Pests On Your Users' Systems: More Harmful Than Viruses!
So, I went to a website called www.siglets.com. Do not go there yet.
I clicked around a bit and it loaded an applet on my system called
trickler3016. e x e and it tried to "call home" immediately. All of
this without my consent and even being aware of it. My ZoneAlarm
(ZA) firewall caught it, and I told ZA to not let it dial out. Then
I started digging and found that trickler applet sitting in a temp
directory. Could not delete it easily either: "In Use".
CNET recently defined spyware as: "This software often installs
itself without your consent. The software might monitor your Web
browsing habits or record your passwords, credit card information
or other e-commerce data. It usually relays the data to a third-party company or funnels the information for unethical purposes. It's usually difficult to find or delete from your hard drive."
I discussed it a bit with the person who had sent me the link to
that site to begin with and she made me aware of a new category tool
that specifically looks for these kinds of spyware or adware (pests)
executables. I decided to buy it online for 20 bucks and look at if
it could do something.
To my great surprise I had a whopping five, (count 'em 5!! of these
things on my system. The tool I used to scan the disk and quarantine
them is a very smart little tool called PestPatrol. I called up the
developer and told them I was flabbergasted that this stuff had made
it through all the defenses I have in place.
How does PestPatrol differ from anti-virus products?
Anti-virus products focus on viruses; PestPatrol focuses on every
other sort of computer pest, including ANSI bombs, answering machine
hacks, carding, denial of service attack tools, disassemblers, virus
droppers, hacking guides, hostile Java, icq, mail bombers, password
crackers, phreaking, surreptitious remote control, remote monitoring,
network scanning, sniffers, spoofers, spyware, surveillance, Trojans,
Trojan creation tools, virus creation tools, virus writing tools,
and word lists used by password crackers. As a result, PestPatrol
detects more such pests than anti-virus products. PestPatrol is much
faster than anti-virus scanners...in fact, over twice as fast!
They told me this is a whole new category of tools that does not really
get identified specifically, and that it really needs some people
with many years of experience in the anti-virus business to execute
it right. And when I heard there were also corporate licenses I got
to thinking that this might be of interest for you. So that was the reason
I decided to pick it up. If you have a bunch of these critters on your
users' systems out there, they may do harm in a multitude of ways,
and gobble up network resources to boot. So here you go, for less than
20 bucks on the Sunbelt OnlineShop (And this is a special deal for W2Knews
readers, normally it is $29.95). Get one for yourself at your house and
then you'll understand this is something for your organization as well.
So, What Webserver Are These People Running?
Steve Gibson has a free little tool that is quite useful. I quote:
"The IIS Worm Wars of 2001 demonstrated that not all web servers are
equally secure. The multiple rounds of rapidly spreading IIS worms
dramatized a fact that had been troubling security professionals for
quite some time.
"Compared to the other popular web server solutions, MS offerings generate
a continuous stream of serious security problems. Moreover, unlike
embarrassing but comparatively benign problems such as web site
defacement, MS security vulnerabilities usually place the web site's
visitor data at risk of theft and malicious exploitation.
"During the last quarter of 2001 we saw an increase in email asking if
there was any way to tell what server software any given web site was
using. Presumably, these users were either curious, or they intended to
use that information, if it were available, to help choose which sites
they would prefer not to entrust with their confidential and personal data.
"This information is readily available. Although the make, model, and
version of most web site's server software has always been available to
client programs, it has never before been important or particularly
interesting to most web site users. Recently, for at least some users,
this appears to have changed. Since I have also sometimes wondered about
the security and server software used by "off the beaten path" web sites,
I decided to whip up "ID Serve", a simple, free, small (26 kbytes), and
fast, general purpose Internet server identification utility." It's here:
DiskAlert 2.0 Is About To Be Released
DiskAlert is a tool that monitors your hard disk health and warns you
before a disk goes bad. Quite useful to prevent downtime.
The new DiskAlert 2.0 upgrade is now available for free to existing
DiskAlert customers. DiskAlert 2.0 marks the change of its licensing
model. Rather than licensing DiskAlert based on the number of hard
disks being monitored, it is now licensed it by machine.
HOW TO UPGRADE
The machine you've installed the DiskAlert Administrator Console must
have an internet connection. Bring up the DiskAlert console. Highlight
the DiskAlert object in the left pane of the console. Click on the
ACTION drop down menu. Click on CHECK FOR UPDATES.
This will take you to a web page with a short form to fill out. After
you've filled out and submitted the form, you will receive an e-mail
with your new licenses, a link to download DiskAlert 2.0 software and
simple instructions on adding your new licenses to your DiskAlert 2.0
software. If you do not receive this e-mail within 24 hours or have any
other problems relating to this upgrade, please send an e-mail with
contact data and a description to [email protected]