Spyware/Adware/Malware Removal Guide

Document Sample
Spyware/Adware/Malware Removal Guide Powered By Docstoc
					                           Spyware/Adware/Malware Removal Guide
                                                                                                     Compiled by Randy Bowman
                                                                                                                     05-05-2005



Table of Contents
Purpose ............................................................................................................................. 2
Introduction ..................................................................................................................... 2
  Skill Level Needed...................................................................................................... 2
  Symptoms..................................................................................................................... 2
  Time Investment ......................................................................................................... 2
  Notes and Record Keeping .................................................................................... 2
Preparing to Clean-up ................................................................................................. 2
  Download Tools .......................................................................................................... 2
  Disaster Recovery Planning .................................................................................... 4
  Priming the PC ............................................................................................................ 4
Scanning and Cleaning Up......................................................................................... 6
  Virus Scanning ............................................................................................................ 6
  Clean Hard Drive ....................................................................................................... 6
  Main Spyware Scan and Removal ....................................................................... 6
  Secondary Scan and Removal ............................................................................. 7
  Final Steps .................................................................................................................... 8
Prevention and Safe-Guarding .................................................................................. 9
Appendix A ................................................................................................................... 11
     Piggybacking and Bundling ............................................................................. 11
     Drive-By Installs .................................................................................................... 12




                                                                        1
Purpose
This guide is intended to be used by my family and friends who have become infected with the
plethora of malware that has cropped up on the internet and is infecting their machines. I have
become very adept in cleaning up spyware and want to provide a mechanism to enable users
to clean their own machines. It is my belief that if people are equipped with the skills to clean
up their machines, then they will be more apt to take the precautions to prevent infections.
Information in this guide comes from a variety of sources.
     □ http://www.majorgeeks.com/ (http://forums.majorgeeks.com/showthread.php?t=35407)
     □ http://www.bleepingcomputer.com/
     □ http://www.iamnotageek.com/a/spyware.php
     □ http://www.io.com/~cwagner/spyware/
     □ http://www.firewallguide.com/spyware.htm
     □ http://www.pchell.com/support/spyware.shtml
     □ http://www.pcstats.com/articleview.cfm?articleID=1458
     □ http://www.microsoft.com/windowsxp/using/security/expert/honeycutt_spyware.mspx

This guide is designed only for Windows XP systems. The principles are the same in other
Operating Systems, but the exact directions may vary a little.

Introduction
Skill Level Needed
This guide is helpful for people who have at least basic computer skills. By this I mean the user
should be comfortable accomplishing the following tasks:
       □ Downloading and Installing Software from the Internet
       □ File Management (i.e., browsing directories, renaming files, deleting files, etc…)
       □ Following directions

Symptoms
I typically get asked about cleaning up spyware and malware when my friends, family, and
clients can no longer function on the internet because of the gazillion of pop-up and pop-under
ads and their connection slows down. The types of ads that they see vary, but generally
promote Spyware products, Anti-virus products, Gambling sites or pornography.

Time Investment
I typically plan anywhere from 2-4 hours to do a clean-up. This time will vary based on the speed
of the machine you are working on, your familiarity with this process, what kind of
Spyware/malware you are infected with, and your knowledge of system files. If you are a
brand-new beginner, expect to spend 6-8 hours. Now, I will grant you that a lot of that time you
will be just sitting as the tools are scanning your computer and doing the work for you. However,
while your machine is scanning and working, it will be unavailable for you to use.

Notes and Record Keeping
It is a very good idea to keep notes about what you are doing and what you are fixing. This is
important in case you accidentally do mess something up, then an expert knows exactly what
you have done.

Preparing to Clean-up
Download Tools
Unfortunately there has yet to be created a single tool that will clean all the different malware
infections. So, you have to use quite a number of different products. Download the following
tools and install them. Do not use them yet except to check for and apply any updates.



                                               2
1. Spy-Bot S&D (Download) – Free. Make sure
   you run this software after installation         Tip: Create a folder on your C:\ drive for the tools
                                                    you will need to use.
   and get all of the updates then exit
                                                       a. Navigate to your C:\ folder and right click on
   without scanning.                                      a blank spot in the window.
                                                       b. Choose New  Folder.
2. AdAware SE Personal (Download) – Free.              c. Name this folder SpywareTools.
   Make sure you run this software after
                                                 Now you can save the tools you will be
   installation and get all of the updates       downloading to this folder.
   then exit without scanning.
3. Webroot’s Spy Sweeper (Download) – Free Trial Version. I usually download and install the
   trial version of this product and use it during the clean-up process. Once I am finished
   cleaning up, I uninstall it. It annoys me and in not needed if you follow the steps in the
   Prevention section later on. Make sure you let it update itself, then exit without scanning.

4. HijackThis (Download) – Free. This may be the most powerful tool you download. However,
   it is also the most dangerous tool for beginners. HijackThis examines certain key areas of
   the Registry and Hard Drive and lists their contents. These areas are used by both
   legitimate programmers and by ill-intentioned hijackers. The software will not tell you
   which files are good and which are bad, that is up to you to decide. If you remove
   legitimate items, then you might not be able to use some of your software. Use this tool
   with extreme caution!!! DO NOT install Hijack This to the Desktop, any folder under
   Documents and Settings, a temp folder or choose to run it directly from the downloaded
   ZIP file. Place Hijack This in its own folder that is safe for storing Backups. C:\Program
   Files\HJT is a good example.

5. Find-It (Download) – Free. No installation is required, just extract this file in your SpywareTools
   directory by right clicking on the file and choosing Extract.

6. KillBox (Download) – Free. No installation is required, just extract this file in your SpywareTools
   directory by right clicking on the file and choosing Extract.

7. Ad-Aware VX2 Cleaner Plug-In (Download)- Free. Install but do not use yet.

8. CCleaner (Download) – Free. Install only, then exit

9. SpywareBlaster (Download) - Install, click Download Latest Protection Updates, Check for
   Updates, and then Enable All Protection, then exit. It does a great job of blocking known
   vulnerabilities as well as known malicious websites.

10. McAfee AVERT Stinger (Download) - No installation required! Ready to run as is.

11. CWShredder (Download) - No installation is required, just extract this file in your
    SpywareTools directory by right clicking on the file and choosing Extract.

12. Kill2me (Download) - No installation is required, just extract this file in your SpywareTools
    directory by right clicking on the file and choosing Extract.

13. about:Buster (Download) - No installation is required, just extract this file in your
    SpywareTools directory by right clicking on the file and choosing Extract. Click Update
    and download any before scanning.

14. HSRemove (Download) - No installation required! Ready to run as is.



                                                3
Disaster Recovery Planning
While I have never had to use it, I always take a moment to create a back-up of all important
files. Burn anything you might be afraid to lose, such as you’re My Documents folder, to a CD or
a USB Flash Drive.

Then, go to Start  Run and type regedit and click the OK button. This starts the Registry Editor.
From the menu bar choose File  Export. Type in the name PreScanRegBack05-05-2005 (or
whatever date it actually is) and click the Save button. Burn that file on your CD or put it on your
USB Flash Drive. This is a backup of your registry. Exit out of the Registry Editor.

Priming the PC
    1. Temporarily disable the System Restore feature. This helps us avoid being re-infected by
       any viruses, spyware, etc. that you may have picked up and have been saved to the
       protected directory by System Restore. Since System Restore is a protected directory,
       your tools can not access it to delete files, trapping viruses inside.
       a. Right click on the My Computer icon on your desktop and select Properties.
       b. Click on the System Restore tab.
       c. Check the box that says "Turn off system restore on all drives". Click OK.
       d. Click Yes when you are prompted to restart the computer
       e. To re-enable System Restore, follow steps 1-3, but in step 3, un-check the Disable
           System Restore check box.

   2. Check for and Disable Malicious Services. A few spyware programmers actually hide
      their work as services. You need to check to see if any of the following three Windows
      services are running:
              □ Network Security Service
              □ Workstation Netlogon Service
              □ Remote Procedure Call (RPC) Helper
          a. Click Start  Control Panel  Administrative Tools  Services
          b. When the Services window opens up, carefully scan the names of the services
              and look for ones that exactly match those listed above. (NOTE: DO NOT
              DISABLE: Remote Procedure Call (RPC) or Remote Procedure Call (RPC) Locator.
              They are both required services and are unrelated to the hijacker.)
          c. You may have more than one of these 3 bad services, so look carefully for all of
              them.
          d. If you find these services, you must Right Click on it to bring up the Properties
              window and do the following (refer to the Figure):
                i. Stop the service by click the Stop
                   button.
               ii. Now, disable it by changing the
                   Startup Type to Disabled and
                   click the Apply button.
          e. If you do not find these exact
              services, do not worry and just skip
              this step. DO NOT DISABLE ANYTHING
              UNLESS THE EXACT WORDING OF THE
              SERVICE NAMES IS MATCHED.

   3. Enable viewing of hidden files and folders



                                                 4
and extensions. Some programs can hide this way by not being visible in Windows.
   a. Start Windows Explorer and click on your C-Drive.
   b. Select Tools  Folder Options from the menu.
   c. Click on the View tab.
   d. Scroll down to the folder icon that says Hidden files and folders and choose the
       Show hidden files and folders option.
   e. Right below this option you need to uncheck the Hide file extensions for known
       types option.
   f. Also uncheck the Hide protected operating system files (recommended) option.




                                      5
Scanning and Cleaning Up
It is important to follow these directions explicitly. Do not re-boot unless specifically told to.
Many times these spyware applications hide
installers from you and when you re-boot, they will    How to boot in safe mode: To boot into safe mode,
connect to the internet and re-install the spyware     restart your computer and tap the F8 key (after first
                                                       black and white screen, but before the Windows
you just removed. Also, we will be doing a lot of      splash screen) until you get to a black and white
work in either Safe Mode or Safe Mode with             screen asking you what to do. Use your arrow keys
Networking. Booting in safe mode is important to       to select your boot option. Getting the timing
achieve the best results because Safe Mode             down to press F8 to get to the boot option screen
                                                       can be tricky for those who are not used to it. Just
disables most drivers and running programs.            keep rebooting until you get to the boot option
                                                           screen.
Virus Scanning
Even though you may employ an anti-virus solution on your computer, not all anti-virus catch all
viruses all the time. Therefore, you need to scan your machine using the free virus scanners
mentioned below. Scan your machine with each of the tools below in the order they are listed.
Scan using only one tool at a time and have the anti-virus utility clean your system.

    1.   Reboot your machine in “Safe Mode with Networking.” - If you have a problem for any
         reason trying to run these scans in safe mode, do them in normal boot mode.
          Do an online scan at Trend Micro's Free Online Virus Scan.
          Do an online scan at Symantec Security Check.
          Run McAfee AVERT Stinger that you downloaded earlier.

Clean Hard Drive
To provide the greatest ability for the scanners to properly detect and remove all forms of
malware, make sure to close any other applications that are running on your system especially
browsers before you run these tools. It is in your best interest to follow this directive. Reboot your
machine in “Save Mode” (DO NOT USE the “with Networking” as we want to ensure that we are
disconnected from the internet). Close all browsers and any other applications you have running
now and then continue with step 2 below.

    2.   Remove temporary internet and other files not needed with CCleaner. Run CCleaner
         with the default options to clean out temporary files. Check the clean "Delete Index.dat"
         checkbox. Only use the Windows tab and select Run Cleaner. Do not run any other
         options from other tabs.

Main Spyware Scan and Removal
All that work we have done so far and now we are finally getting to the good stuff of actually
trying to remove the bad stuff that has been loaded on your machine.

    3.   Scan your machine with Ad-Aware SE and have it clean everything it finds.
    4.   Start Spy-Bot S&D.
             a. Choose Advance Mode from the Mode menu in the toolbar.
             b. On the far left-hand side of the screen, look down at the bottom and click on the
                 word Settings.
             c. Click on the Ignore Products option about mid-way through the list in the gray
                 portion on the left.
             d. Scroll through the list of products in the large white area in the bottom-right
                 portion of the screen and Uncheck any products that are checked. Some
                 Spyware tells Spy-Bot not to check for it.
             e. In the left hand gray menu, choose Spybot S&D and the click the Check for
                 Problems button to scan your machine with Spy-Bot S&D.



                                                     6
             f. Have Spy-Bot clean everything it finds. If Spy-Bot can not clean everything it will
                ask permission to run the next time you boot. Choose “Yes”, but do not re-boot.
             g. Look for the Immunize feature in the left hand menu and click it. Then click the
                Immunize button with the green plus sign next to it.
             h. Ensure that the Enable permanent blocking of bad addresses in Internet Explorer
                checkbox is checked and then choose Block all bad pages silently from the
                drop-down box.

   5.   Scan with Spy Sweeper. Click the Sweep Now option.

   6.   Scan with SpywareBlaster.

   7.   Run the other programs you downloaded (they are standalone and easy to use):
           a. CWShredder (make sure you select Fix)
           b. Kill2me
           c. about:Buster
           d. HSRemove
        Note: about:Buster and HSRemove need only be run if you are having about:blank or HomeSearchAssistent
        hijacks.


Secondary Scan and Removal
Reboot in normal mode. If you are still experiencing the same symptoms then we need to do
some more work. This can get kind of dangerous to the average user, so follow these directions
very carefully.

        1.   If you are still having problems after performing all the above, these alternative scans
             below may prove to be useful. As mentioned above, it would be good to perform
             these in safe mode since it may assist in the ability to remove an infection. However,
             there are cases where a problem does not show itself completely until you boot in
             normal mode. So first run these scans in normal boot mode, and if they have
             problems cleaning any particular items repeat the scan in safe mode to see if it
             helps.

                  a.   Bitdefender online scan
                  b.   RavAntivirus online scan (select Auto Clean then click Scan My PC)
                  c.   TrojanScan online scan
                  d.   a-squared (a²) Free edition (free but requires an email address to register)
                  e.   avast! Virus Cleaner Tool

        2.   Run Hijack This. It is very important that you close the following kinds of programs
             before running HijackThis: web browsers (this includes Internet Explorer), Email
             programs, Instant Messengers, Notepad, WordPad, Word and any other similar
             unnecessary applications. Remember lots of programs run in the taskbar so make
             sure that you right-mouse click on every icon next to the clock and choose quit or
             exit if you can.

             Also do not run Hijack This in safe mode unless someone specifically requests that you
             do so.

             Once you have run Hijack This, use the information in the official tutorial of Hijack This
             website to help you decide which items you need to fix. The tutorial explains what
             each section means and then breaks each section down (with examples) to help
             you understand what is safe and what should be removed. Optionally, Help2Go


                                                     7
           Detective and Hijack This analysis do a fair job of figuring out many potential
           problems for you. Simply paste your log file there and click analyze. If you still have
           questions then e-mail me a copy of your log file and I will tell you what to do.

       3. If you are still having problems after doing all these steps, then contact me and I will
          try to help you determine exactly which Spyware product has infected you and give
          you more specific instructions.

Final Steps
Hopefully you are clean. If so, then re-boot and turn System Restore back on.




                                                8
Prevention and Safe-Guarding
Now that you have worked so hard to get your machine cleaned up, I am sure you don’t want
to get infected again. Follow these steps to help prevent future infections.

   1. Ensure your anti-virus program has up-to-date definitions and is running. A lot of people
      think they have anti-virus protection when they don’t. Just because your computer
      came with McAfee or Norton doesn’t mean you are actually using it. I can’t tell you the
      number of times that I have found people thinking they are protected because their PC
      manufacturer put a 90-day trial version of McAfee on their machine. Either the user did
      not activate the trial version or they failed to buy the full-version at the end of their 90-
      days. If you absolutely do not want to pay for anti-virus software, then use Grisoft’s AVG
      Anti-Virus Software that is free for personal, home use.

   2. Make sure you are running Service Pack 2 for Windows XP. Go to Start and right click on
      My Computer and choose Properties. On the General tab you will see a section labeled
      System. Make sure that you see the words Service Pack 2. If you do not, follow the steps
      in Step 4 to get Service Pack 2.

   3. Install and Run a Firewall. A firewall will hide your computer from being seen by others on
      the internet. It is like being able to put a big invisibility shield around your house so that
      people driving down your street just see an empty lot. Windows XP Service Pack 2 comes
      with a built-in firewall. You can use that one if want to. Personally, though, I turn off that
      one and use the free for personal use, firewall product by Zone Alarm.

   4. Apply all Windows Updates and turn on Automatic Windows Update. Many security
      loopholes are found and exploited and Microsoft patches for these. Millions of people
      were affected by the Blaster worm because they were not up to date, as an example. If
      you're not up to date, you're at risk.
         a. Go to Start  Windows Updates and follow the directions to download all
              available updates and apply them.
         b. To set-up Automatic Updates the go to Start  Settings  Control Panel 
              Automatic Updates. Ensure that the Automatic (recommended) choice is
              chosen.

   5. Remove Microsoft Java - Microsoft no longer supports its version of Java and it is often a
      source of installed spyware and hijacks. Therefore, it is a good idea to remove Microsoft
      Java Virtual Machine and Install Sun Java. Follow these steps to accomplish this task.
          a. Download and run the MSJVM Removal Tool 1.0a
          b. Download and install Sun Java from here: http://java.com/en/

   6. Consider replacing your web browser with a free alternative like FireFox. Exploiting holes
      in Internet Explorer is the main culprit for most hijacks and spyware installs. If you don’t
      use it, then you can’t be compromised. However, as FireFox is adopted by more and
      more people, I expect it to be found with security holes and for it to them to be
      exploited. This will not be a panacea, but will just be like putting a dead-bolt on your
      door.

   7. Read Appendix A to learn how you got infected in the first place. Understanding how
      malware works will help you learn to avoid it.

   8. Be careful what you download. As mentioned in Appendix 1, the most important thing is
      to pay attention to what you download. No matter the source of the program, unless



                                                9
you know exactly who wrote this application and what it contains, you might be getting
more than you bargained for.
   a. Stay away from all file-sharing applications. Do not use Kazaa. There is no need
       for any of this kind of software. Beside being a big security risk it can also be
       borderline illegal. Using Peer-to-Peer & File-Sharing applications is like locking all
       the doors of your house, but knocking a hole in the side of the house. Anyone
       can come in and do anything they want.
   b. You probably don't need any other toolbar for IE other than the Google Toolbar,
       with integrated Google search and popup blocking. Use your Add and Remove
       Programs from the Control Panel to un-install any other toolbars you are using,
       including AOL, MSN, and Yahoo.
   c. I know lots of people like to see the weather in their toolbar. That is fine; just use
       WeatherWatcher instead of WeatherBug (which is adware).




                                         10
Appendix A
How did I get infected with all this stuff in the first place?

There's basically two ways that malware gets onto your PC: piggybacking on other applications
and "drive-by" installs through Internet Explorer.

Piggybacking and Bundling
There are two kinds of "ad-supported" applications. The benign kind has an advertising system
built into it that shows you ads while the application is running, and which has no effect on the
system when the application is not. The banner ads in the free versions of Eudora and Opera fall
into this category.

The other kind of ad-supported application installs a separate advertising system onto your
computer that runs all the time whether the ad-supported application is running or not. These
advertising systems have names like CyDoor, Gator (who have renamed themselves "Claria" to
hide their tracks), TopText, etc. Sometimes the application will warn you about the bundled
advertising system, sometimes they will not. Sometimes uninstalling the application will get rid of
the       bundled       advertising
system, usually it will not.          AOL Instant Messenger v5.5.x
                                      The most recent version of AIM (5.9.3690) will
These advertising systems will        optionally install two pieces of software which are     show
pop-up ads, sometimes when            flagged as malicious by many spyware scanners
you're not even browsing the          (Weatherbug and WildTangent) and will stealthily        web.
Some of them will change the          install another (Viewpoint Media Player).
banner ads or links on web
pages. Often, they are self-          The WildTangent package is optionally installed to
updating, and will sometimes          support the "AIM Games" site, and the Viewpoint        install
other advertising systems, or         package is automatically installed to drive AIM's        alter
your system's security settings       advertising systems (since the Viewpoint player             to
allow for easier drive-by installs.   allows for full-screen movies and 3D effects outside     (See
below.)      They   are       classic of the controlling application). Both of these
browser parasites.                    packages are flagged by some anti-spyware
                                      software because they have very poor privacy
Common piggyback sources              policies, and at one point were known to collect the        of
advertising malware are most          hardware information of their users. They are low-risk
popular                 file-sharing  and do not present a huge danger, nor are they a
applications (including Kazaa,        source of unwanted advertising.
iMesh,       Morpheus,        Xolox,
Grokster, and others), old free       The Weatherbug software is known to be adware
versions of DivX Pro (which           when installed separately. It is not known if the AOL-
installed Gator), versions of         customized version that comes with AIM v5.5.x is also
Limewire before v4 (which             adware, or whether it relies on the advertising
included a custom affiliate-          systems built into AIM.
hijacker called "Limeshop"),
GoZilla (which has a veritable        AIM functions normally if you don't install with the      raft
of bad stuff), InternetWasher,        WildTangent or Weatherbug packages, and                   and
many "free" applications found        uninstalling the Viewpoint Media Player from the           on
sites like Download.com.              Add/Remove Programs section of the Control Panel
                                      will not affect its operation either. AIM will not
Most add-on toolbars for              reinstall those items unless it is upgraded.
Internet Explorer are malware




                                                11
sources. This includes (but is not limited to) MySearchBar, DashBar, Xupiter, HotBar, UCMore, and
many others. The Google and Yahoo toolbars are safe.

Other software that people like to use are products like DownloadWare/NetworkEssentials,
Comet Cursor, Bonzi Buddy, the Gator/GAIN "applications" (DashBar, PrecisionTime,
DateManager, and eWallet), and Internet Optimizer. These masquerade as useful applications,
but provide no substantial functionality and are merely a ruse to get their advertising software
onto your computer. The latest and most dangerous trend is "anti-spyware" software that's
actually just another source of malware. For example, Google searches for some of the
common anti-malware software packages will turn up "sponsored links" (in other words,
advertisements) for malicious software, linked to those keywords. This document will cover the
packages that are known to be safe, and the ones that are known to be dangerous.

To sum up: Pay attention to what you're downloading and installing. If it's free, there may be a
reason for that.

Drive-By Installs
The second (and harder to deal with) method for acquiring malware is through "drive-by"
software installs in Internet Explorer. This can happen because IE supports a technology called
"ActiveX", which allows website creators to embed small programs in their sites (called "ActiveX
controls"), which can then call larger programs (such as software installers). When this
technology is used correctly, it lets you install software like Macromedia Flash or Apple
QuickTime from a website without having to download a separate installer. It's also the
technology that drives Windows Update.

When you give permission for a website to run an ActiveX control, it is exactly the same as if you
had downloaded a program and run it. An ActiveX control can do literally anything to a PC; it
can install software, it can change settings, it could even delete all the data on your PC. Many
users do not realize that when they see an ActiveX control download prompt, they are
essentially handing control of their PC over to a website (or in some cases, over to a banner ad).

An ActiveX download prompt looks like this on older PCs:




Microsoft made many positive changes to the way that Internet Explorer handles ActiveX
controls in Windows XP Service Pack 2. Most of these changes were "under the hood", but a few
of them are obvious, such as in the way that ActiveX download prompts have changed. You




                                               12
now       see      one      of      the      Internet     Explorer      notification      bars     first:




If you click on the notification bar and tell it to download the control, you receive one more
prompt:




I chose Cult3D as an example because it sounds malicious, but is actually benign. You should
get in the habit of treating all ActiveX controls as malicious by default, unless you know
otherwise.

Theoretically, as long as you never say "yes" to any ActiveX control that you don't recognize as
safe, you will never suffer from any malicious drive-by installs. Unfortunately, this is not necessarily
the case, because there are problems with the implementation of ActiveX. The problems boil
down to this:
     There are security settings in Internet Explorer that can be set so that all ActiveX controls
        (including malware) can auto-install without prompting. One malicious application (or a
        careless user) can change these settings.
     Deceptively-named popups and ActiveX download prompts can lead uninformed users
        to install malicious applications, believing them to be important system updates, or
        software required to view a site.
     And the biggest problem: security holes have been found with great frequency in
        Internet Explorer that have been exploited by malicious website creators to install
        ActiveX controls (or other malicious software) without prompting.

This means that a version of Internet Explorer with the right security hole, or with incorrect security
settings, can be infected with a huge amount of malware just by visiting a single website. No
user intervention would be required; simply following a link to a website would be enough.
(Many worms spread through instant messenger services by suggesting that people visit "cool
sites", which then infect vulnerable PCs.) And even a correctly-configured and totally secured
system can be infected if a user makes a single incorrect choice on the wrong website.

As of this writing), there are no unpatched security holes in Internet Explorer that are known to be
in wide up by malware authors. However, such holes crop up with extremely high frequency,
due to the insecure design of IE, and often the first sign that such a hole has been found is when
the attacks begin. Microsoft sometimes takes months to patch those holes, during which time
the browser is completely vulnerable. Windows XP Service Pack 2 has made a substantial




                                                  13
number of low-level changes to Internet Explorer that will hopefully improve the browser's overall
track record, but exploits that affect XP SP2 have already been found.

There are also sites that try a very simple trick: they begin an automatic download of an installer
(usually an EXE file), in the hopes that the user will either instinctively or accidentally hit "Open"
instead of "Cancel". If the user hits "Save", then they'll have the installer sitting on their desktop or
in their download directory, and they might accidentally run it later. This kind of attack isn't
limited to Internet Explorer, and the only real defense against this sort of thing is to watch out for
it (although Windows XP Service Pack 2 has made some changes to make it less effective).




                                                   14

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:8
posted:8/31/2012
language:English
pages:14