In the last issue I spoke of the clever tricks being used by the
latest generation of browser hijackers and other scumware
products.
Tricks to infect your computer just by visiting a web site and
equally cunning techniques to prevent you removing the products
once your PC has been infected.
Well, the programmers behind these thieving products have just
lifted their game and it's bad news for all.
The Spybot home page is currently carrying this warning:
"CoolWWWSearch.SmartKiller (v1 and v2) is a new, real ugly
variant of CoolWWWSearch. When running, it will close every
browser window you use to visit a large list of anti-spyware-
sites, and even will close Spybot-S&D and some other anti-
spyware applications as well."
So we are now in a new game. A game of cat and mouse between the
scumware merchants and the anti-scumware vendors like SpyBot.
A game where the scumware programmers will keep coming up with
new tricks to pull down and destroy products like SpyBot. A game
where the anti-spyware vendors will have to be continually
updating their products to protect them from being trashed by
the very scumware products they are designed to detect.
But there's even worse news: you can now get infected with
scumware just by running some anti-scumware software products.
No, not products like SpyBot and Ad-aware. They are the good
guys. The baddies are the dozens of pseudo spyware/adware
removers that are being sold or offered as "free downloads" that
actually contain scumware products or behave in a similar manner
to scumware.
Here's a list of these rogue products I got from
http://www.netrn.net/spywareblog/ Some are borderline
offenders, others quite flagrant: Spy Wiper, AdWare Remover
Gold, BPS Spyware Remover, Online PC-Fix, SpyFerret, SpyBan,
SpyBlast, SpyGone, SpyHunter, SpyKiller, SpyKiller Pro,
SpywareNuker, TZ Spyware-Adware Remover, xp-AntiSpy, SpyAssault,
InternetAntiSpy, Virtual Bouncer, AdProtector, SpyFerret,
SpyGone, and SpyAssault.
Now that's nasty; getting infected by the very products you've
installed to protect yourself. Kind of like getting pregnant
BECAUSE you used a contraceptive. ;>)
So what to do?
Without doubt, the most important thing you can do is to take
all action necessary to ensure you don't get infected in the
first place. Once infected, it's going to be increasingly
difficult in the future to remove the scumware from your PC.
So passive measures like disk scans with SpyBot are now second
priority. Much more important is active prevention.
As a start you should minimize your chance of infection by
fixing Windows vulnerabilities exploited by the scumware
merchants. Stay current with all the Windows patches by visiting
the Windows Update often. Better still, turn on automatic
update notification. And don't forget to update MS Office and
other software products on your PC. They can be exploited as
well.
Another preventative step is to ensure your browser settings are
safely configured. In Internet Explorer, select Tools/Internet
Options/Security and make sure the slider control is set to at
least "Medium." Then select "Custom” and set "Download signed
ActiveX controls" to Prompt, "Download unsigned ActiveX
controls" to Prompt or Disable and "Initialize and script
ActiveX controls marked as unsafe" to Disable. Hit OK and exit.
Next you check your browser's current vulnerability to known
exploits by running the security tests at these sites (Internet
Explorer and IE based browsers only):
http://browsercheck.qualys.com/ http://www.jasons-toolbox.com/BrowserSecurity/
Prevention also means using the active anti-infection measures
offered in some anti-spyware products. Spybot has its
"inoculation" option. The paid version of Ad-aware has something
similar.
One of the very best anti-infection programs is a freeware
product called SpywareBlaster. It's not a scanner like SpyBot
but rather a stand-alone inoculation routine. It provides
protection against more than 1500 products that use ActiveX
based exploits. That's about three times as many products as
SpyBot's "inoculate."
A companion program to SpywareBlaster is SpywareGuard. Again,
this is not a file scanner like SpyBot. It is a protective
program that works like an anti-virus suite by checking programs
before they are executed.
Both SpywareBlaster and SpywareGuard are quality freeware, are
regularly updated and have active support forums. They should
be on every PC. If you haven't got them, I strongly recommend
you download and install them at the first opportunity. Get
them here:
http://www.javacoolsoftware.com/spywareblaster.html
The next preventative step is to keep all your defenses current.
In this cat and mouse game you are already at a disadvantage
because the bad guys have the initiative. Spybot, Ad-aware,
SpywareBlaster and SpywareGuard all have features that make
updating easy. Make sure you use them.
Finally, only use reputable anti-spyware software products like
the ones mentioned in the preceding paragraph. Do some research
before installing any new product. Just how embarrassing would
it be to get infected by a product you installed to protect
yourself!
Gizmo
[email protected]
Reply With Quote
