Post by "Pop" Stran on Nov 22, 2004 11:43:18 GMT -5
Sure didn't expect to post to this board...
By now you've no doubt heard of malicious software (MALware) such as spyware,adware, keyloggers, and even heard a few horror stories...
The fact that this technology (and the delivery methods being employed by some) is a recent development makes all of us newbies in this field, myself included.
Spyware and adware are tiny programs that reside quietly on your system, and monitor your surfing-shopping-web use habits, and often report back to the host company in order to tailor your search results, and offer popups (sometimes endless) that the coders feel are targetd to your tastes.
Some adware even comes with it's own directory of popup pages which bombard you with constant pop-ads, and spyware/keyloggers have been directly linked to numerous cases of identity theft.
My recent experience (not my first of course, but by far the nastiest) involved a bundled bug.
Some so-called entrepreneurs are bundling a few spyware/adware progs into a very small download that lies dormant until ready to run.
For each of the bots you received, he is paid a few cents for "convincing you to download the advertiser's BHO".
(BrowserHelperObjects [BHOs] are mostly legitimate programs
"designed to enhance your online experience",
and distributed by paid affiliates.
Affiliates are expected to; Advertise, Offer the advertiser's download page, and hope for the best.
This expected method is a bit too passive for some hungry marketers, and their chosen methods of delivery are one of the primary reasons that malware has recently been under the microscope at the FTC.
My bundle came thru a startpage or autosurf service (some can come thru a banner), and consisted of a tiny file that got past my firewall and Norton.
It was not an apparent executable, and went quietly to the Temp folder...and therefore was ignored as harmless.
Upon the next day's reboot, this tiny trojan awoke, and installed 5 spyware/adware programs, some belonging to quite reputable companies such as Alexa, Gozilla,etc.
Once i went online, the system began to bog and I quickly discovered that these progs were all attempting to register and configure themselves...of course, i pulled the plug and rooted them all out immediately.
*Some adware comes with un-installers, but i have no more faith in a spyware-maker's uninstaller than i have in the kid who snuck the files into my pc in the first place.)
Further digging found the executable that made the installs, along with the tiny download that started the snowball rolling in the first place.
NOTE: In the Windows Explorer file pane (right side), you can click the upper titlebar "Modified" to list the files by date of install/modification. This will tell you what has been installed to that folder recently.
***DO NOT mass-delete in any folder!***
This particular bundle was delivered to the "Windows" folder, and the executables were created/unwrapped in the "Windows\Temp" folder. You can safely delete all folders in the "Temp" folder, especially if you don't recognize the file names within.
(The "\Temp\IEContent" files should be left alone, but they are backed-up elseware, and will be replaced if you accidentally erase them.
Once cleaned, I restarted my system...and the real fun began.
Along with the expected adware/spyware junk, a bug had been planted that not only remained invisible to this point, but contained a modified date that kept it from showing in a file-search by date.
*(Start, Find, Files&Folders, Advanced tab.)
This virus was aprt of the trojan bundle, and installed a simple "ini" file that effectively locked me out of my pc at startup...No Windows, no access.
A few simple DOS steps got me back in, but rooting out that bug took hours...The file was tiny, written in text format, and buried in 3 places!
(I found this out when, thinking it was done, it re-surfaced 2 days later.)
All told, I spent nearly a week getting every trace of the original malware cleaned from my system...and the prog likely took the deliverer no more than an hour to create and setup.
Needless to say, my whole system has been re-worked;
- IE settings are at "High Security", and for open connections I use an alternative browser.
(IE is the most popular target of coders)
- My firewall is on Hi-Alert for any activity not pre-authorized,
- and I run Spybot Search&Destroy religiously.
.....Prologue
Trust has always been a rare commodity in this current sociology, both hard-earned and carefully protected...and the Web is well behind the offline world in this respect.
Many new netizens apparently have a hard time getting along with people anywhere else...some can barely choose right from wrong...and this has extended to their online life as well.
The methods being employed by these few relate directly to domestic terrorism, and must be dealt with in similar and appropriate fashion.
Thanx for your time,
JB.
PS: The FTC has recently begun to put spyware makers under the microscope...a very promising development.
I will post the SitePro article that i read recently next, and urge you to read it...There are some useful links contained within.
By now you've no doubt heard of malicious software (MALware) such as spyware,adware, keyloggers, and even heard a few horror stories...
The fact that this technology (and the delivery methods being employed by some) is a recent development makes all of us newbies in this field, myself included.
Spyware and adware are tiny programs that reside quietly on your system, and monitor your surfing-shopping-web use habits, and often report back to the host company in order to tailor your search results, and offer popups (sometimes endless) that the coders feel are targetd to your tastes.
Some adware even comes with it's own directory of popup pages which bombard you with constant pop-ads, and spyware/keyloggers have been directly linked to numerous cases of identity theft.
My recent experience (not my first of course, but by far the nastiest) involved a bundled bug.
Some so-called entrepreneurs are bundling a few spyware/adware progs into a very small download that lies dormant until ready to run.
For each of the bots you received, he is paid a few cents for "convincing you to download the advertiser's BHO".
(BrowserHelperObjects [BHOs] are mostly legitimate programs
"designed to enhance your online experience",
and distributed by paid affiliates.
Affiliates are expected to; Advertise, Offer the advertiser's download page, and hope for the best.
This expected method is a bit too passive for some hungry marketers, and their chosen methods of delivery are one of the primary reasons that malware has recently been under the microscope at the FTC.
My bundle came thru a startpage or autosurf service (some can come thru a banner), and consisted of a tiny file that got past my firewall and Norton.
It was not an apparent executable, and went quietly to the Temp folder...and therefore was ignored as harmless.
Upon the next day's reboot, this tiny trojan awoke, and installed 5 spyware/adware programs, some belonging to quite reputable companies such as Alexa, Gozilla,etc.
Once i went online, the system began to bog and I quickly discovered that these progs were all attempting to register and configure themselves...of course, i pulled the plug and rooted them all out immediately.
*Some adware comes with un-installers, but i have no more faith in a spyware-maker's uninstaller than i have in the kid who snuck the files into my pc in the first place.)
Further digging found the executable that made the installs, along with the tiny download that started the snowball rolling in the first place.
NOTE: In the Windows Explorer file pane (right side), you can click the upper titlebar "Modified" to list the files by date of install/modification. This will tell you what has been installed to that folder recently.
***DO NOT mass-delete in any folder!***
This particular bundle was delivered to the "Windows" folder, and the executables were created/unwrapped in the "Windows\Temp" folder. You can safely delete all folders in the "Temp" folder, especially if you don't recognize the file names within.
(The "\Temp\IEContent" files should be left alone, but they are backed-up elseware, and will be replaced if you accidentally erase them.
Once cleaned, I restarted my system...and the real fun began.
Along with the expected adware/spyware junk, a bug had been planted that not only remained invisible to this point, but contained a modified date that kept it from showing in a file-search by date.
*(Start, Find, Files&Folders, Advanced tab.)
This virus was aprt of the trojan bundle, and installed a simple "ini" file that effectively locked me out of my pc at startup...No Windows, no access.
A few simple DOS steps got me back in, but rooting out that bug took hours...The file was tiny, written in text format, and buried in 3 places!
(I found this out when, thinking it was done, it re-surfaced 2 days later.)
All told, I spent nearly a week getting every trace of the original malware cleaned from my system...and the prog likely took the deliverer no more than an hour to create and setup.
Needless to say, my whole system has been re-worked;
- IE settings are at "High Security", and for open connections I use an alternative browser.
(IE is the most popular target of coders)
- My firewall is on Hi-Alert for any activity not pre-authorized,
- and I run Spybot Search&Destroy religiously.
.....Prologue
Trust has always been a rare commodity in this current sociology, both hard-earned and carefully protected...and the Web is well behind the offline world in this respect.
Many new netizens apparently have a hard time getting along with people anywhere else...some can barely choose right from wrong...and this has extended to their online life as well.
The methods being employed by these few relate directly to domestic terrorism, and must be dealt with in similar and appropriate fashion.
Thanx for your time,
JB.
PS: The FTC has recently begun to put spyware makers under the microscope...a very promising development.
I will post the SitePro article that i read recently next, and urge you to read it...There are some useful links contained within.