January 2006

Published: Tuesday 31 January 2006
By Andy McCue

The High Court has ordered 10 ISPs to hand over the customer details of 150 individuals accused of illegally sharing and downloading desktop software on the web.

The illegal file-sharers were identified after a 12-month covert investigation by the Federation Against Software Theft (Fast), called Operation Tracker.

Fast said it also suspects that some of the individuals were using their employer’s corporate networks for trading the software illegally.

The individuals all use false names but Fast has now secured the court orders that will force the internet service providers to hand over the full personal details - including names, addresses and dates of birth - of the 150 individuals.

Revision.

Many users we see in the forums, requesting assistance for malware removal, have a P2P (file sharing) program installed.

If you insist on using a P2P Client please configure and use it in a safe manner and make sure your security programs are up to date.

The P2P program itself is often the cause of infection:
Clean/Infected P2P Programs

Microsoft TechNet:
Introduction to Windows Peer-to-Peer Networking

News from Sans-Internet Storm Center
Handler’s Diary January 24th 2006

Over the last week, “Blackworm” infected about 300,000 systems based on analysis of logs from the counter web site used by the worm to track itself. This worm is different and more serious than other worms for a number of reasons. In particular, it will overwrite a user’s files on February 3rd.

At this point, the worm will be detected by up to date anti virus signatures. In order to protect yourself from data loss on February 3rd, you should use current (Jan 23rd or later) anti virus signatures. Note, however, that the malware attempts to disable/remove any anti-virus software on the system (and does this every hour while the system is up), so if the machine was infected before signatures were deployed, obviously, that anti-virus software can’t be expected to clean up the infection for you.
How would I get infected?
The worm spreads via e-mail attachments or file shares. Once a system in your network is infected, it will try to infect all shared file systems it has access to. You may see a new “zip file” icon on your desktop.
What will BlackWorm do to my system?
It will disable most anti virus products and delete them. The worm will e-mail itself using a variety of extensions and file names. It will add itself to the list of auto-start programs in your registry.
Removal
Anti virus vendors offer removal tools. Microsoft provides detailed instructions for manual removal. However, there are two important reasons to rebuild “from scratch”:

BlackWorm uses the same tricks to install itself as other viruses/worms. It may not be the only one on your system. Antivirus will not detect all viruses, and the removal tool will only remove this specific worm.
BlackWorm will allow remote access to your system, and additional malware may have been installed via this backdoor.

{ 0 comments }

First take a deep breath, help is at hand.

There are security forums where you can request assistance in cleaning up an infection on your computer, a few are listed to your right. Please start a topic at one site only so as not to waste precious volunteer resources.

You usually need to register in order to post, which doesn’t take much time. Choose a nickname to identify yourself in the forums, but do not use your email address as such.

Each site varies in it’s procedure so do be sure to look at the pinned ’stickies’ before you post.

Stickies are Topics/Faqs that your forum host ‘pins’ to the top of the forum so that it will not fall down the list.

Most malware removal forums will have a topic listing the titles of people who are authorised to offer assistance to users.

There is good reason for that rule, do not take advice from just anyone who may post in your topic, no matter how well meaning they are.

You can check who is helping you by looking at the title next to their avatar or name. Often it will say Helper, Expert, HJT Team etc.

Forums can be overwhelmed with people requesting help and it is possible you will have to wait awhile. Again, see if there is a ’stickie’ where you can post if you have waited a few days with no response.

Work with your helper and make sure s/he knows any moves you have taken, and always follow up with the final log requested to make sure the computer is really clean and you are good to go. Even if it appears to you that your computer is back to normal operation.

Besides it is a good time to thank your volunteer helper for guiding you through a clean up and giving you tips to avoid future infection.

Updated 12-31-07

{ 0 comments }

While there are also excellent paid products available the ones referred to below are free.

Small update: 08/2008

Anti Virus software

• AntiVir Personal Edition

• Avast Home

• AVG Free

Firewall software

• Comodo Pro

• Understanding and Using Firewalls

One should read the FAQS ( Frequently Asked Questions) for each product before installing.
Make sure your system is compatible and has enough resources.

Always read the EULA ( End-User License Agreement -software license or user license) What is a EULA?

I expect most people to tune out when they see the word EULA; however getting into the practice of reading the EULA could save you from having bad items installed with your permission.

Don’t happily click “I accept all terms of this agreement” without taking time to read the License for the software you about to install; it could save you a lot of trouble.

Especially watch out for any ’small print’ even if you have to go find your glasses.

This is a program to assist you in reading EULA’s.
EULAlyzer™

As for Paid programs these are my personal favourites:

• Anti-Virus
  NOD32 or Kaspersky

A site where you can check for many program updates

See Programs I use

Basic steps to aid in securing one’s PC.

Start off by reading this article for preventive tips.
“So, how did I get infected in the first place?” ©Tony Klein

Service Pack 2 for XP will address numerous security issues in your XP Operating System and IE.
Windows XP Service Pack 2 is cumulative, meaning it includes Service Pack 1 and all updates predating the release of SP2.

Get Your PC Ready for Windows XP SP2

Instructions on how to configure the enhanced security features in SP2.

You can also order Windows XP SP2 on CD

Description of the Automatic Updates feature in Windows

Microsoft Security Advisories

Microsoft Security Advisories, a supplement to the Microsoft Security Bulletins, address security changes that may not require a security bulletin but that may still affect customers’ overall security.

Of course you have checked the link above to Tony Klein’s article but to reiterate a few points:
Do not have more than one resident anti-virus program or firewall running.
Unfortunately I see this much too often; there is the misguided thinking that if one is good, two is better.

It is vital you keep your Windows OS and Internet Explorer up-to-date and patched.
Don’t be fooled into thinking that if you use an alternate browser you can forget IE. Internet Explorer is fully integrated into the Windows Operating System.
If you use Sun Java check to make sure it is the latest version.
Older versions have security holes and can be exploited just by being on the System; they are not uninstalled automatically when you upgrade.

Be pro-active, keep all your security applications current so they can do their job. Your protection is only as good as that last update.

While securing your computer is the best defense, it does not guarantee you won’t ever face an infection.

More about that later.

Perhaps you bought a new PC complete with anti virus and anti spyware software programs pre-installed, believing that would be all that was necessary to protect your investment.
But why has that computer slowed down to a crawl resembling a traffic jam in New York City and what are all those popups about anyway?

Too many people discover the meaning (or lack of) PC security once they have a system crippled by viruses, trojans, adware, and spyware generally termed under the heading Malware.

A little background about me:
I was one of those caught in the above scenerio some years ago.
One computer kept me happily surfing until it became clear something was awfully remiss and my local ISP’s techie had no clue what was wrong.

We were unaware of the malware explosion quickly taking hold of the World Wide Web.

Eventually I bought another PC with a software firewall and became curious about one particular nasty scanning the ports.

Looking for information led me to Spyware Info a help site for victims of malware infections.

I attended Classroom at Tom Coyote (now What The Tech) and Bootcamp at Spyware Info. both of which were established in order to train people to help others whose computers are infected with malware.

Four years later I enjoy being involved in the security field as an Administrator and researcher as well as actively assisting members in the forums.

There are terrific Blogs out there raising peoples awareness about Internet security.

It encouraged me to endeavour to do the same.

Note: You use any information found here at your own risk. Copyright © is the original authors.

{ 0 comments }

{ 2 comments }