Today, more and more new antispyware programs are created. Some are good products, come from reputable company, such as Trend Micro antispyware or maybe Webroot Spy Sweeper. However, new companies in this industry creates products called rogue antispyware.
These are bad antispyware products - they use certain tricks in their trial version to force users to buy their product. The most common way is by using false positive technique. That is by saying the computer is infected, even tough the system is perfectly clean. Worst of all, these malicious antispyware even install trojan horse in victims’ computer - in order to remove that, victim must purchase the license.
What raise my concern, is that such programs is on the rise. Over two hundreds suspected programs, and still counting. So, how do these companies spread their malicious programs to the world? You can guess it - one easy way is by using affiliate marketing. That’s how they can market these programs to thousands victims worldwide.
Actually, there’s nothing wrong earning money from affiliate program. If you’re a spyware specialist, or perhaps had years of experience cleaning infected computer, promoting antispyware programs would give a chance to earn money from your talent and knowledge. I also earning money by promoting antispyware programs. However, my advice is simple - watch what you’re promoting. Log on to spyware warrior rogue antispyware list - http://spywarewarrior.com/rogue_anti-spyware.htm and see if the program that you’re going to promote is inside the suspected list.
Some of spyware remover program that was in the list, is removed from the list (delisted), after certain correction is made and that apps is no longer shows false positive scan result.
![[Slashdot]](http://slashdot.org/favicon.ico)
![[Digg]](http://digg.com/favicon.ico)
![[Reddit]](http://reddit.com/favicon.ico)
![[del.icio.us]](http://del.icio.us/favicon.ico)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
What is widget?
In short, widget is small application that ease users to follow their favorite blog using RSS feed, monitor stocks, view news, check weather forecast, make desktop more attractive.
Type of Widgets:
There are two type; the desktop type and web widgets. Desktop widgets are application that runs on desktop. By default, Windows Vista already had installed desktop widgets. This is known as gadgets, it appears in Windows Vista’s sidebar. This would be an ease for Vista’s users since they can follow the feeds subscribe using Internet Explorer.
Web widget is another type that can be installed in any webpage or blog, with ease. Users can utilize Web Widgets to enhance a number of web-based hosts, or drop targets. Categories of drop targets include social networks, blogs, and personal homepages.
Security Issues
Recently, it is known that widgets are highly vulnerable to malware attacks. For one reason, widgets are built using Javascript and AJAX technology, making them exposed to cross-site scripting attacks. The developers also don’t concern a lot about the security of these apps. Just like browser, client e-mail and messenger program, widgets could possibly being hijacked, monitor users activity and creating botnets. Hence, savvy cyber criminals sees widget as a choice to execute malware and hijacker attacks.
In August, a vulnerability was identified that enabled a remote attacker to run codes on victims’ computer without his permission. For example, if a user add RSS feed from malicious websites, add malicious contact file, in the gadget, the attacker had a chance to run malicious program in that system. Because of this, Microsoft security update was released to addresses the vulnerability by improving validation code within Feed Headlines and Contact.
For Yahoo! Widgets, a vulnerability was discovered in version 4.0.3 that also allow attacker to run malicious codes in user’s PC. The flaws is caused by an error within ActiveX control that could cause a stack-based buffer overflow. Users can fix this problem by downloading the latest update to version 4.0.5. If not, the vulnerability will still exist.
Be careful, think twice before widget.
It is a good idea to run stay away from untrusted sources of widgets. Then, users should always takes malware prevention steps and having a good security software installed.
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.
The purposes:
The main purpose is to hide files, network connections, registry entries - in short, malicious codesĀ from other programs used by system administrators. Generally, rootkit is just a technology, it may be used for good or bad purposes. However, lately, lots of spyware used this technology in order to trick users.
Type:
There are different kinds of rootkits:
Persistent Rootkits
A persistent rootkit is one associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in, they must store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.
Memory-Based Rootkits
Memory-based rootkits are malware that has no persistent code and therefore does not survive a reboot.
User-mode Rootkits
There are many methods by which rootkits attempt to evade detection. For example, a user-mode rootkit might intercept all calls to the Windows FindFirstFile/FindNextFile APIs, which are used by file system exploration utilities, including Explorer and the command prompt to enumerate the contents of file system directories. When an application performs a directory listing that would otherwise return results that contain entries identifying the files associated with the rootkit, the rootkit intercepts and modifies the output to remove the entries.
The Windows native API serves as the interface between user-mode clients and kernel-mode services and more sophisticated user-mode rootkits intercept file system, Registry, and process enumeration functions of the Native API. This prevents their detection by scanners that compare the results of a Windows API enumeration with that returned by a native API enumeration.
Kernel-mode Rootkits
Kernel-mode rootkits can be even more powerful since, not only can they intercept the native API in kernel-mode, but they can also directly manipulate kernel-mode data structures. A common technique for hiding the presence of a malware process is to remove the process from the kernel’s list of active processes. Since process management APIs rely on the contents of the list, the malware process will not display in process management tools like Task Manager or Process Explorer.