Spyware statistic 

Download spyware removing software 

There is no doubt that the internet has changed our lives in many ways. Fortunately, most of those ways are positive, from faster approvals on loans and mortgages to instant access on even the most obscure subjects. With every new technological breakthrough, however, there will be those who seek to profit in a criminal manner, and this is certainly true of the internet. From investment scams to spyware, it pays to be cautious and to keep your valuable financial information secure and protected.

The importance of strong spyware protection:

One of the most effective ways to keep your information and your computer secure is to buy a quality spyware virus remover for your PC. In fact, the spyware virus remover is quickly becoming just as valuable as anti virus software. Few computer owners would dream of surfing the web without having strong anti virus protection in place, and it is becoming just as important to have a good anti spyware program in place before heading to the internet.

Fortunately, computer owners have many products to choose from when it come time to spyware virus remover purchase. Just about all of the major anti virus software manufacturers have incorporated some sort of spyware protection into their product line, either through including spyware detection in their anti virus products or by creating separate products to detect and remove spyware from computers.

Detecting Malware Infection 

• Malware Strategy and Tactics
  
  It is only apt to discuss the strategy of a malware. First, a malware causes unusual behavior on a system. It may have been designed to propagate, as in the case of viruses, or to inflict havoc or damage on a system, which is what trojans actually do. Other types of malware such as droppers introduce other malware to systems. Virus kits generate malware for other malicious purposes on a system.
  
  So, what are some of the tactics that various malware employ. Malware is designed to execute on a system. For this to happen, the malware is often packaged in interesting forms such as games, cool animation, and often as pornographic movies or images. Since it cannot get onto a system without user intervention, it uses any means necessary to fool the victim end user into executing its file on their system. Most of the safe computing tips suggest that any new file or attachment should always be scanned before it is executed or opened.
  
  Once executed, malware can perform its intended malicious function on a system. Unfortunately, it may not always be apparent to users that their system is indeed infected. The remainder of this article will discuss how to determine whether or not the system has been infected and will offer some tips on to manually disinfect the system.
• Memory Residency
  
  Memory-resident programs are those that can be placed in, and remain in, an affected system's main memory space after execution. Memory residency enables a piece of malware to be readily available whenever needed, ensuring that the malware is easily accessible or can monitor every event on an affected system. This is a malware's way of controlling every activity on an affected system when a condition is satisfied.
  
  To find out if a malware is resident in the memory, you may need to invoke system tools like the Task Manager in Windows NT-based systems. On Windows 95- or 98-based systems, you can press CTRL-ALT-DEL, which displays a window containing all the running processes in memory. Once you have full view of the things that are currently in memory, check if a malware is there or not.
  
  This is tricky and at the same time risky. Terminating a memory-resident program that is critical to a system may cause some undesirable results, such as displaying the Blue Screen of Death or even triggering the system to restart. It is advisable to check if a specific memory-resident program is indeed alien to the system, which is not an easy task. You can either consult your operating system manual or search for that program in an Internet search engine. If the search returns no results or does not indicate a relation to any recent malware, it is best that you leave it alone. This is rather too risky to tinker with but may be used for checking if worst comes to worst.
• Gaining Control
  
  Before a malware becomes memory-resident, it needs to be executed first, as mentioned previously. The initial execution, a user executing the file, is only the first step. Malware often employs other techniques to make sure that it is executed at least once in every system session. It does this by putting links to itself in places where the system initializes or pre-configures the Operating System. These are places or configuration files where it is accessed by an Operating System upon startup. For a malware, it is rather important for it to be executed every time and to advocate its aim to be memory resident. What better way to be executed, or to be triggered to reside in memory, than to be executed upon computer startup.
  
  There are plenty of places where a malware can use this technique. One of the earliest techniques used was to infect the Command Interpreter, more commonly known as command.com. Upon infecting this file, the malware can assure that it gets executed and can reside in memory even before the command interpreter is executed. A malware can also try to accomplish this by adding links to itself in the autoexec.bat or config.sys, which are configuration files used by DOS and even Windows systems on its basic start up scheme.
• Registries
  
  Contemporary malware has found new ways to position itself on a system and ensure its execution. One way is by adding or modifying Registry entries. The Registry is a repository of system configuration settings and includes links to applications that need to be executed once the system has been established. This is a good place for malware to exploit and this is what we will look at.
  
  To access the registry, click "Start" then "Run" and then type "Regedit" beside the "Open:" box. This opens the Registry editor. A word of caution, similar to terminating processes in memory, modifying or deleting registry entries can lead to unwanted system problems. Since the registry is the repository of configuration settings, a minor change here can cause your system to not start or boot up properly or sometimes render some applications to be unusable. It is recommended that you follow these instructions with care.
  
  In the registry editor, you will see that registry keys are organized similarly to the File/Folder structure. The location, \HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\CurrentVersion, contains 3-6 folders that are part of the Autostart Registries as follows:
  
  "Run"
  "RunOnce"
  "RunOnce\Setup"
  "RunOnceEx"
  "RunServices"
  "RunServicesOnce"
  
  The applications in these folders are what Windows executes immediately after a system is started up. Another similar location and privilege that may contain these 3-6 Autostart registries are in \HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion
  
  You may have to check and familiarize yourself with each entry. The total number of entries is different for every system and is often proportional to the number of system tray entries that you have. The system tray is usually located at the lower right section of the Windows desktop and contains small icons beside the clock.
  
  These applications are usually Windows-based executable files that have an .EXE extension, and are thus assumed that these have File Properties just as typical Windows executables do. You may check each file that is associated in the AutoRun Registry by opening a File Manager (also known as Windows Explorer) to view the file properties of each entry. To do this, right-click the files, choose "Properties", and then check out the entries in the "Version" tab of each file. The "Company" and "Product Version" often tell you a lot about the file. Registry entries in these locations without the full path are located in the Windows Directory, Windows\System, or Windows\System32 Directory. Keep in mind that some malware sets the Hidden file attribute on files it drops on the system. If this is the case, you will have to set Windows Explorer to show hidden files (Tools->Folder Options, click the View tab, then select the Show hidden files and folders radio button).
  
  If the folders contain unusual entries such as misspelled company names or grammatical errors, then this should give you more reason to investigate that application. Check out some manuals or refer to search engines. If these files are verified as being malicious, then you can start removing their links. Let me remind you again that removing critical entries, by mistake, in the registry produces undesirable results. It is important that you thoroughly examine and verify that the links you will remove from your system are links to a malware file.
  
  Another way for a malware to gain control of systems is by modifying the association of commonly used file extensions. Windows is typically file extension-based and uses the HKEY_CLASSES_ROOT entries to determine which applications or programs to run for certain extensions. .EXE, .DLL, .COM, and other readily infectable files are commonly modified. These entries or registry keys are often not associated with programs and indicate internal system commands or contain the appropriate applications typically associated with it.
  
  It is also advisable to back up a registry entry first by exporting its registry key to a file. To do this, right click the folder-like entry in the registry and then select "Export". Agree when prompted to save it to a file. After creating a backup, you can now delete or modify the registry key. If you find that what you deleted is a normal entry and not that of a malware, restore it from your backup.
• Other StartUp locations
  
  Other areas where AutoStart entries can be found are in the files, System.ini and Win.ini. A malware often modifies these with links to itself added to the "run=" or "load=" sections of the files. These files are located at the Windows Directory (typically C:\Windows).
  
  Following the same approach that you followed with the registry entries, you can remove them from the AutoStart entries after you have verified that they are malicious. Again, back up these files before making any modification just in case the entries are not malicious and you have to restore the files to their original form.
  
  All the necessary system configuration files can be accessed, viewed and edited with the Sysedit program. To invoke the program, click "Start", and then "Run", and then type "Sysedit" in the "Open:" box.
  
  Another place where you can find autostart entries are in the Start > (All) Programs > Startup folder. The entries here are also referenced and are executed immediately after system startup. Similarly, you may need to back up these files before tinkering with them.
• Macros
  
  Applications like word processing, spreadsheets or PowerPoint presentations are often vulnerable to macro viruses. You can check for malicious activities by checking for macros within these files. To do this, access the macros organizer (you may refer to your applications help file) and check if there are any unknown macros inside, press the ALT-F11 keys in the more recent offerings of Microsoft Office Family (beginning in Office 97 and up). However, some macro viruses tend to hide themselves from users by changing the foreground/background of the macro font display or by adding multiple tabs to make the text invisible to the default view pane.
  
  The following is an explanation of procedures readers can use for two different applications that use macros: MS Word and Excel.
• Spoofed Process Names
  
  Contemporary malware tends to use process names that look strikingly similar to common process names. It's more like spoofing them into a name that you might think is the real thing but its not. For example, WSOCK32.DLL, a common process in memory handling the library of socket functions, can be spoofed as WSOCK33.DLL. Another is KERNE132.dll (notice that the L in KERNEL is actually the number 1) can be mistaken for the real KERNEL32.DLL. Sometimes the names are actually valid but the path is different. The KERNEL32.DLL is always found in the \Windows\System32 directory but some malware puts it in \Windows\System.
  
  There are other things you can do to check for infection. For example, you can check if a recently executed and supposedly terminated program is still in memory when it should not be. Another indication is when a program appears to have multiple copies of itself in memory even if no application with that name is currently.
  
  Lastly, if upon closing all applications and checking the memory usage of a certain entry in memory, it is using up almost all the memory resources you may have to check it out. This is particularly true if there is no indication that there is a memory activity for that entry. The memory space may be deemed safe by just viewing but, tinkering with it, like terminating entries, may produce unwanted results. However, if you find out that certain malware is indeed on your system after verifying with the AV vendors' reports, you can terminate the malware in memory and proceed to find out what other things it has added or modified on your system.
• So What Now?
  
  Now that you have removed the link to the suspects, you can send your suspected file to your preferred Antivirus Vendor for analysis. You may send it via email and attach the suspected file in a password-protected zip file (don't forget to include the password in the mail so that the zip file can be extracted and analyzed). The vendor's response usually takes a matter of days, depending on your subscription. You can do the same to the files that you have seen in memory and fear to be malicious.
  
  If after reading this article twice, you still cannot comprehend what has been discussed or is not willing to risk your system to be broken by the modifications suggested, it may be better for you to use an Antivirus software and allow that software to check your system for malicious codes or programs.
  
  The best ways to keep your system from infection are found in safe computing guides that are available on most AV Vendors' Web sites. These discussions include the basic things you must do to minimize the risk of being infected. Not only are these helpful, they are also a good venue for you to know more about your system and making you a better citizen of Cyberspace.

Types of security threats 

• Adware
  
  A type of Advertising Display Software, specifically certain executable applications whose primary purpose is to deliver advertising content potentially in a manner or context that may be unexpected and unwanted by users.
• BOT
  
  Short for "Robot" a bot is a program that is designed to automate tasks.
• BOTNET
  
  A botnet is a group of bot infected PCs that are all controlled by the same "command and control center".
• Hoaxes
  
  Hoaxes are usually silly pranks, and are a form of chain mail, and are often also Urban Legends.
• Malware
  
  Malware stands for MALicious SoftWARE. Terms such as Virus, Trojan, Worm, and Bot all have specific meanings.
• Payload
  
  The additional functionality, for instance data stealing, file deletion, disk overwriting, BIOS flashing etc that may be included in a virus worm or Trojan Horse.
• Phishing
  
  Phishing (pronounced in the same way as fishing) is a social engineering attack which attempts to fraudulently acquire sensitive personal information, such as passwords and/or credit card details.
• Rootkit
  
  A rootkit is a collection of one or more tools designed to covertly maintain control of a computer.
• Scams
  
  Scams are very similar to phishing, but are not usually interested in obtaining your details, they often appeal to a sense of compassion or to human greed.
• Spyware
  
  The term Spyware has been used in two ways. In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.
• Trojan Horse
  
  A Trojan Horse, often referred to as just a Trojan, is a program which purports to do one thing, but actually does another.
• Virus
  
  A virus is a program which replicate by copying itself, either exactly, or in a modified form, into another piece of executable code.
• Worm
  
  In computer terms, worms are really a subset of viruses, but they have the ability to replicate by themselves, they do not require a host file.

Stealth & Vulnerability 

For many years, anti-malware industry developers and researchers have been waging a bitter war against malware writers. Even if the objectives of the malware writers have radically changed from fun to profit, the arms race has always continued. Malware writers are constantly trying to create programs that will evade antivirus detection. On the other side of no-man's land, antivirus software developers have constantly worked to create innovative and efficient solutions with the best possible malware detection rate.

Various techniques can be used to bypass antivirus software. Some types of malware continuously modify themselves to look different every time they infect or execute, thus fooling some solutions. In fact, in the 1990s the rise of the polymorphic virus changed the face of the industry when some antivirus vendors who were unable to keep up with this trend simply abandoned ship. Another "classic" approach is to hide the evidence of compromise or infection from security software using stealth techniques: we used to call this advanced or level 3 stealth. While present-day rootkits often use stealth techniques to conceal their presence. On occasion, malware may attempt to exploit some feature of a specific security program, especially a programming error leading to a vulnerability such as a buffer overflow. While you might get the impression from the media and some sectors of the security industry that this is an enormous problem, in real life such vulnerabilities are dealt with as quickly as possible, and we don't see much evidence that malware authors spend a lot of time on exploiting such vulnerabilities.

More aggressive malware may also try to disable security software, including personal firewalls and antivirus. There's nothing novel about this: we've been seeing it for decades. Malware intentionally interfering with antimalware software goes back to 1990, at least. Antivirus software and malicious software, however sophisticated, are simply programs that execute within an operating system. The fact that one program can sometimes affect the running of another (and even disable it) is not a bug that needs to be fixed, but a normal function within most operating systems. (There are operating systems that enforce much stricter control, but it's unlikely that you have one on your desktop.) For example, it is mandatory for a program that manages the power on a laptop to be able to suspend all processes when the system is going into hibernation.

Some malware families have been trying to disable ESET Antivirus (and other top-rated anti-malware products) for years and, in some scenarios, will succeed: this is something we take seriously and we have implemented various defensive mechanisms to reduce the likelihood of their succeeding. It isn't surprising when the bad guys go out of their way to target a solution that's particularly noted for its ability to detect many new threats proactively. After all, a program that can evade detection by ESET Antivirus is likely to be missed by many other vendors, too.

While we do our best to mitigate the risks from our side, there are also a number of simple measures that any antivirus user can take to reduce the risk that their scanner will be disabled by a malicious program:

* Make sure your security software is kept up-to-date
* Log onto the system as a normal user without administrative privileges instead of an administrator (in Windows) or root (in Unix-derived systems):. If the antivirus program executes with higher privileges than the user logged in (as happens with Windows service or a Unix daemon), a malicious program with lower privileges (those of a normal user) will normally be unable to terminate the antivirus (assuming the absence of some form of privilege escalation exploit).
* Keep operating systems and applications fully patched and up-to-date with all hot fixes
* Avoid risky web sites (we know, easier said than done: the trick is to be cautious and if in doubt, don't)
* Enable all security features in your web browser
* Above all, don't run software from untrusted and untrustworthy sources.

It doesn't matter how sophisticated malicious code is if it never gets the chance to run. Don't fall into the trap of thinking that security software (even ours!) offers such perfect protection that you don't have to think about whether it's wise to run a program from an unreliable source. Anti-virus can't catch everything, even with advanced heuristics like ours.

Latest Threats 

Fetching RSS feed... please stand by

Spyware News 

Fetching RSS feed... please stand by

Leave your feedback 

tdove Thanks for joining G Rated Lense Factory! Posted July 22, 2008

Nishith Its A Nice lens .....Really informative..U really seem to know your stuff...i request you to submit your lens to my group called COMPUTER CARE You can join that group here COMPUTER CARE Posted July 20, 2008