Virus writers have once again gotten the drop on anti-virus vendors and IT administrators with a new technique—virus-laden .rar attachments—that's finding early and considerable success.
Virus writers have once again gotten the drop on anti-virus vendors and IT administrators with a new technique thats finding early and considerable success.
Late last month, administrators and service providers began seeing virus-infected messages with a new type of attachment hitting their mail servers: an .rar archive. .Rar files are similar to .zip files in that they are containers used to hold one or more compressed files. The .rar format is not as widely known as .zip, but it is used for a number of tasks, including compressing very large files, such as music and video.
The emergence of .rar-packed viruses highlights the lengths to which virus writers are willing to go to evade anti-virus systems, as well as the limitations of those traditional signature-based defenses.
Experts say .rar files carrying viruses have been sailing past commercial anti-virus products and finding their way into the mailboxes of users, who are often unfamiliar with the file format. Administrators who have seen .rar-packed malware say that none of the messages have been stopped by their anti-virus defenses.
Saturday, November 29, 2008
Why Are Virus Attacks Getting Worse?
Why have we seen so many new virus attacks in recent weeks? I believe it's because there has been little effort made by law enforcement officials to find or stop the virus authors. Maybe there is more effort coming from law enforcement than I'm observing—but if that's true, what they're doing is incredibly inefficient, and it's helping to give the green light to every black-hat coder out there. Script kiddies have gone berserk, seeing that nobody is being caught or prosecuted, and they form a unique smokescreen for the more talented culprits. The scariest aspect is that these viruses and the tricks being used to infect machines are outstandingly efficient and of high quality.
To be honest—and I know this is adding to the problem—you have to feel some admiration for the latest series of attacks. PC Magazine has covered them all in detail recently in a series written by Jay Munro and others. But what hasn't been addressed is now more important than ever: the sociology of attacks. I'm amazed by the creative and tricky ways these viruses are being planted, and how the hapless user is tricked into clicking on dopey attachments when he or she absolutely should not do so. While creative virus coders could easily devise ways to simply run code in a preview window, which would initiate problems automatically, they instead sucker the poor user into clicking on something.
Two things that are at work here concern me. First, the top black hats have not seriously exploited the Microsoft Outlook preview window (which can execute code). This means they are likely saving that trick for the BIG ONE. That threat is the reason I do not use Outlook, by the way.
The second thing that concerns me is the never-ending evolution of social engineering. The best example I've seen to date is the bogus message that appears to come from the e-mail administrator of the domain you use for your e-mail. In one funny example, I recently got a memo from the mail administrator at dvorak.org. Since I'm the only person at dvorak.org, I was surprised to find I suddenly had an e-mail administrator as part of the team! I got several of these messages, telling me about various problems with my account and how I had to fix them. There was an attachment with them, which I was instructed to click on to get details. While this was laughable for me, I could imagine some new employee at General Electric or Procter and Gamble sitting at his or her desk, worried sick about getting off probation, and seeing this memo come from administrator@GE.com, or whatever.
Virus coders, if nothing else, have unique senses of humor. I found the administrator ruse to be very creative. As an aside, I want to scold Microsoft for making all file extensions disappear by default. This makes the virus coders' jobs much easier. So much for Microsoft's "security orientation." The only reason that Microsoft made hiding file extensions a default practice is because the files look more Mac-like that way. End of scolding.
So who are the virus authors? We can surmise that many of the recent attacks seem to be coming from within the United States or from a coder who speaks fluent English. I say this because we are not seeing the typical butchered English that accompanies viruses. You know, such as "Hi friend from home. Me make good game for you to tell me look at. Ok boss?" Or "Hi my girlfriend pretty VS Playmate. Tell me wat yu think." Instead, now we get: "Our main mailing server will be temporarily unavailable for the next two days. To continue receiving mail you have to configure our free auto-forwarding service. For more information see the attached file." That's one of the trick messages I got from the "Management of the dvorak.org team," with a spoofed header that said administration@dvorak.org. Wow! What a difference between that and VS Playmate.
The creative tricks from the virus authors are just going to get worse. To be honest, I don't blame anyone for getting suckered. With hundreds of millions of PCs on the Net and perhaps one percent of the users (at most) computer-savvy, the virus problem is going to get worse before it gets better. My concept of licensing users looks better all the time.
So while the law enforcement agencies and the courts go after music downloaders, the malicious code attacks continue unabated. And with each attack, the problem worsens. Between this load on the Net and the spam problem, it's a miracle that the Internet can run at all. How nice it would be if the overhead created by this nonsense would abate.
Source: PCMag
To be honest—and I know this is adding to the problem—you have to feel some admiration for the latest series of attacks. PC Magazine has covered them all in detail recently in a series written by Jay Munro and others. But what hasn't been addressed is now more important than ever: the sociology of attacks. I'm amazed by the creative and tricky ways these viruses are being planted, and how the hapless user is tricked into clicking on dopey attachments when he or she absolutely should not do so. While creative virus coders could easily devise ways to simply run code in a preview window, which would initiate problems automatically, they instead sucker the poor user into clicking on something.
Two things that are at work here concern me. First, the top black hats have not seriously exploited the Microsoft Outlook preview window (which can execute code). This means they are likely saving that trick for the BIG ONE. That threat is the reason I do not use Outlook, by the way.
The second thing that concerns me is the never-ending evolution of social engineering. The best example I've seen to date is the bogus message that appears to come from the e-mail administrator of the domain you use for your e-mail. In one funny example, I recently got a memo from the mail administrator at dvorak.org. Since I'm the only person at dvorak.org, I was surprised to find I suddenly had an e-mail administrator as part of the team! I got several of these messages, telling me about various problems with my account and how I had to fix them. There was an attachment with them, which I was instructed to click on to get details. While this was laughable for me, I could imagine some new employee at General Electric or Procter and Gamble sitting at his or her desk, worried sick about getting off probation, and seeing this memo come from administrator@GE.com, or whatever.
Virus coders, if nothing else, have unique senses of humor. I found the administrator ruse to be very creative. As an aside, I want to scold Microsoft for making all file extensions disappear by default. This makes the virus coders' jobs much easier. So much for Microsoft's "security orientation." The only reason that Microsoft made hiding file extensions a default practice is because the files look more Mac-like that way. End of scolding.
So who are the virus authors? We can surmise that many of the recent attacks seem to be coming from within the United States or from a coder who speaks fluent English. I say this because we are not seeing the typical butchered English that accompanies viruses. You know, such as "Hi friend from home. Me make good game for you to tell me look at. Ok boss?" Or "Hi my girlfriend pretty VS Playmate. Tell me wat yu think." Instead, now we get: "Our main mailing server will be temporarily unavailable for the next two days. To continue receiving mail you have to configure our free auto-forwarding service. For more information see the attached file." That's one of the trick messages I got from the "Management of the dvorak.org team," with a spoofed header that said administration@dvorak.org. Wow! What a difference between that and VS Playmate.
The creative tricks from the virus authors are just going to get worse. To be honest, I don't blame anyone for getting suckered. With hundreds of millions of PCs on the Net and perhaps one percent of the users (at most) computer-savvy, the virus problem is going to get worse before it gets better. My concept of licensing users looks better all the time.
So while the law enforcement agencies and the courts go after music downloaders, the malicious code attacks continue unabated. And with each attack, the problem worsens. Between this load on the Net and the spam problem, it's a miracle that the Internet can run at all. How nice it would be if the overhead created by this nonsense would abate.
Source: PCMag
Monday, November 3, 2008
Saturday, November 1, 2008
Spyware Removal
Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.
While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security best practices for Microsoft Windows desktop computers. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.
While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security best practices for Microsoft Windows desktop computers. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.
Software FrameWork
A software framework, in computer programming, is an abstraction in which common code providing generic functionality can be selectively overridden or specialized by user code providing specific functionality.
Frameworks are similar to software libraries in that they are reuseable abstractions of code wrapped in a well-defined API. Unlike libraries, however, the overall program's flow of control is not dictated by the caller, but by the framework. This inversion of control is the distinguishing feature of software frameworks.[1]
Frameworks are similar to software libraries in that they are reuseable abstractions of code wrapped in a well-defined API. Unlike libraries, however, the overall program's flow of control is not dictated by the caller, but by the framework. This inversion of control is the distinguishing feature of software frameworks.[1]
Subscribe to:
Posts (Atom)