|
|
| Resisting
the absolutism of our times |
|
|
Inquisition 21
 |
 |
|
|
| Log In
|
|
|
|
|
| Search Articles
|
|
|
|
|
| Comments
|
|
|
You don't have to,
but if you log in,
you can add comments.
|
| Page Referral
|
|
|
|
|
|
|
Internet security
|
|
|
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Staying safe on the Internet
Other general and useful information
The threat from Scumware - courtesy Melissa Martin
It became obvious that the threat from ‘Scumware’ is very real when our story about Mitsubishi telling the police about Jack (under Child pornography) was taken up by Wired, the Register, Security Focus and numerous discussion lists. The consensus was that whether one believes him innocent or guilty, the child pornography material found could have been planted on his hard drive, that he was treated unjustly and that his lawyer did a bad job. As an official complaint has now been made about his lawyer, the relevance of these points will continue for some time.
While Michelle Delio wrote a reasonable account of Jack’s story and the related issues in Wired, not all of our commentators agreed with her assessment of what the findings on his hard disk meant. This continued worrying signs that there are few people who can speak with confidence on the subject. However, the other two main articles in this section talk about dealing with such dangers.
Melissa Martin has written a more comprehensive and detailed article on the subject under the title ‘Scumware, Spyware, Adware & Malware Applications’. First the difference between Trojans and viruses. Trojans do not replicate, but can be equally destructive and do other malicious things. The most malicious Trojans are now being called scumware and the worst of these appear to be browser hijackers such as CoolWebSearch (CWS) described by Melissa Martin as ‘a particularly virulent scumware program that commonly hijacks the browser and redirects a visitor to either CoolWebSearch or any of its affiliates’. She also describes CWS as a ‘crossbred scumware Trojan’.
Melissa Martin warns that scumware such as CWS can redirect you a variety of adult sites, and telephone dialers, add bookmarks to porn sites, including ‘potential child porn links’, redirect you when you mistype URLs to adult sites, and change the targets of hyperlinks on websites to porn sites. She goes on: “CWS variants are capable of automatically self updating, installing software and services on your computer and some variants install a 'mini server' on your PC.”
Finally: “In general, an average install of the CWS program will install a wide variety of damaging files, modify the registry and generally make life difficult.”
It is clear from all of the articles and in particular from Melissa Martin’s that the threat is very great indeed. Criminal material can be planted onto the browsers of innocent individuals.
Melissa Martin says; “Simple removal with most general scumware and spyware removal programs will not remove all CWS variants and not all anti-virus solutions will detect it.”
It gets worse. She warns: “Please be careful when attempting to remove CWS, as some variants such as CWS.Msspi will hook the LSP chain. Incorrect removal (simply deleting the inserted dll) will result in lost network and Internet connections. To fully remove the CWS Trojan and all of its variants the best solution is a program called CoolWebShredder. Manual removal can be close to impossible with some variants, but if you feel adventurous please visit the Cool Web Chronicles which details each variant in great length. For these reasons manual removal instructions are not provided here.
“To remove CWS and its variants you can download the CoolWebShredder program here: http://www.merijn.org/downloads.html. If you find his program useful please donate so that Merign can continue his work. There are a few known problems with removing this - - - .
“If you are unable to visit Merijn's site the direct download link for the program is **http://216.180.233.153/~merijn/files/CWShredder.exe** This link is currently not working as the site changes hosts. I will update this with a current link when it becomes available.
This problem is caused by a CWS variant known as either CWS.Aff.Tooncomics or CWS.Dreplace.
“If your anti-spyware removal program is closing before starting you will have to download and run PepiMK's CoolWWWSearch.SmartKiller removal tool first before running the CoolWebShredder program to remove CWS variants. If you get an error in Windows stating that the ‘MSVBVM60.DLL missing’ you'll need to get the updated runtime libraries for Microsoft Visual Basic 6 first. After removing the program you may also have to restore your Internet Explorer settings to return your PC to its operating state before the CWS variant hijacked your browser. In order to do this, please follow the steps below:
“Open up Internet Explorer.
Select "Tools> Internet Options" from the Internet Explorer menu.
Navigate and choose the "Programs" tab.
Select the "Reset Web Settings" button. After choosing this button the "The Reset Web Settings" dialog box will appear.
Scroll down and make sure that "Also reset my home page" box is checked.
Select "Yes" and click "Ok".
The above procedure will reset all of the default settings in Internet Explorer including the default home page. This will reset Internet Explorer's default home page and search page. Please note that this will not necessarily reset your homepage to a customized site. If you had previously chosen another site you will have to reset these settings.”
More from Melissa
We contacted Melissa and got more useful information.
“People have become completely desensitized to banner advertisements and click through ratios are quite low compared to a few years ago so some of the more acceptable advertising methods are becoming less popular. As an end result there is a growing tendency to use less than honorable tactics in trying to get visitors to your site and we see a growing number of scumware programs. At this point there is a tremendous imbalance in the education of the surfing public,
people just aren't aware that programs like CWS exist or the consequences of being a victim. At the other end of the spectrum taking advantage of this particular fact is very easy. I would guess that fully 90% of the public uses Windows, an operating system that has a number of flaws at any given time and most people don't even take advantage of simple precautions like keeping up to date with fixes. Almost all of the viruses and problems that become mainstream news are the results of a security flaw in windows that was found and exploited and in most cases a fix from Microsoft was readily available. In a nutshell that is probably some of the best protection that
the average person can do with very little technical knowledge. Installing a firewall, anti-virus and scumware/spyware scanners are excellent tools as well. There are a number of excellent free programs that are readily available
(http://www.scumware.com/apps/scumware.php/action::view_article/article_id::1075334849/topic::Scum-Killers/).
“As far as a complete anti-virus solution I've been working on a review of a program called NOD32 available from Southborne Internet (http://www.southbourne.com/) that is one of the best I've seen.
“Although scumware programs do make life difficult when we start to talk about malicious programs as in Jack's case we are talking more about Trojans than a scumware program. The intent of the two is different. Scumware programs are trying to divert advertising dollars to particular websites, Trojans are designed to gain control of either a single PC or a number of them. I consider programs like CWS to be a crossbred variant of the two simply because it is capable of both. It is however possible that the images were present by a previous owner
“As far as CWS goes, material such as adult images and content will be placed on your PC by the program itself but it wouldn't be deliberately planted with the intent of comprising a particular individual. The images, links, bookmarks, files and whatever else ends up on your PC would be very similar in number to accidentally clicking a link to an adult site. As with any site,
images are then stored in your temporary folder as your browse the internet.
“I would suspect that most people probably have a dozen or two images in their temporary folders for this exact reason and this isn't really much to be concerned about. The real danger with programs like CWS is that they can and will compromise the control an individual has over their own PC and it doesn't matter who you are this can be a serious problem.
“In addition, there are an exponentially growing number of sexual predators exploiting the internet and a significantly few number of authorities with the capabilities of handling them. They are concerned with serious problems like finding 1000 images in one place. I do know that you can be charged in Canada with only a few images but whether that is common is another question entirely. Jack, unfortunately may have been in the wrong place at the wrong
time.”
Internet security
Checking your PC for invasions
Clearing the hard drive and cache
Operating with a high level of security - encryption
Where to get help, including expert witness
US government warning on Windows
Other general and useful information
Important information for the defense where computers are seized
 |
|
|
|
