Viruses are the villains of the internet. They seem to be everywhere and they cause all kinds of computer problems from slow performance to inoperable programs and unreadable files. Removing a virus may be daunting for most people however here are the basic steps you can follow to help remove viruses from your PC. These virus removal steps are provided by the experts at SupportChoice who have the tools and knowledge to help you eradicate any viral infection. Below is the process you can follow to perform a basic virus removal on your system.
1. Turn off and delete old Restore points. Some viruses install themselves into the restore files meaning if you roll back the system you will still have the active virus on your PC. Turning off the system restore feature prevents an infection from hiding in a old restore point.
2. Boot the PC into safe mode with networking if at all possible as that prevents some viruses from starting as Windows starts. Remove all traces of virus in safe mode with networking.
3. Clear temp files by running disk cleanup and/or CC Cleaner. Temporary files can hold the initial file used to invade your system. Deleting temporary files and cleaning the registry can reduce the time it takes to clean the system as well as remove bad information stored in the system registry.
4. Download and install software that can identify and clean the system. There are many good tools one can use for this process. The experts at SupportChoice highly recommend several tools including MalwareBytes, ComboFix, and HiJack This. Identify the specific virus infection via several methods including running low-level virus removal tools and searching the file system for improper files.
5. Run MSCONFIG to identify rogue programs whether in the system start-up or in the case of
root kits by searching for foreign services.
6. Check for invalid hidden devices in device manager.
7. Run regedit to identify bad registry keys created by the virus or Trojan horse or use CC Cleaner as it also helps recognize and clear bad data entries.
8. Remove/disable browser toolbars and add-ons for all three major browsers: Internet Explorer, Firefox, and Google Chrome.
9. Clear browser hi-jacking and browser take-overs attempts by resetting browser proxy
configuration.
10. Ensure all relevant applications are updated to latest versions: Adobe Flash Player, Adobe Reader, and Java.
11. Install, update and configure anti-virus and firewall software.
12. Ensure Windows Operating System is updated.
13. Turn on System Restore feature.
There you have it virus removal in 13 easy steps. All of those steps may been a little daunting to the average user however these steps are needed for complete virus removal and future protection of your system. If you have any questions or need some help getting your system back operational after a virus attack the experts at http://www.supportchoice.com/ can work with you to resolve your needs. Below are the websites for some of the tools mentioned in this article and for Microsoft Security Essentials, a free virus protection software package from Microsoft.
Virus Removal Tool URL's
Trend Micro Hi Jack This http://free.antivirus.com/hijackthis/
MalwareBytes http://www.malwarebytes.org/
MS Security Essentials: http://www.microsoft.com/download/en/details.aspx?id=5201
Virus removal process by SupportChoice
Pc Repair: Why is your pc operating slower than usual?
For those who have a computer you are not unfamiliar in order to pc maintenance. It's inevitable that the pc will eventually run sluggish or not at all especially if you are a beginner in order to technologies that lets acknowledge the majority of us tend to be. One of the greatest reasons clients bring their computer systems was that they're slower than when they first bought all of them. These people keep asking that or what is to blame for this. Nobody wants to listen to it the main problem your computer may be running slower than when you purchase it is... A person!
Upkeep is the key for making sure your computer keeps running at maximum overall performance. The same as your vehicle needs normal oil modifications as well as filtration system modifications your pc needs melody united parcel service to clean up the computer registry of aged applications not in use, improvements on spy ware as well as realignment of settings to insure peak performance. Of course there could be much more causes of the slowdown. It is best to go ahead and take computer in to a local pc repair organization, while you would your vehicle to some mechanic; to be thoroughly looked over.
Some other reasons that your pc may be having issues operating reduced than usual could be that the computer offers contracted the herpes virus. Trojans, spy ware and adware and spyware may be the reason for the problem together with your pc operating gradually. Spy ware creates an issue exactly where outsiders have gotten into your pc without you understanding this and begin sending out personal data in order to organizations that will take advantage of your system and cause it to run gradually. Even though you have current virus protection you are able to nevertheless become infected it simply reduces the likelihood. Computer repair as a virus check out and elimination are needed and may be achieved at the local pc repair shop. It is also recommended that an optimization be performed on your computer at this time to restore the speed as well as effectiveness of your pc.
You may also examine your computer and remove documents and programs that have been added that are unnecessary. The more files as well as programs you retain saved about the hard disk of your pc the actual reduced it will operate. I recommend using an individual flash drive to shop big files such as pictures, word as well as excel paperwork. The area accumulates rapidly. Also, delete any kind of unnecessary brief slashes in your table top they may be leading to your computer to operate in a snail's pace.
It is important if you have attempted all the similar solutions to look at the computer's hard drive. Run a disk defragmenter which will help optimize exactly how information is saved and then Scandisk to assist ensure there is nothing actually corrupt within the generate.
An additional issue that's typical would be that the processor chip is actually getting too hot. This is typical. You will need to very first make sure the air conditioning within the pc, the actual fan, is actually operating. If not it will need to become turn off as well as drawn in for that enthusiast to be changed. When the fan is actually running turn to make sure the build-up of dirt is not leading to an issue or even that the cupboard the computer is stored in isn't blocking the environment circulation. I've discovered this happens to me after i 'm during sex using the laptop and forget concerning the heat problem. Basically set the pc on the covers the environment flow is blocked and also the computer will have issues.
Storage, hard disk space and turmoil in hardware/software are issues that could also be responsible for the actual slowing of your pc. For those who have some type of computer repair check all of the above and there's nevertheless problems they'll probably recommend you need to do an Operating system refill. Basically this can consist of wiping the pc clean and reloading your operating-system. Make certain your computer data is backed up prior to doing this. Also, this involves installation of the programs that you simply run on your pc. This really is basically a last resort but it will make your pc like when you initially brought it home.
Preventing a Virus From Invading Your Personal Computer
It feels scary surviving in the cyber age, always attached to the internet, constantly visiting websites and emails. The thing that worries us one of the most may be the possible infection from a malicious program or virus. The primary protection against a virus attack is now being proactive. It is safer to assess all possible dimensions that can be attacked by viruses as opposed to reacting to an intrusion by the serious threat for the PC.
Certain measures and specialized software might be adopted to make certain that assuming a virus intrudes a PC, the consumer is prepared. Experienced users, over and over, suggest and recommend some practices that may force away serious virus infiltrations. Getting rid of viruses that could potentially render systems useless can take a very long time and cause data loss and theft.
Armed to the Teeth - Prepare Yourself!
Step one to shield against potential threats is always to have antivirus software set up on isn't even close to. These programs identify and neutralize any threats towards the main system and hard disks. Antivirus programs constantly analyze and monitor file system activity to make certain disinfection of existing virus threats and achieving eliminate malicious programs which may intrude the system activity. Numerous antivirus programs can be purchased, both freeware and commercial, samples of they are Vipre Antivirus, Bit Defender and Norton Antivirus.
Another significant key to ensure internet security would be to have a good firewall application installed and running. Firewall software makes sure that unauthorized files and people cannot access your computer over the internet, acting such as a wall of fire residence is going to any threats and safely allowing data packets to move in and out of the world wide web connection. Without a firewall application, PC's are at risk of threats as soon as they go to the web. Firewall applications are often bundled with antivirus software or are built-in to systems like Windows.
You should isolate any workstations and difficult drives that could be contaminated with a virus. Disconnect such drives from your PC and particularly the network until they've been properly scanned and repaired by antivirus programs. It is recommended to make certain such PC's or devices by operating a final thorough scan before re-connecting these phones the network.
Update the antivirus software constantly to avoid at a disadvantage any new virus threats which are developing rapidly. Updates should be set to automatic status in order that any new available updates are downloaded as well as the user is notified should they be able to be installed. Attention needs to be paid to updates, since a fresh virus may infiltrate laptop computer and disable the antivirus from launching the updates.
Caution have to be taken when downloading email attachments, ALWAYS! The attachment really should be scanned and special attention should be paid to files with .exe and .bat extensions. Any removable media like USB drives, CDs and DVDs needs to be scanned before use, as these are major mediums of viruses to spread.
Be Revered, Not Ridiculed - Recommendations
- Also have an excellent antivirus program, with bundled features like firewalls, registry and anti-spyware tools.
- When on the network, ensure that every PC on the network comes with an antivirus software attached to it.
- Update the antivirus database for latest virus threats.
- Use the latest operating-system, Don't use outdated versions of Windows or Linux.
- Back-up all your important data regularly over a separate media (external hard drive or USB) to be sure there's no data lost due to a virus infiltration.
- Scan removable media (USB drives, CDs, and DVDs) before with them.
- Beware of unknown email attachments and take caution when downloading attachments from a forward email or unknown source.
- Only download from trusted sites and just download trusted files and software.
- Don't accept website invitations and requests from people you don't know.
- Understand how to get rid of viruses so if one does attack your pc, you can be prepared.
Remove Open Cloud Security Ignorant Remover
OpenCloud Security is ignorant in the field of computer security. Moreover, it is ignorant in recognizing malware threats. In the other words, it is a piece of counterfeit that makes an impression that it renders PC purification services.
Optionally, the program may take a modified interface, which is dedicated to performance problems. The expertise of the rogue in this field is nil, just like in anything that could be classified as activities aimed at computer system optimization.
The adware displays popups in an attempt to make users believe they deal with trustworthy security solution for Windows. The effect is enhanced by means of using such graphics, such as shield retrieved from genuine Microsoft software.
Further on, the infection names real names of viruses and provides description for each entry. These descriptions, just like Windows images, have been stolen from various genuine software developers working in the field of antivirus development.
The adware displays window reminding menu of genuine security solutions. However, most of its icons do not work properly. Even if these do, the features to which the icons allegedly correspond, are not provided by the adware.
Optimize your computer system by means of OpenCloud Security removal, as well as keep it protected for future applying free scanner available here: http://removal-tool.com/opencloud-security/.
One can prevent the adware from entering computer system by abstaining from acting as unexpectedly emerging online scanners prompt one to do. Those online scanners are advertisement of misleading kind. It is a common means of convincing users to manually infect their computer system with virus under the guise of worldwide recognized utility as the pretended scanners suggest user to download the adware.
However, the adware invasion cannot be prevented completely by abstaining from downloading action as there are websites which exploit system vulnerabilities, for example, Java vulnerabilities, to secretly drop small-size program code, which is focused solely on the adware download bypassing user's agreement routines both at the stage of download and installation.
Once the rogue is integrated into PC, it immediately exceeds its authorities deliberately conflicting with other applications. Then the outcome, which certainly includes various errors, is commented in the adware alerts which explain the recent development by viruses supposedly disclosed by the program.
There are plenty of individual alerts and general system reviews faked by the adware so that its detection is never a challenge by visual signs.
Follow the link below to learn how to remove OpenCloud Security, as well as other threats which presence is reported by free scanner:
http://removal-tool.com/opencloud-security/.
PC Support For Malware
The word 'Malware' is actually the combination of the words 'Malicious' and 'Software'. It is developed to hinder normal computer operation, to collect information that violates privacy,to gain illegal access to system resources and to perform other harmful operations. Generally Malware consists of vast range of malicious software,like Trojans, Viruses, Worms, Spywares, Rootkits, Botnets, Adware,etc. By nature Malware is intruding and belligerent. Sometimes it works sneakily as Rootkit does and sometimes it operates overtly like fake system alerts. A common wrong perception is that the defective software and Malware are one and the same. But this is no true. Though both have harmful effects, but defective software is actually a legal software with less harmful bugs while the Malware is illegitimate software with severe hazardous outcomes. Network support is required for removal of both defective software and Malware.
Brief History Of Malware
The first infamous Malware was Internet Worm, which started harming the VAX BSD and SUN Operating Systems since 1988. Before internet became popular, Malwares used to spread on computers by corrupting the boot sector of floppy disks. But this Internet Worm utilized the loopholes in the network server program and started to run as an independent process. When the Microsoft Windows became the most widely used operating system in the early 1990s, the macros of its applications were used to develop Malwares. Nowadays most of the Malwares are developed to corrupt Windows operating system, though few Malwares like Lionware and Mare D are designed to infect Linux and Unix. The users need not worry about this, since many PC support providers are coming up with solutions to these newly emerging Malwares.
Harmful Effects OF Malware
Malwares execute lot of hazardous activities on computers including password theft,email advertizing,pop up advertizing,identity stealing,etc. And that is not the end. New Malwares are emerging everyday with new malicious features. However the most common pernicious effects are:-
1. Slowing down or crashing computers.
2. Spamming inbox with advertizing emails
3. Keystroke logging
4. Identity theft
5. Password stealing
6. Deluging browser with pop up advertizing
7. Directing the user to an advertizing website
8. Using the computer as a server in disguise to broadcast obscene files.
Some of the effects of Malware could be quite disastrous, for which network support should be sought.
Types Of Malware
As per the latest study, there are 12 types of Malware and each of which has many sub types.
1. Adware: This Malware displays advertizements on computer.
2. Keylogger: It logs the user's keystrokes. By doing this it captures the secret information, such as ID and passwords.
3. Rootkit: This type of Malware, installed by crackers, disguises as a core process of the system to avoid detection. Therefore, it is very difficult to diagnose Rootkit. Formatting the hard disk is one option, but the advice of PC support provider should be taken before that.
4. Trojan: It corrupts the sensitive information store on computer as well as system resources.
5. Virus: It can reduplicate itself and spread from one computer to another.
6. Wabbits: Like virus, it replicates itself but does not spread from one machine to another. Instead it damages the machine, in which it is present.
7. Worm: It is similar to virus. The only difference is that unlike virus it does not insert itself in a program or file.
8. Spyware: It follows the user's browsing habits to display advertizement.
9. Exploits: It attacks security systems.
10. Dialers: It dials phone numbers through the computer's modem.
11. BackDoors: It provides network connections to hackers.
12. URL injectors: It directs to some particular URLs when the user tries to visit certain URLs.
Network Support For Malware
There are several ways to deal with Malwares,like keeping the operating system and software up to date, updating the anti Malware software, using firewalls,etc. To do all these things, it is always advisable to take the help of PC support providers. Since new Malwares keep coming always, it is very difficult for an ordinary user to keep track of the latest developments. Hence the network support for resolving Malware problems could be of immense help. Nowadays many PC Support providers are coming up with state of the art Malware solutions.
Some fundamental information about Virus Removal
Any harmful program for example computer virus, worm or Trojan may invade your pc program through affecting its performance. These program codes may cause several unexpected alterations in your computer system which range from slow system overall performance to some serious system crash. How you can identify whether your pc product is infected with the herpes virus attack?
Sign of Virus infection
You can effortlessly identify when your computer system will get infected from viruses. Some of the indicators of virus infections are recruited herewith:
1. Computer gets very sluggish in performance.
2. Unexpected program failures and pc reboots frequently.
3. Software program crashes as well as arbitrary messages tend to be shown about the keep track of.
If you discover any of the above mentioned sign on your pc program, after that presently there occurs the actual probability of your pc being had contracted infections. The next phase following detecting the existence of virus on your computer would be to remove them from your system to save your important information. In case your computer isn't infected with any type of malicious software then it is highly suggested to set up anti-virus software program to keep it safe against the episodes.
Antivirus software program
You can make use of anti-virus software program for getting rid of viruses from your computer. Antivirus software programs are meant for stopping, discovering as well as getting rid of virus programs. You are able to select from the best antivirus software like Norton, Avast, AVG and others, provided it has the actual feature of standard update. If the anti-virus software is not really up-to-day, then it won't be able to safeguard your computer system in the newest viruses along with other infections.
Program Recover is definitely an element of Windows based pc which allows you to move back program documents, computer registry secrets, and set up programs to a prior stable state. Operating-system of your computer creates restore point after touchdown installation of any kind of software program, or even after twenty four hours.
When there is a virus in your system at the time of making the restore point, it will also become a part of this. Antivirus software is unable to get rid of any virus program from system recover. In such case, you need to eliminate Program Restore after which check out with latest anti-virus software program. Next, when your program will get disinfected through infections, after that re-enable System Restore.
So, you need to set up up-to-date antivirus software on your computer systems, if you want to ensure that it stays safe through any harmful program like viruses.
Spyware Protection for Your Computer
Spyware is a type of malware but it is distinctively different from the regular computer viruses and hence they are not detected by the regular anti virus software. So, you need specifically designed anti spyware software to successfully remove the spywares.
Every computer and internet user needs to have a little knowledge about spyware and other malicious software. As these programs have the reputation of being quite dangerous for your computer, so it is better you take very good care of it and go for free spyware removers. This malicious stuff can create havoc to your pc, if proper step is not taken on the time, various big corporate houses, banks and other companies and lot of time and money for spyware protection.
Spyware can be installed on your computer without your knowledge, and can result in a number of computer performance issues. Spyware is designed to monitor or control your computer use. It can be used to monitor your web surfing, redirect your browser to particular websites, send pop-up ads, or record your keystrokes, which can ultimately lead to identity theft.
A virus-infected computer coupled with spyware is a very real security threat and the situation should be resolved immediately and decisively. It is good strategy to tackle the problem in a two-pronged manner. First, it is necessary to get a good anti-virus software tool that can scan your computer, detect and remove infected files.
Free Spyware removers are all over the internet, and because of the mechanics of demand and supply, their needs status have just increased ten fold over the past few years. Spyware is a big problem on the internet and the funny thing is, over 90% of people using computers at this very moment do not even know that their computer is being chocked, drawn and quartered by malicious software that is slowly eating away at system resources.
The best way to combat large inter-connected systems is to install windows anti spyware software in each workstation. This will help ease the jamming of networks etc. Many anti spyware companies of course offer free scan and free spyware remover programs. There are several thousands of these on the Internet. Many of these programs function similarly to anti-virus software.
It is also recommended that users run periodic scans to ensure that no harmful files have escaped detection. In addition, it should be kept in mind that free anti spyware or spyware removal programs do not offer antivirus protection, and a separate antivirus program is necessary if you opt for a free spyware removal program.
When choosing a free spyware scanner, make a research about it that will make you choose which of the different software will give you more benefits. Also consider knowing the security and website's legitimacy so you can't be fool by many bad guys who offers free tools over the internet. A free spyware scan will make your browsing a lot better.
Many people searching for an anti virus and spyware removal also searched online for anti virus protection a vast, anti virus software review, and even an antivirus software list.
How I got rid of the Conficker Worm on my network
Those who have read my other articles will know that I am an IT technician of many years.
I normally write articles if I fancy reviewing an item or making a comment on something that is going on in the world but today I would like to share an experience with you all that I had recently battling the conficker worm on my network. The reason for this is because this was unlike any other experience I've ever had trying to get rid of a virus or worm from a network, it was a real nightmare. There are lots and lots of websites around telling people how to tackle this worm but not many blogs or articles that tell of successes or things to look out for etc and that's really what I want to share with you today. Hopefully there will be other network technicians who can relate to what I went through and I'd welcome any comments and feedback.
Ok, so we were all warned that the conficker was coming. It was going to be BIG, no HUGE. Of course, networks should always be ready for infections but the truth is....most are not. This is a fact and the majority of people who work in IT will tell you so. Unless you are lucky enough to be in charge of a medium sized network on a full time basis, which I and most of my colleagues aren't. Most medium sized companies these days opt for a managed service and the support of an IT company with a visiting service. Anyways....all around the world network technicians made sure they were fully patched up and all antivirus was up to date. We made all the appropriate preparations and waited with baited breath to see what would happen. What would the payload be? What would the symptoms be? There were rumours of these things....just rumours....rumours of an unstoppable beast programmed by satan himself. When the first signs of the conficker worm hit, they were thankfully not on my network but on a colleagues network so I had a chance to see what would happen before it hit my own domain. Now it is worth mentioning that both my colleague and I were using Sophos antivirus on our domains which had been updated throughout only recently and you know what? Sophos caught it. Yup, that's right. A small message popped up on the client machines 'win32/conficker detected and quarantined'. Swweeeet! What was all the fuss about! It seemed that the conficker worm was no more a ferocious beast than a fluffy bunny is king of the jungle. I breathed a sigh of relief and went about my business.
For nearly a whole year nothing happened on my domains. It is worth mentioning at this point that I look after networks in schools. Fourteen of them. So far I escaped unscathed. In fact if I'm honest I forgot about the conficker virus. One day one of the managers said to me, 'the network is running slow and has been for a while'. As I have already said, I am part of a visiting service - I don't use these networks on a daily basis. Most of the time the first time a tech will hear of an issue like this is when a user tell them so. The first thing did was look at the led's in the switches. Sure enough they were lit up like Christmas trees. The lights were going ten to the dozen. This was a sure sign that there was a lot of activity going on in the network. I singled out one of the PC's and ran a sophos check on it. Nothing. I started doing a bit of digging and my users started telling me other things too. Their usb sticks did not autorun anymore. Their antivirus was not updating. I later learnt that conficker stops them doing this, it had mutated and this was why it had not been picked up. So sophos did not detect my intrusion...hmmmm. I lost a bit of faith in antivirus programs that day I can tell you. I used a program called malwarebytes...and it detected....conficker. So I ran malwarebytes on all of the machines, with success. But no sooner had the conficker worm been removed it appeared again. This thing was becoming a nightmare. USB sticks were not working properly, the network was still slow, Microsoft updates were not working, antivirus would not update and then things got really bad when users could not log on anymore. Conficker had spread to my server and locked users out. I use a program called Ghost to re-clone all of the computers. It didn't work. The worm came back.
So what did I do? Well my experiences from here on in were extensive and intensive. I learnt so much from this worm about trying to secure a computer and a network that I decided to put my findings up on the web for all to see. I will write more on this in my next article but for now you can visit my website to find out how to finally rid yourself of this nasty malicious coding. I have a website called < href="http://www.confickerremoval.net">http://www.confickerremoval.net this is about as a definitive guide that I can put together. So until my part 2 of this article...see you at the website.
How To Remove Adware on Your Computer - Absolutely Free!
How often do you get annoying pop-ups on your computer that drive you absolutely insane?
You might just have a problem with Adware! Adware is software (usually associated with advertising) that, without authorization from the computer owner, shows or downloads advertisement onto the computer. Most of the advertising that is displayed on your computer is in the form of an annoying pop-up! For those of you who would like to remove Adware, follow this simple step by step guide.
1.) Remember that adware removal is not much different than removing spyware, viruses and more. First you must identify that there is an adware infection and nothing more "serious."
2.) Go into your favorite internet browser(s) and delete ALL history. This includes cookies, internet files and more. If you do not know how to perform the task of deleting history, you can click here for instructions on deleting cookies and history from Firefox or you can click here for Internet Explorer instructions.
3.) Learning how to remove Adware also should include preventing it in the first place. Going back into your browser (#2 settings), you should be able to change the browsing history to "never remember history" or "X days" to store history (X being zero days). Only take this step if you won't need to click on your "History" tab to visit sites that you previously visited, or they will not be there anymore!
4.) Make sure you have a good adware scanning software installed on your computer. Try Malwarebytes, it is totally free and very effective. You will need to scan manually to remove adware, in other words the software doesn't run automatically, you must open it up and click "scan."
5.) After scanning your computer, allow the software to remove whatever is found. If you have serious malware, trojans or viruses in addition to just adware (advertisements), you may want to consult a professional or take the necessary time to just remove the viruses on your own.
6.) Next, make sure that you have no questionable toolbars installed in your browser, or toolbars from companies that you never heard of before. Toolbars can sometimes download adware as well as harmful trojans, spyware and viruses.
7.) Remember that installing "free" downloads from the internet such as screensavers, backgrounds, freeware and other downloads, can infect your computer with adware. Removing adware is one subject but preventing it is just as effective as removing it, and it saves much more time. If you notice you are getting tons of pop-ups, ask yourself how many downloads you have made recently!
8.) For hard to remove adware, you will need a solution that allows manual virus removal and in depth scanning that regular software doesn't usually allow. To learn proven, guaranteed, step-by-step details on manual virus removal, check out the Virus Removal Manual.
5 Best Malware Removal Approaches
AppId is over the quota
Virus removal may become pretty hectic sometimes. But, should you understand how to get rid of viruses in the first place, it will likely be much easier! Once infected, your operating-system loses to be able to execute some rudimentary but necessary operations. This might be the capacity to get on Windows, perform the scan disk operation, run increase the anti-virus, or browse the internet for just a possible solution. Now and then, the user can't even press Ctrl+Alt+Del and reset the machine and also the most obvious cure is to pull the plug and switch the machine off. Getting rid of the virus thus remains both hectic and really intimidating.
Most significant simplest way to combat any virus situation is utilizing the various commercial anti-virus technologies available. Famous brands that can come up in this industry include Vipre Antivirus, Panda Antivirus, Norton Antivirus, Bit Defender Antivirus and much more. Depending over the preferences and priorities of their usage, PC owners can choose from quite a lot of a lot more than 30 anti-virus softwares to retaliate against both old and evolving virus threats. Note of caution here, DO NOT FALL FOR A FREE ANTIVIRUS deals, it can only raise your torment.
The second option in worse case scenarios is to disconnect the hard drive from your infected system and attach it to an alternative system with good, updated anti-virus software. Then you can easily scan and clean the hard disk minus the possible loss of data plus much more infection to your boot sector in the HD. This choices only suited to users with hardware installation knowledge.
A third option is recommended in cases of spyware and adware. Boot the machine in safe mode, this usually disables a few advanced options but allows the user to operate the anti-virus with ease and allows scanning and cleaning a lot of the folders that can not be scanned in normal mode. Pressing the F8 button in the boot menu introduces the boot selection screen where the user can come up the safe mode option.
Otherwise is to completely format the difficult drive. This is just recommended for cases where the non-public data has been backed up with out data loss is expected. In such situations, the operating system completely loses the aptitude to do its basic functions of loading Windows along with the anti-virus software. Formatting the entire hard disk makes sure that none of the virus infected elements have survived additionally, the operating system should be reinstalled. After reinstalling the operating system step one is always to install the anti-virus software and scan all available drives.
The 5th option is meant for advanced users that have either experienced or practiced this method before. The SYSTEM RESTORE option is obtainable in the commencement menu in the accessories/system tools menu. This option restores the operating system to some past state that it saves over a certain time period of 15 days, 1 month, or two months ago. Using this option is not recommended for everyone as it allows data loss plus it restores the operating system to your date well before the virus infection ever began.
Quote of the week: Are we doing enough to improve the global IT security landscape?
AppId is over the quota
Vitaly Kamluk, Chief Malware Expert, Global Research and Analysis Team, Kaspersky Lab:
“Hundreds of thousands of machines are joining botnets every month. Most of these botnets are used to propagate spam or distribute malware that can be used in cyber espionage. Some of them are used in DDoS attacks or as proxies to commit other cybercrimes.
Botnets are a major threat to both the average user and corporations; however, the countermeasures we take are about as much use as measures a tiny mouse might take in protecting itself against a tiger: immensely inadequate. One could think that laws should be able to help us. Indeed, there is a law that prohibits unauthorized access to remote systems, i.e., third parties cannot use the resources of the other’s machine. However, cybercriminals successfully bypass this law. They utilize and exploit systems in any way they want – to commit crime, earn money, etc. At the same time we researchers come up against the same law – but in our case it prevents us from fighting botnets.
As an example of what could be done but cannot even be contemplated, there are over 53 000 command and control (C&C) centers on the Internet (source: www.umbradata.com). In many cases we know where the C&C centers of these botnets are, so in theory we could contact the owner’s Internet Service Provider and ask it to take it down or to pass control of the center to us. This would be the right decision if we didn’t want to leave all those thousands of infected machines online - continuing to attack other machines. We could issue a command for a bot to self-destroy itself from within the botnet infrastructure (starting from the command center) and then take it down. But unfortunately this represents unauthorized access, and we are not allowed to issue such a command.
Clearly we need changes to improve the situation. And first of all we need the law enforcement agencies of all nations to consider doing a few things:
- Carrying out mass remediation via a botnet;
- Using the expertise and research of private companies and providing them with warrants for immunity against cybercrime laws in particular investigations, so they can collect more evidence, or bring down a malicious system when it cannot be accessed physically;
- Using the resources of any compromised system during an investigation - so that we can place traps on compromised machines to get the source IP addresses of the attackers, and to bypass the mechanisms they use to hide their identities;
- Obtaining a warrant for remote system exploitation - only in the cases when no other alternative is available. Of course this could result in cyber espionage. But if it is done properly – if the warrant is given for particular system, in a particular case, for particular timespan – this could bring positive results. Indeed, it could significantly change the cyber-threat landscape.”
For more information about taking down botnets, please watch the online press conference video which takes an in-depth look at the subject.
Kaspersky Lab Top Management Ranked Most Powerful Voices in IT Security
AppId is over the quota
Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that Eugene Kaspersky, Chairman and CEO of the company, has been ranked as the Most Powerful Security Executive in the world by Internet technology publisher SYS-CON Media. Mr. Kaspersky was also ranked among the Top 25 Most Powerful Voices in Security in the same source survey SYS-CON Media used for the rankings - appearing sixth on the list. As the world’s most powerful security executive, he is listed as having 5,035 times more broadcast power reach than an active Internet user with an average level of impact, influence and use of social tools. Besides, Eugene’s colleague Nikolay Grebennikov, Chief Technology Officer of Kaspersky Lab, also figures on the Top 100 Most Powerful Voices in Security.
Commenting on his ranking, Eugene Kaspersky said: “It is a great honor for me to be named one of the most powerful voices in the IT security industry and the most powerful security executive in the world. I believe it is extremely important to spread the word about IT threats. People should be aware of them and be well prepared to face the risks that lie ahead. Faced with today’s growing cyber-crime, we all need to be properly educated and to join forces to keep the world safe.”
The ranking by SYS-CON Media of the Most Powerful Voices (MPV) in Security is based on a survey of more than 140 security company executives, 320 bloggers and people in media, 100 of the top experts in cloud computing, 30 people involved in specialized organizations, over 20 government officials, over 130 leading CISOs, and 75 industry analysts from notable firms such as Gartner, IDC, Forrester, ESG, and others. In total more than 800 influential people were surveyed.
The metrics used in the research, which measured both broadcast power and profundity, were identified through a number of studies performed across several industry categories. The MPV formula is based on "reach" by examining the number of followers and buzz an individual has on sites like Google and Twitter and many others. The estimation of the impact an individual has with his followers and subscribers is based on the amount of buzz created around blog posts, tweets, Quora answers, LinkedIn groups, and other messages, as well as on the frequency of references in the blogosphere.
About Kaspersky Lab
Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solutions providers. Learn more at: www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit: www.viruslist.com.
About SYS-CON
Media SYS-CON Media, founded in 1994, is widely recognized in the Internet-technology and magazine publishing industries as the world's leading publisher of i-technology magazines, electronic newsletters, and accompanying i-technology breaking news, education and information Web portals. The company has further solidified its dominant role in the i-technology space with the 2001 launch of an events business, SYS-CON Events (trade shows, conferences, and education). For further information visit www.sys-con.com
Kaspersky Lab Granted New Anti-Spam Patent in the USA
AppId is over the quota
Kaspersky Lab, one of the leading developers of secure content and threat management solutions, announces that it has been granted a new anti-spam patent in the USA – No. 8023697 – which covers a system and method for identifying spam in rasterized images. The application was filed earlier this year, and the patent was granted on September 20, 2011.
Spam filters currently have little problem detecting spam text messages. That is why spammers often use stealth technology to hide the text of unwanted messages in images. Filtering graphical spam is far more difficult: before an anti-spam filter can establish whether the text in a message is spam, it must first detect the text in an image. The majority of methods used to detect text in images are based on machine recognition of images. Machine recognition, however, requires uniformity in terms of size, style and the arrangement of symbols. This restriction is exploited by spammers who intentionally distort and create ‘noise’ in images to make detection more difficult.
Kaspersky Lab’s technology protected by this new patent was designed to effectively detect text and spam objects in raster images. This approach provides high-speed detection and can recognize spam text in almost any language.
The newly patented technology is based on a method of identifying objects in a raster image and tracing the contours of identified objects. Objects in the image are identified by tracing contours around each object. Based on the traced contour a signature of each object is generated. Whether or not the image contains text is determined by a comparison of the discovered object signatures and known spam image signatures. The new system can also effectively detect text in an image and compare it to known spam templates contained in databases.
At present Kaspersky Lab technologies are protected by 43 Russian and 34 US patents, and has a further 32 and 47 patent applications in the two countries, respectively. A further 42 patent applications covering innovational technologies in the information security field are currently being examined by the Chinese and European patent offices.
Quote of the week: Malware Explosion for Mac OS X
AppId is over the quota
Marco Preuß, Head of the Global Research and Analysis Team, Germany, Kaspersky Lab:
“The amount of virus samples has grown over the last few years, in line with Apple's increasing market share.
Since Apple's switch to the Intel platform, the cybercriminals have begun to create and distribute malicious software far more aggressively. Nowadays there are over one thousand threats targeting the Mac platform alone, not to mention a vast number of scripts and multi-platform threats.
Over the last few years we’ve seen several attempts by the cybercriminals to gain ground in the Apple market. Most of their attempts involved social engineering methods designed to drop Rogue AVs, Spyware and Backdoors. The year 2009 saw the formation of a botnet designed to launch DDoS attacks and consisting of approximately 20,000 infected Macs. Malware attacks were not the only problem either, phishing attacks targeting Apple services like iTunes were also noted.
However, last week we tracked a really enormous attempt to spread Rogueware targeting Macs. The cybercriminals used black hat SEO techniques to poison search results in popular search engines. For instance, they tried to use searches focusing on the killing of Osama Bin Laden as a vehicle for distributing Rogue AVs such as MACDefender. These threats try to scare users by informing them that their systems are infected and then try to extort money on the pretext of offering antivirus programs supposedly able to disinfect the targeted machine. We’ve spotted several different threats of this kind, which is also popular on Windows systems.
A second critical development is the recently spotted underground announcement of a crimeware kit for the Mac platform, as reported by Peter Kruse from CSIS. The cybercriminals seem to be building automated, easy to use tools to target Macs just as they already have for Windows systems. This kind of threat will lead to more widespread attacks and the possible use of exploit techniques on Macs.
It’s very important that Apple users make themselves aware of this situation and protect their Macs - as Macs can be infected too! “
Please follow these links to get more information about latest Mac OS threats:
“Mac Protector: Register your copy now!”
“Mac Protector: Register your copy now! Part 2”
“An unlikely couple: 64-bit rootkit and rogue AV for MacOS”
“More fakeAV for MAC. This time it’s massive”
Teamwork: How the ZitMo Trojan Bypasses Online Banking Security
AppId is over the quota
Mobile transaction authorization numbers (mTAN) used to be one of the most reliable online banking protection mechanisms. However, with the emergence of a ZeuS Trojan for smartphones – ZeuS-in-the-Mobile, or ZitMo – mTANs can no longer guarantee that valuable user data will not fall into the hands of cybercriminals.
First detected in late September 2010, ZitMo is designed to steal mTAN codes sent by banks in text messages and remains one of the most interesting examples of malware for mobile phones. “First of all, it is cross-platform in nature: we detected versions for Symbian, Windows Mobile, BlackBerry and Android,” explains Denis Maslennikov, Senior Malware Analyst at Kaspersky Lab. “It is a Trojan with a very narrow specialization: its main aim is to forward incoming text messages with mTAN codes to malicious users (or a server, in cases involving ZitMo for Android) so that the latter can execute financial transactions using hacked bank accounts. But perhaps its most distinctive feature is its ‘partnership’ with the classic PC-based ZeuS Trojan. Without the latter, ZitMo is merely spyware capable of forwarding text messages. The ‘teamwork’ between the two components enables cybercriminals to successfully bypass mTAN security measures used in online banking.”
The attacks are generally orchestrated as follows:
- Cyber criminals use the PC-based ZeuS to steal the data needed to access online banking accounts and client mobile phone numbers.
- The victim’s mobile phone (see point 1) receives a text message with a request to install an updated security certificate, or some other necessary software. However, the link in the text message will actually lead to the mobile version of ZeuS.
- If the victim installs the software and infects his phone, then the malicious user can then use the stolen personal data and attempt to make cash transactions from the user’s account, but will need an mTAN code to authenticate the transaction.
- The bank sends out a text message with the mTAN code to the client’s mobile phone.
- ZitMo forwards the text message with the mTAN code to the malicious user’s phone.
- The malicious user is then able to use the mTAN code to authenticate the transaction.
Attacks involving ZitMo or malicious programs with similar functionality that are designed to steal mTAN codes or other confidential information will no doubt continue in the future. Therefore users of smartphones should remember some important rules of mobile security: always review the permissions that an application requests at install time; do not root or otherwise 'Jailbreak' your phone; avoid side loading (installing from non-official sources) when you can. If you do install Android software from a source other than the Market, be sure that it is coming from a reputable source. Don’t click the URLs you receive in spam SMS. Run a reputable antivirus on your phone, and keep it up to date. Install any and all security patches as soon as they are available.
For more details on the ZitMo Trojan and how it functions on different mobile platforms, see Denis Maslennikov’s article ‘ZeuS-in-the-Mobile – Facts and Theories’ at: www.securelist.com.
“Advanced+” for Kaspersky Anti-Virus 2012 in AV-Comparatives’ On-Demand Malware Test
AppId is over the quota
Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that its product Kaspersky Anti-Virus 2012 has been awarded the “Advanced+” grade – the highest possible – in On-Demand testing for malicious software detection and false alarms conducted by respected independent anti-virus testing laboratory AV-Comparatives.
The on-demand testing – a classic AV evaluation method – was conducted on 20 well-known, up-to-date anti-virus products of different manufacturers in August 2012, and the final results were published on September 27. Approximately 200,000 recent, prevalent malware samples were used in the testing, and Kaspersky Anti-Virus 2012 successfully detected 98.3% of them; some of the other products tested detected around just 85%; the average score was 96.2%.
The 20 AV products were also tested for the number of false positives they showed up - that is, how many out of hundreds of thousands of clean files were falsely indicated as malicious. Kaspersky Anti-Virus 2012 returned just one false positive, which is another superb result - especially when one considers that the highest grade in this test is named “Few” [false positives] and a product can achieve this best-of-the-breed status with even as many as 15 false positives. Some other tested products in the testing gave results in the 50s - firmly in the “Many” category. Besides, it should be noted that the single false positive that Kaspersky Anti-Virus 2012 did show up is hardly ever found in real-world situations. Nevertheless, it was immediately fixed.
Nikita Shvetsov, Director of Anti-Malware Research of Kaspersky Lab, said: “We are glad to see that AV-Comparatives is working on increasing the quality of the test collection, and we think that the 200 000 files used in the latest test represent accurately the situation with real-life prevalent malware today. However, an On-Demand test doesn’t show up all the capabilities of a product, since it only tests a limited number of AV technologies. Therefore, for a full-fledged comparison, we would recommend also looking up Whole Product Dynamic tests and Proactive tests, which are also regularly conducted by AV-Comparatives and other reputable testing labs.”
More detailed information on the results of the testing can be found at:
http://www.av-comparatives.org/images/stories/test/fp/avc_fp_aug2011.pdf
Quote of the week: Security and privacy issues of iCloud servers
AppId is over the quota
Costin G. Raiu, Director of the Global Research and Analysis Team of Kaspersky Lab:
“With Apple releasing iCloud for developers, the battle for domination in the market of cloud-centric OSes is finally breaking out. The real key point here is of course iOS5 – the new Apple operating system that will take full advantage of clouds. This indicates that Apple is moving in exactly the same direction as Google and Microsoft by designing and planning to deploy an operating system that is fully integrated with the cloud. This is further confirmed by Steve Jobs' statement regarding Apple’s long-held interest in the creation of an operating system that doesn't rely on local file system storage.
Interestingly, Apple has chosen a different path from Google here: while Google – with ChromeOS – is trying to push users into using their cloud storage, iCloud is presented as an added feature, which can be purchased separately from the hardware.
So, what does this mean from a security point of view? Basically, we are talking about the same class of risks as ChromeOS – all your digital content might be available to anyone who knows your password. I believe it's completely reckless nowadays to provide such a service without two factor authentication, which makes it prone to basic data theft techniques.
Of course, even if security is indeed improved through multi-factor authentication methods, we are still faced with the issue that all the data is available on the cloud, in one place. Just as Sony recently learned, the cloud is not always impenetrable - on the contrary, its fundamental nature makes it an interesting target for cybercriminals, and no doubt it will continue to be a focus for them.
In a hypothetical case when both the cloud and client devices are 99.99% secure, we still have another vulnerable layer - the network which will communicate, send, receive and authenticate customers. From this point of view we may face a new growth of attacks on the network layer – when user information can be intercepted, faked, denied and distorted. Therefore, we might see new and more sophisticated attacks on the network layer side”.
Kaspersky Lab’s New Endpoint Protection Solution Makes Businesses Ready for the Next Cyber Threat
AppId is over the quota
Kaspersky Lab announces the release of Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center. The new endpoint protection solution and comprehensive management console are designed to keep businesses ahead of emerging threats with intelligent security solutions from the leading anti-malware experts at Kaspersky Lab.
“With this new release we deliver a comprehensive Endpoint Protection Platform that consists of seamlessly integrated security modules. We have merged real-time, cloud-assisted protection with intelligent proactive endpoint protection, and have created a compelling security center that will help companies of all sizes protect themselves against emerging IT threats, including targeted attacks, and thus improve their productivity,” said Petr Merkulov, Chief Product Officer of Kaspersky Lab.
Deep anti-malware protection, based on Kaspersky Lab’s strong expertise and balanced global footprint, is supplemented with a broad set of IT security features, including Application Control, Web Filtering, and Device Control. Kaspersky Endpoint Security 8 for Windows integrates with a cloud-based security intelligence system, which provides real-time updates for new and unknown threats and support for application whitelisting.
The efficiency of Kaspersky Endpoint Security 8 for Windows has been proven in the first independent testing, conducted by AV-Test.org, the reputable German independent research center. A total of seven corporate security solutions from different vendors were evaluated in the testing, and Kaspersky Endpoint Security 8 for Windows was awarded the highest number of points. Specifically, Kaspersky Lab’s corporate solution successfully detected 100% of widespread malware samples, blocked all zero-day malware attacks, and returned the best result in the detection and removal of active malware from an infected machine. Detailed results of Kaspersky Endpoint Security 8 for Windows in the independent testing can be found at AV-Test.org.
Kaspersky Endpoint Security 8 for Windows is managed by a newly designed Kaspersky Security Center, which succeeds the Kaspersky Administration Kit. This new management console presents many new features for comprehensive control and manageability, supports physical as well as virtual environments, and is scalable to fit the needs growing businesses.
Common Threats in the Corporate Environment
According to a recent Kaspersky Lab survey, in the past 12 months at least one IT Security incident was experienced by 91% of the companies surveyed. Almost a third of company representatives questioned admitted that they had incurred sensitive data loss as a result of malware infection.
Though malware attacks are the most common type of business security threat, only 70% of the companies surveyed have fully implemented anti-malware protection; 3% have no anti-malware protection at all.
The list of the most immediate current threats also includes potentially dangerous software vulnerabilities, network attacks (including targeted and DDos attacks), phishing, and spam. Large companies in developing markets are those most frequently targeted by cyber criminals.
Besides protection from malware, most companies also actively use client firewalls as well as tools for vulnerability checks and updating software. But for protection of corporate infrastructure to be fully effective a security policy covering all endpoint devices needs to be enforced too. Control over programs used, network activity, and external devices can reduce the risk of unauthorized access to sensitive data and thus prevent possible financial losses.
Further reading: the whitepaper on Typical IT Security Mistakes in the Corporate Environment.
Key Features
The new versions of Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center provide intelligent protection by seamlessly harnessing new and improved features. The most notable among them are:
- Enhanced Protection: The new anti-virus engine incorporates improved pattern-based signature technology, which offers efficient malware detection with smaller update sizes. The System Watcher module constantly monitors program activities and can undo damage caused by malicious programs.
- Integration with the cloud: Kaspersky Endpoint Security 8 for Windows integrates with the Kaspersky Security Network, a cloud-based threat intelligence database that gathers and exchanges file, URL reputation and malware information in near real-time. Kaspersky Lab’s products and technologies protect more than 300 million users spread relatively evenly over five continents. This provides a balanced global footprint of “sensors” as well as knowledge of region-specific threats, and allows Kaspersky Lab to provide rapid and highly effective protection for businesses.
For more details read the Kaspersky Security Network whitepaper.
- Application Control and Whitelisting strengthen companies’ security stance against targeted attacks by enabling IT administrators to set policies to:
- allow or block certain applications (or application categories) using Application Startup Control;
- monitor and restrict certain applications’ activities using Application Privilege Control; and
- monitor and prioritize application vulnerabilities using the Application Vulnerability Monitor. This provides IT administrators with centralized reports about the most critical vulnerabilities of installed software and informs about possible risks.
For more details read the Application Control and Whitelisting whitepaper.
- Endpoint Control: In addition to Application Control, this new solution provides effective tools for device control and web filtering, and enforces corporate security policies in order to reduce the attack surface. Device Control allows companies to create flexible and granular policies to manage device access privileges as per bus, device type, or individual device serial number. Web Filtering allows blocking of malicious websites and undesirable web content. Together with protection from web-based threats, Web Filtering ensures highly secure Internet access - especially important for remote or roaming workers.
For more details read the Endpoint Control whitepaper.
- Intelligent Personal Firewall and Intrusion Detection System for enhanced protection from network attacks, regardless of connection type or location.
- Manageability, scalability and virtualization support: Kaspersky Security Center is a centralized security management system that can create actionable reports on all aspects of IT security. This new management solution is fully scalable and supports virtualization technologies within the Security Center administration structure.
- Manageability: Kaspersky Security Center is a central management and deployment console for Kaspersky Lab’s endpoint security solutions. It can use pre-defined policies and settings to provide immediate out-of-the-box protection, or be fine-tuned to allow for more precise and specific safeguards.
- Virtualization support with scalability: Kaspersky Security Center is fully scalable and optimized to be used in virtualized environments, and supports VMware’s virtual machine management. Installation and maintenance of relevant Kaspersky Lab solutions on non-persistent virtual machines is also possible. There is also an option to create a two-level administration server hierarchy on a single physical server in order to reduce operating costs and set up an easily scalable security management system. This feature requires no third party virtualization tools.
For more details read the Virtualization Enhancements whitepaper.
Quotations
Eugene Kaspersky, Chief Executive Officer and co-founder, Kaspersky Lab
“Kaspersky Endpoint Security 8 for Windows is a key addition to our comprehensive security suite, which helps businesses to be ready for the next challenge in IT security. It combines efficient anti-malware protection with a broadened feature set, designed to build stronger corporate security policy and control the attack surface. Our new products offer near real-time hybrid protection by tightly integrating signature-based, proactive, and cloud-assisted detection technologies.”
Nikolay Grebennikov, Chief Technology Officer, Kaspersky Lab
“One of the major benefits of Kaspersky Endpoint Security 8 for Windows is comprehensive Application Control and Whitelisting functionality. It is backed by the cloud-based Kaspersky Security Network with a superior categorized database of legitimate applications. It also offers a flexible and efficient Default Deny scenario, under which the startup of all applications on endpoint PCs is blocked, except for those listed in the cloud-assisted and local Whitelisting databases. Unlike the widespread Default Allow mode, this method radically enhances corporate IT security, saves IT resources and at the same time is convenient for employees.”
Pricing and availability
Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center are included in Kaspersky Open Space Security, a corporate IT security platform developed by Kaspersky Lab. Please contact a Kaspersky Lab representative to check the products’ availability and prices.
About Kaspersky Lab
Kaspersky Lab is the world's largest privately-held Internet Security company, providing comprehensive protection against all forms of IT threats such as viruses, spyware, hackers and spam. The company's products provide in-depth computer defense for more than 300 million systems around the globe, including home and mobile users, small and medium sized businesses and large enterprises. Kaspersky technology is also incorporated inside the products and services of nearly 100 industry-leading IT, networking, communications and applications solution vendors. Learn more.
Kaspersky Lab, Kyrus Tech and Microsoft Disable the Hlux/Kelihos Botnet
AppId is over the quota
In their ongoing assault against botnet operators and the hosting companies that allow anonymous domain registrations which facilitate them, Kaspersky Lab, Microsoft and Kyrus Tech have successfully worked together to take out the Kelihos botnet, originally named Hlux by Kaspersky Lab. Kelihos was used for delivering billions of spam messages, stealing personal data, performing DDoS attacks and many other criminal activities, via an estimated 40,000 computers. Microsoft has also taken legal action against 24 individuals in connection with the infrastructure behind the botnet in a civil case that enabled the takedown of the domains being used to command and control the botnet. Microsoft’s legal action included declarations submitted to court to which contributions were made by Kaspersky Lab, and also a direct declaration from Kyrus Tech providing detailed information and evidence regarding the Kelihos botnet.
Kaspersky Lab has played a pivotal role in taking down the botnet, tracking it since the beginning of 2011, when it started collaborating with Microsoft in tackling Kelihos, including sharing its live botnet tracking system with the US company. Kaspersky Lab has also taken care that the botnet cannot be controlled anymore, and continues to make sure that this is the case. Its specialists reversed-engineered the code used in the bot, cracked the communication protocol, discovered the weaknesses in the peer-to-peer infrastructure, and developed the corresponding tools to counteract it. What’s more, since the offending domains used in the botnet have gone offline via court orders Microsoft had secured, Kaspersky Lab has been “sinkholing” the botnet - where one of its computers has gotten inside the botnet’s complex internal communications to bring it under its control.
Acknowledging Kaspersky Lab’s active involvement in taking down the botnet, Richard Boscovich, senior attorney with the Microsoft Digital Crimes Unit, said: "Kaspersky Lab played a key role in this operation by providing us with unique and in-depth insight based upon their technical analysis and understanding of the Kelihos botnet. This contributed to both a successful takedown and as evidence for declarations made about the analysis and structure of the botnet. We are grateful for their support in this matter and their determination to make the Internet safer."
Speaking of the continuing role Kaspersky Lab is playing in controlling Kelihos, Tillmann Werner, senior malware analyst of Kaspersky Lab Germany, said: “Since Kaspersky Lab’s sinkholing operation began on September 26, the botnet has been inoperable. And since the bots are communicating with our machine now, data mining can be conducted to track infections per country, for example. So far, Kaspersky Lab has counted 61,463 infected IP addresses, and is working with the respective ISPs to inform the network owners about the infections.”
Kelihos is a peer-to-peer botnet. It consists of layers of different kinds of nodes: controllers, routers and workers. Controllers are machines presumably operated by the gang behind the botnet. They distribute commands to the bots and supervise the peer-to-peer network's dynamic structure. Routers are infected machines with public IP addresses. They run the bot for sending out spam, collecting email addresses, sniffing out user credentials from the network stream, etc.
Microsoft has announced that its Malware Protection Center has added detection for the Kelihos malware to its Malicious Software Removal Tool. Since this tool is well-distributed the number of infections that have already been cleaned up is significant.
Cooperation between Kaspersky Lab and Microsoft has been ongoing now for some time. Notable recent collaboration includes that on the infamous Stuxnet worm, which hacked industrial control systems like those used in Iran’s nuclear programs.
Kaspersky Lab would like to thank SURFnet for its support in the operation, and especially for providing the perfect infrastructure to run the sinkhole.
Spam Without Borders
AppId is over the quota
There are almost no spam-free zones left in the world today. For many years, spammers have fought hard for areas of the world from which they could launch spam attacks, constantly trying to maintain their conquered territories while annexing new ones. Meanwhile law-enforcement agencies, anti-spam vendors and other interested parties are doing their best to combat the ‘invasion’.
Statistics show that unlike 2010, in 2011 the share of spam distributed from different regions stopped fluctuating from month to month. No longer is half the world’s spam coming from just three countries. The zombie machines used to spread spam emails are now distributed fairly evenly throughout the world, signalling the end of the spammers’ geographical expansion. Infected computers sending spam are now found as far afield as South Africa and on remote Pacific islands.
This shift in the geographical spread of spam sources is primarily down to progress on the legal front, and the growing global reach of the Internet as well as the closure of botnets and affiliate programs. Almost nowhere has escaped the interests of the bot-masters: strong legislation in the developed world is offset by fast and widespread Internet connectivity, while developing nations are catching up in terms of computer access but still have weak anti-spam legislation and low levels of IT security.
“According to Kaspersky Lab, in the near future the BRICS and other rapidly developing countries will top the rating of the most prolific sources of spam because they are of particular interest to the spammers from the ‘legislation/IT protection/number of users/bandwidth’ point of view. We also expect the amount of spam originating from the US to grow, although it will not reach its previous level. Widely available Internet connectivity and a large number of users attract botnet owners in spite of the raft of anti-spam legislation adopted in the country and the high level of IT protection in use,” comments Darya Gudkova, Head of Content Analysis & Research.
More information about the migration of spam sources and the reasons behind it as well as a brief history of the spam industry’s key milestones are available in the article ‘Planet of the Spammers’ by Darya Gudkova at: www.securelist.com.
Kaspersky Lab’s Newest Corporate Security Solution Takes First Place in Independent Testing by Leading IT Security Institute
AppId is over the quota
Kaspersky Endpoint Security 8 for Windows, Kaspersky Lab’s recently unveiled corporate security solution, has received the highest marks in its first independent testing, conducted by leading IT security institute AV-Test.org, one of the most reputable independent security testing labs in the world. The “business product full testing” was conducted in July and August of 2011, during which the beta version of Kaspersky Endpoint Security 8 for Windows was evaluated along with six other vendors’ endpoint security products. All products were awarded the “approved” rating, but the solution from Kaspersky Lab outscored the competition on points, thanks to its outstanding performance on detection and removal of malicious software, in addition to overall usability.
The testing by AV-Test.org evaluated the efficiency of business products in various situations, including protection against zero-day malware attacks, detection of malicious objects, and the revealing and removal of malware from an already infected machine. Other factors taken into consideration were the performance of the product (judging by the slowdown of the computer in everyday use) and false detections and warnings regarding legitimate programs. As a result, Kaspersky Lab’s most recent corporate solution received the highest score of 16 out of 18 points - much higher than the average result (12.8 points). The nearest competitor was outperformed by Kaspersky Endpoint Security 8 for Windows in the removal of malware testing, overall performance, and the number of “false positives” (there were no false positive detections for Kaspersky Lab’s solution).
Specific achievements in the testing of Kaspersky Endpoint Security 8 for Windows include a 100% result in “real-world” testing, in which the level of protection against zero-day malware attacks and web and e-mail threats was evaluated. In the static testing the solution from Kaspersky Lab detected 99% of more than 230,000 malware samples. Another 100% result was achieved in detection of widespread malware (of which 5000 samples were used). High effectiveness was also shown in the removal of malicious software, in which 95% of actively running malicious programs were detected and 85% of them removed (compared to the average of 74%).
Nikolay Grebennikov, Chief Technology Officer of Kaspersky Lab, commented: “Kaspersky Endpoint Security 8 for Windows is a tremendous achievement for Kaspersky Lab’s research and development team, and provides a number of major benefits for our corporate clients. One of them is an unparalleled level of security, which was confirmed by the 100% detection rate of zero-day malware attacks and widespread malware. With our new corporate solution businesses are able to improve their IT security even further, utilizing flexible Whitelisting and Application Control features, and support for the cloud-based Kaspersky Security Network.”
Nikita Shvetsov, Director of Anti-Malware Research of Kaspersky Lab, said: “A recent survey conducted by Kaspersky Lab indicates that IT security is one of the top priorities for businesses, especially when it comes to protection from malware. Kaspersky Endpoint Security 8 for Windows provides the deepest level of protection thanks to the fully revised anti-virus engine, cloud-based security system, and other enhancements. We are pleased that the first independent testing revealed the full potential of our new corporate solution, which earned top marks for detection and removal of malicious objects, as well as performance and usability, with zero false positive detections of legitimate software.”
Detailed information on the results of Kaspersky Endpoint Security 8 for Windows in AV-Test.org’s testing can be found at: http://www.av-test.org
Kaspersky Lab Granted Two US Patents for Remote Administration of Computer Networks
AppId is over the quota
Kaspersky Lab, one of the leading developers of secure content and threat management solutions, announces that it has been granted two new patents in the USA – Nos. 8024449 and 8024450 – which both disclose a system and method for remote administration of a computer network. The applications were filed earlier this year, and the patents were both granted on September 20, 2011.
The first patent relates to technology used for the remote administration of a computer network through a local administration proxy. This is needed when the “software as a service” (SaaS) business model is applied - where a supplier develops a web application and administers it independently via its own server, providing the customer with online access to the software. Problems with this model can arise as some computers may not be connected to the Internet, or be located in a closed network inaccessible to the remote server. Accordingly there is a need to improve techniques for remote administration of a computer network. And this is where Kaspersky Lab’s newly patented technology comes in.
The patent covers systems, methods and computer program products for remote administration of a computer network. It does this by deploying administration agents to the computers on a network to gather information about the hardware and software configuration of each PC. Then on the basis of the collected information the performance rating for each variable of each PC is determined, and the computer with highest rating is selected to act as the local administration proxy for the network. The server then transmits control signals to this local administration proxy that instruct the agents deployed on the computers on the network to perform administrative tasks.
The second patent discloses technology intended for use in large distributed networks having a complex network topology, where personal computers cannot always be administered directly (for example, those allocated in a DMZ). The technology involves installation of special agents on all PCs on a network for collecting information, according to which the most suitable nodes are determined for delegating the necessary administrative tasks from the central server to all the computers on the network. Choosing such a node for the delegation of tasks may be based on a number of parameters, such as the location of the computer in the network topology, its availability, and so on.
The invention enables organizing apportioned interaction between the administration server and endpoints so the latter can carry out administrative operations. This helps in the administration of a large corporate network, which today may incorporate printers, scanners, fax machines, and mobile communication devices. Failures in network management may result in network security breaches, computer malfunctions, and other problems that can negatively affect productivity of employees and cost thousands of dollars in lost profits and repair costs. The current invention makes it possible to better organize interaction between the administration server and computers in the network for accomplishing all types of necessary administrative tasks for more reliability.
At present Kaspersky Lab technologies are protected by 43 Russian and 34 US patents, and has a further 32 and 47 patent applications in the two countries, respectively. Another 42 patent applications covering innovational technologies in the information security field are currently being examined by the Chinese and European patent offices.
