|
Max Secure Spyware Detector
Enterprise can detect and remove
the following types of spyware
successfully:
Adware : Programs
that facilitate delivery for
advertising content to the user
and in some cases gather information
from the user's computer, including
information related to Internet
browser usage or other computer
habits. They can take up your
computers resources and are
largely responsible for the
countless popup ads you receive
on the web.
Annoyance
: Any trojan that does
not cause damage other than
to annoy a user, such as by
turning the text on the screen
upside down, or making mouse
motions erratic.
ANSI
Bomb : Character sequences
that reprogram specific keys
on the keyboard. If ANSI.SYS
is loaded, some bombs will display
colorful messages, or have interesting
(but unwanted) graphical effects.
AOL
Pest:: Any password
stealer, exploit, DoS attack,
or ICQ hack aimed at users of
AOL. ICQ is an instant messenger
service from mirabilis.com,
now AOL. ICQ is a favorite service
among hackers, and ICQ features
are built into many trojans
(such as stealing user's passwords,
UINs, or notifying the hacker).
Users of ICQ are warned ""By
using the ICQ service and software...
you may be subject to various
risks, including... Spoofing,
eavesdropping, sniffing, spamming,
breaking passwords, harassment,
fraud, forgery, 'imposturing',
electronic trespassing, tampering,
hacking, nuking, system contamination
including without limitation
use of viruses, worms and Trojan
horses causing unauthorized,
damaging or harmful access and/or
retrieval of information and
data on your computer and other
forms of activity that may even
be considered unlawful."
AV Killer
: Any hacker tool intended
to disable a user's anti-virus
software to help elude detection.
Some will also disable personal
firewalls.
Backdoor
: A Backdoor is a software
program that gives an attacker
unauthorized access to a machine
and the means for remotely controlling
the machine without the user's
knowledge. A Backdoor compromises
system integrity by making changes
to the system that allow it
to by used by the attacker for
malicious purposes unknown to
the user.
Binder
: A tool that combines
two or more files into a single
file, usually for the purpose
of hiding one of them. A binder
compiles the list of files that
you select into one host file,
which you can rename. A host
file is a simple custom compiled
program that will decompress
and launch the source programs.
When you start the host, the
embedded files in it are automatically
decompressed and launched. When
a trojan is bound with Notepad,
for instance, the result will
appear to be Notepad, and appear
to run like Notepad, but the
Trojan will also be run.
Browser
Helper Object (BHO):
BHO is an application that extends
Internet Explorer and acts as
a plug-in. Spyware as well as
browser hijackers often use
BHOs to display ads or follow
your moves across the Internet.
This can cause anything from
incompatibility issues to corrupting
important system functions making
them not only a threat to your
security but to your systems
stability. BHO may not necessarily
need your permission to install
and they can be used for malicious
purposes like gathering info
on your surfing habits.
Commercial
RAT : Any commercial
product that is normally used
for remote administration, but
which might be exploited to
do this without user consent
or awareness.
Cracking
Misc : Any document
and/or tool that provides guidance
on how to remove copy protection.
Cracking
Tool : Any software
designed to modify other software
for the purpose of removing
usage restrictions. An example
is a 'patcher' or 'patch generator',
that will replace bytes at specified
locations in a file, rendering
it a licensed version. A music
file ripper is a program that
enables the user to digitally
copy songs from a CD into many
different formats such as MP3,
WAV, or AIFC.
DDoS
: A Distributed Denial
of Service (DDoS) attack is
one that pits many machines
against a single victim. An
example is the attacks of February
2000 against some of the biggest
websites. Even though these
websites have a theoretical
bandwidth of a gigabit/second,
distributing many agents throughout
the Internet flooding them with
traffic can bring them down.
The Internet is defenseless
against these attacks. The best
defense is for users everywhere
to run PestPatrol, and remove
DDoS clients when they are found,
so that their machines are not
used as attack tools. Another
approach is for ISPs to do ""egress
filtering"": prevent
packets from going outbound
that do not originate from IP
addresses assigned to the ISP.
This cuts down on the problem
of spoofed IP addresses.
Dialer : A
Dialer is a program that uses
the computer's modem to dial
telephone numbers, often without
the user's knowledge and consent.
A Dialer can connect to a toll
number that adds long distance
charges to the telephone bill
without the user's knowledge
or permission. Dialers may be
downloaded through exploits
and installed without notice
and consent.
DoS
: An exploit whose
purpose is to deny somebody
the use of the service: namely
to crash or hang a program or
the entire system. Examples
of DoS attacks include flooding
the victim with more traffic
than can be handled; flooding
a service (like IRC) with more
events than it can handle bomb;
crashing a TCP/IP stack by sending
corrupt packets; crashing a
service by interacting with
it in an unexpected way; or
hanging a system by causing
it to go into an infinite loop.
For example, the Ping of Death
exploit crashed machines by
sending illegally fragmented
packets at a victim. A common
word for DoS is ""nuke"",
which was first popularized
by the WinNuke program.
Downloader :
Downloader is a program typically
installed through an exploit
or some other deceptive means
and that facilitates the download
and installation of other malware
and unwanted software onto a
victim's PC. Downloader may
download adware, spyware or
other malware from multiple
servers or sources on the internet.
Dropper
: Spyware dropper when
run will install spyware. In
other words dropper is a carriage
for malicious or spying software.
Finding it on your computer
means that your computer is
infected with Dropper and crucial
data could be endangered or
even lost.
Encryption
Tool : Any software
that can be used to scramble
documents, software, or systems
so that only those possessing
a valid key are able to unscramble
it. Encryption tools are used
to secure information; sometimes
unauthorized use of encryption
tools in an organization is
a cause for concern.
Error
Hijacker : Any software
that resets your browser's settings
to display a new error page
when a requested URL is not
found. Hijacks may reroute your
info and address requests through
an unseen site, capturing that
info. In such hijacks, your
browser may behave normally,
but be slower.
Exploit
: A way of breaking
into a system. An exploit takes
advantage of a weakness in a
system in order to hack it.
Exploits are the root of the
hacker culture. Hackers gain
fame by discovering an exploit.
Others gain fame by writing
scripts for it. Legions of script-kiddies
apply the exploit to millions
of systems, whether it makes
sense or not. Since people make
the same mistakes over-and-over,
exploits for very different
systems start to look very much
like each other. Most exploits
can be classified under major
categories: buffer overflow,
directory climbing, defaults,
Denial of Service.
Fake
AntiSpyware : A Fake
AntiSpyware is software that
purports to scan and detect
malware or other problems on
the computer, but which attempts
to dupe or badger users into
purchasing the program by presenting
the user with intrusive, deceptive
warnings and/or false, misleading
scan results. It typically uses
aggressive, deceptive advertising
and may be installed without
adequate notice and consent,
often though exploits.
Firewall
Killer : Programs that
alters/bypasses security system
that uses rules to block or
allow connections and data transmission
between your computer and the
Internet.
Flooder
: A program that overloads
a connection by any mechanism,
such as fast pinging, causing
a DoS attack. An E-Mail Flooder
is a program used to send mass
e-mail to flood or disrupt a
PC or network.
FTP
Server : When installed
without user awareness, an FTP
server allows an attacker to
download any file in the user's
machine, to upload new files
to that machine, and to replace
any existing file with an uploaded
file.
Hacker
Tool : Tools that can
be used by a hacker or unauthorized
user to attack, gain unwelcome
access to or perform identification
or fingerprinting of your computer.
Hacking
Tutorial : A Hacking
Tutorial explains how to break
into systems.
Hijacker
: Hijackers are software
programs that modify users'
default browser home page, search
settings, error page settings,
or desktop wallpaper without
adequate notice, disclosure,
or user consent. When the default
home page is hijacked, the browser
opens to the web page set by
the hijacker instead of the
user's designated home page.
In some cases, the hijacker
may block users from restoring
their desired home page.
Hoax
: Not a pest, not a
virus, not a worm, not a trojan.
A hoax is a worrisome warning,
usually transmitted by e-mail.
Examples of hoaxes: 'If you
receive an e-mail that has a
subject line of X, then ...
This is a very bad thing, and
blah blah blah... Please pass
this on to everyone in your
address book." Before following
the instructions in the e-mail,
do a simple internet search
for the subject line, the file
name, etc. to see if others
regard this as a hoax. Hoaxes
are not detected by PestPatrol.
But some are included in our
Pest Encyclopedia for your information.
Homepage
Hijacker : Any software
that changes your browser's
home page to some other site.
Hijacks may reroute your info
and address requests through
an unseen site, capturing that
info. In such hijacks, your
browser may behave normally,
but be slower.
Hostile
ActiveX : An ActiveX
control is essentially a Windows
program that can be distributed
from a web page. These controls
can do literally anything a
Windows program can do. A Hostile
ActiveX program does something
that its user did not intend
for it to do, such as erasing
a hard drive, dropping a virus
or trojan into your machine,
or scanning your drive for tax
records or documents. As with
other Trojans, a Hostile ActiveX
control will normally appear
to have some other function
than what it actually has.
Hostile
Java : Browsers include
a ""virtual machine""
that encapsulates the Java program
and prevents it from accessing
your local machine. The theory
behind this is that a Java ""applet""
is really content -- like graphics
-- rather than full application
software. However, as of July,
2000, all known browsers have
had bugs in their Java virtual
machines that would allow hostile
applets to ""break
out"" of this ""sandbox""
and access other parts of the
system. Most security experts
browse with Java disabled on
their computers, or encapsulate
it with further sandboxes/virtual-machines.
Hostile Script :
A script is a text file with
a .VBS, .WSH, .JS, .HTA, .JSE,
.VBE extension that is executed
by Microsoft WScript or Microsoft
Scripting Host Application,
interpreting the instructions
in the script and acting on
them. A hostile script performs
unwanted actions.
HTTP Server :
When installed without user
awareness, an HTTP server allows
an attacker to use a web browser
to view and thus retrieve information
collected by other software
placed in the user's machine.
Installer
: A utility that copies
system software or an application
from floppy disks or a CD-ROM
to your hard disk. An Installer
may also decompress the new
files, remove obsolete files,
place extensions and control
panels in their proper folders,
and/or create new folders. Spyware
Installers installs spyware
which is bundled with the installer.
IRC War : Any
tool that uses Internet Relay
Chat for spoofing, eavesdropping,
sniffing, spamming, breaking
passwords, harassment, fraud,
forgery, 'imposturing', electronic
trespassing, tampering, hacking,
nuking, system contamination
including without limitation
use of viruses, worms and Trojan
horses causing unauthorized,
damaging or harmful access and/or
retrieval of information and
data on your computer and other
forms of activity that may even
be considered unlawful.
Joke
Programs : Programs
that alter or interrupt the
normal behavior of your computer,
creating a general distraction
or nuisance.
Key
Generator : Any tool
designed to break software copy
protection by extracting internally-stored
keys, which can then be entered
into the program to convince
it that the user is an authorized
purchaser.
Key Logger (Keystroke
Logger): A key logger
is a program that captures and
logs keystrokes on the computer
without the user's knowledge
and consent. The logged data
may be encrypted and is typically
sent to a remote attacker. The
key logger is usually hidden
from the user and may use cloaking
(rootkit) technology to hide
from other software in order
to evade detection by anti-malware
applications.
Loader
: Any
program designed to load another
program.
Mail
Bomber : Software that
will flood a victim's inbox
with hundreds or thousands of
pieces of mail. Such mail generally
does not correctly reveal its
source.
Mailer
: A program that creates
and sends email with forged
headers, so that the source
of the mail it sends cannot
be traced.
Malware
: Malware is a category
of malicious code that includes
viruses, worms, and Trojan horses.
Destructive malware will utilize
popular communication tools
to spread, including worms sent
through email and instant messages,
Trojan horses dropped from web
sites, and virus-infected files
downloaded from peer-to-peer
connections. Malware will also
seek to exploit existing vulnerabilities
on systems making their entry
quiet and easy.
Mass
Mailer : Infects target
computer, then distributes itself
from via mass emailing to other
computers using the target computer's
address book.
Misc Tool :
Any tool that might be used
in planning an attack on a system,
developing tools for such an
attack, or performing it.
Notifier :
Any tool designed for stealth
notification of an attacker
that a victim has installed
and run some pest. Such notification
might be done by FTP, SMS, SMTP,
or other method, and might contain
a variety of information. Often
used in combination with a Packer,
a Binder and a Downloader.
Nuker : A program
that disables a machine through
damage to the registry, key
files, the file system, etc.
P2P (Peer-to-peer):
A method of file sharing over
a network in which individual
computers are linked via the
Internet or a private network
to share programs/files, often
illegally. Users download files
directly from other users' computers,
rather than from a central server.
Many P2P programs bundle third-party
advertising programs, and are
currently the second largest
source of virus, Trojan and
data mining infections.
Packer : A
utility which compresses a file,
encrypting it in the process.
It adds a header that automatically
expands the file in memory,
when it is executed, and then
transfers control to that file.
Some packers can unpack without
starting the packed file. Packers
are ""useful""
for trojan authors as they make
their work undetectable by anti-virus
products.
Password Capture :
A variant of the Key Logger
that captures passwords as they
are entered or transmitted.
Some password capture trojans
impersonate the login prompt,
asking the user to provide their
password.
Password Cracker : A
tool to decrypt a password or
password file. PestPatrol uses
the term both for programs that
take an algorithmic approach
to cracking, as well as those
that use brute force with a
password cracking word list.
Password crackers have legitimate
uses by security administrators,
who want to find weak passwords
in order to change them and
improve system security.
Password
Cracking Word List :
A list of words that a brute
force password cracker can use
to muscle its way into a system.
Phreaking
Tool : Any
executable that assists in hacking
the phone system, such as by
using a sound card to imitate
various audible tones.
Port Scanner :
In hacker reconnaissance, a
port scan attempts to connect
to all 65536 ports on a machine
in order to see if anybody is
listening on those ports. Ports
scans are not illegal in many
places, in part because they
don't actually compromise the
system, in part because they
can easily be spoofed, so it
is hard to prove guilt, and
in part because virtually any
machine on the Internet can
be induced to scan another machine.
Many people think that port
scanning is an overt hostile
act and should be made illegal.
An attacker will often sweep
thousands (or millions) of machines
rather than a single machine
looking for any system that
might be vulnerable. Port scans
are always automated through
tools called Port Scanners.
Probe
Tool : A tool that
explores another system, looking
for vulnerabilities. While these
can be used by security managers,
wishing to shore up their security,
the tools are as likely used
by attackers to evaluate where
to start an attack. An example
is an NT Security Scanner.
Proxy
: Any firewall that
blocks and re-creates a connection
between two points. As a defensive
tool, a proxy in an organization
hides a user from the outside
world. As a pest, a proxy hides
an attacker from a user. As
a pest, a proxy is a tool that
can be used to anonymize a connection
between an attacker and your
machine, making the connection
more difficult to trace. The
attacker interacts with the
proxy; the proxy translates
the interaction and interacts
with your machine. As attack
tools, SMTP and FTP proxies
are often used in conjunction
with Firewall Killers, Downloaders,
RATs, and Trojans.
RAT : A Remote
Administration Tool, or RAT,
is a Trojan that when run, provides
an attacker with the capability
of remotely controlling a machine
via a ""client""
in the attacker's machine, and
a ""server""
in the victim's machine. Examples
include Back Orifice, NetBus,
SubSeven, and Hack'a'tack. What
happens when a server is installed
in a victim's machine depends
on the capabilities of the trojan,
the interests of the attacker,
and whether or not control of
the server is ever gained by
another attacker -- who might
have entirely different interests.
Infections by remote administration
Trojans on Windows machines
are becoming as frequent as
viruses. One common vector is
through File and Print Sharing,
when home users inadvertently
open up their system to the
rest of the world. If an attacker
has access to the hard-drive,
he/she can place the trojan
in the startup folder. This
will run the trojan the next
time the user logs in. Another
common vector is when the attacker
simply e-mails the trojan to
the user along with a social
engineering hack that convinces
the user to run it against their
better judgment.
Search
Hijacker: Any software
that resets your browser's settings
to point to other sites when
you perform a search. Hijacks
may reroute your info and address
requests through an unseen site,
capturing that info. In such
hijacks, your browser may behave
normally, but be slower. Search
results when such a hijacker
is running will sometimes differ
from non-hijacked results.
Sniffer
: A wiretap that eavesdrops
on computer networks. The attacker
must be between the sender and
the receiver in order to sniff
traffic. This is easy in corporations
using shared media. Sniffers
are frequently used as part
of automated programs to sift
information off the wire, such
as clear-text passwords, and
sometimes password hashes (to
be cracked).
SPAM
Tool : Any software
designed to extract email addresses
from web sites and other sources,
remove ""dangerous""
or ""illegal""
addresses, and/or efficiently
send unsolicited (and perhaps
untraceable) mail to these addresses.
Spoofer
: To spoof is to forge
your identity. Attackers use
spoofers to forge their IP address
(IP spoofing). The most common
use of spoofing today is smurf
and fraggle attacks. These attacks
use spoofed packets against
amplifiers in order to overload
the victim's connection. This
is done by sending a single
packet to a broadcast address
with the victim as the source
address. All the machines within
the broadcast domain then respond
back to the victim, overloading
the victim's Internet connection.
Since smurfing accounts for
more than half the traffic on
some backbones, ISPs are starting
to take spoofing seriously and
have started implementing measures
within their routers that verify
valid source addresses before
passing the packets.
Spyware:
Programs that have the ability
to scan systems or monitor activity
and relay information to another
computer or locations in cyber-space.
Surveillance
: Any software designed
to use a webcam, microphone,
screen capture, or other approaches
to monitor and capture information.
Some such software will transmit
this captured information to
a remote source.
Telnet
Server : Software that
allows a remote user of a Telnet
client to connect as a remote
terminal from anywhere on the
Internet and control a computer
in which the server software
is running.
Toolbar
: A Toolbar is a type
of browser plug-in that adds
a third-party utility bar to
the web browser, usually just
below or next to the browser's
address bar. A Toolbar typically
has a search function and provides
search results for paid advertisers.
Tracking
Cookies : Tracking
cookies allow multiple web sites
to store and access records
that may contain personal information
(including surfing habits, user
names and passwords, areas of
interest, etc.), and subsequently
share this information with
other web sites and marketing
firms.
Trackware
: Programs that track
system activity, gather system
information, or track user habits
and relay this information to
third-party organizations.
Trojan
: Any program with
a hidden intent. Trojans are
one of the leading causes of
breaking into machines. If you
pull down a program from a chat
room, new group, or even from
unsolicited e-mail, then the
program is likely trojaned with
some subversive purpose. The
word Trojan can be used as a
verb: To trojan a program is
to add subversive functionality
to an existing program. For
example, a trojaned login program
might be programmed to accept
a certain password for any user's
account that the hacker can
use to log back into the system
at any time. Rootkits often
contain a suite of such trojaned
programs.
Trojan
Creation Tool : A program
designed to create Trojans.
Some of these tools merely wrap
existing Trojans, to make them
harder to detect. Others add
a trojan to an existing product
(such as RegEdit.exe), making
it a Dropper.
Trojan
Horse : A Trojan Horse
portrays itself as something
other than what it is at the
point of execution. While it
may advertise its activity after
launching, this information
is not apparent to the user
beforehand. A Trojan Horse neither
replicates nor copies itself,
but causes damage or compromises
the security of the computer.
A Trojan Horse must be sent
by someone or carried by another
program and may arrive in the
form of a joke program or software
of some sort. The malicious
functionality of a Trojan Horse
may be anything undesirable
for a computer user, including
data destruction or compromising
a system by providing a means
for another computer to gain
access, thus bypassing normal
access controls.
Trojan
Source : Source code
is written by a programmer in
a high-level language and readable
by people but not computers.
Source code must be converted
to object code or machine language
before a computer can read or
execute the program. Trojan
Source can be compiled to create
working trojans, or modified
and compiled by programmers
to make new working trojans.
Usage
Track : Usage tracks
permit any user (or their software
agent) with access to your computer
to see what you've been doing.
Such tracks benefit you if you
have left the tracks, but might
benefit another user as well.
Virus
Creation Tool : A program
designed to generate viruses.
Even early virus creation tools
were able to generate hundreds
or thousands of different, functioning
viruses, which were initially
undetectable by current scanners.
Virus Source :
Source code is written by a
programmer in a high-level language
and readable by people but not
computers. Source code must
be converted to object code
or machine language before a
computer can read or execute
the program. Virus Source can
be compiled to create working
viruses, or modified and compiled
by programmers to make new working
viruses.
Virus
Tutorial : We don't
think there is much need for
viruses in today's offices,
so we don't think there is much
need to learn how to create
them. Virus Tutorials explain
'how to'.
War Dialer :
(demon-dialing, carrier-scanning)
War-dialing was popularized
in the 1983 movie War Games.
It is the process of dialing
all the numbers in a range in
order to find any machine that
answers. Many corporations have
desktop computers with attached
modems; attackers can dial in
order to break into the desktop,
and thereafter the corporation.
Similarly, many companies have
servers with attached modems
that aren't considered as part
of the general security scheme.
Since most security emphasis
these days is on Internet-related
attacks, war-dialing represents
the ""soft underbelly""
of the security infrastructure
that can be exploited.
Worm
: A Worm is a malicious
program that spreads itself
without any user intervention.
Worms are self-replicate. Worms
spread without attaching to
or infecting other programs
and files. A Worm can spread
across computer networks via
security holes on vulnerable
machines connected to the network.
Worms can also spread through
email by sending copies of itself
to everyone in the user's address
book A Worm may consume a large
amount of system resources and
cause the machine to become
noticeably sluggish and unreliable.
Worm
Creation Tool : A program
designed to generate worms.
Worm creation tools can often
generate hundreds or thousands
of different, functioning worms,
most of which are initially
undetectable by current scanners.
|
