| Max Secure Spyware Detector can detect and remove the following types
of spyware successfully:
Adware : Software that displays popup/popunder ads when the primary
user interface is not visible or which do not
appear to be associated with the product.
Annoyance : Any trojan that does not cause damage other than to annoy
a user, such as by turning the text on the screen
upside down, or making mouse motions erratic.
ANSI Bomb : Character sequences that reprogram specific keys on the
keyboard. If ANSI.SYS is loaded, some bombs will
display colorful messages, or have interesting
(but unwanted) graphical effects.
AOL Pest:: Any password stealer, exploit,
DoS attack, or ICQ hack aimed at users of AOL.
ICQ is an instant messenger service from mirabilis.com,
now AOL. ICQ is a favorite service among hackers,
and ICQ features are built into many trojans (such
as stealing user's passwords, UINs, or notifying
the hacker). Users of ICQ are warned ""By
using the ICQ service and software... you may
be subject to various risks, including... Spoofing,
eavesdropping, sniffing, spamming, breaking passwords,
harassment, fraud, forgery, 'imposturing', electronic
trespassing, tampering, hacking, nuking, system
contamination including without limitation use
of viruses, worms and Trojan horses causing unauthorized,
damaging or harmful access and/or retrieval of
information and data on your computer and other
forms of activity that may even be considered
unlawful."
AV Killer : Any hacker tool intended to disable a user's anti-virus
software to help elude detection. Some will also
disable personal firewalls.
Backdoor :A secret or undocumented means
of getting into a computer system, or software
that uses such a means to penetrate a system.
Some software has a backdoor placed by the programmer
to allow them to gain access to troubleshoot or
change the program. Software that is classified
as a "backdoor" is designed to exploit
a vulnerability in a system, and open it to future
access by an attacker.
Binder : A tool that combines two or more files into a single file,
usually for the purpose of hiding one of them.
A binder compiles the list of files that you select
into one host file, which you can rename. A host
file is a simple custom compiled program that
will decompress and launch the source programs.
When you start the host, the embedded files in
it are automatically decompressed and launched.
When a trojan is bound with Notepad, for instance,
the result will appear to be Notepad, and appear
to run like Notepad, but the Trojan will also
be run.
Browser Helper Object: (BHO). A component
that Internet Explorer will load whenever it starts,
shares IE's memory context, can perform any action
on the available windows and modules. A BHO can
detect events, create windows to display additional
information on a viewed page, monitor messages
and actions. Microsoft calls it "a spy we
send to infiltrate the browser's land." BHOs
are not stopped by personal firewalls, because
they are seen by the firewall as your browser
itself. Some exploits of this technology search
all pages you view in IE and replace banner advertisements
with other ads. Some monitor and report on your
actions. Some change your home page.
Commercial RAT : Any commercial product that is normally used for
remote administration, but which might be exploited
to do this without user consent or awareness.
Cracking Misc : Any document and/or tool that provides guidance on
how to remove copy protection.
Cracking Tool : Any software designed to modify other software for
the purpose of removing usage restrictions. An
example is a 'patcher' or 'patch generator', that
will replace bytes at specified locations in a
file, rendering it a licensed version. A music
file ripper is a program that enables the user
to digitally copy songs from a CD into many different
formats such as MP3, WAV, or AIFC.
DDoS : A Distributed Denial of Service (DDoS) attack is one that
pits many machines against a single victim. An
example is the attacks of February 2000 against
some of the biggest websites. Even though these
websites have a theoretical bandwidth of a gigabit/second,
distributing many agents throughout the Internet
flooding them with traffic can bring them down.
The Internet is defenseless against these attacks.
The best defense is for users everywhere to run
PestPatrol, and remove DDoS clients when they
are found, so that their machines are not used
as attack tools. Another approach is for ISPs
to do ""egress filtering"":
prevent packets from going outbound that do not
originate from IP addresses assigned to the ISP.
This cuts down on the problem of spoofed IP addresses.
Dialer : Software that dials a phone number.
Some dialers connect to local Internet Service
Providers and are beneficial as configured. Others
connect to toll numbers without user awareness
or permission.
DoS : An exploit whose purpose is to deny somebody the use of the
service: namely to crash or hang a program or
the entire system. Examples of DoS attacks include
flooding the victim with more traffic than can
be handled; flooding a service (like IRC) with
more events than it can handle bomb; crashing
a TCP/IP stack by sending corrupt packets; crashing
a service by interacting with it in an unexpected
way; or hanging a system by causing it to go into
an infinite loop. For example, the Ping of Death
exploit crashed machines by sending illegally
fragmented packets at a victim. A common word
for DoS is ""nuke"", which
was first popularized by the WinNuke program.
Downloader : A program designed to retrieve
and install additional files, when run. Most will
be configured to retrieve from a designated web
or FTP site.
Dropper : In viruses and trojans, the dropper is the part of the
program that installs the hostile code onto the
system.
Encryption Tool : Any software that can be used to scramble documents,
software, or systems so that only those possessing
a valid key are able to unscramble it. Encryption
tools are used to secure information; sometimes
unauthorized use of encryption tools in an organization
is a cause for concern.
Error Hijacker : Any software that resets your browser's settings
to display a new error page when a requested URL
is not found. Hijacks may reroute your info and
address requests through an unseen site, capturing
that info. In such hijacks, your browser may behave
normally, but be slower.
Exploit : A way of breaking into a system. An exploit takes advantage
of a weakness in a system in order to hack it.
Exploits are the root of the hacker culture. Hackers
gain fame by discovering an exploit. Others gain
fame by writing scripts for it. Legions of script-kiddies
apply the exploit to millions of systems, whether
it makes sense or not. Since people make the same
mistakes over-and-over, exploits for very different
systems start to look very much like each other.
Most exploits can be classified under major categories:
buffer overflow, directory climbing, defaults,
Denial of Service.
Firewall Killer : Any hacker tool intended
to disable a user's personal firewall. Some will
also disable resident anti-virus software.
Flooder : A program that overloads a connection
by any mechanism, such as fast pinging, causing
a DoS attack.
FTP Server : When installed without user
awareness, an FTP server allows an attacker to
download any file in the user's machine, to upload
new files to that machine, and to replace any
existing file with an uploaded file.
Hacking Tutorial : A Hacking Tutorial
explains how to break into systems.
Hijacker: Any software that resets your browser's settings to point
to other sites. Hijacks may reroute your info
and address requests through an unseen site, capturing
that info. In such hijacks, your browser may behave
normally, but be slower.
Hoax : Not a pest, not a virus, not a worm, not a trojan. A hoax
is a worrisome warning, usually transmitted by
e-mail. Examples of hoaxes: 'If you receive an
e-mail that has a subject line of X, then ...
This is a very bad thing, and blah blah blah...
Please pass this on to everyone in your address
book." Before following the instructions
in the e-mail, do a simple internet search for
the subject line, the file name, etc. to see if
others regard this as a hoax. Hoaxes are not detected
by PestPatrol. But some are included in our Pest
Encyclopedia for your information.
Homepage Hijacker : Any software that changes your browser's home
page to some other site. Hijacks may reroute your
info and address requests through an unseen site,
capturing that info. In such hijacks, your browser
may behave normally, but be slower.
Hostile ActiveX : An ActiveX control is essentially a Windows program
that can be distributed from a web page. These
controls can do literally anything a Windows program
can do. A Hostile ActiveX program does something
that its user did not intend for it to do, such
as erasing a hard drive, dropping a virus or trojan
into your machine, or scanning your drive for
tax records or documents. As with other Trojans,
a Hostile ActiveX control will normally appear
to have some other function than what it actually
has.
Hostile Java : Browsers include a ""virtual machine""
that encapsulates the Java program and prevents
it from accessing your local machine. The theory
behind this is that a Java ""applet""
is really content -- like graphics -- rather than
full application software. However, as of July,
2000, all known browsers have had bugs in their
Java virtual machines that would allow hostile
applets to ""break out"" of
this ""sandbox"" and access
other parts of the system. Most security experts
browse with Java disabled on their computers,
or encapsulate it with further sandboxes/virtual-machines.
Hostile Script : A script is a text file
with a .VBS, .WSH, .JS, .HTA, .JSE, .VBE extension
that is executed by Microsoft WScript or Microsoft
Scripting Host Application, interpreting the instructions
in the script and acting on them. A hostile script
performs unwanted actions.
HTTP Server : When installed without user
awareness, an HTTP server allows an attacker to
use a web browser to view and thus retrieve information
collected by other software placed in the user's
machine.
IRC War : Any
tool that uses Internet Relay Chat for spoofing,
eavesdropping, sniffing, spamming, breaking passwords,
harassment, fraud, forgery, 'imposturing', electronic
trespassing, tampering, hacking, nuking, system
contamination including without limitation use
of viruses, worms and Trojan horses causing unauthorized,
damaging or harmful access and/or retrieval of
information and data on your computer and other
forms of activity that may even be considered
unlawful.
Key Generator : Any tool designed to break software copy protection
by extracting internally-stored keys, which can
then be entered into the program to convince it
that the user is an authorized purchaser.
Key Logger : (Keystroke Logger). A program
that runs in the background, recording all the
keystrokes. Once keystrokes are logged, they are
hidden in the machine for later retrieval, or
shipped raw to the attacker. The attacker then
peruses them carefully in the hopes of either
finding passwords, or possibly other useful information
that could be used to compromise the system or
be used in a social engineering attack. For example,
a key logger will reveal the contents of all e-mail
composed by the user. Keylog programs are commonly
included in rootkits and RATs (remote administration
trojans).
Loader : Any program
designed to load another program.
Mail Bomber : Software that will flood a victim's inbox with hundreds
or thousands of pieces of mail. Such mail generally
does not correctly reveal its source.
Mailer : A program that creates and sends email with forged headers,
so that the source of the mail it sends cannot
be traced.
Misc Tool : Any tool that might be used
in planning an attack on a system, developing
tools for such an attack, or performing it.
Notifier : Any tool designed for stealth
notification of an attacker that a victim has
installed and run some pest. Such notification
might be done by FTP, SMS, SMTP, or other method,
and might contain a variety of information. Often
used in combination with a Packer, a Binder and
a Downloader.
Nuker : A program that disables a machine
through damage to the registry, key files, the
file system, etc.
P2P : Any peer-to-peer file swapping program,
such as Audiogalaxy, Bearshare, Blubster, E-Mule,
Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite,
Limewire, Morpheus, Shareaza, WinMX and Xolox.
In an organization, can degrade network performance
and consume vast amounts of storage. May create
security issues as outsiders are granted access
to internal files. Often bundled with Adware or
Spyware.
Packer : A utility which compresses a file,
encrypting it in the process. It adds a header
that automatically expands the file in memory,
when it is executed, and then transfers control
to that file. Some packers can unpack without
starting the packed file. Packers are ""useful""
for trojan authors as they make their work undetectable
by anti-virus products.
Password Capture : A variant of the Key
Logger that captures passwords as they are entered
or transmitted. Some password capture trojans
impersonate the login prompt, asking the user
to provide their password.
Password Cracker : A tool to decrypt a
password or password file. PestPatrol uses the
term both for programs that take an algorithmic
approach to cracking, as well as those that use
brute force with a password cracking word list.
Password crackers have legitimate uses by security
administrators, who want to find weak passwords
in order to change them and improve system security.
Password Cracking Word List : A list of words that a brute force
password cracker can use to muscle its way into
a system.
Phreaking Tool : Any
executable that assists in hacking the phone system,
such as by using a sound card to imitate various
audible tones.
Port Scanner : In hacker reconnaissance,
a port scan attempts to connect to all 65536 ports
on a machine in order to see if anybody is listening
on those ports. Ports scans are not illegal in
many places, in part because they don't actually
compromise the system, in part because they can
easily be spoofed, so it is hard to prove guilt,
and in part because virtually any machine on the
Internet can be induced to scan another machine.
Many people think that port scanning is an overt
hostile act and should be made illegal. An attacker
will often sweep thousands (or millions) of machines
rather than a single machine looking for any system
that might be vulnerable. Port scans are always
automated through tools called Port Scanners.
Probe Tool : A tool that explores another system, looking for vulnerabilities.
While these can be used by security managers,
wishing to shore up their security, the tools
are as likely used by attackers to evaluate where
to start an attack. An example is an NT Security
Scanner.
Proxy : Any firewall that blocks and re-creates a connection between
two points. As a defensive tool, a proxy in an
organization hides a user from the outside world.
As a pest, a proxy hides an attacker from a user.
As a pest, a proxy is a tool that can be used
to anonymize a connection between an attacker
and your machine, making the connection more difficult
to trace. The attacker interacts with the proxy;
the proxy translates the interaction and interacts
with your machine. As attack tools, SMTP and FTP
proxies are often used in conjunction with Firewall
Killers, Downloaders, RATs, and Trojans.
RAT : A Remote Administration Tool, or
RAT, is a Trojan that when run, provides an attacker
with the capability of remotely controlling a
machine via a ""client"" in
the attacker's machine, and a ""server""
in the victim's machine. Examples include Back
Orifice, NetBus, SubSeven, and Hack'a'tack. What
happens when a server is installed in a victim's
machine depends on the capabilities of the trojan,
the interests of the attacker, and whether or
not control of the server is ever gained by another
attacker -- who might have entirely different
interests. Infections by remote administration
Trojans on Windows machines are becoming as frequent
as viruses. One common vector is through File
and Print Sharing, when home users inadvertently
open up their system to the rest of the world.
If an attacker has access to the hard-drive, he/she
can place the trojan in the startup folder. This
will run the trojan the next time the user logs
in. Another common vector is when the attacker
simply e-mails the trojan to the user along with
a social engineering hack that convinces the user
to run it against their better judgment.
Search Hijacker: Any software that resets your browser's settings
to point to other sites when you perform a search.
Hijacks may reroute your info and address requests
through an unseen site, capturing that info. In
such hijacks, your browser may behave normally,
but be slower. Search results when such a hijacker
is running will sometimes differ from non-hijacked
results.
Sniffer : A wiretap that eavesdrops on computer networks. The attacker
must be between the sender and the receiver in
order to sniff traffic. This is easy in corporations
using shared media. Sniffers are frequently used
as part of automated programs to sift information
off the wire, such as clear-text passwords, and
sometimes password hashes (to be cracked).
SPAM Tool : Any software designed to extract email addresses from
web sites and other sources, remove ""dangerous""
or ""illegal"" addresses,
and/or efficiently send unsolicited (and perhaps
untraceable) mail to these addresses.
Spoofer : To spoof is to forge your identity. Attackers use spoofers
to forge their IP address (IP spoofing). The most
common use of spoofing today is smurf and fraggle
attacks. These attacks use spoofed packets against
amplifiers in order to overload the victim's connection.
This is done by sending a single packet to a broadcast
address with the victim as the source address.
All the machines within the broadcast domain then
respond back to the victim, overloading the victim's
Internet connection. Since smurfing accounts for
more than half the traffic on some backbones,
ISPs are starting to take spoofing seriously and
have started implementing measures within their
routers that verify valid source addresses before
passing the packets.
Spyware: Any product that employs a user's Internet connection in
the background without their knowledge, and gathers/transmits
info on the user or their behavior. Many spyware
products will collect referrer info (information
from your web browser which reveals what URL you
linked from), your IP address (a number that is
used by computers on the network to identify your
computer), system information (such as time of
visit, type of browser used, the operating system
and platform, and CPU speed.) Spyware products
sometimes wrap other commercial products, and
are introduced to machines when those commercial
products are installed.
Surveillance : Any software designed to use a webcam, microphone,
screen capture, or other approaches to monitor
and capture information. Some such software will
transmit this captured information to a remote
source.
Telnet Server : Software that allows a remote user of a Telnet client
to connect as a remote terminal from anywhere
on the Internet and control a computer in which
the server software is running.
Toolbar: A group of buttons which perform common tasks. A toolbar
for Internet Explorer is nomally located below
the menu bar at the top of the form. Toolbars
may be created by Browser Helper Objects.
Tracking Cookie: Any cookie that is shared among two or more web
pages for the purpose of tracking a user's surfing
history.
Trojan : Any program with a hidden intent. Trojans are one of the
leading causes of breaking into machines. If you
pull down a program from a chat room, new group,
or even from unsolicited e-mail, then the program
is likely trojaned with some subversive purpose.
The word Trojan can be used as a verb: To trojan
a program is to add subversive functionality to
an existing program. For example, a trojaned login
program might be programmed to accept a certain
password for any user's account that the hacker
can use to log back into the system at any time.
Rootkits often contain a suite of such trojaned
programs.
Trojan Creation Tool : A program designed to create Trojans. Some
of these tools merely wrap existing Trojans, to
make them harder to detect. Others add a trojan
to an existing product (such as RegEdit.exe),
making it a Dropper.
Trojan Horse : A Trojan Horse portrays itself as something other
than what it is at the point of execution. While
it may advertise its activity after launching,
this information is not apparent to the user beforehand.
A Trojan Horse neither replicates nor copies itself,
but causes damage or compromises the security
of the computer. A Trojan Horse must be sent by
someone or carried by another program and may
arrive in the form of a joke program or software
of some sort. The malicious functionality of a
Trojan Horse may be anything undesirable for a
computer user, including data destruction or compromising
a system by providing a means for another computer
to gain access, thus bypassing normal access controls.
Trojan Source : Source code is written by a programmer in a high-level
language and readable by people but not computers.
Source code must be converted to object code or
machine language before a computer can read or
execute the program. Trojan Source can be compiled
to create working trojans, or modified and compiled
by programmers to make new working trojans.
Usage Track : Usage tracks permit any user (or their software agent)
with access to your computer to see what you've
been doing. Such tracks benefit you if you have
left the tracks, but might benefit another user
as well.
Virus Creation Tool : A program designed to generate viruses. Even
early virus creation tools were able to generate
hundreds or thousands of different, functioning
viruses, which were initially undetectable by
current scanners.
Virus Source : Source code is written by
a programmer in a high-level language and readable
by people but not computers. Source code must
be converted to object code or machine language
before a computer can read or execute the program.
Virus Source can be compiled to create working
viruses, or modified and compiled by programmers
to make new working viruses.
Virus Tutorial : We
don't think there is much need for viruses in
today's offices, so we don't think there is much
need to learn how to create them. Virus Tutorials
explain 'how to'.
War Dialer : (demon-dialing, carrier-scanning)
War-dialing was popularized in the 1983 movie
War Games. It is the process of dialing all the
numbers in a range in order to find any machine
that answers. Many corporations have desktop computers
with attached modems; attackers can dial in order
to break into the desktop, and thereafter the
corporation. Similarly, many companies have servers
with attached modems that aren't considered as
part of the general security scheme. Since most
security emphasis these days is on Internet-related
attacks, war-dialing represents the ""soft
underbelly"" of the security infrastructure
that can be exploited.
Worm: A program that propagates itself by attacking other machines
and copying itself to them. Both worms and viruses
are self-replicating code that travels from machine
to machine by various means. Both worms and viruses
have, as their first objective, merely propagation.
Both can be destructive, depending on what payload,
if any, they have been given. But there are some
differences: worms may replace files, but do not
insert themselves into files. In contrast, viruses
insert themselves in files, but do not replace
them.
Worm Creation Tool : A program designed
to generate worms. Worm creation tools can often
generate hundreds or thousands of different, functioning
worms, most of which are initially undetectable
by current scanners.
|
