Another Worm Worms Its Way Into Instant Messaging Applications

From the more things change the more they remain the same files:

AV-killing worm spreads via Facebook chat and IM clients – A rather industrious piece of malware that – among other things – paves the way for other malware by disabling AV solutions and software update modules has been spotted spreading via several Instant Messaging applications (ICQ, Skype, GTalk, Pidgin, MSN, YIM) and Facebook.

The victims receive a message from an unknown user, offering a link to a funny or interesting video. If they follow it, the malware in question downloads automatically from the linked site and is executed.

Nothing new here – as any one of the 10 or more articles I’ve  written over the years on using Instant Messenger applications safely will attest to. The following post (originally published September 4, 2010) will serve as a quick refresher on how to navigate the Internet safely while using an Instant Messenger client.

Tips For Using Instant Messenger Applications Safely

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

SpywareBlaster 4.6 Released – An Important Building Block In Your Wall Against Malware

If there’s a lesson that an average Internet user needs to be reminded of until it becomes second nature it’s this – “prevention is worth a pound of cure”.

Just as in real life, where the public health practice of systematic inoculation has proven to prevent a wide range of serious diseases (prevention is worth a pound of cure at its best) – giving a computer a “shot” (which SpywareBlaster is designed to do), as part of a layered defense strategy, has proven benefits.

Relying on a malware removal tool, following a serious malware infection, is often a fool’s errant since there is simply no way that an average user can be absolutely sure that the infection has been contained – never mind removed. It’s no accident that a huge number of specialty malware removal tools have been developed to address this very issue. Applications which, unfortunately, are often outside the capabilities of an average user.

So, stopping the bad guys from gaining a foothold has to be a primary objective of that layered defense strategy that I mentioned earlier. And, part of that strategy includes raising barriers at the doorway to the system – the Internet browser.

SpywareBlaster, the granddaddy (in a sense), of Internet browser security applications –  which has just been updated to version 4.6 – is a free application which is well suited to helping raise those barriers.

SpywareBlaster, once installed, doesn’t use any services, or drivers, and does not use memory or processing time. You just open SpywareBlaster, set your protection, close it – you’re protected. SpywareBlaster continues to provide protection without the need for user interaction.

SpywareBlaster doesn’t scan for or clean spyware, since it’s designed to prevent installation only – so, it must be used in combination with your existing antimalware applications.

A quick walkthrough:

First – a little house cleaning. Enable all protection.

SpywareBlaster continues to provide protection without the need for user interaction.

A secondary, but equally important function offered by SpywareBlaster is its ability to block spyware/tracking cookies and restrict the actions of spyware/adware/tracking sites in Internet Explorer, Mozilla Firefox, Netscape, Seamonkey, Flock and other browsers.

A bonus feature included with SpywareBlaster is – System Snapshot. You can take a snapshot of your computer in its clean state, and later revert to this state, undoing any changes made by spyware and browser hijackers that have infected your system despite the security in place.

I recommend that you take advantage of this important feature – just in case.

For a more hands on approach – open the Tools menu and fiddle to your hearts content.

Fast facts:

Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.

Block spying / tracking via cookies.

Restrict the actions of potentially unwanted or dangerous web sites.

Unlike other programs, SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.

System requirements: Windows XP, Vista, Win 7 (32 bit and 64 bit).

Browser compatibility:

Internet Explorer

Mozilla Firefox

Netscape

Seamonkey

Pale Moon

K-Meleon

and browsers that use the IE engine, including:

AOL web browser

Avant Browser

Slim Browser

Maxthon (formerly MyIE2)

Crazy Browser

GreenBrowser

Download at: Javacool Software

Need answers? Visit the SpywareBlaster Forum

SpywareBlaster is definitely low maintenance and the only thing you need to remember is – update the database which contains information on known spyware Active-X controls – regularly.

Additional free applications available from Javacool Software:

Doc Scrubber – Microsoft Word files can contain more than just text you see while editing them. Depending on the settings or features you use, they may contain all kinds of additional information that you may not want shared outside your home or company. Doc Scrubber lets you see that information, and scrub it from files before sending them to others.

EULAlyzer – Discover if the software you’re about to install displays pop-up ads, transmits personally identifiable information, uses unique identifiers to track you, or much much more. EULAlyzer can analyze license agreements in seconds, and provide a detailed listing of potentially interesting words and phrases.

Think BEFORE You Click! – How Hard Is That?

HARD, apparently.

I recently repeated a small experiment (for the third year in a row), with a group of “average computer user” friends, (12 this time around), and I was disappointed to see (once again), that the conditioned response issue to “just click” while surfing the web, was still there.

Still, I’m always hopeful that reinforcing the point that clicking haphazardly, without considering the consequences – the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information – would have had some impact. Apparently not.

But, I haven’t given up. I’m prepared to hammer them repeatedly until such time as I can make some progress. In the meantime, I expect that curiously browsing the web blissfully unaware of the considerable malware dangers, will continue to be the modus operandi for my friends.

They’re not alone in their “clicking haphazardly” bad habits. Many of us have learned to satisfy our curiosity simply by a mouse click here, and a mouse click there. Arguable, we have developed a conditioned response (without involving conscious thought), to – “just click”.

It can be argued, that our “just click” mindset poses the biggest risk to our online safety and security. In fact, security experts argue, that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly”, or opening the types of files that are clearly dangerous. However, this type of dangerous behavior continues despite the warnings.

Most visitors to this site are above average users (I’m assuming that you are too), so, I have a challenge for you.

Take every appropriate opportunity to inform your friends, your relatives, and associates, that “just clicking haphazardly” without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information.

Help them realize that “just clicking”, can expose them to:

• Trojan horse programs
• Back door and remote administration programs
• Denial of service attacks
• Being an intermediary for another attack
• Mobile code (Java, JavaScript, and ActiveX)
• Cross-site scripting
• Email spoofing
• Email-borne viruses
• Packet sniffing

They’ll be glad that you took an interest in their online safety. And, best of all, by doing this, you will have helped raise the level of security for all of us.

A point to ponder:

Since it’s proven to be difficult to get “buy-in” on this – “think before you click safety strategy” – I generally ask the question – do you buy lottery tickets? Not surprisingly, the answer is often – yes. The obvious next question is – why?

The answers generally run along these lines – I could win; somebody has to win;……. It doesn’t take much effort to point out that the odds of a malware infection caused by poor Internet surfing habits are ENORMOUSLY higher than winning the lottery and, that there’s a virtual certainty that poor habits will lead to a malware infection.

The last question I ask before I walk away shaking my head is – if you believe you have a chance of winning the lottery – despite the odds – why do you have a problem believing that you’re in danger on the Internet because of your behavior, despite the available stats that prove otherwise?

Way To Go WOT! – Now Protecting 30 Million Users

The Internet is one kickass place – survey after survey continue to show that cybercriminals are picking off unaware/undereducated users, as if they were shooting fish in a barrel.

It’s hardly surprising then, that an enormous industry (no, not big, not large – but, enormous) has developed, based on the principal that technology can act as a counterfoil  to the most nefarious cyber criminal schemes. Criminal schemes which are, after all, technology driven.

I’ll leave it to you to decide if this has been an effective solution.

No matter the side you come down on regarding this complex issue, dancing around naked (so to speak ) on the Internet – that is, without adequate Browser protection, is akin to fumbling and stumbling through the toughest neighborhood in your area – after dark.

Internet security starts with the Web Browser (it does not end there – but, one step at a time), and WOT (Web of Trust, which passed the 30 million user mark yesterday – January 9, 2011), substantially reduces the risk exposure that comes with wandering through the increasingly risky neighborhood that the Internet has become.

Based on the way that I surf the Web, there’s no contest as to which of the 17 add-ons I have installed on Firefox, is most important to my piece of mind. The hands down winner – the single most important add-on for my style of surfing is WOT (Web of Trust).

Sure, that’s a pretty bold statement – but, since I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet, I’ll go with it.

If you’re not yet a WOT user, read the following in-depth review – you may reconsider.

What is WOT?

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning curtain blocks access to the site until you determine otherwise.

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 35 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 30 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, Firefox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

System requirements: Windows (all), Mac OS X, Linux

Download at: MyWot

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click.

Cyber Crooks Taking Another Crack At Yahoo Instant Messenger

I’ve been known to  stare at my monitor, humming a few bars of  – “IM malware go away, and come back another day”, from time to time. Doesn’t seem to work though.  🙂 IM malware never goes away – it just fades into the malware background chatter.

Despite the fact that Instant Messenger malware (which has been with us since 2005, or so), doesn’t create much of a fuss, and seems to prefer to stay just below the horizon, it’s as dangerous as it’s ever been.

In business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

–   Yahoo Instant Messenger Under Attack Again or Still? (May 4, 2010)

It’s easy to forget about the risks associated with Instant Messaging precisely because of this lack of profile. Until, that is, IM malware comes knocking – hard – like now!

BitDefender’s, Bogdan Botezatu, reports in a recent Blog post, that Yahoo Messenger is currently under attack – and, taking a hard knocking.

From the Blog:

New Yahoo Messenger 0-Day Exploit Hijacks User’s Status Update…and spreads malware, of course!

A newly discovered exploit in version 11.x of the Messenger client (including the freshly-released 11.5.0.152-us) allows a remote attacker to arbitrarily change the status message of virtually any Yahoo Messenger user that runs the vulnerable version.

Since you’re an astute and educated user, none of this comes as a surprise, I’m sure. But, what about a typical user – would he/she be surprised, do you suppose?

Let’s take a look –

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users – just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Unfortunately, the only surprise here is – this is not a surprise.

The harsh reality is, from a security perspective, Instant Messaging applications can present considerable security risks. So naturally, cyber-criminals use Instant Messaging as a primary channel to distribute malware and scams.

We’ve talked about IM security a number of times here, but with this ongoing attack, a quick refresher might be in order.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

BTW, you can hum “IM malware go away, and come back another day”, to the new version of that old familiar tune – Rain Rain Go Away.   

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Flash Cookies – Spyware By Any Other Name

I first wrote on the issue of Flash cookies back in September 2009, and since then, I’ve watched as these obnoxious web trackers and privacy invaders multiply like a virus. Based on the number of questions I continue to get on the Flash cookie issue, it’s apparent – confusion reigns when it comes to this underhanded privacy threat.

One of the better forum comments I’ve seen referencing Flash cookies:

“I think many people may not realize how serious it is. In many ways, I see it as the virtual equivalent of dumpster diving or taping together a shredded document. It is deliberately ignoring a data owners deletion of data by an entity that has no business doing so.”

This practice of  web sites dropping Flash cookies onto your computer, which occurs without your knowledge or permission, is akin to hacking – according to some in the security community. Frankly, I agree.

Continuing developments in tracking technologies, and a complete disregard for fundamental privacy rights, should be a major topic of conversation in the security community – until such time as the issue has been resolved in favor of consumers.

In the meantime, we’re on our own. It’s up to us, as individual consumers, to take the appropriate steps to safeguard our privacy (as best we can), while interacting with the Internet.

Here’s what we’re up against – and, this is just one small example.

From Disinformation.com

McDonald’s, CBS, Mazda, Microsoft Sued For Tracking Internet Users’ Histories

In a complaint filed Tuesday with the U.S. District Court for the Southern District of New York, Sonal Bose alleges that McDonald’s and the other companies “acted in concert with Interclick,” to mine users’ Web surfing history for marketing purposes. “Defendants circumvented the privacy and security controls of consumers who, like plaintiff, had configured their browsers to prevent third-party advertisers from monitoring their online activities,” Bose alleges.

The lawsuit alleges that the companies violated the federal computer fraud law, wiretap law and other statutes. She is seeking class-action status. This lawsuit comes several weeks after Bose sued Interclick for allegedly using history-sniffing technology and Flash cookies to track her online activity.

History-sniffing technology exploits a vulnerability in browsers to discover the Web sites users previously visited. Researchers from the University of California, San Diego recently brought the technique to light when they published a paper explaining the technique and naming 46 Web sites where history-sniffing technology was being deployed. In at least some cases, ad company Interclick reportedly used the technology without the publishers’ knowledge.

Bose also says in her complaint that she believes that the defendants used Flash cookies for tracking purposes. Flash cookies are stored in a different place in the browser than HTTP cookies, and therefore, require additional effort to delete.

Flash cookie quick facts:

They never expire

Can store up to 100 KB of information compared to a text cookie’s 4 KB.

Internet browsers are not aware of those cookies.

LSO’s usually cannot be removed by browsers.

Using Flash they can access and store highly specific personal and technical information (system, user name, files,…).

Can send the stored information to the appropriate server, without user’s permission.

Flash applications do not need to be visible.

There is no easy way to tell which flash-cookie sites are tracking you.

Shared folders allow cross-browser tracking – LSO’s work in every flash-enabled application

No user-friendly way to manage LSO’s, in fact it’s incredible cumbersome.

Many domains and tracking companies make extensive use of flash-cookies.

If you value your privacy, then without a doubt you need to control these highly invasive objects, and if you are a Firefox user there is a solution – BetterPrivacy – a free Firefox add-on.

From the BetterPrivacy page:

“Better Privacy serves to protect against not delectable, long-term cookies, a new generation of ‘Super-Cookie’, which silently conquered the internet.

This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash- and DOM Storage objects are most critical.

This add-on was made to make users aware of those hidden, never expiring objects and to offer an easy way to get rid of them – since browsers are unable to do that for you”.

In the following screen capture (click to expand to original), you’ll notice BetterPrivacy has deleted a cumulative total of 6188 Super Cookies.

The Options and Help tab (shown in the following screen shot), will allow you to choose specific deletion methods. You should consider selecting “Disable Ping Tracking”, which will prohibit sites from following you as you surf the Net.

Download at: Mozilla

For a more detailed breakdown on flash cookies, and the danger they represent to personal privacy, checkout The Electronic Privacy Information Center.

Google Chrome users can take advantage of the Click&Clean Extension (works with Firefox as well).

The following screen capture of Click&Clean’s Options menu, illustrates the application’s ability to deal with Flash cookies.

Fast facts:

Delete your browsing history
Clear records from your download history
Remove cookies and Empty cache
Delete temporary files
Remove Flash Local Shared Objects (LSO)
Delete private data when Firefox closes
Automatically close all windows/tabs
Clean up your hard drives and Free up more disk space – including secure file deletion
Launch external applications, like CCleaner, Wise Disk Cleaner etc. on Windows – or Janitor, BleachBit, etc. on Linux

Download the Firefox version at: Mozilla

Download the Chrome version at: The Chrome Web store

You can read a full review of this application – Clean Up With Click&Clean Firefox and Chrome Extension, on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PandaLabs Second Quarter Security Landscape Report

In a rather surprising statement, PandaLabs, in its 2011 Second Quarter Security Report, makes the point that there’s a challenging grey area between “Hacktivism” (LulzSec and Anonymous), and Criminality. Frankly, I don’t subscribe to this “blurry lines” view.

I see the issue in rather simpler terms – if security holes exist in critical systems which enterprise, or government, are either unwilling, or unable to address – ultimately creating a host of innocent victims – then I encourage LulzSec and Anonymous to continue their campaigns of outing non-responsive, and non-responsible organizations. I’m more than a little tired of being placed at risk due to organizational ineptness, or failure to adhere to common sense security practices.

Some key findings from Panda’s report (determined from data collected through Panda ActiveScan) include:

Every minute, 42 new malware strains were created.

Trojans constitute 70 percent of new malware followed by viruses (10 percent) and worms (8.53 percent). Surprisingly, Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all infections.

China, Thailand and Taiwan continue to lead infection rankings.

Top 10 least infected countries.

So, should these statistics hold any relevancy for you? Should you be preoccupied, or overly concerned, with these numbers? The answer, it seems to me, depends on how aware you are of the overallInternet security landscape, and where you fit into the following user groups.

• Those who know.
• Those who think they know.
• Those who don’t know, that they don’t know.

Hopefully, you are in that small group who can confidently say – “I know”.

Broken record time:

I’ll risk sounding like a broken record, once again, and repeat what I’ve said here numerous times –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

The full report (PDF), is available here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Runscanner – Aggressively Queries Your System And Applications For Unauthorized Changes

The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

Sounds a bit like HijackThis, the free utility from Trend Micro, which has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

Runscanner though, takes this process miles beyond HijackThis, and does so by  using an intuitive approach that casual users*, and experienced users alike, should find easy to work with.

*The only difficulty I see, that casual users might have a problem with is – the enormous volume of information this application is capable of producing. This could make it difficult for a casual user to interpret results.

Runscanner is a simple executable, and no installation is required. Just click on the file, and then choose your mode – beginner or expert.

The following screen capture shows the results of a full scan I ran on a Win 7 (32 bit), machine. The only entry I was unfamiliar with was Staropen.sys. Runscanner was right on the job though, with the right click context menu providing access to “lookup” services, as the screen shot below illustrates.

I took a look at Staropen.sys using a Google link to the Prevx file investigation site, and found the following: The filename Staropen.sys is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.

I then uploaded the file to VirusTotal (another context menu option),and VirusTotal reported the following – as shown in the screen shot below.

I suspected that this system driver was a component of CDBurner XP, and opening the location (another context menu option), then reading the driver with NotePad, indicated this was correct.

The next part of the test involved generating an online malware analysis report, which generates a massive report on all items which are considered safe, unsafe, whitelisted and additionally, verification of each file’s digital signature.

The screen capture below shows only a tiny (and I do mean tiny), portion of this report. The report is the most comprehensive of any I’ve ever seen, produced by this type of utility.

When you click on the screen capture below, to expand to the original size, you’ll notice that I’ve queried  Nitro PDF Spool Service. Rather than go directly to the site, instead, I’ve used COOL Previews to gather the relevant information. If you’re not yet familiar with COOL Previews – you can read a review of this outstanding time saver here – Surf Smarter – Take A Sneak Peek At Links With CoolPreviews Firefox Add-on.

Fast facts:

100+ start/hijack locations

Online malware analysis

Import and export of .run files

Powerful process killer

Save to text log file

Powerful file filtering

Host file editor

History backup / restore

Explorer jump

Analysis of file certificates

Beginner, Expert mode

Bit9 FileAdvisor MD5 lookup

Systemlookup.com lookup

Upload file to VirusTotal

Analyze loaded modules

Google lookup

Runscanner database lookup

Regedit jump

If you are a casual user, one caveat from the developer you should be aware of: Runscanner requires advanced Windows knowledge. If you delete an item, without knowing what it is, it can lead to major Windows problems. If you are not sure what to delete, post your Run file to a helper forum.

A list of helper forums is available directly from within the application, or here.

System requirements: Windows 2003, Windows 2000, Windows Vista, Windows XP, Windows 7 (according to the developers, the application is x 64 compatible).

Download at: Download.com

Public process list is an additional service provided by the developers. In this list you will be able to browse all processes and files found by Runscanner. Extra information for top processes is added to the database and optional security info is provided by research.

Runscanner has additional capabilities not reviewed here, so I recommend that you take a close look at this freebie. I think you’ll find that it’s worth the effort.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free AntiMalware Software – And More – For Senior Computer Users

Looking at recent Internet usage statistics, it seems obvious to me that older adults are now realizing that they don’t have to understand the “nitty gritty” of computer technology to send email-mail to friends and family, shop online, play games, make greeting cards, read book and film reviews, look into family genealogy, or find valuable health information on the Internet.

Here’s just one personal example of how older adults have jumped on the Internet bandwagon, and use it to great advantage.

Not too long ago, I ran into some older friends (in their 60s), who had recently gotten home after wintering in Florida. Throughout their time away (5 months, or so), they stayed in touch with their children, and grandchildren – virtually on a daily basis, using the free audio/video communication application, Skype. What a great use of technology!

Like the rest of us, Senior users are susceptible to cybercrime, and like the rest of us, need to protect their computers against the ever increasing exposure we all face to Trojans, Spyware, Viruses, Phishing Scams, and Identity Theft, while connected to the Internet.

Just for the record thought – statistically, it’s the deceptively named“tech savvy” generation, with their often misplaced confidence in their own abilities, who are more predisposed to malware infections and cyber criminal manipulation. Older users it seems, do know what they don’t know. My personal experience with a broad range of users, echoes these statistics.

For those that are members of this newly liberated group of Senior computer users, (who are not aggressive surfers), I’ve compiled a list of free anti-malware, and additional recommended applications, with simplicity of operation in mind – no manuals to digest, no tricky configuration to undertake; just install, and the applications will essentially do the rest.

But first:

Patch your operating system:

Download and install all available patches, and service packs – if applicable, by connecting to Windows Update. Security Gurus will tell you that 50% of unpatched, and unprotected systems, will be infected with malicious code within 12 minutes of being connected to the Internet. Believe it!

Recommended Security Solutions:

PC Tools Firewall Plus 7:

I’ve been running with this application for more than a year, and I must admit – I’m impressed with its performance. It installs easily, sets up quickly, and has not caused any conflicts despite my sometimes esoteric running requirements. The default settings are well thought out, and provide excellent protection for all users but particularly, less experience users.

Microsoft Security Essentials

Easy to set up and run, particularly for new users. The interface is positively simple – offering Quick Scan, Full Scan, or Custom Scan. Provides full real time protection against viruses, spyware, and other malicious software. Additionally, Microsoft Security Essentials is free for small businesses with up to 10 PCs.

Immunet Free Antivirus

Companion Antivirus: a superior community driven cloud based security application, which continues to gain increasing popularity – and rightfully so. In real time, Immunet keeps track of the state of security in the collective community (network), and should a member of the network (the community), encounter malware, you (as a member of the protected community), are instantly protected against the threat.

ThreatFire

ThreatFire blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. This is one of the security applications that forms part of my own front line defenses.

SpyShelter Personal Free:

SpyShelter is free anti-keylogging, anti-spyware program that protects your data from Keylogging and spy programs: known, unknown, and under-development. It detects and blocks dangerous and malicious programs, to help ensure that your data cannot be stolen by cyber criminals.

Firefox 4.0.1

While Firefox is not technically an anti-malware application per se, with the most effective security add-ons, including NoScript, Adblock Plus and BetterPrivacy installed, it effectively acts as one.

Firefox 4.0.1 includes hundreds of improvements over previous versions.

WOT

Web of Trust, a browser add-on which offers Internet users active preventive protection against Web-based attacks, online scams, identify theft, and unreliable shopping sites.

WinPatrol 20.5.2

With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Keep in mind, malware itself is only part of the problem. The method used to deliver the malware – social engineering – is the most significant problem currently, for an average user. Social engineering, is a sure winner for the bad guys.

Cyber-criminals are increasingly relying on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

Overcoming the instinctive human response to social engineering (and we all have it), to just “click” while surfing the Internet, will prove to be challenging . This instinctive response, will pose one of the biggest risks to your online safety and security.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Emsisoft Mamutu – Free (Save $30) Until Sunday, May 1, 11:59 PM PDT

Regular reader, and my good Aussie friend, John W., has just given me a heads up on a pretty cool offering from Emsisoft. Emsisoft is noted for developing some of the better antimalware applications, so you might want to consider giving  Mamutu a try.

This application appears, in many respects, to run along the same lines of ThreatFire – an antimalware application I recommend as a formative part of a layered security approach. See – ThreatFire Version 4.7.0 – Free Protection Against Zero Day Malware, on this site.

From the developer:

Today, we bring you this special offer on Emsisoft Mamutu. From now until Sunday, we are giving away a free copy of Mamutu. Not only does it monitor all active programs for dangerous behavior, but it also blocks malicious activities in real time.

Its Behavior Blocking and Zero-Day-Attacks technology recognizes new and unknown Trojans, backdoors, keyloggers, worms, viruses, spyware, adware, and rootkits without the need of daily signature updates, protecting you long before the signature databases have been updated.

So, where does this funny-sounding name come from? The word Mamutu is composed of two words: “Malware” and “Mutu,” which comes from the Maori language. It means “stop,” so we were told that the developers of Mamutu wanted to describe exactly what the program does: terminate all types of Malware.

In summary, here is a quick rundown of Emsisoft Mamutu’s features:

• It monitors all active programs for dangerous behavior real-time
• Recognizes new and unknown Trojans, worms, and viruses
• Protects your PC without weighing down its resources, so it does not slow you down

This free offer is good until Sunday, May 1, 11:59 p.m. PDT, so grab your free copy while you can and give it a try.

Note: registration required.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.