Analysis of Spyware 246
scubacuda writes "What actually happens when you install adware/spyware/malware? Follow the Bouncing Malware examines what's downloaded, redirected, and obfuscated. A fascinating read. (Part two was postponed in order to cover a new My Doom variant.)"
Even Sevens (Score:5, Interesting)
Personally, I think you should examine ways to get even. Even-Stevens.
Up until this point, I've seen lots of anti-spyware put out that blocks spyware and protects your system from unjustified Reg entries etc., but it generally stops there. It's a shield when what we need is a shield and a sword.
Covenants, without the sword, are but words, and of no strength to secure a man at all -Hobbes
What I would like to see is anti-malware that bites back, hard.
We had this site going a while back that was going to test anti-trolling methods, like by taking a troll user and stuffing them in their own world. All their posts would be modded up and their view of the site was totally different than the users who were not trolls. Of course in tests it was easy enough for them to spoof their IP to get past this, but many of them didn't realize how to do it.
But for malware sites, what if we came up with a solution that would detect it and let it believe it was working, but generated the data needed to put these goofs in jail. I think the SETI distributed computing model could be slightly altered to work to this end.
Then we could get Even-Stevens.
malware honeypot? (Score:5, Interesting)
Then maybe the state DA's will jump in and make a lesson of a malware producer or two. That is, if they are local. IF not, LART until their router is unplugged.
This 'ware business is seriously getting out of hand and MUST be dealt with, one way or another. IF we have to force these jokers to go overseas, fine, then we'll do so and isolate their domains at root DNS.
Re:firefox testimonial (Score:5, Interesting)
You hit the nail on the head several times with firefox's security. It does seem to have marked improvements over IE in security, blocking 'wares from going off in your system, to barring banners from starting up, ever!
Of course I maintain a hosts file that pretty much keeps them at bay.
http://www.pelicancoast.net/~nighthawke/hosts.z
Mozilla Firefox - it solves most problems.... (Score:4, Interesting)
Usually, I skeptical about "Freeware", but Mozilla's Firefox has been a glorious exception. Not only is it faster, more intuitive, and easier to use than IE, it is also MORE SECURE. Unlike IE, Firefox does not allow ActiveX and VBScripts to run - and this is a blessing.
Please consider giving it a try.
Happy surfing.
And let's not forget... (Score:5, Interesting)
And don't deny it - their affiliates DDoSed SpywareInfo because it told people how to remove their bastardly malware and provided CWShredder.
I say we go after them, drain their coffers dry, and donate the funds to the Mozilla Foundation or something.
Re:Mozilla Firefox - it solves most problems.... (Score:2, Interesting)
Currently, I'm running Mozilla Firefox on Windows 2000, and I have no complaints. In fact, I'm happier about surfing the web than I've been in years!
For reference, Firefox may be downloaded at http://texturizer.net/firefox/index.html.
Happy Surfing.
Re:Mozilla Firefox - it solves most problems.... (Score:1, Interesting)
Re:malware honeypot? (Score:2, Interesting)
Did you RTFA? The spyware he mentioned all loaded automatically using exploits that are only available in IE and Windows! This is all courtesy of Microsoft!
Face it: these people would not be able to do these things without Microsoft's brain-dead approach to secure design. If you wanna sic DA's on somebody, point them at Microsoft!
A lot of people don't care (Score:5, Interesting)
pollution (Score:4, Interesting)
Just how that's done is another matter; but how long will it be before some enterprising young soul comes up with a daemon that generates false information and does nothing but pollute spyware databases? If it can be done with SETI, it can be done here
make it fun (Score:3, Interesting)
I want an integrated tool! (Score:4, Interesting)
I'd love to see a tool that would deal with all security threats to the desktop. A single tool that would protect against viruses, malware and would act as a smart desktop firewall. We already use an anti-span service but I think the tool should do that too. In the workplace it should be centrally controlled and updated automatically. It should report on attemts and allow the networking folks to use this data to stop stuff at the corporate firewall.
While I am dreaming, I think I'd even like to tool to provide a transparent, managable method of deploying service packs and patches to the desktop (although that is I admit probably better seperately with software deployment tools).
I suppose the server boys would probably need a tool to keep those back-room boxes squeeky clean too. Maybe a special server version of the same software could be slapped on those bad-boys.
I understand why companies are reluctant to share data but in the case of "common security threats" I think that an exception should be made and an automated but monitorable system of threat identification and reporting should be built into the software so as soon as a new threat is identified it can be made available to everyone using the software.
Then we can all cooperativly figure out who is doing this and we can publish that information somewere (like slashdot?) and we can provide them with a little justice!
Re:Even Sevens (Score:3, Interesting)
Why is it that "the authorities" are interested in subpoenaing the addresses of filesharers, but not illegal malware scammers?
Re:I want an integrated tool! (Score:2, Interesting)
I am not trying to be anti-Linux here, since I am booted into it anyway, but I tend to believe that there is a "properly configured Windows XP" too.
It includes:
All users use a Limited account
The is ONE admin account, to be configured with a red desktop and boring scheme as to place zero doubt that no one is supposed to be there to do anything except to install software.
Except for Windows Update, no user under any circumstance whatsoever should use Internet Explorer in the Admin account.
Zone Alarm
Ad-Aware
XP installed on 4-8GB partition
Documents and Settings redirected to another partition (yes, it is possible with a single reg hack)
Norton Ghost (on a FAT32 partition)
Good copy of System partition image on the FAT32 partition
Any suggestions?
I have a theory that the scumware threat in Internet Explorer becomes extremely inert when someone browses the Internet while logged into a limited account. Can't write to HKEY_CLASSES_ROOT or HKEY_LOCAL_MACHINE. Heck, can't write anywhere on the system partition. Can anyone confirm this theory?
Re:firefox testimonial (Score:1, Interesting)
Re:Even Sevens (Score:5, Interesting)
After I reinstalled XP for him, I installed Firefox and ordered him to use that and forget about IE unless he wanted to be hit upside the head with my cluestick. He doesn't know much about the underlying technology of computers and recent software but everyone in the family understands when I say "use that and evil stuff might be installed on the PC even if you're only surfing around". They take my word for it as I'm the resident geek.
I did the same with his family's computer. Now I just have to explain stuff to the youngest son who insists on using BearShare, Kazaa (even if I've said NOOOO!) and such stuff. He downloads and installs small programs. Once, the family computer was infected with over 150 viruses.
My cousin is extremely happy with Firefox, once I've shown him the concenpt of tabbed browsing, he's never looked back. And the computer don't get as much spyware installed now. The younger brother screws that up a bit 'cause he won't listen. Damn nu-metal ignoramus
As an IT Consultant, this is a huge problem..... (Score:3, Interesting)
On the flipside, a simple solution that I've been implementing, is a simple linux box, setup as a transparent proxy, using Squid, with DansGuardian (a pay-for product) doing content filtration, as well as stopping Active-X controls dead in their tracks.
This has proved to be very cost effective, around $300-400 in my time to setup, and stops the junk dead.
Perhaps some other IT managers can put this software to use.
-H
About Opera--Switched 3 days ago (Score:2, Interesting)
I moved to Opera three days ago after finally getting cheesed off with having IE launch spyware apps and then crash virtually every time I opened it.
I have the free version right now, in which I can even choose whether I prefer Google ads or big, noisy banners. I went with Google, since I am a Gmail fan anyway. One of my friends thinks I am a wuss for thinking this, but I actually like the text ads by Google. They are becoming familiar, and they virtually disappear on the Opera interface unless I need them, and then they are actually relevant!
What I like best about Opera is, well, many things:
1. Never had a popup since I have used it.
2. Easy to read RSS feeds, including a customized Opera newsfeed that brings Slashdot, Salon and some other feeds together as one.
3. Easy password fill-in (I know IE has something like this too, but I just never trusted it, given all the security holes.)
4. Easy, comprehensive toolbar customization. You can also customize your menus and toolbars with single-click "Setups". The toolbars are also far more intelligent than IE. You can set them to appear only when you need them, like the download status bar, which disappears as soon as your page is completed.
5. I imagine the mail and newsgroup features of Opera are also excellent, although I am married to Outlook and don't intend to switch.
6. Not the least important thing is that the design of the interface shows some visual design sensibility; a trained graphic designer of two must have actually designed it!
Basically, it feels like a much more sophisticated, softer Internet experience. I have Firefox installed as well, but mainly for testing my Web pages. It seems too simplified for me. I like complex but well-designed interfaces.
Are there rumours about Opera selling out? If so, I hope Google buys them (and then makes Gmail Opera-compatible.)
Opera & Google, Spyware ? (Score:1, Interesting)
Re:firefox testimonial (Score:3, Interesting)
Actually, i've put a IPblock in my hosts file by entering the IP address into it and referring it to loopback. (I know, it goes agianst the RFC for DNS, but it works!)
I've dogfarted on gator/claria with this action and they are pretty much torqued off at me for that. Of course, i've made it rather difficult for them to get in touch with me without sending a message thru a lawyer by blocklisting their domain in our POP3, hee hee hee hee.
This way it keeps'em honest and let's them know that they are not welcome in any way, shape or form
I removed 15 spyware apps from 1 computer yesterda (Score:1, Interesting)
Re:Even Sevens (Score:4, Interesting)
I did something similar to the article's author some time ago, although I wasn't particularly detailed in my "analysis." I set up a dummy XP Pro machine (unpatched, since that's how Joe Average's machine will likely be even if he does have broadband and knows how to use WindowsUpdate) and started browsing around for a couple of days as I normally would. I installed no applications other than those that came with XP. At the end of my test period, I had a couple of dozen different unauthorized apps running that entered the system solely through the browser. No warnings, no click-throughs
And I wouldn't be so sure these jerks aren't breaking any laws. Regardless of the privacy implications, spyware causes damage. Trashed systems, lost data, personnel time spent cleaning infestations and so forth. I've seen corporate workstations with thirty or forty spyware applications running simultaneously, causing major performance loss and instabilities. It wouldn't be hard for a corporation with a few hundred workstations to get the FBI interested with a legitimate damage claim of a few hundred grand in losses.
Spyware, malware, adware, spam
Re:Even Sevens (Score:3, Interesting)