anti-worm-software.com

Conficker Worm Alert!

2009-02-01T10:49:00.001+01:00

The Conficker Worm has shocked PC security experts. Over nine million computers are supposed to be already infected. One million new computers are being added to this every day. The solution to the problem: The free program a-squared Free 4.0 checks whether Conficker is already present on the computer. In the worst case, the free program immediately removes the security risk.

a-squared Free 4.0 removes the Conficker Worm free of charge!

Salzburg, January 2009 - With a-squared Free 4.0, Emsi Software offers a free security solution for private users. In addition to their own Malware engine, this program uses another search engine from the virus experts Ikarus in parallel, thus offering double the level of security. This means that the program is currently capable of detecting and eliminating almost 2.6 million types of damaging software.

The latest computer news shows the importance of comprehensive protection for your computer. The Conficker Worm (also known as Downadup or Kido) is currently doing the rounds in the PC scene and is supposed to have already infected over nine million computers. The worm exploits a number of known security holes to gain access to computers. The concrete damage caused by Conficker is not currently known, but it is built in a modular fashion enabling it to subsequently load other programs from the Internet. This makes it capable of loading functions for mass attacks and sending Spam.

Christian Mairoll, CEO from Emsi Software says: "The worm spreads so quickly because it takes advantage of several weak spots at the same time. It uses a security hole relating to the Windows RCP service, which was already patched in November 2008, to send itself over the Internet. Once it has access to a network then it attempts to spread itself locally. To do this, a number of standard passwords are tested in an attempt to gain access to other computers in the LAN. It also copies itself via network shares and waits for a user to start, thus installing itself on the PC. In this way it is capable of penetrating and infecting networks that are well secured from outside attacks. An infected USB stick only needs to be briefly plugged into one computer in order to completely bypass all the external safety measures of a network (Firewall, Gateway, Scanner etc.) and infect the entire LAN."

a-squared Free 4.0: Locate and destroy the Conficker Worm

Online media sources already contain many step-by-step instructions on how to protect your computer. A much easier solution is to use the free software a-squared Free 4.0. It recognizes a Conficker infection in your system and can effectively eliminate it. These days this is certainly the most important issue for users who are shaken by the latest news.

Christian Mairoll says: "Conficker is especially prevalent in company networks. Those who wish to avoid an infection in advance must install the Windows security update described in Microsoft Bulletin No MS08-067. The automatic Windows update takes care of this, so systems that are not constantly updated have the greatest risk of infection. However, a patched system provides no protection from infection by USB stick. In this case we recommend our program a-squared Anti-Malware 4 that monitors the system via a background guard and immediately raises an alarm when Conficker is loaded into the system, by whatever means."

a-squared Free 4.0 (45 MB) is available free of charge for private users. The program runs under Windows XP, 2003/2008 Server and Vista. It no longer runs under Windows 98, ME and 2000. Its big brother a-squared Malware 4.0 which provides permanent malware protection costs US $39.95 per year.

Homepage Emsi Software: http://www.emsisoft.com/
a-squared Free 4.0: http://www.emsisoft.com/en/software/free/
a-squared Anti-Malware 4.0: http://www.emsisoft.com/en/software/antimalware/

About Emsi Software

Emsi Software is a private company based in Austria. The rapidly growing company is a leading European supplier of behavioral analysis technology for analysis of software, especially Malware.
The company was founded in 2003 by Christian Mairoll, realizing his vision of a virtual company: The 15 company employees are distributed all over the world but work together as if they are sitting together in a real office. The Emsi Software product range comprises the security programs a-squared Anti-Malware, a-squared Free, a-squared HiJackFree, a-squared Anti-Dialer and, since the end of 2007, Mamutu.

Botnets – the dark side of the Internet

2008-05-04T10:53:00.001+02:00

If your PC seems to have developed a mind of its own, and your Internet connection is often overloaded for no apparent reason, then you have probably caught a special type of Trojan. Inventive Malware programmers often control hundreds, and sometimes thousands, of computers with their software pests. These are known as Botnets and this article explains what exactly these are, what risks they present, and how you can protect yourself from them.

The tem "Trojan" from Greek mythology represents the same principle in the computer world as the large wooden horse in the mythological story. In this case we are not describing soldiers who want to overcome unscalable walls but rather Malware that wants to hide within the operating system of your computer. In Troy, the residents could not resist the temptation and pulled the wooden horse into the city. The software equivalent also pretends to have a different purpose, in order to convince you to run a program. The temptation is often in the form of pornographic content, illegally copied software, or a dubious email attachment. However, supposed naked pictures of female pop stars can often conceal a Trojan that can take control of your computer after being run only once.

There are basically two types of Trojan. While previous infections usually only affected single computers, increasing numbers of increasingly fast Internet connections have led to the development of new Trojans capable of rapidly infecting hundreds or thousands of computers and which often achieve this target through the naivety and lack of caution of the users. Examples of this type of Trojan are Phatbot, Agobot, SDBot or RxBot, and innumerable derivatives of these. Attentive readers may have noticed the "-bot" ending used in this article, especially in the title. The tem "Bot" describes a computer infected with a Trojan that unquestioningly accepts commands from someone else than the actual owner.

As already described, suitable victims are sadly all too easy to find, resulting in not just a single infected system but an entire network of infected computers. In technical jargon, these are called "Botnets" (roBOT NETworks). Botnets are virtual networks of infected systems that receive commands from a server in different ways, depending on their type. IRC is most often used as the communications medium. IRC is a Chat protocol, the so-called Internet Relay Chat. IRC is a pure real-time communications protocol and is harmless in itself, however it now has a somewhat negative reputation as a result of its use by Botnets. Communication under IRC occurs using Channels, in a similar manner to radio.

Additional components are often downloaded to an infected computer once it has logged-in to its pre-defined IRC server. These extra components can include mechanisms for camouflage, for switching off Malware scanners, or other virus-like modules. Once fully installed, the Bots then follow the commands of the Botnet owner - usually beginning with the search for new victims.
Bots do not always spread through the careless behavior of PC owners, but also among each other. This is done by exploiting weak points in the operating system or in specific applications and this is no longer a problem exclusive to Windows. The main focus is still clearly on Windows systems but the risks of becoming part of a Botnet are also increasing for (e.g.) Linux hosts. Linux servers with an installed IRC server can be compromised and the IRC server used as the core element of a Botnet

The potential dangers

Unfortunately, the prevalent opinion of most users seems to be that it does not matter if the home PC is infected with Malware or not - as long as it seems to continue operating properly. These users usually never even consider the fact that other users may be damaged by this and that the owner of the computer is an accomplice to the crime without realizing it. Malware was previously programmed to illustrate the capabilities of the author. Paradoxically, very malicious and effective Malware is usually exceptionally well and efficiently programmed - after all, it should remain undetected and not fall victim to the security software.

However, the massive growth of the Internet has provided new sources of income for Malware programmers. This relates not only to the illegal distribution of the pest but to much more criminal intentions of providing income for the Botnet operators. The possibilities are worrying and combined with the lack of protection and the lack of caution shown by many users this is a very threatening situation. For example, the "owner" of a Botnet can carry out one or more of the following actions:

Every infected PC can be used as a Proxy Server for criminal activities while hiding the perpetrator. Hackers can initiate an attack from other computers under their control rather than from their own computer.
Infected PCs can be used for downloading and distributing illegal material such as child pornography, Warez, films, music, etc. without the knowledge of the owner. However, the owner is legally responsible for these activities.
Bots are also usually equipped with Keyloggers that record personal data, such as credit card numbers and passwords, and send this data to the Botnet owner.
Every infected system can infect other systems.
Botnets are also often used for blackmailing particular Website operators or even entire Providers. If several hundred or thousand computers access the same Website using their full Internet connection speed, then this usually overloads and crashes the Provider Website. This type of crash can result in a loss of income or even bring the affected company to a standstill. The operator then has no other option than to pay the blackmailer the amount demanded. The operator has no way of defending themselves against this type of attack and identification of the attacker is usually impossible.
Last but not least, Botnets are often used for sending Spam. The email programs of the infected computer usually contain large numbers of email addresses, which are then bombarded with new pests and also unwanted advertising emails. In the first case, the Botnet operators receive new Bots in their Botnet, and in the second case they receive cash from their customers - often sellers of online potency drugs or fake brand-name products such as watches.

While reading this article, we hope that you are not thinking "this does not really affect me". Most PC owners do not realize that their computer is infected. This is logical – you are not supposed to notice this type of infection. If we believe a report from the BBC, then 100 to 150 million of the 600 million Internet PCs worldwide are infected with Bots - about one quarter of all Internet PCs. We wish to explicitly repeat the fact that the abovementioned activities are all highly illegal and that the owner of the system carries the full responsibility for these activities. This brings to mind the well-known phrase – "Ignorance is not an excuse".

What is the best way for me to protect myself?

There are a few simple ground rules and mechanisms for protecting yourself and your data. If you follow these procedures you will greatly reduce the likelihood of becoming infected.

Regular updates
The manufacturers of routers, operating systems, or programs are only human and they can make mistakes. These mistakes are often exploited by Malware. Updates solve known mistakes and should therefore be loaded as soon as possible after publication.
Use a hardware firewall or router
The attacks come from the Internet. Routers protect from many attacks by simply blocking them. Hardware Firewalls are much more resistant to attacks than software Firewalls.
Think while you surf
Not every Website in the Internet is benign! Sites containing illegal content or pornography should always be viewed with maximum suspicion.
Always check mail attachments
Do not trust every sender, especially when you do not know them. Especially mails that seem to come from known companies such as Ebay, Deutsche Bank, or a TV channel are almost always forgeries if they contain attachments that the user is supposed to open.
Suitable software protection
A good anti-malware program should be a standard component of every PC these days. We recommend a-squared Anti-Malware, because the innovative behavior analysis also provides protection from unknown types of Malware and new Bot variants. This already provides protection for many weak points in your computer before the necessary Updates and Patches are available.
How do I get rid of a Bot if I am already infected?
Once a PC has been infected, the Bot has many different possibilities for hiding inside the operating system and resisting deletion. Changes made by Malware are usually very difficult to find and undo. In the worst case you must swallow the bitter pill, reformat your hard drive and reinstall the operating system. This is tedious work that can be avoided in most cases with the correct protection and attentive behavior when using the Internet.

The menace of worms

2005-06-30T21:41:00.001+02:00

It is a given in this world that every entity has two aspects - one benign, and the other malignant. This duality of function can be found in virtually everything. Take the humble kitchen knife, for example. Cooks use it for chopping vegetables. It can also be used to kill. The human brain can be used to do constructive things - such as planting seeds in farms to grow food crops, construct strong shelters that protect against nature's forces and build computers and software that make life so easy. The human brain can also do destructive things - such as build a bomb, indulge in genocide and take advantages of the computer's weaknesses to wreck havoc the internet.

The worms are but another example of man's darker side of genius.

Worms are such pesky creatures. They apparently appear out of nowhere and start doing what their creators designed them to do; our only clue is that the PC and the internet are suddenly inexplicably slow. Their reproducing and replicating mechanisms are so simple. Computer worms share similar attributes. They are apparently very easy to construct too.
The first worm that attracted wide attention was actually written by a student! When it was released to an unsuspecting world in 1988, it damaged a lot of BSD UNIX machines before an angry world could track it down and catch both the worm and its creator red-handed. The boy - Robert Tappan Morris Jr. - was convicted and fined.

So, what exactly is a computer worm?

A computer worm is different from its other infamous sibling - the virus. A worm does not infect or manipulate files, it makes clones of itself. Therefore a worm is a standalone working program. It can use the system transmission capabilities to travel from machine to machine merrily riding around like a happy-go-lucky vagabond. A worm, after lodging itself on one machine can spawn several clones of itself. Each of these clones then marches forth to conquer the cyber world.

How do worms spread?

Where do newly cloned computer worms march to? A worm can open your email address book and, in a jiffy, despatch one clone each to each of the addresses listed. Of course, the machine has to be connected to the net. If it is not, the worm silently bides it time till the connection takes place. Chats and Instant messaging software like MIRC, MSN Messenger, Yahoo IM and ICQ can also act as unwitting carriers enabling the worm to spread like wildfire throughout the cyberworld (the "Jitux" worm is an example). Every operating system has vulnerabilities which are thoroughly exploited by worms to propagate themselves. Windows systems are the usual target. A very prominent example of this is the Sasser worm which uses security holes in the Windows LSASS service.

Other worms spread only by using Backdoor infected computers. E.g. the "Bormex" worm relies on the "Back Orifice" backdoor to spread. There is a facility available within peer-to-peer networks known as the P2P folder which all users of the network share. A worm can simply copy itself into the shared folder and quietly wait for the other users to pick it up. If the folder does not exist, the worm simply creates it for the benefit of the users! How benevolent can worms be! In the hall of hoodlums, worm "Axam" gets top honours for such devious activity.

Some worms take on even more deceptive forms to snare users. Sending emails with malicious code embedded within the main text or as an attachment. Some worms act as SMTP proxies (Sircam, Nimda, Sasser & co) to spread quickly. Worms can attempt remote logins (especially on Microsoft SQL servers - the "Spida" worm does this quite elegantly!) to launch DDoS (distributed denial of service) attacks. Another favourite is injecting malicious code in running services on the server like "Slammer". Phew! The arsenal available to these worms is huge and ever growing.

Worms that will be remembered for generations to come for the damage they did to global commerce are Sasser, MyDoom, Sober, Blaster, Code Red, Melissa, and the Loveletter worm. Apart from the sleepless nights it caused the government and industry backed sleuths trying to track the worm, billions of dollars went down the drain to control their menace. The face of internet surfing and computerized operations was radically changed due to these worms.
What exactly is the nature of havoc that these worms bring to bear upon us? Well, Denial of service (DoS) is one situation that users of a server may find themselves in thanks to these programs. Unlike viruses, many worms do not intend to destroy the infected computer. More often than not they have a more important job to do - subvert the computer so that the worm's creator can use it often without the owner of the computer knowing anything about it.

Worm writers nowadays work together with Spammers (they make a nice twosome, don't they?) to send out unsolicited emails to increasingly overloaded inboxes. Their worms install backdoor trojans to convert the home computer into a "zombie". the countless variants of the "Bagle" worm are the best known examples.

"Phishing" is the latest fad in town. It tries to prise those secret passwords of bank accounts and credit cards from you... all courtesy of a piggy back ride on the worm's powerful shoulders
So much for the end-of-the-world-speech! What is the cure for all this, for crying out loud! You ask.

Like a cat-and-mouse game, the moment worms came into existence, worm-trappers came into existence too. Special software has been designed that not only kill worms the software knows about, but also updates itself on a daily basis against any new threats.

However, updating is always going to be a tad behind the ultra-sophisticated lethal wizardry of worms. The best way to guard against this is to use the anti-worm software a-squared Anti-Malware - software that it is at the forefront of malware prevention.

How does a-squared score over other anti-worm and anti-virus products?

a-squared has a special Malware Intrusion Detection System (Malware-IDS) that is able to detect and kill worms before the worms get a foot in the door. The great thing about this is that the detection process does not require any signature scanning to identify a worm. All the other products are handicapped because they require a signature to be able to identify and kill a worm.

The Malware-IDS, once installed, never sits idle. Visualize a worrying, paranoid housewife obsessed with keeping the house clean, who runs after every rat or other vermin that she sees with broomstick in hand! Like this housewife, the Malware-IDS is continuously on alert, checking every program that is running (or trying to run) on your machine, ready to pounce on any program that is trying to do something that "good" programs are not supposed to do. Such "delinquent" programs are caught by the IDS and paraded before you. You can relax and take your time to decide whether the program has nefarious intentions or not. The program is stopped until you pronounce verdict. The program is either acquitted honourably or sent to the gallows.

With a strong development and support team spanning continents, a-squared has emerged as an important player in the war against the malware domain. Trusting your machine to a-squared is the best defence possible now and in the future.

Protect thyself!