Secure your login account with "On Screen Keyboard"

So many web or webmail offer full security to protect your login. Some websites like marketiva or internet banking use Secure Socket Layer or SSL 128 byte encryption protocol, indicate with "https://" in websites address. Yahoo and Google mail is also using this encrytion protocol to serve more secure to your loggin account to make sure nobody can't decrypted what password did you typed while surfing on that web or webmail.

But even your websites using SSL 128 Byte, if your computer was infected by keylogger virus or trojan, it has the same dangerous. It was happen to me, when i logon into marketiva.com, i suddenly got disconnected by the streamer program because "i" was login in somewhere else (double login)!!, this was sure a bad moment at the time, someone stole my username and PASSWORD!!!...

So, i write this to make sure my experience not happen to you. Then how do i pass from this keylogger? Firstly, your have to sure that your antivirus is up to date and updated periodicly so you can also make sure your computer is cleaned from virus and trojan. Second, use "On Screen Keyboard" which you can find in Start - Program - Accessories - Accessibility - On Screen Keyboard.

 

Maybe it is ok to type your username directly by keyboard, but with password, maybe you should use this program for your own safety. 

 

Read More......

History Of Computer Virus - Final

This Article was takken from http://www.cknow.com

Dr. Solomon: The Future

There will be more viruses - that's an easy prediction. How many more is a difficult call, but over the last five years, the number of viruses has been doubling every year or so. This surely must slow down. If we say 1,500 viruses in mid-1992, and 3,000 in mid-1993, then we could imagine 5,000 in mid 1994 and we could expect to reach the 8,000 mark some time in 1995. Or perhaps we are being optimistic? [The number topped 10,000 in 1996. It continues to go up.]

The glut problem will continue, and could get sharply worse. Whenever a group of serious anti-virus researchers meet, we find an empty room, hang "Closed for cleaning" on the door, and frighten each other with "nightmare scenarios." Some of the older nightmare scenarios have already come true, others have not, but remain possibilities. The biggest nightmare for all anti-virus people is glut. There are only about 10-15 first class anti-virus people in the world, and most of the anti-virus companies have just one of these people (some have none). It would be difficult to create more, as the learning curve is very steep. The first time you disassemble something like Jerusalem virus, it takes a week. After you've done a few hundred viruses, you could whip through something as simple as Jerusalem in 15 minutes.

The polymorphic viruses will get more numerous. It turns out that they are a much bigger problem than the stealth viruses, because stealth is aimed at checksummers, but polymorphism is aimed at scanners, which is what most people are using. And each polymorphic virus will be a source of false alarms, and will cause the researchers much more work than the normal viruses.

The polymorphic viruses will also continue to get more complex, as virus authors learn the technique, and increasingly try to ensure that their viruses cannot be detected.

Scanners will get larger - more code will be needed because more viruses will need hard coding to scan for them. The databases that scanners use will get larger; each new virus needs to be detected, identified and repaired. Loading the databases will take longer, and some programs will have memory shortage problems. [Indeed, this has forced anti-virus firms to combine more sophisticated techniques with simple database scanning.]

As Windows becomes more popular, people will be increasingly reluctant to run scanners under DOS. But if you are running Windows, you have run software on the hard disk, and if one of the things you've run is infected by a virus, you have a virus in memory. If there is a virus in memory, you cannot trust what the computer is saying - it could be a stealth virus. Windows will make antivirus software less secure.

The R&D effort to keep scanners up-to-date will get more and more. Some companies won't be able to do it, and will decide that scanning is outdated technology, and try to rely on checksumming. Other companies will licence scanners from one of the few companies that still maintains adequate R&D (we've already started seeing some of this). Some companies will decide that the anti-virus business isn't as profitable as they had thought, and will abandon their anti-virus product, and go back to their core business.

Users will get a lot more relaxed about viruses. We've long since passed the stage where a virus is regarded as a loathsome disease, to be kept secret. But we're increasingly seeing people who regard a virus on their system with about the same degree of casualness as a bit of fluff on their jacket. Sure, they'll wipe it off, but there's not real need to worry about it happening again. This is perhaps a bit too relaxed an attitude, but what can you expect if a user keeps on getting hit by viruses, and nothing terrible ever seems to result.

Anti-virus products will mature a lot. Those without any kind of decent user interface will have a hard time competing against the pretty ones. Those with a long run time will be rejected in favour of those that run in seconds. Exactly which viruses are detected will have far less emphasis (it is very difficult for users to swallow claims about so many thousands of viruses) than the ease of use of the product, and the amount of impact it has on the usability of the computer.

New products will keep arriving, as each company invents the product that makes all previous products obsolete. Sometimes the magic ingredient will be software (AI, neural nets, whatever is the latest buzzword) and sometimes it will be hardware (which can never be infected, except that that isn't the problem). These products will burst on a startled world in a blaze of publicity, and vanish without trace when users find that installing them makes their computer unusable, or else it doesn't find any viruses, or both. But new ones will come along to take their place.

Gradually, people will trade up from DOS to whatever takes its place; OS/2, Windows-NT or Unix, and the DOS virus will become as irrelevant as CP/M. Except that DOS will still be around 10 or even 20 years from now, and viruses for the new operating system will start to appear as soon as it is worth writing them.

Some computers are already being built with ingrained resistance to viruses. Some brands of computer are already immune to boot sector viruses, provided you make a simple choice in the CMOS setup (don't boot from the floppy). ["Immune" is probably too strong as a multipartite virus can still drop a boot sector infector from a file even if the CMOS is set to only boot from the hard disk. Right now, very few users are being told that these computers can be set up that way, but people are gradually finding out for themselves. This doesn't solve the virus problem, but anything that makes the world a difficult place for viruses must be a help.

The virus problem will be with us forever. It isn't the dramatic, worldshaking kind of problem that Michelangelo was made out to be; nor is it the fluff-on-your-jacket kind of problem. But as long as people have problems with computers, other people will be offering solutions for those problems.

Thank you Dr. Solomon.

Now you might want to continue to Robert Slade's history to get a different viewpoint and some additional details.

Read More......

History Of Computer Virus - Part 7

This Article was takken from http://www.cknow.com

Dr. Solomon: 1993 - Polymorphics and Engines

Early in 1993, XTREE announced that they were quitting the antivirus business. This was the first time that a major company had given up the struggle.

Early in 1993, a new virus writing group appeared, in Holland, called Trident. The main Trident author, Masouf Khafir, wrote a polymorphic engine called the Trident Polymorphic Engine, and released a virus that used it, called GIRAFE. This was followed by updated versions of the TPE. The TPE is much more difficult to detect reliably than the MtE, and very difficult to avoid false alarming on.

Khafir also released the first virus that worked according to a principle first described by Fred Cohen. The Cruncher virus was a data compression virus, that automatically added itself to files in order to auto-install on as many computers as possible.

Meanwhile, Nowhere Man, of the Nuke group, had been busy. Early in 1993, he released the Nuke Encryption Device (NED). This was another mutator that was more tricky than MtE. A virus called Itshard soon followed.

Phalcon/Skism was not to be left out. Dark Angel released DAME (Dark Angel's Multiple Encyptor) in an issue of 40hex; a virus called Trigger uses this. Trident released version 1.4 of TPE (again, this is more complex and difficult than previous versions) and released a virus called Bosnia that uses it.

Soon after that, Lucifer Messiah, of Anarkick Systems had taken version 1.4 of the TPE and written a virus POETCODE, using a modified version of this engine (1.4b).

Early in 1993, another highly polymorphic virus appeared, called Tremor. This rocketed to stardom when it got included in a TV broadcast of software (received via a decoder).

In the middle of 1993, Trident got a boost when Dark Ray and John Tardy joined the group. Tardy released a fully polymorphic virus in 444 bytes, and we can expect more difficult things from Trident.

The main events of 1993, were the emergence of an increasing number of polymorphic engines, which will make it easier and easier to write viruses that scanners find difficult to detect.

Read More......

Resize Image in a Second

There are new and nice program called "ImageResizer". This small program is an additional program (add-ins) which created and developed by Microsoft. With this program, you can change picture size in a second, very fast and easy. Click here to download

Select the picture which you want to resize, and rigth click it. An pop up will show up, choose one of your need, and click ok. Your picture will now resize.. easy, isn't it?

Read More......

History Of Computer Virus - Part 6

This Article was takken from http://www.cknow.com

Dr. Solomon: 1992 - Michelangelo

January 1992 saw the Self Mutating Engine (MtE) from Dark Avenger. At first, all we saw was a virus that we named Dedicated, but shortly after that, we saw the MtE. This came as an OBJ file, plus the source code for a simple virus, and instructions on how to link the OBJ file to a virus to give you a full polymorphic virus. Immediately, virus researchers set to work on detectors for it. Most companies did this in two stages. In some outfits, stage one was look at it and shudder, stage two was ignore it and hope it goes away. But at the better R&D sites, stage one was usually a detector that found between 90 and 99% of instances, and was shipped very quickly, and stage two was a detector that found 100%. At first, it was expected that there would be lots and lots of viruses using the MtE, because it was fairly easy to use this to make your virus hard to find. But the virus authors quickly realised that a scanner that detected one MtE virus, would detect all MtE viruses fairly easily. So very few virus authors have taken advantage of the engine (there are about a dozen or two viruses that use it).

This was followed by Dark Avenger's Commander Bomber. Before CB, you could very easily predict where in the file the virus would be. Many products take advantage of this predictability to run fast; some only scan the top and tail of the file, and some just scan the one place in the file that the virus must occupy if it is there at all. Bomber transforms this, and so products either have to scan the entire file, or else they have to be more sophisticated about locating the virus.

Another virus that came out at about that time, was Starship. Starship is a fully polymorphic virus (to defeat scanners), with a few neat anti-debugging tricks, and it also aims to defeat checksummers with a very simple trick. Checksumming programs aim to detect a virus by the fact that it has to change executable code in order to replicate. Starship only infects files as they are copied from the hard disk to the floppy. So files on the hard disk never change. But the copy on the floppy disk is infected, and if you then copy that onto a new hard disk, and tell the checksummer on the new machine about this new file, the checksummer will happily accept it, and never report any changes. Starship also installs itself on the hard disk, but without changing executable code. It changes the partition data, making a new partition as the boot partition. No code is changed, but the new partition contains the virus code, and this is run before it passes control on to the original boot partition.

Probably the greatest event of 1992 was the great Michelangelo scare. One of the American anti-virus vendors forecast that five million computers would go down on March the 6th, and many other US vendors climbed on to the bandwagon. PC users went into a purchasing frenzy, as the media whipped up the hype. On March the 6th, between 5,000 and 10,000 machines went down, and naturally the US vendors that had been hyping the problem put this down to their timely and accurate warning. We'll probably never know how many people had Michelangelo, but certainly in the days leading up to March the 6th, a lot of computers were checked for viruses. After March 6th, there were a lot of discredited experts around.

The reaction to the Michelangelo hype did a lot of damage to the credibility of people advocating sensible antivirus strategies, and outweighed any possible benefits from the gains in awareness.

In August 1992, we saw the first serious virus authoring packages. First the VCL (Virus Creation Laboratory) from Nowhere Man, and then Dark Angel's Phalcon/Skism Mass-Produced Code Generator. These packages made it possible for anyone who could use a computer, to write a virus. Within twelve months, dozens of viruses had been created using these tools.

Towards the end of 1992, a new virus writing group called ARCV (Association of Really Cruel Viruses) had appeared in England - within a couple of months, the Computer Crime Unit of New Scotland Yard had tracked them down and arrested them. ARCV flourished for about three months, during which they wrote a few dozen viruses and attracted a few members.

Another happening of 1992, was the appearance of people selling (or trying to sell) virus collections. To be more precise, these were collections of files, some of which were viruses, and many of which were assorted harmless files. In America, John Buchanan offered his collection of a few thousand files for $100 per copy, and in Europe, The Virus Clinic offered various options from #25. The Virus Clinic was raided by the Computer Crime Unit; John Buchanan is [?] still offering viruses for sale.

Towards the end of 1992, the US Government was offering viruses to people who called the relevant BBS.

Read More......

History Of Computer Virus - Part 5

This Article was takken from http://www.cknow.com

Dr. Solomon: 1991 - Product Launches and Polymorphism

In 1991, the virus problem was sufficiently interesting to attract the large marketing companies. Symantec launched Norton Anti-Virus in December 1990, and Central Point launched CPAV in April 1991. This was soon followed by Xtree, Fifth Generation and a couple of others. Most of these companies were rebadging other company's programs (nearly all Israeli). The other big problem of 1991 was "glut." In December 1990, there were about 200-300 viruses; by December 1991 there were 1,000 (there may have been even more written that year, because by February, we were counting 1,300).

Glut means lots of viruses, and this causes a number of unpleasant problems. In every program, there must be various limitations. In particular, a scanner has to store search strings in memory, and under DOS, there is only 640KB to use (and DOS, the network shell and the program's user interface might take half of that).

Another Glut problem, is that some scanners slow down in proportion to the number of viruses scanned for. Not many scanners work this way, but it certainly poses a problem for those that do.

A third Glut problem, comes with the analysis of viruses; this is necessary if you want to detect the virus reliably, to repair it, and if you want to know what it does. If it takes one researcher one day to disassemble one virus, then he can only do 250 per year. If it takes one hour, that figure becomes 2,000 per year, but whatever the figure, more viruses means more work.

Glut also means a lot of viruses that are similar to each other. This then can lead to mis-identification, and therefore a wrong repair. Very few scanners attempt a complete virus identification, so this confusion about exactly which virus is being found, is very common.

Most of these viruses came from Eastern Europe and Russia; the Russian virus production was in full swing. But another major source of new viruses was the virus exchange BBSes.

Bulgaria pioneered the VX BBS, but a number of other countries quickly followed. Some shut down not long after they started up, but the Milan "Italian Virus Research Laboratory" was where a virus author called Cracker Jack uploaded his viruses (which were plagiarised versions of the Bulgarian viruses). Germany had Gonorrhea, Sweden had Demoralised Youth, America had Hellpit, UK had Dead On Arrival and Semaj. Some of these have now either closed down or gone underground, but they certainly contributed to the glut problem. With a VX BBS, all a virus author has to do, is download some source code, make a few simple changes, then upload a new virus, which gives him access to all the other viruses on the board.

1991 was also the year that polymorphic viruses first made a major impact on users. Washburn had written 1260 and the V2 series long before, but because these were based on Vienna, they weren't infectious enough to spread. But in April of 1991, Tequila burst upon the world like a comet. It was written in Switzerland, and was not intended to spread. But it was stolen from the author by a friend, who planted it on his father's master disks. Father was a shareware vendor, and soon Tequila was very widespread.

Tequila used full stealth when it installed itself on the partition sector, and in files it used partial stealth, and was fully polymorphic. A full polymorphic virus is one for which no search string can be written down, even if you allow the use of wild cards. Tequila was the first polymorphic virus that was widespread. By May, the first few scanners were detecting it, but it was not until September that all the major scanners could detect it reliably. If you don't detect it reliably, then you miss, say, 1% of infected files. The virus starts another outbreak from these overlooked instances, and has to be put down again, but now there is that old 1%, plus another 1% of files that are infected but not detected. This can continue for as long as the user has patience, until eventually the hard disk contains nothing but files that the scanner cannot detect. The user, thinks that after the virus coming back a number of times, it gradually infected fewer and fewer files, until now he has gotten rid of it completely.

In September 1991, Maltese Amoeba spread through Europe - another polymorphic virus. By the end of the year, there were a few dozen polymorphic viruses. Each of these is classified as "difficult," meaning it takes a virus researcher more than a few hours to do everything that needs to be done. Also, most products need some form of hard coding in order to detect the virus, which means program development, which means bugs, debugging, beta testing and quality control. Furthermore, although a normal virus won't slow down most scanners, a polymorphic virus might.

It was also in 1991, that Dark Avenger announced the first virus vapourware. He threatened a virus that had 4,000,000,000 different forms. In January 1992, this virus appeared, but it wasn't a virus

Read More......

History Of Computer Virus - Part 4

This Article was takken from http://www.cknow.com

Dr. Solomon: 1990 - The Game Gets More Complex

By 1990, it was no longer a matter of running a couple of dozen search strings down each file. Mark Washburn had taken the Vienna virus, and created the first polymorphic virus from it. We didn't use that word at first, but the idea of his viruses (1260, V2P1, V2P2 and V2P6) was that the whole virus would be variably encrypted, and there would be a decryptor at the start of the virus. But the decryptor could take a very wide number of forms, and in the first few viruses, the longest possible search string was just two bytes long (V2P6 got this down to one byte). To detect this virus, it was necessary to write an algorithm that would apply logical tests to the file, and decide whether the bytes it was looking at were one of the possible decryptors.

One consequence of this, was that some vendors couldn't do this. It isn't easy to write such an algorithm, and many vendors were, by this time, relying on search strings extracted by someone else. The three main sources of search strings were a newsletter called Virus Bulletin, the IBM scanner, and reverse engineering a competitor's product. But you can't detect a polymorphic virus this way (indeed, two years after these viruses were published, many products are [were] still incapable of detecting these viruses). Washburn also published his source code, which is now widely available. At the time, we thought that this would bring out a number of imitators; in practice, no-one seems to be using Washburn's code. However, plenty of virus authors are using his idea.

Another consequence of polymorphic viruses, was an increase in the false alarm rate. If you write code to detect something that has as many possibilities as V2P6, then there is a chance that you will flag an innocent file, and that chance is much greater than with the sort of virus that you can find with a 24-byte scan string. A false alarm can be as much hassle to the user as a real virus, as he will put all his anti-virus procedures into action.

Also, in 1990, we saw a number of virus coming out of Bulgaria, especially from someone who called himself "Dark Avenger." The Dark Avenger viruses introduced two new ideas. The first idea was the "Fast infector"; with these viruses, if the virus is in memory, then simply opening a file for reading, triggers the virus infection. The entire hard disk is very soon infected. The second idea in this virus, was that of subtle damage. Dark Avenger-1800 occasionally overwrites a sector on the hard disk. If this isn't noticed for a period of time, the corrupted files are backed up, and when the backup is restored, the data is still no good. Dark Avenger targets backups, not just data. Other viruses came from the same source, such as the Number-of-the-Beast (stealth in a file virus) and Nomenklatura (with an even nastier payload than Dark Avenger).

Also, Dark Avenger was more creative about distributing his viruses. He would upload them to BBSes, infecting shareware anti-virus programs, together with a documentation file that gave reassurance to anyone who checked the file size and checksums. He uploaded his source code also, so that people could learn how to write viruses.

In 1990, another event happened in Bulgaria - the first virus exchange BBS. The idea was that if you uploaded a virus, you could download a virus, and if you uploaded a new virus, you were given full access. This, of course, encourages the creation of new viruses, and gets viruses into wider circulation. Also, the VX BBS offered source code, which makes the technology of writing a virus more widely available.

In the second half of 1990, the Whale appeared. Whale was a very large, and very complex virus. It didn't do very much; mostly, it crashed the computer when you tried to run it. But it was an exercise in complexity and obfuscation, and it arrived in virus author's hands like a crossword puzzle to be solved. Some virus researchers wasted weeks unraveling Whale, although in practice you could detect it with a couple of dozen search strings, and you didn't really need to do any more, as the thing was too clumsy to work anyway. But because it was so large and complex, it achieved fame.

At the end of 1990, the anti-virus people saw that they had to get more organised; they had to be at least as organised as the virus authors. So EICAR (European Institute for Computer Antivirus Research) was born in Hamburg, in December 1990. This gave a very useful forum for the anti-virus researchers and vendors to meet and exchange ideas (and specimens), and to encourage the authorities to try to prosecute virus authors more vigorously. At the time that EICAR was founded, there were about 150 viruses, and the Bulgarian "Virus factory" was in full swing.

Read More......