The Computer Clarity Blog

Because of its popularity, the internet has become an ideal target for advertising. As a result, spyware, or adware, has become increasingly prevalent. When troubleshooting problems with your computer, you may discover that the source of the problem is spyware software that has been installed on your machine without your knowledge.

What is spyware?

Despite its name, the term “spyware” doesn’t refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as “adware.” It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:

• What information is being gathered?

• Who is receiving it?

• How is it being used?

How do you know if there is spyware on your computer?

The following symptoms may indicate that spyware is installed on your computer:

• you are subjected to endless pop-up windows

• you are redirected to web sites other than the one you typed into your browser

• new, unexpected toolbars appear in your web browser

• new, unexpected icons appear in the task tray at the bottom of your screen

• your browser’s home page suddenly changed

• the search engine your browser opens when you click “search” has been changed

• certain keys fail to work in your browser (e.g., the tab key doesn’t work when you are moving to the next field within a form)

• random Windows error messages begin to appear

• your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)

How can you prevent spyware from installing on your computer?

To avoid unintentionally installing it yourself, follow these good security practices:

• Don’t click on links within pop-up windows – Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the “X” icon in the title bar instead of a “close” link within the window.

• Choose “no” when asked unexpected questions – Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select “no” or “cancel,” or close the dialog box by clicking the “X” icon in the title bar.

• Be wary of free downloadable software – There are many sites that offer customized toolbars or other features that appeal to users. Don’t download programs from sites you don’t trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.

• Don’t follow email links claiming to offer anti-spyware software – Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.

As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:

• Adjust your browser preferences to limit pop-up windows and cookies –

Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting.

How do you remove spyware?

• Run a full scan on your computer with your anti-virus software – Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically.

• Run a legitimate product specifically designed to remove spyware – Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft’s Ad-Aware, Microsoft’s Window Defender, Webroot’s SpySweeper, and Spybot Search and Destroy.

• Make sure that your anti-virus and anti-spyware software are compatible – Take a phased approach to installing the software to ensure that you don’t unintentionally introduce.

Computer Clarity

While email attachments are a popular and convenient way to send documents, they are also a common source of viruses. Use caution when opening attachments, even if they appear to have been sent by someone you know.

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

• Email is easily circulated – Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don’t even require users to forward the email—they scan a users’ computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.
• Email programs try to address all users’ needs – Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.
• Email programs offer many “user-friendly” features – Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

• Be wary of unsolicited attachments, even from people you know
  • Just because an email message looks like it came from your mom, grandma, or boss doesn’t mean that it did. Many viruses can “spoof” the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it’s legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.
• Keep software up to date
  • Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
• Trust your instincts
  • If an email or email attachment seems suspicious, don’t open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it’s legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don’t let your curiosity put your computer at risk.
• Save and scan any attachments before opening them
  • If you have to open an attachment before you can verify the source, take the following steps:
    • Be sure the signatures in your anti-virus software are up to date.
    • Save the file to your computer or a disk.
    • Manually scan the file using your anti-virus software.
    • If the file is clean and doesn’t seem suspicious, go ahead and open it.
• Turn off the option to automatically download attachments
  • To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
• Consider creating separate accounts on your computer
  • Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need “administrator” privileges to infect a computer.
• Apply additional security practices
  • You may be able to filter certain types of attachments through your email software or a firewall.

Computer Clarity

2/18/2010.

PandaLabs, the anti-malware laboratory of Panda Security -The Cloud Security Company- has detected a new worm, Spybot.AKB. It spreads using P2P programs (copying itself to the usual shared folders with different names) and also via email. What’s new about this worm is the way it tricks users, spreading under the guise of an invitation to join social networks like Twitter and Hi5, or in an email supposedly from Google replying to a job application. Another new feature is the way it installs on computers, passing itself off as a Firefox security extension.

Email subjects include:
• Jessica would like to be your friend on hi5!
• You have received A Hallmark E-Card!
• Shipping update for your Amazon.com order 254-71546325-658732
• Thank you from Google!
• Your friend invited you to twitter!

Once installed, the worm redirects browsers to different websites if the user launches a search with any of the following words:

A: Airlines, Amazon, Antivir, Antivirus.
B: Baseball, Books.
C: Casino, Chrome, Cialis, Cigarettes, Comcast, Craigslist, Credit.
D: Dating, Design, Doctor.
E: Explorer
F: Fashion, Finance, Firefox, Flifhts, Flower, Football
G: Gambling, Gifts, Graphic.
H: Health, Hotel.
I: Insurance, Iphone.
L: Loans.
M: Medical, Military, Mobile, Money, Mortgage, Movie, Music, Myspace.
O: Opera.
P: Pharma, Pocker.
S: School, Software, Sport, Spybot, Spyware.
T: Trading, Tramadol, Travel, Twitter.
V: Verizon, Video, Virus, Vocations.
W: Wallpaper, Weather.

It also takes a series of actions to compromise the security level of infected computers, adding itself to the Windows firewall list of authorized applications, and disabling the Windows Error Reporting service and the User Access Control (UAC).

Computer Clarity

This week’s PandaLabs report looks at two fake antiviruses: PcLiveGuard and GreatDefender.

This type of malware passes itself off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats on their computers.  Panda Security has published a report on fake antiviruses, available at:

http://www.pandasecurity.com/img/enc/The%20Business%20of%20Rogueware.pdf

Similarly, the PandaLabs Annual Report also provides information about the situation of this malware at:http://www.pandasecurity.com/img/enc/Annual_Report_PandaLabs_2009.pdf

PcLiveGuard’s icon resembles a legitimate antivirus icon. When run, a typical screen is displayed, asking users if they want to scan their PCs. See pic at: http://www.flickr.com/photos/panda_security/4255539533/

Regardless of whether users accept or not, it will indicate their computer is infected. Here is the image that will be displayed if users scan their PC (http://www.flickr.com/photos/panda_security/4256301498/).

If users do not scan their PC with the fake antivirus, infection warnings are displayed to scare them into purchasing the product.

GreatDefender is a fake antivirus which informs about potentially dangerous software on the computer, due to it not being correctly protected. It tries to get users to pay with their credit cards in order to install the solution.  The objective of the antivirus is to collect personal and bank details provided by users on purchasing it. As this type of malware cannot reproduce itself, it requires user interaction to infect the PC. To do so, it uses its own websites on which it is advertised as one of the best anti-spyware solutions in the market.

Picture available at: http://www.flickr.com/photos/panda_security/4256301526/

When users access the website, they are given the option to download the antivirus, but when they try, the trial version is unavailable and they are redirected to the pay version.  The installation process is similar to that of any antivirus, allowing users to select the language and location of the files. Once the installation ends, the fake antivirus carries out a full system scan.  It then falsely ensures users that their computers are free from any infections.  To make users believe they are protected, an icon is displayed in the Windows desktop, the quick taskbar and the Windows start menu, to make it look as authentic as possible.

Computer Clarity

How to use your computer The Right Click Button. The Right Mouse button is the most useful button on the computer.

Computer Clarity

In this video, I demonstrate the first steps in solving Screen Resolution Problems that are caused by a corrupted, incorrect or missing video driver.

Computer Clarity

This is a quick look at the display and sound settings in Windows Vista. Learn how to customize your display, screen saver, sounds, mouse, and much more.

Computer Clarity

A brief, general overview of the Microsoft Windows Vista Operating System from the new users point of view.

Computer Clarity

How Our Technicians Secure Your Computer with our Clarity Shield Services
In this video, I will demonstrate how our technicians protect your computers security
with our Clarity Shield Services.

Computer Clarity

This week’s PandaLabs report looks at two new fake antiviruses and a Trojan.

Safety Antispyware and InternetSecurity 2010 are malicious programs that try to pass themselves off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats that actually do not exist.  For more information about this type of malware read “The Business of Rogueware”, a report on fake antivirus programs written by Luis Corrons and Sean-Paul Correll, PandaLabs researchers.

This report is available at:http://www.pandasecurity.com/img/enc/El%20Negocio%20de%20los%20falsos%20antivirus.pdf.

Safety Antispyware tricks users by warning them their computers are infected by (non-existent) threats, prompting them to buy a program to remove them. This program can be downloaded from the vendor’s site. The link can reach users through spam messages, fraudulent Web pages, etc. The fake antivirus shows an icon similar to that of real antivirus programs. Once installed, the program interface opens and runs a full system scan looking for malware.

You can see an image here:http://www.flickr.com/photos/panda_security/4208462422/

Then, it shows a series of messages prompting the targeted user to buy the product.

(http://www.flickr.com/photos/panda_security/4208462446/)

If the user decides to follow the program instructions to get rid of the ‘threats’, they will be asked to enter an activation code and be redirected to a website to buy the product. Once run, InternetSecurity 2010 scans the computer for malware. However, this is a fake scan that always reports that the computer is infected. Then, it offers users the possibility of disinfecting the computer. As the fake antivirus version is supposedly a trial version, users are first requested to buy the antivirus license. To this end, the malware opens the user’s Internet browser on the fake antivirus purchase page.  To reassure users that the purchase is safe and the antivirus is legitimate, it shows certificates of authenticity and claims to have been tested by McAfee. It even offers the antivirus license for a long time, apparently at a good price.

See an image here:http://www.flickr.com/photos/panda_security/4207698275/

If the user decides not to purchase the antivirus, it will keep running and displaying warnings about the threats the user is exposed to if they remain infected and do not update the antivirus. These warnings are displayed in two ways: through warnings on the toolbar or on-screen pop-up messages.

Banker.MAI is banker malware aimed at stealing banking data, credentials and/or credit card details when users try to log in to their online banking services.  This malware goes memory resident and does not show any symptoms that warn of its presence on the affected computer. The malware works in the background, waiting to be run, and send or receive data.  Banker.MAI arrives as a self-extracting RAR file attached to an email message, usually with the subject “Comprovante Deposito-29092009″. This email message appears to come from a legitimate banking institution, and asks the user to open the attached file to enter some necessary data. If the user opens the file they will become infected. The malware creator is notified via email whenever a computer is successfully infected.

More information about these and other malicious codes is available in the Panda Security Encyclopedia http://www.pandasecurity.com/homeusers/security-info/.

Computer Clarity