What not to click ?–Clicking & Phishing
Unless you are a Command Prompt guru, you normally will use the computer by clicking “things” on the desktop, so you have all the chances to get infected clicking “bad things” on the Web. The experts from the security vendor Avast, estimate that 85% from the computer infections are the results of using inadequate the Internet and clicking neglectful the links. The Social Networking sites as Facebook, Twitter, MySpace are the preffered targets of hackers, due to the high volume traffic they receive. It is well known the attacks using sexy video or naked photo links, the users attention beeing disturbed by the temptingly content. The rules for preventing computer …
Are the sensitive data permanently deleted ?
All of us know that every time when we are deleting a file or folder under Microsoft Windows, they are moved in the Recycle Bin folder giving us the chance to restore at a later date the deleted files form there. But after emptying the Recycle Bin ? Well, the files and folders can be restored after that as well, but the procedure is a bit more complicated, must be used some software to recover deleted data, as WinUtilities Free Undelete 3.1 (free) , R-Undelete File Recovery Software 3.5 , Undelete It! 3.17 or other software, there are a plenty on the Internet. The recovery procedure is based on the …
The hashes, shortest way to verify suspected files
Without doubt, scanning files with multi-engine online scanners like virustotal.com gives us the most accurate results about the possibility for a file to be infected because this kind of service will scan the file not with only one AntiVirus, but with more than 40 AntiVirus engines and is one of the best way to assure our computer will not be infected with malware, always the prevention is better than cure. The only problem with such services is the necessary time to upload the file which require some time, especially when their service is overloaded. A quick solution to this is to install a small program called HashTab 3.0 , a …
Malicious code, types and trends–part 2
Trojans These days, we can see a dramatic upsurge computers infections with trojans, they are the preffered tools for hackers. As in the old legend with the Trojan Horse, this type of malware masquerades as a useful program or is hidden(binded) in a useful program, tricking the user to execute it, “as it is” or together with the program that carry it. A Trojan horse neither replicates nor copies itself, but the damages it brings to the computer are huge. Once installed in a system, it gives to the hacker the ability to download or upload and execute other malware in the compromised system, or ability to steal passwords, other …
Malicious code, types and trends–part 1
– Computer viruses are parasitic programs which are able to replicate themselves, attach themselves to other executables in the computer, and perform some unwanted and often malicious actions. A virus is not able to spread itself to another computers, some user actions are needed for it to infect a new computer. Downloading and running software from untrusted sources, inserting an USB drive without a previous scan–remember always disable the AutoRun feature for the drives as CD-ROMs, DVD-ROMs– , downloading and running emails or IM attachments even from known persons, can put you in the nasty situation to have an infected computer. Always when you deal with these situations and to …
A new attack method–Kernel HOok Bypassing Engine ?
Almost all of the AntiViruses uses for their operations kernel mode drivers, more specifically modify the SSDTs. SSDT stands for System Service Descriptor Table and contain addresses of routines (known as system services) that user mode code can invoke indirectly as a result of the special system call instruction. Controlling the SSDTs, results in controlling every transition from User Mode to Kernel Mode, and this is why they are preffered by AntiViruses for real time protection or self-defense operations . By modifying the adresses stored in the tables to point to their own routines called “hook functions” , the AntiViruses are able to perform various checks on calls made by …
Simple check of a suspicious file
A friend of mine send me a RAR archive containing an executable and a “crack’, telling me his antivirus gives him an alert when he tried to run the “crack”. He downloaded the file from a link posted on a blog, the file was hosted on a file sharing site and the question was if the antivirus alert is because of the name “crack” so if it’s a “false positive”. For who does not know, a “crack” is a small executable which is able to modify an applications executable to act like a registered (licensed) program and a “false positive” is a false virus alert of the antivirus. I’ve used …
