Message on the topic of trojans spyware. Spyware. Spyware for mobile devices

Kaspersky Lab experts have detected malware for mobile devices on the Android platform, which has a whole range of technical capabilities. Employees of the company emphasized that some of the functions of the Trojan virus (malware) were identified for the first time.

“Most Trojans are similar to each other: having made their way onto devices, they steal the payment data of its owner, mine cryptocurrency for attackers, or encrypt data in order to demand a ransom. But sometimes there are instances whose capabilities make one recall Hollywood films about spies, ”Kaspersky Lab said in a message dedicated to the virus.

They said that the detected Skygofree malware has 48 different functions, including unique ones that the company's specialists have not seen before in malware.

For example, the Skygofree Trojan can track the location of an infected device and enable sound recording at the moment when its owner is in a certain location.

“Another interesting technique that Skygofree has mastered is to quietly connect an infected smartphone or tablet to Wi-Fi networks that are under the complete control of attackers. Even if the owner of the device has turned off Wi-Fi on the device altogether,” said Kaspersky Lab.

This allows not only to analyze the traffic of the victim, but also to read the logins, passwords or card numbers entered by the user. The malware can also spy on a range of instant messengers, including Facebook Messenger, WhatsApp, Skype, and Viber, collecting their text messages.

“Finally, Skygofree can covertly turn on the front camera and take a picture when the user unlocks the device,” the experts added.

• Reuters
• Robert Galbraith

The company's specialists discovered Skygofree at the beginning of October 2017, however, during the study of the malware, it turned out that the initial versions of this program were created at the end of 2014. Since then, the functionality of the Trojan has increased significantly and the program has acquired some unique abilities.

According to Kaspersky Lab, Skygofree was distributed on Internet pages imitating the sites of mobile operators and dedicated to optimizing the speed of mobile Internet.

According to the company, only a few users were attacked by the virus, and only in Italy.

Also, during the investigation of the malware, several spyware tools for Windows were found, but whether the program was used to attack this operating system is still unknown.

"It doesn't attack hundreds of thousands of users"

RT spoke with Kaspersky Lab antivirus expert Viktor Chebyshev, who gave some details about the new virus. According to him, Skygofree managed to stay hidden for a long time, because this Trojan spy uses undocumented system features and elevates its privileges in such a way that all its actions "remain behind the scenes."

“It is located almost at the system level, and all the possibilities that it implements are absolutely transparent to the user. That is, the user does not see any activity, does not hear any actions, just remains in the dark, ”Chebyshev explained.

The interlocutor of RT clarified that creating such a program is very difficult, so a whole team of high-level professionals who understand all the features of the Android operating system most likely worked on it.

According to the anti-virus expert, another feature of the virus that allowed it to operate unnoticed is its narrow focus, Skygofree's sharpening to attack a specific user.

“This is a spy that is not aimed at the mass segment. It does not attack hundreds of thousands of users, squeezing a little bit out of them. This is a spy app that attacks specific people,” Chebyshev said.

“It is created so that it is invisible to both the victim and everyone else around. Plus, he has trace-clearing mechanisms that destroy him after he has worked, ”the expert added.

• Victor Chebyshev: this is a spy who is not focused on the mass segment

He clarified that Android devices became the target of the spy virus, since it is this system that allows you to install applications from third-party sources, and not just from the official store. Google Apps play. However, not only Android devices can become vulnerable to such malware.

“In other operating systems, this is not possible, all applications are installed from one centralized source, which is moderated. And the chance of infection is thus minimal. However, it is not excluded,” the expert explained.

“This is a whole team, one might say, an organized criminal group. The resources are serious," Chebyshev said.

The expert clarified that the main purpose of the discovered Trojan was never to attack the broad masses of people. The program is designed specifically for espionage, spying on a specific person, into whose devices it “sits down”. According to him, the spectrum of application of this program can extend from industrial espionage to surveillance of civil servants.

“The main task of this Trojan is to understand what is happening with the victim, around him, what he is doing, where he is going, with whom he is talking, what documents he is interacting with... It can shoot with a video camera, take photos, record conversations in a specific situation ”, — said the employee of Kaspersky Lab.

• Victor Chebyshev: this Trojan is spying on specific people

The antivirus expert clarified that immediately after the discovery of the virus, the company provided protection to its customers. Speaking about the threat to ordinary users around the world, Chebyshev noted that they had never been the target of malware, but urged them not to relax.

“If we talk about the mass market, about you and me, then the attack, most likely, did not threaten us from the very beginning. They attack specific people. However (massive attack. — RT) should not be written off: what is implemented in this Trojan can be replicated, it can be extended to a huge number of users, ”the interlocutor of RT emphasized.

Speaking about ways to counter the virus threat, the expert urged all users not to install applications from third-party sources in the first place. In addition, he advised consumers to secure their mobile devices by installing a good security solution that will prevent malicious links from being accessed and block the installation of a malicious application.

“Be sure to apply personal hygiene measures to your device. Because not even the hour will attack you, and then everything will be sad. With a defensive decision, everything will be fine, ”summed up Chebyshev.

Fraud scheme

Trojans are spyware whose purpose is to obtain certain information from the victim's computer and send it via the Internet to the author of the Trojan.

Trojans are often confused with viruses, but unlike viruses, whose main purpose is to harm the victim's computer, multiply and infect other computers, Trojans solve more practical problems.

In the language of analogies, the virus can be compared to an outrageous vandal rushing around the city, destroying everything in its path, at the same time inciting cowardly citizens to join the pogrom. Trojans, on the other hand, are specially trained enemy agents who sit in ambush and wait for a command or certain events, after which they come out of the hole and methodically perform the tasks laid down in them.

The main functions of Trojans are to steal logins, passwords, account and card numbers, and other confidential information, with the subsequent transfer of the stolen information to the owner of the Trojan. Typically, a Trojan consists of a client and a server part. The server part is usually on the victim's computer, the client part is on the owner of the Trojan. The owner of a Trojan may be its creator, but Trojans are often written to order to perform specific tasks. Communication between the client and server parts is carried out through any open port. The communication protocol is usually TCP/IP, but there are Trojans that use other communication protocols (for example, ICMP and UDP). Usually a Trojan disguises itself as some kind of useful program or a self-extracting archive. When it is launched, the Trojan code is first executed, which then transfers control to the main program. The Trojan can also be simply but effectively disguised as a file with any friendly extension, such as GIF, DOC, RAR, etc.

Trojan classification

Fighting Trojans

First of all, you need to prevent the Trojan from getting into your computer, and for this you need an antivirus. Unfortunately, the antivirus is not able to 100% protect your computer from being hit by a Trojan.

Here a firewall comes to the rescue, the task of which is to follow the rule "everything that is not allowed is prohibited" i.e. only you will regulate the rules for programs allowing them to send or receive information from the Internet.

It looks like this, as soon as a new program tries to send information to the Internet, the firewall gives you a message indicating which program wants to send information. If you see that this program is unknown to you, then you simply click on the "Deny outgoing traffic" button, as a result of which the firewall creates a rule and no longer bothers you with this message in the future. For more information about choosing and configuring a firewall, we advise you to read specialized literature.

It is also recommended that you periodically check your computer for Trojans with special programs, the name of which and a detailed description of its use can be easily found on sites dedicated to information security, incl. Kaspersky and Dr.Web

The material was prepared with the participation of an independent information security consultant - Maxim Lantsov

Viruses, spyware, trojans and dialers: who, why and how

I think that if today any schoolchild is asked what lavsan, he won't tell you about a "synthetic fiber made by polycondensing ethylene glycol and an aromatic dibasic acid." No, his answer will be like this: “Lovesan, aka msblast - penetrating the operating system of the family Microsoft Windows exploiting a vulnerability in the Microsoft Windows DCOM RPC service." I'm afraid to guess what associations there will be with the word after a while doom. Obviously not only with the game of the same name.

As you could understand from the title and introduction, the conversation will now be about viruses and others like them. Before turning to the answers to the questions posed in the title of the chapter, I would like to go directly to our "guests" today. Here the answer to the question of how all this gets into our computers will be given.

The essence of the program, bearing some destructive consequences. And it doesn’t matter what they are: everything can be here - from the banal replacement of file permissions and damage to its internal content to disruption of the Internet and the collapse of the operating system. Also, a virus is a program that not only carries destructive functions, but is also capable of reproducing. Here is what one smart book says about this: “A mandatory (necessary) property computer virus is the ability to create your own duplicates (not necessarily identical to the original) and embed them in computer networks and / or files, computer system areas and other executable objects. At the same time, duplicates retain the ability to spread further” (Eugene Kaspersky, “Computer Viruses”) Indeed, in order to survive, viruses need to multiply, and this has been proven by such a science as biology. By the way, it was from those very biological viruses that the name computer came from. And they themselves fully justified their name: all viruses are simple and, nevertheless, despite the efforts of anti-virus companies, the costs of which are calculated in huge amounts, they live and prosper. You don't have to look far for examples: let's take at least such a virus as I-Worm.Mydoom.b. How many times have they said that you can not open attachments and messages Email from unknown persons, and messages from well-known ones should be treated with caution, especially if you did not agree on this. In addition, if the text of the letter contains something like the following: “Check out the cool photo of my girlfriend,” then it must be deleted immediately. But if in the above example the text still makes sense, then the content of emails infected with mydoom'oM is rather strange. Judge for yourself: “The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment sendmail daemon reported: Error #804 occured during SMTP session. Partial message has been received. The message contains Unicode characters and has been sent as a binary attachment. The message contains MIME-encoded graphics and has been sent as a binary attachment. Mail transaction failed. Partial message is available".

The letter contains a file with 9 options for the name of the attached file and 5 options for the extension. Two variations came to my box. The first one is a zip archive with supposedly a doc file, and the second one is a simple executable with the icon replaced with a notepad icon. If in the second case, any user can notice a catch by looking at the resolution, then in the first case it is already more difficult to do this. It is to the first case that I tend to attribute the largest number of infections. What this virus does, I will not tell, because it has already been said many times in print media and online resources. Using the example of Mudoom, we got acquainted with the first way to spread viruses - through e-mail.

Let's look at the next method using Worm.Win32.Lovesan (also known as msblast) as an example. What is remarkable about this virus, and why has it become a massive infection? This individual is remarkable in that, in principle, it does not affect the performance of the system as a whole. A computer infected with it simply cannot surf the Internet normally. After a while, a sign pops up with an RPC error message, after which the computer restarts.

Another way is through the Internet when you download files (whether you like it or not). Again, let me explain with examples. Desirable example. You download some new joke, or program, or game from the Web, and it is infected with a virus. After downloading, the program / game / joke starts, and - voila - you are the owner of the virus. What can be said here? Be vigilant, regularly update your antivirus databases, check all programs with antivirus and do not forget at least the basics of computer security. Someone may say: “Why should I, for example, check programs that could not be infected with a virus?”. I would like to ask: “What kind of programs are these?” Any programs can be infected, especially if they are downloaded from warezniks or websites of hacker groups.

Now let's move on to unwanted download. I would single out two types of such loading. The first is when the user is unaware that something is being downloaded to his computer. This download is performed by executing scripts. The second type of unwanted download is when the wrong thing is downloaded. I'll give you an example. At one time, one site with cracks immediately before downloading a file offered to install “Free XXX bar”, then “100% crack of the Internet”. If the user agreed with this (and I am sure that there were such, because I still remember the question of the month in Virtual Joys about “one hundred percent Internet crack”), then a trojan or virus was downloaded. Basically, the difference is small. However, this is not the most interesting thing: if such a tempting offer was rejected, a sign popped up with an inscription approximately as follows: “Site error” and an OK or Continue button, by clicking on which the Trojan was still downloaded, however, already without the knowledge of the user. And he could only save firewall (firewall).

Trojan - this is a program that provides unauthorized access to a computer to perform any action at the destination without notifying the owner of the computer, or sends the collected information to a specific address. At the same time, she, as a rule, pretends to be something peaceful and extremely useful.

Part Trojans is limited to mailing your passwords to its creator or the person who configured this program ( email trojan). However, for Internet users, the most dangerous programs are programs that allow remote access to their machine from outside ( back door ). Very often, Trojans get on the computer along with useful programs or popular utilities, disguised as them.

A feature of these programs, which makes them classified as harmful, is the absence of warnings about their installation and launch. When launched, the Trojan installs itself into the system and then monitors it, while the user is not given any messages about his actions. Moreover, the link to the Trojan may not be in the list of active applications or merge with them. As a result, the computer user may not be aware of his presence in the system while the computer is open for remote control.

Quite often, the term "trojan" refers to a virus. In fact, this is far from the case. Unlike viruses, Trojans are designed to obtain confidential information and access certain computer resources.

There are various ways in which a Trojan can enter your system. Most often, this happens when you run some useful program that has a Trojan server embedded in it. At the time of the first launch, the server copies itself to some directory, registers itself to be launched in system registry, and even if the carrier program never runs again, your system is already infected with a trojan. You can infect a machine yourself by running an infected program. This usually happens if programs are not downloaded from official servers, but from personal pages. Strangers can also inject a Trojan if they have access to your machine, simply by running it from a floppy disk.

On the this moment Trojans of the following types are most widely used:

1. Hidden (remote) administration utilities(BackDoor - from the English "back door"), Trojan horses of this class are, in essence, quite powerful utilities for the remote administration of computers on a network. In terms of their functionality, they are in many ways reminiscent of various administration systems developed by well-known software manufacturers. Modern hidden administration utilities (BackDoor) are quite easy to use. They usually consist mainly of two main parts: the server (executor) and the client (server authority). Server - this is executable file, which in some way is embedded in your machine, loaded into memory at the same time as Windows starts, and executes commands received from a remote client. The server is sent to the victim, and in the future, all work is done through the client on the hacker's computer, that is, commands are sent through the client, and the server executes them. Outwardly, his presence is not detected in any way. After the server part of the Trojan is launched, a certain port is reserved on the user's computer, which is responsible for communicating with the Internet.

After these actions, the attacker launches the client part of the program, connects to this computer through an open online port and can perform almost any action on your machine (this is limited only by the capabilities of the program used). After connecting to the server, manage remote computer you can almost like your own: reboot, turn off, open CD-ROM, delete, burn, change files, display messages, etc.

On some Trojans, you can change the open port during operation and even set an access password for the "master" of this Trojan. There are also Trojans that allow you to use a "trojaned" machine as a proxy server (HTTP or Socks protocols) to hide the hacker's real IP address.

2. Postal(email trojan).

Trojans that allow you to “pull” passwords and other information from your computer files and send them by e-mail to the owner. These can be provider logins and Internet passwords, mailbox password, ICQ and IRC passwords, etc. To send a letter to the owner by mail, the trojan contacts the site's mail server via the SMTP protocol (for example, to smtp.mail.ru). After collecting the necessary data, the Trojan will check if the data was sent. If not, the data is sent and stored in the register. If already sent, then the previous letter is retrieved from the register and compared with the current one. If there have been any changes in the information (new data has appeared), then the letter is sent, and fresh data on passwords is recorded in the register. In a word, this type of Trojan is simply collecting information, and the victim may not even realize that someone already knows her passwords.

3. Keyboards(Keyloggers).

These Trojans write everything typed on the keyboard (including passwords) to a file, which is then sent to a specific e-mail address or viewed via FTP (File Transfer Protocol). Keylogger'bi usually take up little space and can disguise themselves as others useful programs, which makes them difficult to detect. Another reason for the difficulty of detecting such a Trojan is that its files are named as system files. Some Trojans of this type can extract and decrypt passwords found in special password fields.

Such programs require manual configuration and masking. Keylogger'bi can be used not only for hooligan purposes. For example, it is very convenient to put them at your workplace or at home at the time of departure.

4. joke programs(Joke programs).

These programs are harmless in nature. They do not cause any direct harm to the computer, but display messages that such harm has already been caused, can be caused under any conditions, or warn the user about a non-existent danger. Prank programs scare the user with formatting messages hard drive, detect viruses in uninfected files, display strange virus-like messages, etc. - it all depends on the sense of humor of the creator of such a program. Of course, there is no reason to worry, if other inexperienced users are not working on this computer, who can be very scared by such messages.

5. "Trojan horses" can also include infected files, the code of which is corrected in a certain way or modified by a cryptographic method. For example, the file is encrypted special program and/or packaged by an unknown archiver. As a result, even the latest versions of antiviruses cannot detect the presence of a Trojan in the file, since the carrier of the code is not in their antivirus database.

The methods of their penetration do not differ from those described above. So let's get straight to the point. Here it is necessary to make a reservation that there are quite peaceful dialers, popularly called "dialers". These programs are used to help dial-up users get through to the provider and, if possible, maintain a stable connection with him, even on old or "upgraded" lines. The ones that we will talk about have a different name - combat dialers. Using gaps in the operating system, and sometimes due to the negligence or naivety of users (see above about "100% Internet crack"), these programs replace the provider's phone with the phone of a telecom operator from some exotic country. Moreover, in most cases, the good old phone number of the provider remains in the dialing window. Dialers also prescribe in the scheduler the task to call at a given time. And it's good if the user has a habit of turning off the modem or he has an external one and yells so that mom does not grieve. And if the modem is quiet and built-in? That's what I'm talking about. And the poor fellow learns about his grief only upon the arrival of such a ba-a-alyn bill for the phone.

It's time to talk about who writes and launches all this muck on the Web. Here I will try to classify those groups of people who are engaged in this unseemly deed. It will not be said about the so-called "white hat" hackers. I'll explain why. This species does not pose a danger to society and rather benefits it. It is they who most often write anti-virus viruses to neutralize especially harmful individuals. Why viruses? These programs spread by the same mechanism as viruses. Why anti? Because they block or remove a certain type of virus from the computer. Their main difference from viruses is also self-destruction after completing their task and the absence of any destructive functions. An example is a similar virus that appeared on the Web some time after Lovesan's relapse. After downloading the antivirus, Lovesan was removed and the user was prompted to download updates for Windows. White hat hackers also find gaps in software and computer systems, after which they report the errors found to companies. Now let's move on to our classification.

Type one: "children of scripts". They call themselves none other than HaCkeR-rr, read the Hacker magazine, do not know a single programming language, and create all “their” Trojans and viruses by downloading ready-made programs from the Web. (To avoid raids, I’ll make a reservation that the Hacker magazine is, in principle, not bad, and the material is presented in it in a rather simple form - in some places, however. But in a simple form for people who already have some kind of knowledge base. And they they give wisely - they don’t tell everything to the end - so as not to attract them anywhere, one must think.) These “hackers” usually, after they send someone a Trojan downloaded from somewhere, and the latter works, they immediately start yelling on the forums about their coolness, etc., etc. For which they immediately quite rightly receive a bunch of impartial statements addressed to them, because this is not the case. Since you messed up, it's better to shut up. These individuals do not pose any particular danger, because they simply do not have enough experience or (in some cases) brains for a more or less large-scale business.

Type two: "beginner". This species is a direct descendant of the first. Some of the representatives of the first type, after some period of time, begin to understand that they are not as cool as they thought, that, it turns out, there are also programming languages, that you can do something and then not yell at the whole world about "what a fine fellow I am." Some of them in the future, perhaps, will turn into a representative of the pro class. These people begin to learn some language, try to write something, creative thought begins to wake up in them. And at the same time, they begin to pose a certain danger to society, because who knows what a terrifying work such a representative of the class of virus writers can compose out of inexperience. After all, when a professional writes code, he, nevertheless, realizes that some things do not need to be done, because they can play against him. A beginner does not have such knowledge, and this is why he is dangerous.

Type three: "pro". Develop from the second type. "Pros" are distinguished by a deep knowledge of programming languages, network security, understand the depths operating systems and, most importantly, have a very strong knowledge and understanding of how networks and computer systems work. Moreover, the “pros” not only learn about security breaches from company bulletins, but also find them themselves. Often they unite in hacker groups to improve the quality of their "work". These people, mostly secretive and not greedy for fame, do not run to inform the whole world about a successful operation, but prefer to peacefully celebrate success among friends. Of course, they pose a great danger, but since they are all knowledgeable people, they will not take actions that could cause a global collapse of any system - for example, the Internet. Although there are exceptions (not everyone has forgotten about Slammer yet).

Type four: "industrial hackers". The most dangerous representatives of the hacker family for society. They can rightfully be called real criminals. It is on their conscience that most of the dialers are written and the networks of banks, large companies and government agencies are hacked. Why and why they do it, we will talk below. "Industrialists" do not reckon with anything or anyone, these individuals are able to do anything to achieve their goals.

Now let's summarize what has been said.

"Children of scripts": young, green and inexperienced. I want to show that you are the coolest of all, and only Cool Sam is cooler than you.

"Beginner": there was a craving for writing something independent. Some of them, fortunately, after trying to master the intricacies of Internet protocols and programming languages, give up this business and go to do something more peaceful.

“Pro”: if suddenly the state “realized his guilt, measure, degree, depth” sets in, then a representative of this type becomes a highly qualified computer security specialist. I would like more pros to move to this state.

"Industrialists": nothing is sacred. Folk wisdom speaks well of such people: "The grave will fix the humpbacked one."

This is a rough division into types of representatives of the class of computer intruders. Now let's move on to the question: why do they do it.

But really, why are viruses, trojans, dialers and other evil spirits written? One of the reasons is the desire for self-affirmation. It is typical for representatives of the first and second types. One just needs to show his friends that he is "like a real, cool kid", the second - primarily to raise the level of self-esteem. The second reason is gaining experience. Typical for beginners. After writing your first masterpiece, naturally, you want to test it on someone - not on yourself, in fact. So a certain number of new, not always very dangerous, viruses appear on the Web.

The next reason is the competitive spirit. Have you ever heard of hacker competitions? The last known to me took place in the summer. The Brazilian hacker group won (it turns out that they are not only strong in football). The task was the following: who will break the most sites. But I am sure that there are competitions for the most sophisticated virus, and for the best keylogger.

Adrenaline is another reason. Imagine: night, monitor light, fingers running across the keyboard, yesterday a breach was found in the security system, today you need to try to access the system and show the fellow administrator who is the boss in the house. Following this reason comes the next - romance. And what, who likes to watch the sunset, who likes the stars, and who likes to write viruses. So many people, so many tastes.

The reason is the following - a political or social protest. For this reason, most government websites, websites of political parties, print and online publications, as well as large corporations are hacked. You don't have to look far for examples. Immediately after the start of the war in Iraq, attacks were made on American government sites by those dissatisfied with Bush's policies, as well as on the site of the Arab newspaper Al-Jazeera and a number of other Arab resources from the opposite side.

And, perhaps, the last reason is the ubiquitous money. For the sake of them, basically, industrial hackers work, so to speak. By hacking bank networks, they gain access to customer accounts. What follows is not difficult to guess. Collecting information about any user of the Network through spyware, they are further engaged in banal blackmail. The actions taken by the "industrialists" can be listed for a very long time, I just want to say once again that they are full-fledged computer criminals, and they should be treated as criminals.

This text is an introductory piece. From the book Magazine `Computerra` No. 726 author Computerra magazine

From the book Computerra Magazine No. 25-26 of July 12, 2005 author Computerra magazine

Spies, learn materiel! It seems that the world is undergoing major changes. In any case, nothing like this has ever happened before. An Italian court has issued an arrest warrant for thirteen US CIA officers on charges of kidnapping. And let this man, the imam of the Milan mosque

From the book Computerra Magazine No. 35 of September 25, 2007 author Computerra magazine

ANALYSIS: Spies in Wikipedia Country By Kiwi Bird

From the book PC failures and errors. We treat the computer ourselves. Started! the author Tashkov Petr

Chapter 4 Viruses, Trojans, and Spyware It's probably not a mistake to say that along with the computer came programs that try to harm it. Various viruses, Trojan horses, spyware, worms and other nasty software pests constantly keep

From the book PC failures and errors. We treat the computer ourselves the author Dontsov Dmitry

We block Trojan horses, "worms" and spyware Once upon a time, with the advent of the first viruses, the main danger was the infection of a computer and office documents. In principle, this was not a big problem, since the antivirus program was able to cope with

From the book Computerra Digital Magazine No. 97 author Computerra magazine

From the book Internet - easy and simple! author Aleksandrov Egor

Kiwi's Nest: Spies in the Law Kiwi Bird Posted November 29, 2011 The Arab Spring, a wave of popular uprisings that swept through the Middle East region this year, has one notable by-product. Its essence is that

From the book Computerra PDA N147 (11/26/2011-12/02/2011) author Computerra magazine

Viruses A virus is a harmful computer program, capable of reproducing, creating copies of itself, which, in turn, also retain the ability to reproduce (Fig. 10.1). In recent years, due to the rapid development of network technologies, the definition of the word "virus"

From the book Fraud on the Internet. Methods of remote money extortion, and how not to become a victim of intruders author Gladkiy Alexey Anatolievich

Kevin's Nest: Spies in the Law By Kiwi Bird Posted November 29, 2011 The Arab Spring, a wave of popular uprisings that swept through the Middle East region this year, has one notable by-product. Its essence is that the Western European and

From the book Free Internet Conversations author Fruzorov Sergey

Why are keyloggers dangerous? A keylogger is a program or device that constantly monitors all keystrokes on the keyboard (and in many cases, all mouse clicks) in order to obtain information about all

From the book Create a virus and antivirus author Guliev Igor A.

Viruses and Worms A virus is a common program that performs harmful and sometimes simply destructive actions. What can a virus do, you ask? Yes, almost everything that can be done in your operating system. Let's take a look at this in a little more detail.

From the book Introduction to Cryptography author Philipp Zimmermann

Keyloggers Keyloggers are programs that remember which keys were pressed while you were away, that is, what was happening on your computer while you were away from the office. To do this, everything that is typed on the keyboard is entered by a special program into

From the book Computerra Digital Magazine No. 191 author Computerra magazine

Viruses and Trojans An attack consists of using a specially designed computer virus or worm to infect your PGP program. This hypothetical virus could be designed to intercept the private key and password or content

From the book Computerra Digital Magazine No. 197 author Computerra magazine

Hardware Trojans for Intel processors- the first practical implementation Andrey Vasilkov Published on September 19, 2013 Eight years ago, the US Department of Defense publicly expressed concern that, with a sufficient technical level

From the book Computerra Digital Magazine No. 204 author Computerra magazine

Trojans in Chinese irons: why the customs does not give the go-ahead Andrey Vasilkov Published on October 28, 2013 Over the weekend, the Vesti.Ru website published an article about how Russian customs officers found spy stuffing in a batch of irons from China.

From the author's book

Trojans claiming copyright: how not to make hidden bitcoin miners Andrey Vasilkov Published on December 20, 2013 In literary works, criminals are evil geniuses who intellectually challenge justice and the best minds

Malware, Trojans and Threats

Most computers are connected to a network (internet, the local network), which simplifies the distribution of malicious programs (according to Russian standards, such programs are called "destructive software", but, because this concept not widely used, the review will use the concept of " malware"; in English they are called Malware). Such programs include trojans (also known as Trojan horses), viruses, worms, spyware, adware, rootkits, and various other types.

Another plus is that MBAM rarely causes any conflicts with other anti-malware utilities.

Free Trojan Scanner SUPERAntiSpyware

. In addition to spyware, this program scans and removes other types of threats such as dialers, keyloggers, worms, rootkits, etc.

The program has three types of scans: quick, full or custom system scan. Before scanning, the program offers to check for updates to immediately protect you from the latest threats. SAS has its own blacklist. This is a list of 100 examples of various DLLs and EXEs that should not be on the computer. When you click on any of the items in the list, you will receive Full description threats.

One of the important features of the program is the presence of Hi-Jack protection, which prevents other applications from terminating the program (except Task Manager).

Unfortunately, the free version of this program does not support real-time protection, scheduled scans, and a number of other features.

More programs

Other free trojan scanners not included in the review:

• Rising PC Doctor (no longer available, you can still find old versions on the Internet) - Trojan and spyware scanner. Offers automatic protection against a number of Trojans. It also offers the following tools: startup management, process manager, service manager, File Shredder (file deletion program, without the possibility of recovering them) and others.
• FreeFixer - will scan your system and help you remove Trojans and other malware. But, the user is required to correctly interpret the results of the program. Particular care must be taken when deciding to remove important system files, as this can damage your system. However, there are forums where you can consult if in doubt about the decision (links to the forums are on the site).
• Ashampoo Anti-Malware (Unfortunately, it has become a trial version. It is possible that earlier versions can still be found on the Internet) - initially this product was only commercial. The free version provides real-time protection and also offers various optimization tools.

Quick Guide (Trojan Scanner Download Links)

Emsisoft Anti-Malware

		Scans and removes trojans, worms, viruses, spyware, trackers, dialers, etc. Easy to use.
		AT free version severely limited. Not available: automatic update, real-time file protection, scheduled scan, etc. Unfortunately, it has become a trial. Perhaps earlier versions can still be found on the Internet
		www.emsisoft(.)com

PC Tools ThreatFire

		Proactive protection against known and unknown trojans, viruses, worms, spyware, rootkits and other malware.
		Automatic update not provided if you have opted out of ThreatFire's community. 4.10 version has not changed since November 2011.

When using the Internet, you should not think that your privacy is protected. Detractors often follow your activities and seek to get your personal information with the help of special malware - spyware. This is one of the oldest and most widespread types of threats on the Internet: these programs enter your computer without permission to initiate various illegal actions. It is very easy to become a victim of such programs, but getting rid of them can be difficult - especially when you do not even know that your computer is infected. But do not despair! We will not leave you alone with threats! You just need to know what spyware is, how it gets into your computer, how it tries to harm you, how to eliminate it, and how you can prevent future spyware attacks.

What is spyware?

History of spyware

The term "spyware" was first mentioned in 1996 in one of the specialized articles. In 1999, this term was used in press releases and already had the meaning that is assigned to it today. He quickly gained popularity in the media. It wasn't long before the first anti-spyware application was released in June 2000.

"The first mention of spyware dates back to 1996."

In October 2004, media company America Online and the National Cyber ​​Security Alliance (NCSA) conducted a study of this phenomenon. The result was incredible and frightening. About 80% of all Internet users have somehow encountered spyware on their computers, approximately 93% of computers had spyware components, while 89% of users did not know about it. And almost all users affected by spyware (about 95%) admitted that they did not give permission to install them.

To date, operating Windows system is a preferred target for spyware attacks due to its widespread use. However, in recent years, spyware developers have also turned their attention to the Apple platform and mobile devices.

Spyware for Mac

Historically, spyware writers have considered their main target Windows platform, as it has a larger user base than the Mac platform. Despite this, the industry experienced a significant spike in Mac malware activity in 2017, with most of the attacks carried out through spyware. Mac spyware has a similar behavior to Windows spyware, but is dominated by password stealers and general purpose backdoors. The malicious activities of software belonging to the second category include remote execution of malicious code, keylogging, screen capturing, arbitrary file uploads and downloads, password phishing, etc.

“In 2017, the industry experienced a significant spike in Mac malware activity, with most of the attacks carried out through spyware.”

In addition to malicious spyware, Mac environment so-called "legitimate" spyware is also not uncommon. These programs are sold by real companies on official websites, and their main goal is to control children or employees. Of course, such programs are a classic "double-edged sword": they allow the possibility of abuse of their functions, since they provide the average user with access to spyware tools without requiring any special knowledge.

Spyware for mobile devices

Spyware does not create a shortcut and can stay in the memory of a mobile device for a long time, stealing important information, such as incoming/outgoing SMS messages, incoming/outgoing call logs, contact lists, email messages, browser history and photos. In addition, mobile spyware can potentially track keystrokes, record sounds within range of your device's microphone, take photos in background, as well as track the position of your device using GPS. In some cases, spyware even manages to control the device using commands sent via SMS and/or remote servers. Spyware sends stolen information via email or by exchanging data with a remote server.

Keep in mind that consumers are not the only target of spyware hackers. If you use your smartphone or tablet at work, hackers can attack your employer's organization through vulnerabilities embedded in the mobile device system. Moreover, computer security incident response teams may not be able to detect attacks carried out through mobile devices.

Spyware typically infiltrates smartphones in three ways:

• An unsecured free Wi-Fi network that is often installed in public places, such as airports and cafes. If you register on such a network and transfer data through an insecure connection, attackers can monitor all the actions that you perform while you remain on the network. Pay attention to warning messages displayed on your device screen, especially if they indicate a failure to authenticate the server identity. Take care of your security: avoid such insecure connections.
• Vulnerabilities in the operating system can create the prerequisites for the penetration of malicious objects onto a mobile device. Smartphone manufacturers often release updates to operating systems to protect users. Therefore, we recommend that you install updates as soon as they become available (before hackers try to attack devices running outdated programs).
• Malicious objects often hide in seemingly ordinary programs - and this is more likely if you download them not through the app store, but from websites or through messages. It is important to pay attention to warning messages when installing applications, especially if they ask permission to access your email or other personal data. Thus, we can formulate the main rule of security: use only proven resources for mobile devices and avoid third-party applications.

Who is attacked by spyware?

Unlike other types of malware, spyware developers do not aim to target any specific group of people with their products. On the contrary, in most attacks, spyware deploys its networks very widely in order to hit as many devices as possible. Consequently, each user is potentially a target of spyware, because, as attackers rightly believe, even the smallest amount of data will sooner or later find its buyer.

"In most attacks, spyware deploys its networks very widely to hit as many devices as possible."

For example, spammers buy email addresses and passwords in order to send malicious spam or act in the guise of others. As a result of spyware attacks on financial information, someone can lose money in a bank account or become a victim of scammers using real bank accounts in their machinations.

Information obtained from stolen documents, images, videos and other digital forms of data storage can be used for extortion.

Ultimately, no one is immune from spyware attacks, and hackers don't give much thought to whose computers they infect in pursuit of their goals.

What should I do if my computer is infected?

Spyware that enters the system tends to remain undetected and can only be detected if the user is experienced enough to really know where to look. So many users continue to work, unaware of the threat. But if it seems to you that spyware has penetrated your computer, you must first clean the system of malicious objects so as not to compromise new passwords. Install a reliable antivirus that is capable of providing proper cybersecurity and uses aggressive algorithms for detecting and removing spyware. This is important because only aggressive antivirus actions can completely remove spyware artifacts from the system, as well as restore damaged files and broken settings.

After cleaning your system of threats, contact your bank representatives to warn about potential malicious activity. Depending on what information was compromised on the infected computer (especially if it is connected to the network of an enterprise or organization), the law may require you to inform law enforcement about the facts of virus penetration or to make a public statement accordingly. If the information is of a sensitive nature or involves the collection and transmission of images, audio and/or video files, you should contact a law enforcement representative and report potential violations of federal or local laws.

One last thing: Many identity theft protection vendors claim that their services can detect fraudulent transactions or temporarily block your credit account to prevent harm from malicious activity. unwanted programs. At first glance, blocking a credit card seems like a really good idea. However, Malwarebytes strongly recommends that you do not purchase identity theft protection.

"Many vendors of identity theft protection claim that their services can detect fraudulent transactions."

How to protect yourself from spyware?

The best protection against spyware, like most types of malware, depends primarily on what you do. Please follow these basic guidelines to ensure your cyber security:

• Do not open emails from unknown senders.
• Do not download files from unverified sources.
• Before you click on a link, hover your mouse over it to check which web page it will take you to.

But as users have gained cybersecurity expertise, hackers have also gotten smarter, creating ever more sophisticated ways to deliver spyware. That is why installing a proven antivirus is essential to counteract the latest spyware.

Look for antiviruses that provide real-time protection. This feature allows you to automatically block spyware and other threats before they can harm your computer. Some traditional antivirus and other cybersecurity tools rely heavily on signature-based detection algorithms - and such protection is easy to bypass, especially when it comes to modern threats.
You should also pay attention to the presence of functions that block the very penetration of spyware into your computer. For example, it can be anti-exploit technology and protection against malicious websites that store spyware. The premium version of Malwarebytes has a proven track record of being a reliable anti-spyware solution.

AT digital world dangers are an integral part of the Internet reality and can lie in wait for you at every turn. Fortunately, there are simple and effective ways to protect yourself from them. If you maintain a reasonable balance between using antivirus and taking basic precautions, you will be able to protect every computer you use from spyware attacks and the malicious activities behind them.
You can view all of our spyware reports