Call (405) 753-5301 or contact

Preventing Internet and Spyware Attacks 2

Wednesday, March 29, 2006, 2:54 AM [General]

Preventing Internet and Spyware Attacks
February 16, 2005 - by Ric Dörner



Revised 16 OKtober, 2006

SecuriTeam Page (Click Here!)

So are you sick of me sending you emails about things? Want to know more about security and the internet and your computer? Then link to this site. There are many good people here who have the knowledge, the know how to assist you, and there are many links and great posts here to help you with things that may concern you.
Calendar of Updates
And look at these Nick Skrepetos | SUPERAntiSpyware



Other Things You Can Do...

Protecting your system against spyware and adware involves more than just installing one of the anti-spyware programs listed above. What follows below is a set of recommended additional steps for protecting for your PC. If your PC is already infested with spyware or adware, see these instructions for getting help. Also, since there are MANY trojans this program is freeware for all windows and seeks spyware also.
Trojan Finder - (A-Squared)A2

If your downloading this for the first time be sure to register!! Either register thru the site Emsisoft itself or once you launch the program you'll see a blue link saying log in or register here. Click on this and it will take you to Emsisoft's domain. check the address bar to be absolutely sure ;)

Lock down your browser

One of the most prevalent means for spyware and adware to be installed is through Internet Explorer. To prevent spyware and adware from installing without your knowledge and permission, you need to "lock down" Internet Explorer. There are several ways to do this. Securely configure the Internet zone. First, you can securely configure the Internet zone of Internet Explorer and add sites that you trust to the Trusted sites zone. This means that by default web sites will not be able to use "active content" (i.e., ActiveX controls, Java applets, and scripting) until you explicitly choose to trust those web sites. See this page for instructions on how to securely configure Internet Explorer:Internet Explorer Privacy & Security Settings You could also use this free program, which will automatically configure Internet Explorer for you: Enough is Enough! One potential downside to securely configuring the Internet zone is that some web sites will not work properly until you add them to the Trusted sites zone -- a process that some users find cumbersome. Add bad sites to the Restricted sites zone. Second,
you can use another approach to "locking down" Internet Explorer which avoids the hassle of broken web sites by adding known ;nasty; sites to the Restricted sites zone. Doing so gives your PC protection against known threats while still allowing most web sites to work by default. To put the clamp down on a long list of undesirable web sites, you can install and use this free program:IE-SPYAD If you choose to use the Restricted sites approach of IE-SPYAD, be sure to update your copy of IE-SPYAD regularly, as new web sites are constantly being added to the list.

Use an alternative browser

Internet Explorer is not only the most popular browser on the Net, it is also the browser most widely and easily exploited by spyware pushers to install spyware and adware behind users' backs. Thus, you might decide that Internet Explorer is simply not worth the hassle or risk. In that case, you can install and run an alternative, non-IE browser such as Netscape , Mozilla , Firefox . Opera .

All of these browsers are mature, robust, and fast. Moreover, they have built-in pop-up blocking and several other nice features that Internet Explorer simply lacks. More importantly, these browsers are much less susceptible to unwanted adware and spyware installations. And all three are free. Note: even if you do switch to an alternative browser, you should still lock down Internet Explorer, as described above. Given that Internet Explorer has effectively been integrated into Windows, it can still be exploited by adware and spyware that gets installed to your system through other means. Thus, locking down Internet Explorer remains important even if you're not regularly using Internet Explorer to browse the internet.

When writing e-Mails

Using the BCC (Blind Carbon Copy) feature of one's email client to send messages to more than one recipient is also recommended, as it helps protect against the spread of viruses as well as protect the privacy of recipients' addresses. More info on this and on how to BCC here:

For many people, it is wise to use BCC in your email client rather than using the to field for all to see everyone you mailed it to. Care to learn a bit more here is a great page from CERT. Although in many situations it may be appropriate to list email recipients in the To: or CC: fields, sometimes using the BCC: field may be the most desirable option.

What is BCC?

BCC, which stands for blind carbon copy, allows you to hide recipients in email messages. Unlike addresses in the To: field or the CC: (carbon copy) field, addresses in the BCC: field cannot be seen by other users.

Read Licenses & Privacy Policies

Anti-spyware applications alone can't protect you entirely from unwanted spyware and adware. You have to do your part as well by being vigilant in your online behaviour. One of the more common sources for spyware and adware is freeware (e.g., Grokster or KaZaA) that bundles unwanted third-party applications. Another common source involves third-party web sites that automatically start the installation of spyware and adware when you visit those sites. These auto-installed spyware and adware programs may initially appear to be plug-ins necessary for the web site itself, though usually they are not. Wherever you happen to encounter spyware and adware, you will usually be presented with a EULA (End User License Agreement) and/or Privacy Policy. Do not blindly click through these documents. Read them carefully and look for the tell-tale language that discloses the presence of adware or spyware. For tips on what to look for, see these pages - EULAs & Privacy Policies, Practice Safe Hex! , EULAlyzer™ 1.1 from javacoolsoftware

The Problem with Privacy Policies

Ben Edelman - Grokster and Claria Take Licenses to New Lows

Ben Edelman - Gator's EULA Gone Bad

Most if not all of the adware-supported or advertising-supported applications on the Net have adware-free equivalents. There's simply no need to use advertising-supported applications.

If Your PC is Already Infested w/ Spyware & Adware...

If your PC is already infested with spyware and adware, resist the temptation to succumb to impulse buys of anti-spyware products that you see on the Net, esp. those included in the rogue/suspect list . Instead, you can get help online from a corps of savvy volunteers who specialize in busting spyware.

To get help with a spyware infestation:



Clean your PC as best you can

You should also scan and clean your computer with whatever anti-virus program you happen to have installed on your computer. If you don't have an anti-virus program, you can scan your computer with one of these online anti-virus scanners:

BitDefender Scan Online , Panda ActiveScan , Command on Demand , eTrust AntiVirus Web Scanner , TrendMicro HouseCall , McAfeeFree Scan , Microsoft Malicious Software Removal Tool

...or download and run one of these free standalone virus removal tools:

avast!Virus Cleaner , Microsoft Malicious Software Removal Tool , Panda PQRemove , McAfee AVERT Stinger , Sophos SAV32CLI

Visit a spyware removal forum

Other Anti-Spyware Tools I request that you post a HijackThis! log. HijackThis! (HJT) is a free program that will scan key system settings on your PC and generate a plain text log that you can copy and paste into a post. Once you've cleaned your PC as best you can, visit one of the following spyware removal forums:Only after running HJT program:You can DL HijackThis from HERE. Save the zip file to your desktop. Then create a new folder on your C drive, called either 'HJT or 'HijackThis' and extract the files to that folder. Right click on the "" to extract the files. If your running Win 98 or before google winzip. The reason for installing it into its own folder is that when you have it 'Fix' anything that a trained HJT analyst has asked you to 'Fix', HJT makes backups and puts them into that folder which we can access easily, should we need to do so for recovery. Do not, in any instance use HJT to fix anything yourself. One wrong item removed, and you can paralyse your box. Let us do it in the forums. Now your ready to post your log into

The volunteers at the above forums will examine that HJT log and recommend a course of action to fix your PC.

Each forum has its own set of instructions and procedures for requesting help and posting a HJT log, so abide by the requirements of the forum you're visiting. Also, do not attempt to use HJT on your own to fix problems. Let one of the expert volunteers examine your HJT log and advise you on what to fix.

  • Start a new discussion topic/thread.
  • Give your discussion topic/thread a distinctive title.
  • Describe the symptoms and problems you're experiencing.
  • Describe what you've already done to solve the problem.
  • Copy and paste your HJT log into your post.
  • Be patient while waiting for a response.

  • Note that some of the forums listed above may require you to register for free before posting.

    Once a volunteer does give you advice for cleaning your PC, follow those instructions precisely and report back what the results are. Also, you may be asked to download and run other specialized anti-spyware tools to remove the particular spyware that's on your computer.

    The volunteer spyware busters who work these anti-spyware forums do this kind of thing all day long, so you'll be in good hands. At times they can be a bit overwhelmed, so please be patient while waiting for help.


    In order to help you clean your system, the volunteers at these anti-spyware forums need a good sense for what's going on with your computer. When you're ready to post and request help...

    SpywareInfo , Spybot S&D , Aumha , SpywareBeware Bleeping Computer , Spyware Warrior , CastleCops , TomCoyote

    Download and run one (or all) of these free anti-spyware scanners and remove whatever spyware and adware it finds.

    Ad-aware Personal Edition

    Spybot Search & Destroy

    SpyCatcher Express

  • Upload Infected Files for Research Analysis

  • CastleCops has opened its [UnknownFiles Forum] to all guests. Upload any unknown, questionable, or infected files to this forum for staff review and vendor distribution.

  • *Stop Spam*

  • Spam - What exactly is it? In order to combat spam effectively it is necessary to define exactly what spam is. Most people believe that spam is unsolicited email. However, this definition is not entirely correct and confuses some types of legitimate business correspondence with true spam. Spam is anonymous, unsolicited bulk email. This is the description that is being used today in the USA and Europe as a basis for the creation of anti-spam legislation. Let's take a closer look at each component of the definition:

    Anonymous: real spam is sent with spoofed or harvested sender addresses to conceal the actual sender.

    Mass mailing: real spam is sent in mass quantities. Spammers make money from the small percentage of recipients that actually respond, so for spam to be cost-effective, the initial mails have to be high-volume.

    Unsolicited: mailing lists, newsletters and other advertising materials that end users have opted to receive may resemble spam but are actually legitimate mail. In other words, the same piece of mail can be classed as both spam and legitimate mail depending on whether or not the user elected to receive it.

    It should be highlighted that the words 'advertising' and 'commercial' are not used to define spam.

    Many spam messages are neither advertising nor any type of commercial proposition. In addition to offering goods and services, spam mailings can fall into the following categories:

    Political messages, Quasi-charity appeals, Financial scams, Chain letters

    Fake spam being used to spread malware Unsolicited but legitimate messages A legitimate commercial proposition, a charity appeal, an invitation addressed personally to an existing recipient or a newsletter can certainly be defined as unsolicited mail, but not as spam.

    Legitimate messages may also include delivery failure messages, misdirected messages, messages from system administrators or even messages from old friends who have previously not corresponded with the recipient by email. Unsolicited - yes. Unwanted - not necessarily.

    How to deal with spam

    Because unsolicited correspondence may be of interest to the recipient, a quality antispam solution should be able to distinguish between true spam (unsolicited, bulk mailing) and unsolicited correspondence. This kind of mail should be flagged as 'possible spam' so it can be reviewed or deleted at the recipient's convenience. Companies should have a spam policy, with system administrators assessing the needs of different departments. Access to different unsolicited mail folders should be given to different user groups based on this assessment. For instance, the travel manager may well want to read travel ads, whereas the HR department may wish to see all invitations to seminars and training sessions.

    *Marks favs*

    AntiSpam Tools

    - *K9*

    - *POPFile*

    - SpamCop

    Mail Tools

    - *MailWasher Pro*


    Some fun while on this subject: All relations to the luncheon meat product are purely accidental, even if it was inspired on a 1975 sketch from Monty Python. Most of us think spam started back in 1994 when two lawyers advertized their green card scam in each and every usenet newsgroup. Some digging around revealed much earlier attempts in 1978 on the precursor to the modern Internet. It just goes to show you're never around for too long to learn something new.

  • *ROOTKIT Removal Sony + *

  • Like some of you I have played some music Disks on my computer, I have no idea if I played a Sony disk but here is a remedy to fix the problem ;) A particularly destructive form of "stealth" malware called rootkits... Using SpywareBlaster to protect against Sony's rootkit How to use SpywareBlaster Tools Custom Blocking button to install protection against Sony's rootkit:

    Launch SpywareBlaster v 3.4 (install new release if necessary from:

    Click on Tools in left-hand panel Click on Custom Blocking button Click on Add item Name the new item: SONY Click Ok Use copy/paste to Insert CLSID:


    Check the SONY Item box Click Protect Against Checked Items button Exit SpywareBlaster (its protection is passive) Reference: StevieO post #4 in Thread

    Re: Sony Rootkit and blocking F-4I's ActiveX control CodeSupport CLSID at:

    Another from F-Secure here:

    and from SysInternals here:

    Also, see below of Microsoft's Malicious Software Removal Tool.
    Microsoft will release an updated version of this tool on the second Tuesday of each month. New versions will be made available through this web page, Windows Update, and the Malicious Software Removal Tool Web site on

  • IM= Instant Messenger programs.
  • ALSO equals huge security hazard! please get the fixes and update frequently. Messenger service is only going to get through on insecure computers, but that is the kind of computer we are generally concerned with. It doesn't install programs and it doesn't change system settings. It works using existing software on their system for its originally intended purpose (and of course doesn't work if that software is blocked or (disabled). This bypasses those abuse desks that ignore escalation emails, so it is a second path that is not going to fail for the same reason as the escalation emails. And in the case of a massive outbreak, where abuse desks are overloaded, it allows operators of infected machines to seek help immediately, rather than a couple of days later. While people sitting at home surfing the web without pop-up stoppers might be used to disregarding pop-ups, at work for many (most) of us they are a rarity, so in these situations they will stand out. A lot depends on what goes at the top of the message: does it begin with a long technical explanation, or "this is a friendly warning that you seem to have the XXX virus".

    The Windows Messenger Service vulnerability can be exploited by a single UDP broadcast, allowing a wholesale c compromise of all vulnerable systems on the targeted network. [Techweb]

    To permanently Turn off the Messenger Service: For Windows 2000 and XP only. Click Start, and then click Control Panel (or point to Settings, and then click Control Panel). Double-click Administrative Tools. Double-click Services. Double-click Messenger. In the Startup type list, click Disabled.

    Click Stop, and then click OK. To turn it off permanently right click on properties then change startup type from Automatic to Manual or Disabled.

  • How is this possible?

  • Many worms today use your address book to replicate themselves on other systems. If you are infected we will receive notice and respond back to your email including the name of the worm, and how to clean it. In addition, you can send any file you wish to have scanned to this address, and we will notify you of our results.

    This is a free service brought to you by Computer Cops.

  • New to Web Security?

    Then you should visit this site...

  • Answers that work.....
  • A useful site.

    Especially the task list library for looking up some background programs that you might be wondering about. Eg: I found netdde.exe running and I knew I never downloaded anything so I typed it into a search box query and this site gave info on it. It turns out that my "Hearts" game automatically runs it (it was installed on my system with my Windows (games) install) and it is used for multiplayer chat within the game. It can be disabled or deleted from the start up manager.

  • Greetings and Welcome to the CoU-niversity!

  • This first class is our Freshman Course. This course will help you clean up your computer. This course is designed for the novice computer user. There is one thing I must mention here is run the three Online scans above to be sure your system is cleaned of most baddies prior to taking this course.

    *ALSO NOTE* Although they say click run, I would no longer suggest this I would save it in a "!DOWNLOADS!" folder feel free to copy the name and create a folder. Please be sure this folder does not goto your desktop. Easiest is to take your check mark out of the box when download completes. Then you can simply open the folder "!DOWNLOADS!" and it will highlight the program and you then can scan it with your Antivirus program & A-squared program which finds those nasty worms and trojans that are on the internet today. Try this course you'll be flabbergasted...LOL click here)


    "It takes one fish to go downstream, but five to swim against the current."

  • Periodic reminder of best practices for cleaning up after infection.

  • The short answer, is that once you've been infected by malware that installs a backdoor or connects to a botnet, simply cleaning up the initial infection (and the hole through which the infection occurred) isn't sufficient because you can't be sure what secondary infections you may also have. Although most people don't want to hear it, at this point your best bet is to nuke the machine and reinstall (and patch) from scratch.

    Here are some of the stories on the subject from the past.

    by Pat Nolan and

    by Jim Clausing.

    Remember the two benefits of failure. First, if you do fail, you learn what doesn't work; and second, the failure gives you the opportunity to try a new approach. - Roger von Oech


    Trojans are often not caught by virus scanning engines, because these are focused on viruses, not Trojans. Catching such threats would require the use of a Trojan scanner (a.k.a Trojan cleaner, Trojan remover, anti-Trojan, a-Squared). see,

    Ok now If you require help we could do this.........
    Get your PC a solid support package or, even better; make sure to have a friend or relative close at hand who knows their way around a computer and I will be there when help is needed. Instructions on how to XP's " Remote Desktop", which will allow you to connect to another PC and control it. We can turn it on when you need me to assist you and off when there is no need to connect. Call me for details on names and codes.
    Thanks Ric:^D.

    Back to the Meeting Page *OR* see PAGES 1st , 2nd , 3rd , The beginning

    Truth is the way things are.

    0 (0 Ratings) | Join | Legal | Be Safe | Help | Report User | Report Content