Pages

Friday, June 26, 2009

Spyware (Part - 1)

A Spyware is any technology or software that gathers personal information of a person or the confidential information of a organization. A Spyware is a malicious application that is installed in the computer with or without the knowledge of the user. The Spyware, as its name suggest perform the function of a spy. It collects several information from the computer and send the information to the attacker. Some spywares allows the user to configure the victim's computer to his needs. The spyeare may be installed in to the computer without the knowledge of the user through the drive by download or by clicking the link on the pop-up window. But there are spywares available in the market which help the parents to track the sites visited by their children. As you may know that the browser stores the information about the sites you visited in the cookies. If the personal information about you are stored in the cookie, then cookie can be considered as a spyware. In the beginning stage the function of the spyware is just monitering the user. But as the time passes, more powerful spyware were introduced. There functions are not just limited to the simple monitering the user. It can not only collect the browsing habts of the user but can also install the software that will interfere with the normal operation of the computer. You may someetimes noticed that you cannot access the internet, but the data transfer occurs between your computer and the internet without your permission. That may be because of the spyware. Some people asks through the sites like yahoo answers, ibibo.com etc about the problem of the spyware redirecting the website. Even if they entered the correct website address, they are redirected to another site. This shows that your browser has compremissed with the spyware installed. As you may know, any personal information that is collected without the knowledge of the user by any means is a crime. Similarly the creaton and uasge of spyware that collects the personal information about the other people or organization is a crime. Many countries have made strict laws to prevent the spyware. Yet there are people creating the spyware, challenging the laws of their own nation.



Add to Technorati Favorites Bookmark and Share





Wednesday, June 24, 2009

Microsoft Malicious Tool For Computer Virus Removal

You may know that Microsoft releases the patches for the new computer viruses and the bugs they found. They also releases some viral removal tools such as Rootkit Revealer for the Windows users. The arrival of these tools as well as the applications for keeping the computer away from the attack of the malicious programs proves their concern about the security of the computers running on Windows. Microsoft is spending splendid resources including time for the Windows Users. They want Windows to be the secure Operating System. You may be noticed that the new Operating Systems that the Microsoft releases are having far good security than its older versions. Some releases even threatened the anti virus software firms. But the virus makers found the loop holes in the security measures and creats the virus that exploits the loop hole to its maximum extend.
There are several softwares available in the Microsoft's website for the computer security. Millions of people have downloaded and installed these softwares. The people who do not download these software may due to the lack of internet connection or due to unawareness or they are using the pirated version of the Windows fearing that they would be caught if they connect to the Microsoft's website. Dont worry about that, you can download it from other trusted websites like Brothersoft, CNET, filehippo etc.
Microsoft has released a malacious removal tool which is a freeware and can be downloaded from the internet. The tool is ment for Windows Vista, XP, 2000, 2003 Windows Server. This Malacious Software Removal Tool can remove any malacious software that is running behind the process tree. For running the application you have to download the application. Then install it in your computer. You can install the application only if you are accessing the computer with your administrator account. After installing the application you can run the software and perform the scan. It will remove all the malacious software running in th process tree. You can use it along with the other anti virus softwares.
The application to be download is 8.4 MB in size. The file name is "windows-kb890830-v2.11.exe". You can download it from:


Add to Technorati Favorites Bookmark and Share





Crazy Boot Computer virus

Crazy Boot is a computer virus that is capable of infecting the computers running on Windows. It spreads through the floppy disks. When a host computer is booted from a floppy disk infected by the Crazy Boot virus, the virus starts infecting the host computer. However it does not cause any physical damage or direct loss of information. It is a boot virus. It infects a computer only when the computer is booted from an infected disk. When a computer is booted from an infected floppy, then Crazy Boot infects the Master Boot Record. It reads the highest memory location from the RAM and reside in the highest memory location. Once it gets in to the memory, it starts infecting files that are not write protected.
Crazy Boot virus is a stealth virus. If you try to examine the infected boot sector, it displays the correct boot sector information. It also displays the message:

DON'T PLAY WITH THE PC!
OTHERWISE YOU WILL GET IN 'DEEP, DEEP' TROUBLE!. . .
CRAZY BOOT VER. 1.0

There is a very low chance for a computer get infected bu the Crazy Boot virus today since the era of floppy disk is almost over and due to the security measures included in the Windows available today in the market. It is very risky to disinfect the boot sector using the FDISK/MBR. It is because Crazy Boot virus will not place the MBR in its correct location. But the location is known to Crazy Boot virus. It is better to use a proper antivirus to remove the virus.


Add to Technorati Favorites Bookmark and Share



Tuesday, June 23, 2009

The Latest Computer-Virus Victim - Macromedia Shockwave

You may be familiar with the .swf files. They are created using the Macromedia Flash. They are used to create animations. I have also created some small flash movies. The swf file contains some audio and video data that deals with the animation. The file is very compact that they can be used in many web based applications. Several websites including those owned by the multinational companies uses flash animations to make their website more attractive and user interactive. One of the example is the esnips.com. the site uses the flash file to allow the user to upload the files. You can also see an attractive animation that involves good user interaction in the website of the company Hero Honda. More over flash allows one to create small applications. The flash gives a lot of functions for the user to create the applications very easily and can accomodate complex functions. The applications created using the flash is more attractive than created using java or cpp. The usage of the flash in the website is considered more secure than including video. But the recent reports by the Kaspersky anti virus firm proves it to be wrong. SWScript.LFM, which is the first malicious program that infects the popular multimedia format, Macromedia Shockwave.For spreading, this malicious program requires several important conditions, whose simultaneous execution is highly unlikely. First of all, LFM requires a PC that has been installed with a full program version that executes Macromedia Shockwave files - special plug-in versions installed on Internet Explorer and Netscape Navigator by default are not enough for the virus to operate. Secondly, a user has to manually download the infected SMF file to his computer and start it up. Thirdly, fortunately LFM is only capable of infecting SMF files located in the same directory as the file-carrying virus. Kaspersky Labs considers the possibility of an epidemic outbreak caused by the LFM virus to be very unlikely. May be this starts the new era in the computer virus which can spread more than other virus since many websites uses flash based applications.
Defense procedures against LFM have already been added to the Kaspersky Labs daily anti-virus database update as of January 8, 2002. You will get a more detailed information about this malicious program is available in the Kaspersky Virus Encyclopedia.
Blogged with the Flock Browser

Sunday, June 21, 2009

Commwarrior Mobile Virus

Commwarrior is a mobile worm developed to infect the mobiles running on the Symbian OS. It was first discovered in Russia. It uses Bluetooth and MMS as the medium for spreading. Commwarrior.A checks the system cloack and decides which application can be used for the spreading. But Commwarrior does not use this method. The worm reads the mobile numbers from the address book of the infected mobile and sends out the virus files via Bluetooth and through MMS. Normally if a virus starts spreading, the users can be warned against the virus if the name if the infected file that the virus will sent to the other mobiles. The Commwarrior cannot be prevented by this manner. It can name the infected files with different names as the parent names his child. Since the different infected files have different names, the users cannot be warned aginst receiving the infected file. Usually the multimedia files are send through the MMS. So the users have the feeling that the files received through the MMS are more secure since the images and video have a minor probability to be a virus. But unfortunately the Symbian installation files can be sent through the MMS. This feature (may be loop hole) is used by the worm for infecting the other mobiles. So be carefull about the files you received in the mobiles. Always check whether the file is sent with the knowledge of the person from whose mobile you received the file.

Spreading through Bluetooth

Commwarrior spreads through bluetooth using the SIS files that have different names. The SIS file contains the worm main executable commwarrior.exe and boot component commrec.mdl. The SIS file contains autostart settings that will automatically execute commwarrior.exe after the SIS file is being installed.
When Commwarrior worm is executed it will start looking for other bluetooth enabled devices. If a device is found, it send a copy of itself to each of these phones one after another. If target phone goes out of range or rejects file transfer, the Commwarrior will search for another phone. The Commwarrior worm will look for new targets after sending itself to the first target, thus it is able to contact all phones in range.
Replication over MMS

Spreading though MMS:

Commwarrior spreads through the MMS by sending MMS messages that contains the infected SIS file to other users whose mobile numbers were in the address book of the infected mobile. The MMS messages contain variable text messages and Commwarrior SIS file with filename commw.sis. Unlike in bluetooth spreading, the SIS file name is constant, otherwise the SIS file is identical to the one sent in bluetooth spreading.




Disinfection:
             The easiest way for disinfection is the use of the anti virus software for the mobile phone and it will remove almost all the viruses in your mobile phones. Several companies like F-Secure are providing softwares for the removal of the mobile phone viruses. For downloading the software, open the browser in your mobile and navigate to : http://mobile.f-secure.com. Click on the link "Download F-Secure Mobile Anti-Virus" and then select your phone model. Then download the file and then install it. After installing go to the menu and open the antivirus and scan the mobile phone for virus. The software will detect the viruses and removes it. But to kill the running Commwarrior process, the mobile phone must be restarted. You will get a detailed description about the manual removal from:
http://www.cell-phone-viruses.com/1124211683-commwarrior-virus-manual-removal.html
Blogged with the Flock Browser

Friday, June 19, 2009

Duts Mobile Virus

After the invasion of the Cabir, a new mobile virus called WinCE/Duts was discovered in July 2004. One of the interesting characteristics of the virus is that it first asks the user for permission to infect the files. When an infected file is executed, the virus pops up a message box asking:
Dear User, am I allowed to spread?
When the user press "Yes", the virus will infect all the EXE files in the current directory. Duts contains two messages that are not displayed:
This is proof of concept code. Also, i wanted to make avers happy.
The situation when Pocket PC antiviruses detect only EICAR file had to end ...
Duts is a 1520 bytes long program written in the assembly language for the ARM processor. It affects the devices running on the Windows CE Operating System.
Blogged with the Flock Browser

Wednesday, June 17, 2009

Skulls Mobile Virus

I have given a brief idea about the viruses affecting the mobile phones. Skulls is one of the notorious trojan that affect the mobile phones. Skulls is a SIS file trojan that affects the phones running on Symbian OS. The virus replaces the applications installed in the phone with the non-functional versions so that the phone became almost useless.
Most people wanted to make the user interface of the mobile phones more attractive. For this purpose they install themes. Sometimes the installed theme file may be "Extended theme.SIS" which informs you that it is the theme manager for Nokia 7610 smart phone. Then beware-you may have installed Skulls virus. After the Skulls get the control of your mobile, you will see all the icons of the applications in the menu will be replaced by the image of skulls. I have provided a screenshot below:

Fortunately Skulls allows to make and receive calls. But all other application including SMS and MMS will be disabled by Skulls. If you find that your phone contains Skull virus it is more important that you should not reboot your phone. Rebooting the phone will make it difficult for removing the Skull virus.Skulls trojans are targeted against Symbian Series 60 devices, but it can also affect other Symbian devices, for example Nokia 9500, which is a Series 80 device. However when trying to install Skulls trojan on Nokia 9500, user will get a warning that the SIS file is not intended for the device, so risk of accidental infection is low.
For manual removal of Skulls from a compromised device, it is necessary to reinstall all overwritten applications. The SymbOS/Skulls SIS installer must then be deleted. If this does not restore the phone, a formatting the phone may be necessary. All data saved in the C drive will be lost during a format.

Mobile Viruses

The mobile phones have become a part of our life. Now it is hard to image a day without mobile phones. As the technology advanced, the mobile phones became more and more sophisticated and became more user friendly and includes lots of functions. mobile phones keep as always connected to our dear ones. Even the mobile phones creates small radiation problems, people ignores it and becomes victim of the harmful diseases. But the number of peoples using the mobile phones is increasing day by day. This put the mobile phone manufactures in tough competition. So the manufactures develop new variety of phones. Thus today's mobiles phones can be called as a mobile computer since it corporate almost all the functions of the personal computer. Most of the costly mobile phones are using advanced Operating Systems like Symbian OS, etc. They allows the user to even connect to the internet. The growth of the mobile phone technology in the constructive side gives birth to its destructive side also. Thus the viruses for the mobile phones and PDA took birth. Fortunately the mobile phones which run on Operating Systems that is made entirely for that specific series of mobile phones are almost safe from the virus attack. But the blue tooth enbled mobiles are becoming the victim of virus attack.
 A mobile virus is a electronic virus that infects mobile phones or the wireless enabled PDAs. The first case of a mobile virus was reported in June 2004 when it was discovered that a company called Ojam had engineered an anti-piracy Trojan virus in older versions of their mobile phone game Mosquito. This virus sent SMS text messages to the company without the user's knowledge. This virus was removed from more recent versions of the game; however it still exists on older, unlicensed versions. These older versions may still be distributed on file-sharing networks and free software download web sites.
In July 2004, computer hobbyists released a proof-of-concept mobile virus named Cabir. Cabir is also known as EPOC.cabir and Symbian/Cabir that is designed to infect mobile phones running Symbian OS. When a phone is infected with Cabir, the message "Caribe" is displayed on the phone's display, and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals. The worm was not sent out into the wild, but sent directly to anti-virus firms, who believe Cabir in its current state is harmless. However, it does prove that mobile phones are also at risk from virus writers. Experts also believe that the worm was developed by a group who call themselves 29A, a group of international hackers, as a "proof of concept" worm in order to catch world attention. It failed to infect any of its targets. The worm can attack and replicate on Bluetooth enabled Series 60 phones. The worm tries to send itself to all Bluetooth enabled devices that support the "Object Push Profile", which can also be non-Symbian phones, desktop computers or even printers. Symantec reports that the worm spreads as a .SIS file installed in the Apps directory. Unlike actual PC worms, Cabir does not spread if the user does not accept the file-transfer or does not agree with the installation. F-Secure reports that some phones, at least, warn the user about an unverified supplier.[1] So, like many other worms, this sample also needs a good portion of social engineering to reach its goal. While the worm is considered harmless because it replicates but does not perform any other activity, it will result in shortened battery life on portable devices due to constant scanning for other Bluetooth enabled devices. Mabir, a variant of Cabir, is capable of spreading not only via Bluetooth but also via MMS. By sending out copies of itself as a .sis file over cellular networks, it can affect even users who are outside the 10m range of Bluetooth.
 In March 2005 it was reported that a computer worm called Commwarrior-A has been infecting Symbian series 60 mobile phones. This worm replicates itself through the phone's Multimedia Messaging System (MMS). It sends copies of itself to other phone owners listed in the phone user's address book. Although the worm is not considered harmful, experts agree that it heralds a new age of electronic attacks on mobile phones.
The other known mobile viruses are: Duts, Skulls, Commwarrior, etc. The details of these viruses will be published later.
Blogged with the Flock Browser

Friday, June 12, 2009

Actifed Computer Virus

Actifed virus is a type of G2 generated encrypted computer virus. As normally the virus is loaded in to the memory by executing an infected program and then it affects the runtime programs and then corrupts the program files.This virus affects the .COM and .EXE file but does not affect the command.com. G2 generates compact, easily modified, fully commented, source code of .COM and .EXE infectors. It also supports the creation of resident and non-resident encrypted and non-encrypted viruses. The PS-MPC has similar use.

Blogged with the Flock Browser

Monday, June 1, 2009

Computer Virus Sinowal

Kaspersky reports that the virusthreat has increased during the month of April 2009. The new malwares exploit the security flaws in Adobe Acrobat Reader of the pdf software or the Neosploit rootkit. According to the researchers the detection and the cure of the rootkits is a very difficult problem faced by the antivirus experts.
Kaspersky Research Lab has detected a fresh version of the Sinowal at the end of March 2009. Sinowal is a vicious code that remains itself hidden in an infected computer by infecting its Master Boot Record (MBR). Sinowal plants itself in the lowest level of the Operating System. It infects the MBR and bypasses the antivirus software. The e-mails were considered as the main medium for the spreading of the malwares through the internet. But the infection through the website has increased 300% by the year 2008. Now the malwares redirect the search results and confuses the user. Kaspersky recomends its users to make their antivirus up-to-date and scan for the malware. If any malware is found, system will have to be restarted while undergoing treatment.
Blogged with the Flock Browser