Businessweek Archives

My PC Has Been Hijacked 2.0


? New on Flickr: Camera-Tossing |

Main

| Finally, Better Blog Search? ?

October 14, 2005

My PC Has Been Hijacked 2.0

Steve Hamm

One year ago, my home computer was hijacked by a rogue program called Home Search. It replaced the opening page on my Internet Explorer browser, planted pieces of hard-to-remove code all over the hard disk, and, ultimately, I suspect, disabled my PC so it would barely work. Thanks to 16 hours of help from a Microsoft support technician and lot of free anti-spyware programs, my computer was freed. Now, I have the sneaking suspicion that it's happening again. Though I now use the Mozilla Firefox browser, and nothing has afflicted it that I can make out, two days ago, when I shut the computer down, eight mystery files loaded themselves on to the hard disk. I ran McAfee Virus Scan, and didn't come up with much--but that didn't give me peace of mind. I'm hoping that a free anti-spyware product called SpyCatcher Express, from Tenebril Inc., which I learned about this morning, will save my PC's butt. Either way, this incident is scary reminder of just how vulnerable our machines, and lives, are to evil computer programs.

As if viruses, Trojans, and worms weren't bad enough, the Black Hat hackers have cooked up a whole new generation of malware called evasive--or mutating--threats. These programs prey on the shortcomings of anti-malware software itself. About 20% of the malware that's detected these days is of this type, and it's growing fast. The reason: The stuff is placed on PCs by criminals or advertisers who have strong incentives to come up with clever ways of keeping their software on your hard disk.

Home Search, the little devil that attached itself to my PC last year, is one of the more common pieces of evasive malware. And it's just one of 44 variants of a program called Cool Web Search. The software creates a Yahoo-like directory on your browser, and its makers sell click-throughs to the e-commerce and marketing outfits listed on the directory. Another troublesome program is a Trojan called Bankash-A, which is designed to take advantage of shortcomings in Microsoft's anti-spyware software. The Tenebril people gave me the names of others, but they have Web sites and pose as legit businesses, so I won't name them for fear of being sued. One of them actually poses as an anti-spyware program.

Most anti-virus and anti-spyware programs are designed to scan your PC and look for programs with names or operational profiles that are known to be malware. The problem is, this pesky new type of malware is good at evading that kind of defense. The programs change their names. They set up automatic update procedures so if they're detected and removed, new versions can be downloaded later. Some of them have a handful of evasive techniques and monitor them to make sure they're still working. If not, they repair themselves.

I haven't tried the Tenebril software yet, but it seems to be based on smart ideas. The company sells commercial versions for enterprises and consumers, but just came out with a free version and with some new features. It has a spyware profiling engine that studies unknown files that are on your computer, or which are trying to come onto your computer, and grades them as more or less theatening--giving you a chance to kick them our or refuse entry. It also has a new feature called "deep defense" that watches for suspicious behavior by programs and stops them from activating.

In the malware world, it's a constant battle between the White Hats and the Black Hats. The Black Hats seem to be winning this round. But, hopefully the tide will be turning soon.

09:18 AM

malware

TrackBack URL for this entry:

http://blogs.businessweek.com/mt/mt-tb.cgi/

Don't use Microsoft then.

http://www.ubuntulinux.org/

http://www.mepis.org/

http://www.debian.org/

http://distrowatch.com/

Pick, try, choose, enjoy :-)

Posted by: JPB at October 16, 2005 04:52 PM

And if you are afraid of ubuntu, here's a small company that you may be aware of that offers safe refuge:

http://www.apple.com

Posted by: rajesh at October 16, 2005 05:31 PM

Linux and unix do not have these problems.

Sometimes you get what you do not pay for.

Posted by: Midi-man at October 18, 2005 09:37 AM

typical linux response. make linux easier to use and your argument is valid.

Posted by: twinswoody at October 18, 2005 03:02 PM

Steve, it's now middle of Dec 2005, have you updated your opion of SpyCatcher Express 2006 4.0.4 ?

Tks in advance

reader- iFlicker@Hotmail.com!

Posted by: I at December 10, 2005 11:57 AM

Steve, it's now middle of Dec 2005, have you updated your opion of SpyCatcher Express 2006 4.0.4 ?

Tks in advance

reader- iFlicker@Hotmail.com!

Posted by: I Flicker at December 10, 2005 11:57 AM

I would like to see more discussion about the most evil malware out there - Trojan Spyware; downloaded not by anonymous commerce sites, but but by exspouses or business competitors.

I've seen many ads on the net advertising very affordable software that allows a person to spy on and control someone's computer. The spy/hacker can turn on a remote webcam without the victim knowing he's being watched. I think we're missing the point when all the warnings seem to be cautions regarding unknown e-mail, or free downloads off the internet. This kind of Spyware comes through e-mails from your kids or a business contact you trust. Scary stuff!! basically it's Cyberstalking. Any opinions or imput out there?

Posted by: christine at March 5, 2006 11:23 AM

I have just started using Mepis, and it works great!

Better than windows and with all the software you need, all 100% free! And no worries about security!

Posted by: Magnus at November 29, 2006 08:04 PM


Cash Is for Losers
LIMITED-TIME OFFER SUBSCRIBE NOW
 
blog comments powered by Disqus