memory access by unauthorized software or hardware; and protecting virtual machines from memory-snooping software, according to the company.
Stealth malware expert Joanna Rutkowska, founder of Invisible Things Lab, says Intel’s new Trusted Execution Technology (TXT) and Intel Virtualization Technology for Directed I/O features sound like a step in the right direction for protecting against stealth malware attacks, as are AMD’s SKINIT and External Access Protection features, which were released last year.
“I don’t believe we can address some problems like kernel rootkits and especially virtualization-based rootkits, without help from the hardware vendors,” she says.
Rutkowska says based on what she could surmise from the press materials provided to her, Intel’s Virtualization for Directed I/O appears “to let you create more secure hypervisors and deploy secure micro kernel-based OSes, she says.
Still, these technologies aren’t true anti-rootkit technologies, she says. “They are, rather, technologies that [for example] would allow [you] to build better OSes, not prone that much to rootkit infections as the OSes we have today [are].”
The key, Rutkowska says, is for OS and software vendors to use Intel’s new hardware-based security, as well as AMD’s in its new Barcelona processors. “It’s all in the hands of software and OS vendors now,” she says. “If they don’t redesign their products to make use of those new technologies in a proper way, those new technologies will be pretty useless.”
Intel’s Ferrin-Jones says hardware-based security in the new platform, based on Intel’s Core 2 Duo processor and Q35 Express chipset, help where software-based security cannot. “Most security applications run inside the OS,” he says. “For the systems to be protected and secured, those apps have to be up and running, as does the OS.” Features such as “remote wakeup” capabilities aren’t secure or available if the OS goes down.
Meanwhile, major computer makers and resellers are now selling desktops with the new vPro processor, according to Intel, including Dell, HP, and Lenovo, and the company says 350 organizations have already deployed it.
Intel is also currently working with virtual machine monitor and security software vendors to enable their products to work with the new platform, Ferrin-Jones says.
source: http://www.darkreading.com
Overview:
SpyBot S & D is a famous anti-spyware program, and is developed as free project since 2000. This program had won lots of awards: World Class 2003 Awards, the PC Magazine Editors Choice and PC User Top Buy #1. Spybot has also been recommended by ZDNet, the Wall Street Journal, The Guardian, MSNBC, CNN. Trusted and recommended by many computer expert worldwide.
Main features:
-
Able to remove spyware, adware, trojan, tracking cookie, worm, dialer, keylogger, hijackers and some rootkits.
-
At the moment it scans at 433527 places in the system and makes comparisons there. Further SpyBot have 80647 detections rules and scan for 3250 single products.
-
Real-time protection will block known malicious applications.
- Allow/Block registry changes.
-
Weekly update.
-
Good support included. You’ll get the support either using forum or http://www.safer-networking.org/en/contact/index.html .
Additional Tools:
-
Secure shredder - delete selected private files so that it won’t be able to be recovered.
-
Guard system Startup to avoid malware starting up with your Windows.
-
Uninstaller info - information about all application that is already installed in your computer. You may uninstall any unwanted apps using this tool.
-
Host file - Block access to known malicious websites
-
Guard your browser and ActiveX objects.
-
Tea Timer - block malicious process. Allow/deny registry access.
-
Support different languages and even for blind users.
-
Lots of spyware definition in the database.
-
Lots of tools;
-
It is free
Contras:
-
The interface is not neat and attractive.
-
Each time, you’ll have to update from different mirror.
-
Only one type of scan, most anti-spyware these days have quick scan, custom scan or full scan.
-
Scan engine is not fast.
-
System resources can run extremely high with this product.
-
Since it is famous, lots of spyware is trying and able to avoid from being detected with this.
Bottomline:
If you experience spyware problem now, this one is worth trying, since it is free. But don’t expect too much from it. Sometimes, it missed lots of spyware. It’s better for you to find other anti-spyware program. My rating 3/5.
Download SpyBot
Watch Video Tutorial
« Previous Entries