Using a virtual machine (such as a pre-built Browser Appliance for VMWare Player) can inhibit infection by spyware, malware, and viruses. Virtual machines provide seperate environments, so if spyware enters the virtual environment, the host computer remains unaffected. One can also use snapshots to remove one’s private information, transporting the snapshot of the VM.

This environment resembles a sandbox. It has drawbacks in that it uses more memory (compared to a standalone browser) and it uses a lot of disk space.

Security practices

To deter spyware, computer users have found a number of techniques useful in addition to installing anti-spyware software.

Many system operators install a web browser other than Microsoft’s Internet Explorer (IE), such as Opera or Mozilla Firefox – though such web browsers have also suffered from some security vulnerabilities. Not a single browser ranks as safe, because in the case of spyware the security comes with the person who uses the browser.

Some Internet Service Providers — particularly colleges and universities — have taken a different approach to blocking spyware: they use their network firewalls and web proxies to block access to Web sites known to install spyware. On March 31, 2005, Cornell University’s Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore, and the steps the university took to intercept it. ^[1] Many other educational institutions have taken similar steps against Marketscore and other spyware. Spyware programs which redirect network traffic cause greater technical-support problems than programs which merely display ads or monitor users’ behavior, and so may attract institutional attention more readily.

Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack. One site, CleanSoftware.org, founded as an alternative to other popular Windows software sites, offers only software verified not to contain “nasties” such as spyware. Recently, C|Net revamped its download directory: it has stated that it will only keep files that pass inspection by Ad-Aware and Spyware Doctor.

References

1. ↑ Schuster, Steve. “Blocking Marketscore: Why Cornell Did It“. Cornell University, Office of Information Technologies. March 31, 2005.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

WinFixer is closely related to Aurora Network’s Nail.exe hijacker/spyware program. In worst case scenarios, it may embed itself in Internet Explorer and become part of the program, thus being nearly impossible to remove. The program is also closely related to the Vundo and Virtumonde viruses. [3] – Note: The database entry for the Virtumonde trojan and WinFixer itself are down as of late February 2006), however, a great number of forum members on on-line technical support forums and blogs believe that WinFixer is associated with the Vundo trojan.

Program Name

Although purely speculative, it seems fairly obvious that the name WinFixer is derived from the old Microsoft Windows abbreviation “Win” joined with the word fixer, thus implying Win(dows) Fixer. Because of the name association with the operating system, a hypothetical situation could occur in which a user may possibly think that they are downloading a Windows related program, when, in fact, they are not.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

E-mail and other forms of spamming have been used for purposes other than advertisements. Many early Usenet spams were religious or political in nature. Serdar Argic, for instance, spammed Usenet with historical revisionist screeds. A number of evangelists have spammed Usenet and e-mail media with preaching messages. A growing number of criminals are also using spam to perpetrate various sorts of fraud, and in some cases have used it to lure people to locations where they have been kidnapped, held for ransom and even murdered [1].

DoS spam

Spamming has also been used as a denial of service (“DoS”) tactic, particularly on Usenet. By overwhelming the readers of a newsgroup with an inordinate number of nonsense messages, legitimate messages can be lost and computing resources are consumed. Since these messages are usually forged (that is, sent falsely under regular posters’ names) this tactic has come to be known as sporgery (from spam + forgery). This tactic has for instance been used by partisans of the Church of Scientology against the alt.religion.scientology newsgroup (see Scientology vs. the Internet) and by spammers against news.admin.net-abuse.email, a forum for mail administrators to discuss spam problems. Applied to e-mail, this is termed mailbombing. The Usenet Meow Wars (circa 1996) were DoS attacks on various newsgroups aimed at specific posters, thus disrupting the newsgroups where they were active. The DoS attacks launched by Hipcrime, which continue today, are more specifically crafted as DoS attacks on entire newsgroups. The alt.sex newsgroups were rendered virtually uninhabitable by commercial porn site spammers, partially for advertising purposes and partially to destroy a perceived free competitor. (This spawned the creation of the moderated, unspammable soc.sexuality newsgroups.)

In a handful of cases, forged e-mail spam has been used as a tool of harassment. The spammer collects a list of addresses as usual, then sends a spam to them signed with the name of the person he wishes to harass. Some recipients, angry that they received spam and seeing an obvious “source”, will respond angrily or pursue various sorts of revenge against the apparent spammer, the forgery victim. A widely known victim of this sort of harassment was Joe’s CyberPost, which has lent its name to the offense: it is known as a joe job. Such joe jobs have been most often used against antispammers: in more recent examples, Steve Linford of Spamhaus Project and Timothy Walton, a California attorney, have been targeted. Sometimes victims (such as ROKSO-listed spammers) are subscribed to lists that don’t practice verified opt-in, such as magazine subscriptions and e-mail newsletters, a practise known as subscriptionbombing.

Spammers have also abused resources set up for purposes of anonymous speech online, such as anonymous remailers. As a result, many of these resources have been shut down, denying their utility to legitimate users.

E-mail worms or viruses may be spammed to set up an initial pool of infected machines, which then resend the virus to other machines in a spam-like manner. The infected machines can often be used as remote-controlled zombie computers, for more conventional spamming or DDoS attacks. Sometimes trojans are spammed to phish for bank account details, or to set up a pool of zombies without using a virus.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Initial message prior to infection – Disconnect from the internet before closing this!

There are several ways in which WinFixer can infect a computer. Users using Internet Explorer are most susceptible, although users of other browsers, such as Firefox and Opera can also be infected, but are more resistant to the program.

Typical Infection

The infection usually occurs during a visit to a distributing web site (not necessarily winfixer.com) using Internet Explorer. A message appears in a Dialog Box, asking the user if they want to install WinFixer.

However, when the user chooses any of the options or tries to close this dialog (by clicking ‘Ok’ or ‘Cancel’ or by clicking the corner ‘X’), it will trigger a pop-up window and WinFixer will download and install itself, despite the user’s wishes. Because this is a dialog box related to the Internet Explorer application, it does not appear in the Windows Task Manager list (Ctrl+Alt+Del).

Trial offer of WinFixer

A free, trial offer of this program is sometimes found in pop-ups. If the trial version is downloaded and installed, it “locates” a couple of alleged trojans and viruses, but does nothing else. To obtain a quarantine or removal, WinFixer requires the purchase of the program. Some reviewers believe the alleged unwanted bugs to be bogus, only serving to induce the owner to buy the program.

WinFixer Application

Once installed, WinFixer frequently launches pop-ups and prompts the user to follow its directions. Because of the intricate way in which the program installs itself into the host computer (including making dozens of registry edits), successful removal is a tedious, manual process. When running, it can be found in the Task manager and stopped, but before long it will re-install and start up again.

Firefox Popup

The Mozilla Firefox browser is less vulnerable than Internet Explorer to initial infection by WinFixer. However, once installed, WinFixer is known to exploit the SessionSaver extension for the Firefox browser. The program causes popups on every startup asking the user to download WinFixer, by adding lines containing the word ‘WinFixer’ to the prefs.js file. The prefs.js file is located at:

Windows: C:\Documents and Settings\_username_\Application Data\Mozilla\Firefox\Profiles\_profile_\prefs.js

Linux: ~\.Firefox\Profiles\_profile_\prefs.js

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

E-mail spam is by far the most common form of spamming on the internet. It involves sending identical or nearly identical unsolicited messages to a large number of recipients. Unlike legitimate commercial e-mail, spam is generally sent without the explicit permission of the recipients, and frequently contains various tricks to bypass e-mail filters. Modern computers generally come with some ability to send spam. The only necessary added ingredient is the list of addresses to target.

Spammers obtain e-mail addresses by a number of means: harvesting addresses from Usenet postings, DNS listings, or Web pages; guessing common names at known domains (known as a dictionary attack); and “e-pending” or searching for e-mail addresses corresponding to specific persons, such as residents in an area. Many spammers utilize programs called web spiders to find e-mail addresses on web pages, although it is possible to fool the web spider by substituting the “@” symbol with another symbol, for example “#”, while posting an e-mail address.

Many e-mail spammers go to great lengths to conceal the origin of their messages. They might do this by spoofing e-mail addresses (similar to Internet protocol spoofing). In this technique, the spammer modifies the e-mail message so it looks like it is coming from another e-mail address. However, many spammers also make it easy for recipients to identify their messages as spam by placing an ad phrase in the From field—very few people have names like “GetMyCigs” or “Giving away playstation3s”!

Among the tricks used by spammers to try to circumvent the filters is to intentionally misspell common spam filter trigger words. For example, “viagra” might become “vaigra”, or other symbols may be inserted into the word as in “v/i/a/g./r/a”. The human mind can handle a surprising degree of corruption, but sometimes this tactic can backfire, rendering a message illegible. ISPs have begun to use the misspellings themselves as a filtering test.

The most dedicated spammers—often those making a great deal of money or engaged in illegal activities, such as the pornography, casinos and Nigerian scammers—are often one step ahead of the ISPs. Reporting them to your ISP may help block less sophisticated spammers in the future.

So-called “spambots” are a major producer of e-mail spam. The worst spammers create e-mail viruses that will render an unprotected PC a “zombie computer”; the zombie will inform a central unit of its existence, and the central unit will command the “zombie” to send a low volume of spam. This allows spammers to send high volumes of e-mail without being caught by their ISPs or being tracked down by antispammers; a low volume of spam is instead sent from many locations simultaneously. Many consumer-level ISPs (Earthlink, for example) stop spambots by blocking the SMTP port (port 25), although there are some users who make legitimate use of it.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Video: The Nigerian Email Spam Scam