Online Security

Cookies are text information which is saved on users’ computers on demand of web server. This information is transmitted back during next site visit. Main functions of this technology are

1. session organization for online shops, forums and other interactive systems. In that case cookies contain unique user ID.
2. different user’s parameter keeping.
3. user’s identification in such systems as rating systems, counters, banner advertising systems, online polls and etc.

For the last time cookies technology attract a lot of attention of infroamtion security experts. The main reason is that cookies can contain private infroamtion and can be stolen by means of spy applications.
Here is some ways to steel this information

1. Сross Site Sсriрting This method is based on including trojan code in legitimate web page. This script transmits cookie to fraudster.
2. Web browser vulnerability
3. Trojan applications using. This application amylases cookies and transmits information to malefactor
5. Using of public computers (for example in libraries). A lot of users don’t care about deleting cookies after using such computers.
6. Cookies interception by means of network traffic analysis tools.

To reduce cookies theft threat you have to apply these browsers settings

Internet Explorer

Medium position of this switch means that your browser blocks some cookies (counters, ratings). Maximum position means that your IE blocks all incoming and outgoing cookies. Due to “Sites” button you can specify exclusions.

There is also “Advanced” button. Here you can stop automatic cookie handling and specify browser activity for first-party cookies and exterior ones. It is also recommended to allow switch on session cookies – they are stored only for a session time.

Mozilla FireFox

The settings for FireFox are little bit differ. You can allow or disallow cookies. You can allow receiving of cookies only from that site you are browsing (it analogue of exterior cookies blocking system of IE). Besides you can set expire date. That means that after customized duration all information will be automatically deleted. There is special option which deletes cookies files after FireFox window closing. By the way FireFox supports special hotkeys combination which helps you to delete all private information in a matter of seconds. It is Ctrl+Shift+Del.

Online virus and spyware scanners are applications which are downloaded only for one session. That means that after system checking they delete themselves). Usually such applications don’t need installation and don’t need a lot of free hard disk space. Frankly speaking online antivirus scanners are not assured way to protect your computer from online and virus thread. Nevertheless they can be useful. It is obvious that virus and security scanners are different. Not only user interface are different but also scanning method. This fact means that one antivirus application is able to find harmful application which can’t be detected by other antivirus applications. So if you have antivirus software of one producer it can be useful to check you system using other one. Here are some online security scanners:

Kaspersky Online Virus Scanner
It is rather interesting application because it is able not only to scan your computer for harmful applications but also to test security level in full. It shows you vulnerabilities of you systems and gives advices to fix them. If you are not very experienced user this application is for you.

Panda ActiveScan
It disinfects you computer for viruses, worms and Trojans. After pressing button you have to download 8 Mb file. Supports Panda TruPrevent scanner technology.

F-Secure Online Virus Scanner
This free service is used to find out if your computer is infected, and disinfect your computer if needed. It will automatically download the necessary components and virus databases. The size of the downloaded package is about 30 Mb.

Symantec Security Check
The main advantage of this application is simple interface. It runs rather slowly but reports you about vulnerabilities of you system.

Here is description of the most widespread kinds of trojan applications.

Mail Senders
This is the most widespread group. The most of them send passwords to their owners. Here are some examples: Trojan-PSW.Win32.QQPass.du (Chinese trojan, steals Windows passwords), Bandra.BOK (it is downloaded during visit of specific site and steals passwords of bank account), Bancos.LU (saves passwords as temporary files and sends them to remote owner), Banker.XP (collects personal information, passwords, accounts and sends them to customized address).

Remote control applications
Such applications usually have opportunities of mail senders in combination with functions of remote computer control. Trojans of this type wait for connection on the client side and send commands to server. Examples: Backdor.Win32.Whisper.a – is a trojan which gives an opportunity to control remote computer. Famous Back Office which was created by Cult of Dead Cow hackers group. This application gives an opportunity to control remote computer, to access all hard drives, to get online picture of screen, to hear and to look after user by means of microphone and web camera.

Dialers
This kind of applications is not widespread today because of spreading of more present day technology but it is still dangerous. Such application can cause financial expenditure. Dealers change provider’s phone number and make a call to exotic countries. Examples: Trojan- PSW.Win32.DUT, Trojan-PSW.Win32.Delf.gj, not-a-virus:PSWTool.Win32.DialUpPaper, not-a-virus:PornWare.Dialer.RTSMini.

Keyloggers
This kind of applications also includes functions of mail senders. They are able to track keystrokes and send this information to malevolent user. Examples: Backdoor.Win32.Assasin.20, Backdoor.Win32.Assasin.20.n, Backdoor.Win32.BadBoy, Backdoor.Win32.Bancodor.d (keylogger.trojan).

DDos emulators (Distributed Denial of Service)
It is very interesting type of trojan applications. Server side application is waiting for a signal and after getting it begins working as nuker (such applications send gust of data packages to customized IP)

Downloaders
This trojans download files from global network without user’s knowledge. This files can be either adult pages or harmful software. Example: Trojan-Downloader.Win32.Agent.fk (It creates %Program Files%\Archive folder and copies itself to it)

Droppers
The aim of such applications is concealed installation of other trojans. Example: Trojan-Dropper.Win32.Agent.vw.

A lot of users believe that trojans are the same as viruses. It isn’t true. In contrast to them trojans don’t break operating system and format hard drives. They seem to be peaceful. But it also isn’t true. The sphere of their interests is private information theft. Trojan application usually consists of client application and server. Server part is usually situated on the user computer and client application on the side of owner who created or modified this trojan. The connection between this two parts is realized through some open port. Usually they use TCP/IP protocol but some of them also use ICMP, UDP and other. Trojans are mask and often look like harmless files with such extensions as GIF, HTM and etc. There are some kinds of trojans:

Spy applications (example: Mail Sender)
Remote control applications (example: BackDoor)
Keyloggers
DDos attack emulators
Dialers
Downloaders
Proxy servers
Destructive trojan applications (example: FlashKiller)

In the near future we will describe them in detail.

Computer can not be infected by viruses if user doesn’t open any files or emails.
Some years ago it was true. But today some viruses use more than one method of attack. They find the joint in the armour of different software such as Windows and Internet Explorer. Such viruses find new victims in the global network on their own.

To protect your computer the only thing you need is to install antivirus software.
To detect new viruses your antivirus software has to have their signatures. So you need to update it routinely. But this fact doesn’t guarantee perfect security. To reduce threat you have to install firewall and special software to detect spy applications.

Emails from well known addressee are safe.
It is not truth! The most of email viruses use address books of their victims.

I don’t keep my private information on my computer so it isn’t of interest of spy applications.
The most of spy applications collect not only private information (such as passwords and credit card numbers) but information about users’ actions. All sites you visit and all clicks are registered. This information can be used for different purposes for example context ads. Such applications use system sources and slow down computer performance.

Even the most advanced scanners don’t guarantee that your computer is protected from spy applications so many computers are infected. Such situation can cause troublesome consequences. But some of these applications can be removed without assistance antivirus software.

Here is the list of widespread spy applications which have to be deleted. Some of them have even setup application and can be removed by means Add and Remove Programs menu of Control Panel. From example you detected mwsoemon.exe in the list of current processes. So you can find smth like MyWebSearch Toolbar in the list of installed software and use uninstall button. If there is no such application in this list you can use special software like HijackThis!

This is the list of some spy applications and corresponding processes.

Closing of one of these processes can cause Windows shout down or system instability.

System Idle Process
explorer.exe
taskmgr.exe
spoolsv.exe
lsass.exe
csrss.exe
smss.exe
winlogon.exe
svchost.exe – usually more than one
services.exe

If you stopped any other process Windows would work properly.