Spy Sheriff Removal

I was doing some testing on my Windows XP system surfing about some
sites of “ill repute” with IE6 and got hit with something called Spy
Sheriff
.

Spy Sheriff is like a watered down version of PS Guard or Smithfaud.  Like PS
Guard
, Spy Sheriff claims to want to remove all the malware it infects
you system with.  Both of these horrible bits of malicious code
are what I like to call scareware.  The get loaded on to your
system along with about 100 other viruses, worms and trojans and take
over you desktop with a message like “Spyware Infection”.  The
application then “scans” your system.  And tells you that you must
activate the Spy Sheriff or PS Guard in order to clean your
system.  When attempt to remove Spy Sheriff using Add/Remove programs, it simply adds itself again once you reboot.

In the background, all the malware they loaded on your system are
collecting data and send status report to a parts of the world. 
The scareware will usually make sure you know this to convince you to
buy their product.  DO NOT GIVE THEM YOUR CREDIT CARD INFO!

Here is how to remove Spy Sheriff.

Security Testing on my Window 2000 system

I've surfing on my Windows 2000 system while completely exposed to the Internet on my DMZ.  No firewalls, no anti-virus, not even a pop-up blocker.  The box is exploited immediately. 

Many of the default configuration on a fresh Windows 2000 box are just plain ridiculous.  For example, the C$, and parts of the root are shared out on earlier versions of Windows 2000.  Message services, port 139 and other very easy to exploit applications and services are turned on by default on Windows 2000. 

It is no wonder Windows systems are always getting taken down.  Just turning off some of those services do quite a bit to close some of the holes on Windows boxes.  With broadband getting more popular, the combination of unprotected systems and the viral marketing of malicious code are creating a storm on the Internet.  An unprotected system is rendered completely useless in a matter of weeks (days and hours if you surf porn or serial sites).

Here are some of the vulnerabilities on Windows systems at SANS.org.

In all honesty, if you have a good firewall, virus protection, maybe a pop-up stopper and a good security configuration you could have a Windows 98 machine and NEVER get a virus.  

PS Guard Removal

PS Guard is viscious scareware that loads itself each time you attempt
to unistall it.  It is malware that claims to be malware
remover.  It disables your Task Manager, informs you that your
system is infected and doesn't allow you to exit from it while it scans
your computer for viruses.

Removing PS Guard
it is a bit tricky.  Adaware and Hijack this will do nothing to
remove it.  Noahdfear over at GeekstoGo.com wrote a sweet little
script to remove it called smitrem.  It does the trick in removing PS Guard

I picked it up at some Russian warez site on my Honeypot sytem.

My Honeypot server: Message from system to alert spam

I plugged an unpatched Windows 2000 system on the Internet with no
firewall, antivirus or even pop up blockers to sniff out the raw filth
being pumped to the world. 

What I was immediately spammed with was “Message from System to Alert messages” from various “security software” sites.   Here are the results:

Message from System to Alert” Pop ups

These messages claimed to be from Microsoft or from my system or from
System32 saying my registry was corrupt and a bunch of other lies.

Google Toolbars Phishing: How to avoid it phishermen

Phisherman are targeting Google software:

An Internet security specialist says a
new threat forces computers to install faked Google software via
Instant Messengers, which then goes phishing.

If you have been in a coma for the last few years, phishing involves
criminals setting up or send emails about fake sites that look exactly
like they came from legitamate sources.  These sites usually
attempt to collect personal information such as Login and Passwords of
oooh, I don't know… say a PayPal or bank
account.

I get these phishing emails nearly everyday.  “How can you tell
its a phishing account?”  you ask.  Well for one of my email
accounts I don't even have a paypal account set up, and it receives
repeat emails about my “paypal” account is going to expire, or my
paypal account had someone added to it.  Another thing is that
they companies such as eBay, PayPal, and banks won't ask you to
login.  If they do, call the actual eBay service Rep and see what
is going on DO NOT GO THERE FROM AN EMAIL LINK.. EVER.

Another thing you can do is click the “Show Original Message” button or
link on the opened email.  This will display the innerworkings of
the email.  It will display the IP address where the email
actually came from.  With Arin.net you can determine the location
of any IP address.  And with a tool called SAM SPADE you can get
even more information on IP addresses and DNS names.  Doing a
simple “traceroute” command may also give IP address if all you have is
the DNS name and want the IP.

If you do go to the Phisher site,  first of all be careful, some
of these sites are exploit sites meaning if you system is not patched
and protected it could possibly load malicious code on your
system.  Once you get to the site Right-click and “View the page
Source” This will tell you what is really going on with the site in
question.

read more | digg story

Surfing with an Admin account or How to Get Owned

Martin McKeay over at mckeay.net is has good methods of securing his home network:

I'm a strong believer in the 'rule of least privileges' as my wife and children well know; at least once a week I get called over to the kids computer to log in as administrator and install some program for them. The kids have gotten used to it, but my wife hasn't and she's forgotten that I gave her the adminstrator password.

The reason it is a great idea to use the least priveleges possible and not go surfing the net with Admin priviledges is that if you (or anyone on your computer with admin priviledges) hit an exploit site that downloads something on your system, it will do so with your administrator permissions. 

It is best to surf the web with an account that does not have permission to download anything from the web, with elevated security features on Internet Explorer (cookies and java scripts turned off).  In fact, just use and patched version of Firefox. 

More Security on Internet Explorer

You can increase security feature of IE by going to Tools | Internet Options | Security tab.  Adjust the trust you have for the Internet by adjusting the level on the slider in the “Security Level for this Zone Area.” 

If you surf the web with an administrator account without a firewall not only will you more than likely get hit with a trojan and worms you will give the masters of these products elevated priviledges to your system as they will install code in the C:\Windows\System32 – also known as root. From root a criminal hacker can do practically anything they want with your computer (including install a keylogger that copies everything you type and send the data back to some IRC room on the Internet.)

In layman's terms, they will OWN your ass.  

If your really paranoid: 

Customize your selected security levels by clicking the “Custom Level” button inthe “Security Level for this Zone Area.”  Disable Active X, and Java to completely destroy the ability of malicious mobile code to affect Internet Explorer (unless its already on your system).  This will impare your ability to expirience anything beyond text.

 

Computer Security 101: Proactive Security

Another university accepted ethical hacking.  Lately it seems every other month educational institutions are teaching security hacking.  I think this is good.  It is important to learn many kinds of Wire-Fu. 

Oct. 3–NEW HAVEN, Conn. — The computer lab tucked into a corridor at Jennings Hall at Southern Connecticut State University may not look it, but it's sick.

Viruses run rampant. Firewalls are frowned on. Here, hacking is not only encouraged, it's a course requirement.

“Last week, I went onto a computer in the back room. Their homework was to figure out what I did and log into my fake account,” said Lisa Lancor, an associate professor of computer science.

 

University of Calgary hacker course 

University of Glamorgan – Certified security Testing Associate and Professional and Certified Forensic Investigation Analyst

 Internation Counsel of e-Commerce Consultants – Certified Ethical Hacker CEH – Certification

Updating Your Windows Operating System is very Easy!

Many everyday Internet Users do not know why they must keep their computer Operating Systems Up-To-Date – and many don’t even know what an Operating System is!

From “ignorance is bliss” to “surprise attack and disaster” – how many thousands of Internet users have experienced this frustration and grief?

This raises the obvious question: “Why haven't they prepared to avoid it?”

The startling fact is that there are many long term Internet users who have never even considered updating their Operating Systems and protective Safe-ware.

Perhaps the complexity of it all contributes to what might be described as User apathy – or indifference and a lack of enthusiasm toward the following:

* The news of yet another vulnerability or patch process.

* The potential damage to computer, personal information and reputation – i.e. the “It can't happen to me” attitude.

* Their own abilities – i.e. “I’m too old, too dumb, too whatever – to learn how to fix a computer without breaking something.”

* Updating – i.e. “My computer came with an anti-virus program, so why does it need to be updated now?”

The sad fact is that the lack of confidence people have in their ability to build a defense often leads to a reluctance to even accept the reality of Cyber Threats.

Some of the lesser-experienced Internet users rationalize their lack of action with pessimism, even defeatism. Human nature often supports these excuses with defensive attitudes and mis-beliefs like:

* False sense of disaster support – “My nephew, neighbor, son or whoever, is a computer whizz. They’ll be able to fix the problem if anything ever happens.”

* Scepticism – “All this talk about viruses is just so the “news people” will have information for publishing, and so the software manufactureres can scare people into buying more of their products.”

* Ignorance (of the extent of deception, skills and sophistication that the malicious hackers have attained).

* Disbelief (that personal computer might be infected and used by others to spread malicious viruses and worms). “My computer seems to be working ok – a little slow, maybe, but it is getting pretty old.”

* Overwhemed (too many choices with firewalls, anti-virus, anti-spam, anti-spyware, Trojan removers). “Why do I need all of these and which ones should I use?” or “Do I really need to update my Operating System, my anti virus, spam, spyware stuff?”…I’ll just never learn how to do all of this.

* Expense (How much will all this cost and is it really necessary?)

* Fatalism – “Hey, if it’s going to happen, it will, and I’ll just junk my computer and get another one. Mine’s getting kind of old, anyway.”

Here, then, are the Shocking facts about updating PC Operating Systems.

There are many unaware Internet users who have been online for years, but lack in these ares:

* They don’t know what “Updating” really means.

* They have never responded to the popup message associated with the icon in the Task tray that announces new Windows Updates.

* They have never clicked on the Windows Update icon in the Program Start menu.

* They have never visited the Microsoft Windows Update web page at http://windowsupdate.microsoft.com/.

* They have never updated their PC Operating Systems.

Even if they have been able to navigate to the Microsoft Update webpage, many just throw up their hands in despair at the overwhelming number of choices and unknowns, such as:

* Choosing what to update from the long list of options.

* Waiting for Windows to check the registry for available updates.

* Deciphering the Update descriptions (and instructions).

* Selecting or Removing the necessary options.

* Starting the download.

And oftentimes, many people have never even used the Windows Help information to find out how to update their computer Operating Systems.

How many self taught or untrained computer users are going to persevere through all of the hassle described above? Is it any wonder so many computers become infected? The criminal Hackers building their bot and zombie armies have nearly an open and undefended playing field; many are using it every day to steal money and identities.

So, what is the solution to this problem?

If individuals with computer “understanding” would help and assist others with less knowledge, there would probably be less of a problem.

Nearly everyone who has faithfully kept their PC Operating Systems and Safe-ware up to date surely has family members and friends who could benefit from an hour or so of basic instructions. This would make it much more difficult for the criminal Hackers to compromise another persons computer.

Hacker's would eventually be faced with a growing number of adequately protected computers, educated Users and hopefully would finally give-up trying!

Anti-Spyware Gets HIP

Anti-spyware software is expected to
transition from threat-specific technologies to Host-based Intrusion
Prevention Systems (HIPS) as vendors deploy proactive solutions that
block new and unknown spyware programs from PCs. Such solutions are
likely to be increasingly compelling for security.

Its about time this more proactive approach to malware and spyware is
put right on desktops.  Eventually the masses will get so fed up
with malicious code that there will be a huge market for behavioral
based intrustion detection type software. 

With the amount of money that is being made by virus and spyware
makers, malware is developing faster than computer security could ever
dream.  Proactive methods such as HoneyMonkey servers and HIPS
products will no doubt be a big hit.  It is about time that
Information Security had more of a proactive response and not as
reactive. 

With corporations more interested in protecting there ASSets then with
developing a good product and protecting the customers, its time that
we security professions get aggressive an proactive with our
methods.  That will be the only way to fight malware in the future.

read more | digg story

1 2 3 4 5 6