Parasites, Viruses and Other Security Issues


PARASITES

* The Parasite Fight!
* Antiparasite Quick Fix Protocol
* Online Parasite Scanner
* Hijack This Logs Tutorial

ANTI-PARASITE SOFTWARE

* Ad-Aware
* HijackThis (ver. 2.0.2)
* ToolbarCop
* IE-SpyAd

OTHER SECURITY PAGES

* Recovering Deleted Files
* Deleting Stubborn Files
* The Problem With Pop-Up Stoppers

SECURITY DISCUSSION FORUMS

* AumHa Security Forums
* Security — General Discussion
* Microsoft Security Bulletins
* Parasites — Adware, Spyware & Other Scumware
* HijackThis Logs
* Virus & Antivirus

SANS INTERNET STORM CENTER
Internet Storm CenterSANS Institute’s Internet Storm Center maps changes in Trojan and other virus traffic worldwide. Tracking such changes provides a possible way of anticipating major connectivity disruptions of the Internet infrastructure.

VIRUS INFORMATION TOOLS compliments of
TrendMicro & Symantec
READ THIS FINE PRINT: I am providing these monitors and links as a courtesy and service to site visitors. I have no relationship with TrendMicro or Symantec. Any information that y3ou provide them after clicking one of the links below is subject to that site’s privacy policies, not my own. In other words: This looks good to me, but use your own judgment in accessing or acting on this information, over which I have no control.

SECURITY LINKS
General Information
A sound basis for personal computer security rests on the following five points:

1. User education. The best security measures begin on the space-bar side of your keyboard. Equip yourself with basic security information. (Start with the links on this present page.)
2. Security patches & other critical Windows and MS Office updates. Be sure you are up-to-date on security patches. Microsoft rolls out new patches (when warranted) on the second Tuesday of every month. On current versions of Windows, you can set your computer to automatically notify you of any new Windows updates; otherwise, check manually on the second Wednesday of every month. Install all CRITICAL UPDATES immediately — the risk of a rare bad update is much less than the security risk of not installing.
3. Antivirus protection. A top-grade anti-virus program, with frequently updated virus definition files, running in real time should be basic to every computer in use today.
4. Firewall protection. Every PC with Internet access should have either a hardware firewall in place or a personal firewall installed and running. It should be bidirectional, tracking both outbound and inbound traffic.
5. Parasite protection, which is discussed in detail on my page The Parasite Fight!.

Microsoft never distributes software directly through email! If you receive an e-mail that claims to contain software from Microsoft, do not open the attachment. The safest course of action is to delete the mail altogether. If you would like to take additional action, report the e-mail to the sender’s Internet Service Provider. Most ISPs provide an “abuse” userid for this purpose. For the most up to date information, please visit: Microsoft Policies on Software Distribution

* Microsoft Security Essentials Start here — for a fast online assessment of how secure your computer is, plus recommendations on how to make it more secure.
* Microsoft Malware Protection Center Current top malware threats of many types, information on the most recent Windows Defender definitions, access to Malicious Software Removal Tool, and more.
* Protect your PC! Practice “Safe Hex”! Sound information on prudent self-protection while online; from www.claymania.com, a collection of safe-computing tips arising from the continuing cooperative efforts of alt.comp.virus newsgroup participants.
* Defending Your Machine by the late Jim Byrd, MS-MVP. Excellent information on steps to take and things to read to make your computer safe. It’s a blog, so expect content to grow and evolve.
* Home Computer Security An amazing collection of useful information by CERT. Just look at the table of contents!
* Gibson Research Corp. Steve Gibson is a professional security consultant, so he’d like your business, too. But he’s also a security activist, with several articles & free utilities, some of considerable interest.
* Secure Password Generator From WinGuides. One important part of personal security is a password nobody can guess. This site will generate them for you.
* HackFix.org A great source of information on “Trojan horse” viruses. In particular, see their SubSeven Trojan FAQ. Educate yourself!
* Answers to frequently asked Kerberos questions {KB 266080} Win 2000
* Phatbot Trojan Analysis Includes extensive command and feature lists.
* Internet Explorer — Quick & Easy Method to improve security by MS-MVP Harry Waldron. Simple steps that make IE more secure, plus links to additional resources.
* Help: I Got Hacked. Now What Do I Do? by Jesper M. Johansson, Microsoft Security Program Manager. Discusses how truly vulnerable your machine still may be even after recovering from a malware assault. Serious stuff to think about.
* Wilders Security Forums A leading security-related forum answering questions on just about every area of the subject. A major resource and community for security-minded professionals and other computer users.
* Why You Shouldn’t Be Using Passwords of Any Kind on Your Windows Networks by Robert Hensing of Microsoft’s PSS Security Incident Response team. A fascinating and worthwhile read. I’ll spoil the punchline just a little: Passwords aren’t good enough anymore, and there is something probably uncrackable that is even easier for you to do instead.

Free Online Virus Scanners

* Full System Scanners
o Kaspersky Online Scanner
o TrendMicro HouseCall
o Panda ActiveScan
o Symantec Security Check
o WindowSecurity.com TrojanScan

* Java-based – no ActiveX – works with multiple OSs & browsers
o TrendMicro HouseCall Europe

* Submit Individual Files for Scanning
o VirusTotal.com Test your file against dozens of different antivirus engines
o Kaspersky On-line Virus Checker
o DialOgueScience

Notification Services

* Calendar of Updates An ingenious idea by MS-MVP Donna Buenaventura — an online calendar of scheduled updates and other releases for a vast range of security-related products. It is also a source for some of the more important breaking security-related news. (Apparently there is also an opt-in change-notification service, but I haven’t found it yet.)
* Microsoft Security Notification Service Subscribe to receive free email notices from Microsoft concerning security issues in Windows and other Microsoft products. Also, register to receive the free Microsoft Security Newsletter.
* TrendMicro Email Alerts Become aware of virus outbreaks as they happen, from one of the sharpest AV labs around.
* US-CERT – National Cyber Alert System CERT, partnered with the U.S. Department of Homeland Security’s National Cyber Security Division, provides this site cyber security alerts including an opt-in email notification service.

Firewalls

* Learn About Firewalls Microsoft’s introductory explanatory page on the subject.
* Home PC Firewall Guide by Henry Stephen Markus
* HackerWatch.org Test your firewall’s effectiveness in securing your ports. Tests FTP, Telnet, SMTP, Finger, HTTP, POP3, NetBIOS, IMAP & HTTPS ports.
* Symantec Internet Security Center Hey, of course they want to sell you something. That’s why they will be really thorough! Much to read. Then run the “Symantec Security Check.”

Leading Vulnerabilities

* SANS Top 20 The 20 Most Critical Internet Security Vulnerabilities by SANS (SysAdmin, Audit, Network, Security) Institute. Consists of the Top 10 Windows platform vulnerabilities, and the Top 10 UNIX/Linux platform security vulnerabilities.
* Mac OS X Security Flaws Leave it Open to Attack For the security findings of @stake Research on which this report is based, see their 2003 Advisories.

RootKits

RootKits, as MS-MVP Harry Waldron puts it, are a type of “Super Spyware” just emerging. They affect both Windows and Linux operating systems, hide themselves, impact the OS kernel directly, and usually carry a more serious secondary payload. I will use this section to gather information and industry thoughts about this emerging threat.

* Introduction to RootKits by MS-MVP Harry Waldron. Basics on this emerging threat.
* Microsoft on RootKits: Be afraid, be very afraid Computerworld report by Paul Roberts (2/17/05).
* You receive a Stop 0x00000050 error on a Blue Screen {KB 894278} Win 2000, Win XP, Server 2003 (with concurrent 1003/System entry in Event Viewer: possible Rootkit spyware infestation)
* Strider GhostBuster: Why It’s A Bad Idea For Stealth Software To Hide Files by Yi-Min Wang, Binh Vo, Roussi Roussev, Chad Verbowski, and Aaron Johnson. Microsoft Technical Report discussing the most promising technique at present for defeating the RootKits threat.
* Rootkits “Serious” Security Problem InformationWeek article by Gregg Keiser (4/14/05).
* HackDefender Disabler MS-MVP Mike Burgess inspired this little batch file. It executes a simple method that temporarily breaks the back of the HackDefender virus, a common Rootkit that hides many parasite components from HijackThis and other tools, and even can disable the antivirus and antiparasite tools themselves. Execute this batch file — you won’t see much — but compare HijackThis logs before and after!
* RootkitRevealer by SysInternals. Read more about RootKits and this tool here. This is the first serious tool for identifying and removing RootKits.

Professional Resources

* IT Pro Security Zone Microsoft’s new security specialist site! Much like the Windows XP eXPert Zone site, but for security. Rotating articles by various specialists — worth visiting and revisiting.
* File Checksum Integrity Verifier Utility Microsoft’s FCIV utility computes and verifies cryptographic hash values of files. These can be displayed on the screen or saved in an XML file for later use.
* Security Considerations for Network Attacks From Microsoft’s TechNet. Includes 10 tips to lower a website’s vulnerability to attack.
* Denial of Service (DoS) Resources Legal, technical, and other informational contacts for addressing Denial of Service attacks.
* MegaSecurity.org Not for the timid! But if you want to get some idea of the scope of possible attacks, why not visit an attackers’ supply shack? Provides information, useful security utilities, & enough real-life ghost stories for many a campfire.
Comments: 0
Votes:28