Smokey's Security Weblog

veritas odium parit

Safe Computing and Preventing Malware Infections

The current outbreak of the polymorphic worm Downadup, aka Conficker and Kido, and all its variants make very clear that many users don’t act in a responsable and secure way. After all, at the moment 9 (nine) million PCs are contaminated by that worm for reason of a missing Microsoft Security Update for Windows (KB958644). At the same time numerous users don’t posses safe computing and surfing habits, ignore standard precautions, haven’t the slightest idea how to prevent malware and in case they have a PC contaminated by malware they are trying to clean the PC by themselves or by self-declared “security experts”. Keep in mind that malware cleaning/removal isn’t a job for amateurs, it is a dedicated job for well trained and full qualified malware hunters.

Safe computing/surfing and preventing malware is a matter of education. Only well educated users have the reasonable possibilty to remain “clean”. The sole aim of me and my staff on Smokey’s Security Forums is to fulfill this aim by providing the user for free with Education, Support, Help and Advice, and in case the PC of the user is infected by malware to offer malware cleaning/removal by real security experts: comprehensive trained, full qualified HJT/OTListIt2 Analysers/Malware Hunters.

Some basic rules for safe computing, related links at the end of this post:

– Activate the automatic update function in Windows. Always accept and install all updates offered by Microsoft.
– If you don’t like automatic updates, consider to use the Microsoft Baseline Security Analyzer (MBSA). MBSA is an easy to use free tool that helps individuals, small and medium businesses to determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. It will improve your security management process by using MBSA to detect common administrative vulnerabilities and missing security updates on your computer systems.
– Always install all Service Packs offered by Microsoft.
– Educate and protect yourself, e.g. by visiting my board and reading the FAQs, How-To’s and Advisories concerning Safe Computing and Preventing Malware.
– In case your PC is infected by malware, adware or any other undesired badware or nasties visit my board to get rid of such crap. Only full qualified HijackThis & OTListIt2 Log Analysers/Malware Hunters will care about these infections and help you in a professional way, of course for free, to get rid of it. Note: only registered board members will receive malware removal/cleaning help, registering on my board is also for free.

Update 2010-14-03: Guests allowed to post on Smokey’s for Log Analysis and Malware Removal help

Links

Smokey’s Security Forums
FAQs, How-To’s and Advisories concerning Safe Computing and Preventing Malware
HijackThis (HJT) & OTListIt2 Log Analysis and Malware Removal/Cleaning Assistance and Services
Microsoft Baseline Security Analyzer (MBSA) Frequently Asked Questions
Download Microsoft Baseline Security Analyzer

Safe computing!
.

asap1
Smokey’s Security Forums is Site Member ASAP

Advertisements

January 17, 2009 Posted by | Advisories, Anti-Spyware, Anti-Virus, Bundleware, Downloads, Friends, Phishing, Recommended External Security Related Links, Toolbarware, Uncategorized, Vulnerabilities | , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

CNET’s download.com offer rogue Anti-Spyware for download

Surprising to me, and probably with me most blog readers, is the fact that CNET’s download.com, property of CBS Interactive, offer rogue/malicious programs for download.

Regular blog visitors will remember the two articles I wrote past week about Intelinet Internet Security of well-known scammer Cashier Myricks, a malicious program advertised as  “Award Winning Spyware Remover” and “acknowledgements of the software by security experts”.

In the meanwhile it should be clear to everyone that Intelinet Internet Security is a rogue Anti-Spyware Program and therefore have to be rated as Malware. It is very surprising that CNET “apparently” isn’t informed about that piece of malware and stick determined to the download offer. I write “apparently” because I am informed that CNET is warned by several readers that the program is malicious, besides I informed today CNET’s Editor in Chief Scott Ard via an email. An so called “return to sender email”…

Well, I have now some curious questions to CNET:

1. Are all available downloads approved before download release?
2. If the answer is no, how will be guaranteed that all downloads are trustable?
3. Is there a CNET QA Department, and, if yes, what are the efforts of that department to keep the download archive clean?

The fact that CNET still offer Intelinet Internet Security for download let raise another question: how many other malicious programs are offered by CNET? Till we have a satisfying elucidation from CNET I can only advise: to protect your PC and all data on it, don’t download anything from their download archive. The software can be contaminated.

In case CNET need a review of my recent Intelinet Internet Security articles, here you go:

https://smokeys.wordpress.com/2008/12/27/intelinet-internet-security-rated-by-the-dslr-base-as-being-crapware/
https://smokeys.wordpress.com/2008/12/29/intelinet-internet-security-now-provided-with-the-malware-label/

December 31, 2008 Posted by | Advisories, Alerts, Bundleware, Downloads, Friends, Malware, News, Recommended External Security Related Links | , , , , , , , , , , | 5 Comments

Avoid SpywareInfo.com: it is pushing rogue programs

Compilation of posts/warnings made by Name Game on DSLReports.com and several posts on SpywareInfoForum.info

GoDaddy just auctioned off Mike Healan’s original SpywareInfo.com, and what happened to it is what we feared would when we saw how high the price was getting. It appears that site is pushing rogue programs and is intended to make some quick money for the same people that Mike fought for many years… It is selling several rogue programs, including at least one that is considered to be an active infection… I strongly recommend that everyone avoid it unless your PC if quite well armored and I particularly recommend that no one buy anything through it.

Remember, Mike Healan’s spywareinfo is at http://www.spywareinfoforum.info. Change your bookmarks and shortcuts. And it will be helpful if you will post about the new address at sites you’re a member of.

December 9, 2008 Posted by | Advisories, Alerts, Downloads, Malware, News | , , , , , , | Leave a comment

Free Online Virus, Spyware, other Malware, Suspicious File, Security Check and System Health Scanners

Like most people know, my board Smokey’s Security Forums is providing Information, Support, Help and Advice concerning all security related issues. As extra service we have also a general Hardware/Software section.

Malware removal/cleaning is just of the many services we offer. E.g. we have a HijackThis & OTListIt2 Log Analysis/Malware Removal & Cleaning Forum (English language) and Hilfe bei Problemen mit Viren, Trojanern, Würmern, Spyware, Adware, Ransomware, Popups und sonstigen Schädlingen (German – Deutsch language), full qualified malware experts will help you to clean your infected PC.

We have also an Online Virus, Spyware, other Malware, Suspicious File, Security Check and System Health Scanners Forum. You will find here 24 free (partial multi-engine) online services for scanning suspicious files and/or free system scanners. Several of these online services will remove malware and clean your PC also. Feel free to use these services, however, in case of an PC contaminated by malware we advice you strongly to ask for personal help in our HijackThis & OTListIt2 Log Analysiis Forum, only qualified malware experts will be able to clean your PC in a satisfying and secure way.

Current online scan services we offer are:

– a-squared Anti-malware Free Online Scan
– Arcabit Free Online Scan
– Bitdefender Free Online Scan
– Eset NOD32 Antivirus Free Online Scan
– Ewido/AVG Malware Free Online Scan
– F-Secure Antivirus Free Online Scan
– F-Secure Free Online security updates indentifier
– Jotti Virus/Malware Multi-engine Free Online Scan
– Kasperky Antivirus Free Online Scan
– McAfee FreeScan Online Scan
– Norton Security Scan Total redirects: 1
– Panda Antivirus TruePrevent Free Online Scan
– PrevX CSI Online Adware scanner
– Secunia Free Software Inspector
– SpywareInfo Spyware/AdWare Free Online Scan
– Symantec Security Check Free Online Scan
– Tenebril Spyware Free Online Scan
– TrendMicro Antispyware Free Online Scan
– WindowSecurity.com TrojanScan Free Online Scan
– Virus Chaser Free Online Scan
– VirusChief Multi-engine Free Online Scan
– VirSCAN Virus/Malware Multi-engine Free Online Scan
– VirusTotal Virus/Malware Multi-engine Free Online Scan
– Virus.org Rogue File Multi-engine Free Online Scan

All services we offer are for free, but please keep in mind that only registered board members will be able to take advantages of these services.

November 8, 2008 Posted by | Advisories, Alerts, Bundleware, Friends, Malware, News, Norton Internet Security, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , , , , | 1 Comment

HijackThis & OTL (formerly OTListIt2) Log Analysis and Malware Removal & Cleaning

What are HijackThis and OTL (formerly OTListIt2)

HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis creates a report, or log file, with the results of the scan.

OTL is a very sophisticated Log/Report Tool, doing the same as HijackThis and a lot more. You can see it as the successor of HJT.

IMPORTANT: HijackThis/OTL does not determine what is good or bad.
Do not make any changes to your computer settings using HijackThis and/or OTL unless instructed by a member of the HJT/OTL Analyzers/Malware Hunters group of Smokey’s Security Forums.

Procedures before submitting a HJT or OTL log to Smokey’s Security Forums

– Please register on the forum… Here, it is for free.

– Before submitting a HJT/OTL log to Smokey’s Security Forums, we ask that you follow this procedure first as described… Here.

– At the moment you have followed all instructions post your HJT or OTL log on the forum… Here. German – Deutsch customers can post here.
Then please wait for your log to be answered. Answers, help and support will be given by full qualified HJT/OTL Log Analyzers/Malware Hunters. The offered HJT/OTL services are for free also.

See ya, 😉

Starbuck
Team Leader HJT/OTL Analyzers/Malware Hunters

Update 2009-12-11: from now on, Smokey’s Security Forums will only accept OTL logs, HJT logs will not be accepted anymore.

Update 2010-14-03: Guests allowed to post on Smokey’s for Log Analysis and Malware Removal help

June 22, 2008 Posted by | Advisories, Bundleware, Friends, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , | Leave a comment

Java Anonymous Proxy (JAP): once a Crook, always a Crook?

Today’s post on DSLReports with subject “JAP” draw my attention.

From Java Anonymous Proxy (JAP) Homepage:

JAP makes it possible to surf the internet anonymously and unobservably.Without Anonymization, every computer in the internet communicates using a traceable Address. That means:

– the website visited,
– the internet service provider (ISP),
– and any eavesdropper on the internet connection

can determine which websites the user of a specific computer visits. Even the information which the user calls up can be intercepted and seen if encryption is not used. JAP uses a single static address which is shared by many JAP users. That way neither the visited website, nor an eavesdropper can determine which user visited which website.

Sound great. Especially because the software and services are free. But after reading the DSLR post my mind about JAP changed.

SUMware mentioned in the DSLR post an 2003 SecurityFocus article about the fact that JAPs anonymity service was (and still is?) back-doored. Sound not good anymore, sound really bad.

Excerpt SF article:

The popular Java Anonymous Proxy (JAP), used to anonymise one’s comings and goings across the Internet, has been back-doored by court order. The service is currently logging access attempts to a particular, and unnamed, Web site and reporting the IP addys of those who attempt to contact it to the German police.

We know this because the JAP operators immediately warned users that their IP traffic might be going straight to Big Brother, right? Wrong. After taking the service down for a few days with the explanation that the interruption was “due to a hardware failure”, the operators then required users to install an “upgraded version” (ie. a back-doored version) of the app to continue using the service.

“As soon as our service works again, an obligatory update (version 00.02.001) [will be] needed by all users,” the public was told. Not a word about Feds or back doors.

Fortunately, a nosey troublemaker had a look at the ‘upgrade’ and noticed some unusual business in it, such as:

“CAMsg::printMsg(LOG_INFO,”Loading Crime Detection Data….\n”);”
“CAMsg::printMsg(LOG_CRIT,”Crime detected – ID: %u – Content:
\n%s\n”,id,crimeBuff,payLen);”

and posted it to alt.2600.

Soon the JAP team replied to the thread, admitting that there is now a “crime detection function” in the system mandated by the courts. But they defended their decision:

“What was the alternative? Shutting down the service? The security apparatchiks would have appreciated that – anonymity in the Internet and especially AN.ON are a thorn in their side anyway.”

Sorry, the Feds undoubtedly appreciated the JAP team’s willingness to back-door the app while saying nothing about it a lot more than they would have appreciated seeing the service shut down with a warning that JAP can no longer fulfill its stated obligation to protect anonymity due to police interference.

A press release from ICPP assures users that JAP is safe to use because access to only one Web site is currently being disclosed, and only under court-ordered monitoring.

But that’s not the point. Disclosure is the point. The JAP Web site still claims that anonymity is sacrosanct: “No one, not anyone from outside, not any of the other users, not even the provider of the intermediary service can determine which connection belongs to which user.”

This is obviously no longer true, if it ever was. And that’s a serious problem, that element of doubt. Anonymity services can flourish only if users trust providers to be straight with them at all times. This in turn means that providers must be absolutely punctilious and obsessive about disclosing every exception to their assurances of anonymity. One doesn’t build confidence by letting the Feds plug in to the network, legally or otherwise, and saying nothing about it.

Telling us that they only did it to help catch criminals isn’t good enough either. Sure, no normal person is against catching criminals – the more the merrier, I say. But what’s criminal is highly relative, always subject to popular perception and state doctrine. If we accept Germany’s definition of criminal activity that trumps the natural right to anonymity and privacy, then we must accept North Korea’s, China’s and Saudi Arabia’s. They have laws too, after all. The entire purpose of anonymity services is to sidestep state regulation of what’s said and what’s read on the basis of natural law.

The JAP Web site has a motto: “Anonymity is not a crime.” It’s a fine one, even a profound one. But it’s also a palpably political one. The JAP project inserted itself, uncalled, into the turbulent confluence between natural law and state regulation, and signaled its allegiance to the former. It’s tragic to see it bowing to the latter.

I don’t know JAPs anonymity service is anno 2008 still back-doored.

Main queustion after the JAP back-doored issue is, can we ever trust JAP again?  My answer is a clear NO. JAP will always have an element of doubt.

SecurityFocus hitted the nail with following remark in the article:

Anonymity services can flourish only if users trust providers to be straight with them at all times. This in turn means that providers must be absolutely punctilious and obsessive about disclosing every exception to their assurances of anonymity. One doesn’t build confidence by letting the Feds plug in to the network, legally or otherwise, and saying nothing about it.

I share SFs opinion. Therefore, stay away from JAP.

April 26, 2008 Posted by | Advisories, Alerts, Downloads, Malware, News, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , , , , , | Leave a comment