Tuesday, March 3, 2009

A breif detail about Virus, Worms and Trojan Horses

The most common blunder when the topic of a computer virus arises is that people will often refer to a Worm or Trojan Horse as a Virus. While the words Trojan, worm, and virus are used interchangeably, they are not the same. Viruses, worms, and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences between the three, and knowing those differences can help you to better protect your computer from their often damaging effects.


A computer Virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Some viruses cause only mildly annoying effects while others can damage your hardware, software, or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.


A Worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the ability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its ability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its ability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers, and individual computers to stop responding. In more recent worm attacks such as the much talked about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.



A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse is an extension that might be "masked" by giving it a name such as 'Readme.txt. exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks - possibly joining many other similarly infected computers as part of a distributed denial-of-service attack. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.


Added into the mix, what is called a blended threat? A blended threat is a sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one threat. Blended threats use server and Internet vulnerabilities to initiate, transmit and spread an attack. This combination of method and techniques means blended threats can spread quickly and cause widespread damage. Characteristics of blended threats include: causes harm, propagates by multiple methods, attacks from multiple points and exploits vulnerabilities.



To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For examplem it wouldn't just launch a DoS attack — it would also install a backdoor and damage a local system in one shot. Additionally, blended threats are designed to use multiple modes of transport. For example, a worm may travel through e-mail, but a single blended threat could use multiple routes such as e-mail, IRC and file-sharing sharing networks. The actual attack itself is also not limited to a specific act. For example, rather than a specific attack on predetermined .exe files, a blended thread could modify exe files, HTML files and registry keys at the same time — basically it can cause damage within several areas of your network at one time.



Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats require no human intervention to propagate.

Combating Viruses, Worms and Trojan Horses :



The first steps to protect your computer are to ensure your operating system (OS) is up-to-date. This is essential if you are running a Microsoft Windows OS. Secondly, you should have anti-virus software installed on your system and download updates frequently to ensure your software has the latest fixes for new viruses, worms, and Trojan Horses. Additionally you want to make sure your anti-virus program has the ability to scan e-mail and files as they are downloaded from the Internet. This will help prevent malicious programs from even reaching your computer. If this isn't enough protection, then you may want to consider installing a firewall as well.

A firewall is a system which prevents unauthorized use and access to your computer. A firewall can be either hardware or software. Hardware firewalls provide a strong degree of protection from most forms of attack coming from the outside world and can be purchased as a stand-alone product or in broadband routers. Unfortunately, when battling viruses, worms and Trojans, a hardware firewall may be less effective than a software firewall, as it could possibly ignore embedded worms in out going e-mails and see this as regular network traffic. For individual home users, the most popular firewall choice is a software firewall. A good software firewall will protect your computer from outside attempts to control or gain access your computer, and usually provides additional protection against the most common Trojan programs or e-mail worms. The downside to software firewalls is that they will only protect the computer they are installed on, not a network.

It is important to remember that on its own a firewall is unable to get rid of your computer virus problems, but when used in conjunction with regular operating system updates and a good anti-virus scanning software, it will add some extra security and protection for your computer or network.

Thursday, January 22, 2009

Spam Report

Spam Evolution: November 2008

Spam in mail traffic


Spam on the Russian Internet in November 2008

The closure of US hosting provider McColo, which hosted the command and control centers of a number of large botnets, resulted in a sharp decline in the amount of spam in November. However, the decline was short-lived and within a few days botnet activity had resumed (e.g. spam made up 83.4% of mail traffic on 16 November, close to the maximum figure for the month).

The graph shows several peaks and troughs mid-month following the closing down of McColo on 13 November. The first of them coincided with www.theregister.co.uk renewed botnet activity on 15-16 November when McColo made use of its backup arrangement with the Swedish ISP TeliaSonera AB. Less than two days later, TeliaSonera AB cut off McColo’s access resulting in a fall in the amount of spam on 17-18 November. A subsequent increase in the amount of spam on 25 November can be linked to an attempt by the operators of the Srizbi botnet to transfer www.pcworld.com their command and control centers to the Tallinn-based Starline Web Services.

The closure of McColo had a clear effect on the volume of spam in November. Spam accounted for 73.7% of mail traffic on the Russian Internet in November, compared to 79.9% in October. A monthly low of 50.5% was recorded on 13 November, two days after the hosting provider was shut down.

Spam by category

Top five spam categories in November:
  1. Adult content spam – 24%
  2. Medications, health-related goods and services – 21%
  3. Education – 10%
  4. Travel and tourism – 9%
  5. Fake designer goods – 5%

The amount of Medications, health-related goods and services spam rose significantly from 12.5% in October to 21% in November. The Fake designer goods category replaced Spammer services in fifth place. There were no other changes to the top five categories: Education remained in third place and Travel and tourism in fourth (mainly due to offers relating to the upcoming winter holiday season).

Spammers on politics and the economy

The promotion of various goods and services in November purportedly originated from spammers’ desire to help users weather the global economic storm.

One mass mailing contained links to a lengthy article on how to avoid losing money during the crisis. The spammers’ aim became clear towards the end of the article which expounded the financial benefits of investing in a building project on the Black Sea coast.

Spammers exploited the US presidential elections less than the economic downturn, but some mass mailings did reference the elections, with the winner’s name being used to advertize services. One advert for a seminar in Ukraine proudly announced that “Barack Obama trusts professionals!”

Some English-language mass mailings also offered users the opportunity to purchase coins issued in honor of the new president.

Warning – fake!

The amount of Computer fraud spam rose compared to last month, averaging 3% in November against 2.2% in October.

Scam messages purportedly sent by the popular email service Mail.Ru were among the tricks used. Such messages asked recipients to send an SMS to a premium number either in order to win a lottery or to prevent their accounts from being hacked.

Users also received messages allegedly sent by the SMSexpress payment system demanding compensation for “breach of contract”.

Sometimes it may not be clear if an email is genuine or fake. In order to resolve such issues, open the company’s site by typing the address into the browser (not by clicking on a link in a message) and contact the administrator using the contact details given on the site.

Spammer tricks

In November, spammers used a new technique to disguise contact information: the address of the site being advertized was presented in a vertical column. Spammers seemed to think this would make it more difficult to block spam messages, but it also meant that recipients had to memorize the address and type it into the browser in order to view the site.

Hello,
Who do you consider to be the embodiment of style? You can be too:
You’ll look 100%, spending less than everybody else
Have a nice day!

Another tactic was the use of HTML tags to mask key words. The names of the goods being advertized were put in a table intermingled with random symbols in a less legible font. These pale random symbols alter the way the text is perceived by spam filters but the names of the goods can still be clearly seen by recipients.

Conclusion

Autumn has not been easy for the spammers. In addition to the worsening economic situation, November saw the closure of the hosting provider McColo, which was used to as the command and control center for a number of botnets. The fact that the amount of spam on the Russian Internet fell by two thirds immediately after McColo was shut down suggests that the US provider was widely used by spammers targeting the .ru domain with their mass mailings.

Next month there are likely to be changes in the type of spam being distributed. With the holiday season approaching, adult content messages will probably be displaced by messages advertising party services and fake designer goods.

Recent trends
  1. With the closure of McColo, whose servers hosted the control centers for a number of botnets, the amount of spam in mail traffic fell 7.2% compared to October and averaged 73.7%.
  2. Malicious files were attached to 2.28% of all emails, 0.2% more than in October.
  3. Links to phishing sites were found in 0.76% of all emails.
  4. Graphical spam amounted to 9%.
  5. Fraudulent emails increased by 0.8% to 3%.
  6. Spam offering fake designer goods re-entered the top five leading spam categories.
  7. In order to ensure messages evade spam filters, spammers modified their use of HTML formatting.


Disclaimer: - These are the reports taken from the Kaspersky virus report

Friday, January 9, 2009

How Hard Disk Recovery Works

How does Hard Drive Recovery work?

Hard drives, like all mechanical devices, eventually break down or some of them are caused some of the Hard DIsk will crashed because of the Manufactures itself. Here are some basic possible errors.

Common hard drive problems include:

* User errors
* Software errors
* Hard drive electronics failures
* Hard drive arm failures
* Hard drive platter failures

User Errors

User errors include accidentally deleting or overwriting files (these overwriting files can't be recovered) and accidentally formatting a or deleting a partition.

User errors can sometimes be resolved through the use of off-the-shelf data recovery software.

Software Errors

Software errors usually result from software writing data to the wrong part of the disk.

Errors cause by software are generally much more difficult for off-the-shelf data recovery software to correct. This task may require the services of a data recovery specialist. Some software can crash your Hard Disk because of the basic system requirements of the systems. So read carefully before you install the Software (For Exp. The Anti Virus Software)


Hard Drive Electronics Failures

When a hard drive physically fails, sometimes the mechanical parts of the hard drive remain undamaged. This can happen, for example, if the hard drive is subject to a power surge or a discharge of static electricity.

In these cases, it is usually possible to take the mechanical parts out of the hard drive assembly and place them into another identical hard drive unit. This should be done in a clean-room environment, to prevent dust from damaging the hard drive.

Hard Drive Arm Failures

Hard drive arm failures are very common. When the hard drive arm fails, there is a very good chance that it will damage the hard drive platters.

When you hear the clicking noises from your hard drive which signal a hard drive arm failure, back up all necessary data immediately and power the system down as soon as possible.

If the hard drive platters have not been damaged, a data recovery specialist may still be able to recover data from a hard drive with a damaged hard drive arm.

Hard Drive Platter Failures

No drive platter is manufactured perfectly. There will always be some bad spots on the platter surface. Modern hard drives automatically mark those bad spots as unusable and do not store data there.

Sometimes bad spots will develop during the life of the hard drive. The hard drive will mark that spot bad and attempt to move the data to a good spot on the hard drive. This may, or may not, result in the loss of some data.

Serious hard drive platter failures can occur as a result of hard drive arm failures. In these cases, the hard drive platters are being scratched. Your data is being scratched right off the surface of the platters! You can often hear this damage occuring. These failures are very expensive or impossible to recover.

The Solution to Hard Drive Recovery: Backup

The best method of hard drive recovery is to throw away the failed hard drive and restore your data from backup to a brand new drive.

Backing up your data is a critically important preventative maintenance task. Don't put yourself at risk by not properly backing up your data.


So the best way to escape from the crash is to Backup your weekly processes.

Disclaimer:- What written above is my personal experience. Please forgive me if it hurts anyone.

Wednesday, January 7, 2009

Tips to Speed up the PC

Follow
These tips and you will definitely have a much faster and more reliable PC! Most of the below tips works for windows XP.

1. Wallpapers: They slow your whole system down, so if you're willing to compromise, have a basic plain one instead!

2. Drivers: Update your hardware drivers as frequently as possible. New drivers tend to increase system speed especially in the case of graphics cards, their drivers are updated by the manufacturer very frequently!

3. Minimizing: If you want to use several programs at the same time then minimize those you are not using. This helps reduce the overload on RAM.

4. Boot Faster: The 'starting Windows 95/98' message on startup can delay your booting for a couple of seconds. To get rid of this message go to c:\ and find the file Msdos.sys. Remove the Read-Only option. Next, open it in Notepad or any other text editor. Finally, go to the text 'Options' within the file and make the following changes: Add BootDelay=0. To make your booting even faster, set add Logo=0 to remove the Windows logo at startup.

5.. Restart only Windows: When restarting your PC, hold down Shift to only restart Windows rather than the whole system which will only take a fraction of the time.

6. Turn Off Animations: Go to Display Settings from the Control Panel and switch to the Effects Tab. Now turn off Show Windows Content While Dragging and Smooth Edges on Screen Fonts. This tip is also helpful with Windows XP because of the various fade/scroll effects.

7. Faster Start-Menu Access: Go to the Start menu and select Run. Now type Regedit and hit Enter. The Registry Editor will appear on the screen. Now, open the folder HKEY_CURRENT_ USER\Control Panel\Desktop. You should see a MenuShowDelay value. If you don't then do the following: right click on a blank space in the right pane and select New\String. Change the name in the new value to MenuShowDelay. Now that we have the MenuShowDelay value, double click on it and enter 0 in the value data field. This sets the start menu delay to 0 milliseconds.

8. Resolutions: If you are willing to do anything for faster performance from your PC, then try lowering your display resolution. The lower it is, the faster your PC.

9. Turn off Active Desktop: Go to your Display Properties and switch to the Web tab. Uncheck View My Active Desktop As a Web Page. Since the Active Desktop option under Windows 98 uses a lot of system resources, this option can have a dramatic effect on the speed of the whole system.

10. Defragment Often: Windows 98's Defrag tool uses Application Acceleration from Intel which means that when you defragment your drive, data is physically arranged on the drive so that applications will load faster.


11. Take your PC to Bed: Using the Advanced Power Management feature under Windows 98 gives you the option to use the sleep command. That way, you can send your PC to sleep instead of shutting it down and then restarting it. It's as simple as pressing a button and then pressing the same button to wake it up. You can tell Windows after how many minutes/hours of inactivity to automatically sleep the machine in the Advanced Power Management section of the Control Panel.

12. Faster Internet Access: If you use the Internet for reference and the sites you visit are rarely updated then try the following. In IE (the same can be done in Netscape) go to Tools, Internet Options. Next, click on Settings... In the Temporary Internet Files section. Finally, select Never for the first option and double the amount of storage space to use, click OK!

13. Benchmarking: Benchmarking can be very useful when run frequently. It can tell you how your PC's components are performing and then compare them to other machines like yours. For example, when you overclock your PC, you want to know how much more speed you have and whether it is stable. All this and more can be discovered using benchmarking. An excellent piece of software for doing this job is SiSoft Sandra which can be found in the Downloads File Archive!

14. Refresh the Taskbar without restarting: If you in some way change the taskbar, either in Regedit or elsewhere, you can refresh the task bar without restarting. Hold down Ctrl Alt Del, and double click on Explorer. Say Yes to close Explorer, but no to closing Windows. This will refresh the Taskbar and system tray.

15. Quick CD Eject: Instead of pushing the button on your drive, right-click your CD drive letter in My Computer and click on Eject. This will also remove any icons that have become associated with the CD drive.

16. Start Up Programs: Windows can be slowed down when programs run on start up. To eliminate this, check your Start up folder. You can access it from the start menu: Start, Programs, Start Up. Another way to eliminate programs from loading even before Windows actually starts is by doing the following: Click on Start, then Run. Type msconfig. It will take quite a long time for this program to load, but when you finally see it on your screen, explore the different tabs. They all have to do with how quickly your PC boots, so select what you want, and uncheck what you don't want!

17. Fonts: When Windows starts, it loads every single font in the Fonts folder. Therefore, the more fonts you have, the slower the booting process. To get rid of unwanted fonts, simply go to the Fonts folder under c:\windows and remove whatever you don't want. Fonts that have a red letter 'A' as their icon are system fonts, so don't delete them.

18. Stretching Wallpapers: Don't "stretch" your wallpaper in Windows 98 since it actually slows Windows down when you drag icons around on the desktop.

19. RAM Matters: If you have less than 32MB then you should seriously think of upgrading it to at least 64MB. Windows runs much more smoothly with 64MB or higher and tends to use less hard disk space for virtual memory.

20. Partitioning: A very nice little thing you can do to boost system performance. By partitioning your hard drive, splitting one physical drive into several logical ones, you can gain several advantages. 1. If you get a virus or you accidentally format a drive, not all will be lost. 2. By placing the swap file (Win386.swp) on a separate drive, The swap file will be less fragmented and thus, faster. 3. Place Windows on a separate drive and whenever you need to reinstall it, you rest assured that your data is safe on a separate drive. Partitioning can be done using a few programs such as FDisk which comes with DOS. However, FDisk formats everything on the hard disk before partitioning. Alternatively, you can use Partition Magic from
Power Quest to partition your hard disk without losing your data.