Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies.

Adware is a form of hijacking your screen and substituting ads in place of the legitimate ads (those intended by the webmaster to be displayed).  This can cause extra pop-up windows containing offensive material that was not generated by the actual website.  They also report back to someone your surfing habits so that they can be sold to others as marketing info.

For a list of common threats, check out SpyBot’s master list found on their website

In addition to the Spyware and Adware software, you have probably seen SPAM for software that you can intentionally install on your computer to monitor usage by other users.  Normally this is advertised in the SPAM as “Spy on your Spouse”, “Watch your Employees” or other such phrases.  This software basically tracks what the users do on the computer, where they visit on the web, what programs they are running, etc.  I guess there is a legitimate reason for this software to exist, other than for business training purposes on a new employee, but I wouldn’t want to install it on my computer due to the added overhead on the operating system, if for no other reason.

The good news is that you can download free removal tools from AdAware and Spybot.   You need the latest versions to be effective against Xupiter.  Both programs are free for private use.  One note, I found the download sites for SpyBot to sometimes be down.  Hitting “Shift key” while pressing “reload” on your browser will generate a new list of download sites while you are on their download page.  You have the option of making a donation via PayPal, but you don’t have to if you don’t want to.  One direct download link for SpyBot was HERE at the time of this article being written.

Rise of the Spam Zombies
Pressed by increasingly effective anti-spam efforts, senders of unsolicited commercial e-mail are resorting to outright criminality in their efforts to conceal the source of their ill-sent missives, using Trojan horses to turn the computers of innocent users into secret spam zombies.

One of those programs popped up in April named "Proxy-Guzu".  When executed by an unwitting user the Trojan program listens on a randomly-chosen port and uses its own built-in mail client to dash off a message to a Hotmail account, putting the port number and victim's IP address in the subject line. The spammer takes it from there, routing as much e-mail as he or she likes through the captured computer, knowing that any efforts to trace the source of the spam will end at the victim's Internet address.  Trojan horses generally rely on their wielder's ability to trick innocent people into executing them. Proxy-Guzu, naturally, arrives as SPAM — in one sighting the program was offered as a naughty peek at an online webcam.

According to an article written by Mary Landesman there is a new threat that will rival the Klez virus. Discovered on May 08, 2003, Fizzer (a.k.a. W32/Fizzer@MM, W32/Fizzer.A, and Worm/Fizzu.A worm) spreads via e-mail and the KaZaA P2P network. According to antivirus vendor F-Secure, Fizzer contains a built-in IRC backdoor, a DoS (Denial of Service) attack tool, a data stealing trojan, an HTTP server and autoupdating capabilities. The worm also has the ability to disable certain antivirus programs. "This is one of the more complicated worms we've seen", comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. "The worm is 200kB of code spaghetti, containing backdoors, code droppers, attack agents, key loggers and even a small web server!"

Fizzer culls addresses from both the Windows and Outlook Address Book and also uses random Yahoo and Hotmail addresses.

The Fizzer worm kills processes which have NAV, SCAN, AVP, TASKM, VIRUS, F-PROT, VSHW, ANTIV, VSS, or NMAIN in their name. This action disables certain antivirus tasks or programs. Affected products include the popular Norton Antivirus and McAfee VirusScan software.

Fizzer targets the KaZaA P2P (peer to peer) network, copying itself to the KaZaA shared folder under a variety of filenames. KaZaA participants who download from the shared folder on an infected machine risk receiving the infected files.  Fizzer installs a key-logging Trojan that records keystrokes to a log file which can then be retrieved through a backdoor utility also installed by Fizzer. The backdoor is accessible via IRC channels, HTTP, and Telenet. Fizzer auomatically updates itself, thus additional functionality may be added or changes made which can affect the working of the worm.

Protection from this type of program and most Trojans can be accomplished by using a personal firewall software program such as free version of Zone Alarm or the paid version of Zone Alarm, Norton Security, McAfee, etc. But that’s a topic for another month’s column all by itself.

Virus Alert…
If you think you have been infected by a virus, one of the signs is the inability of your anti-virus program to operate. Another is the inability to install a new or upgraded version of your anti-virus software. When this happens, use one of the many free on-line scanners to clean your system, or download the removal tools from Symantec into a temp directory on your hard drive. Many times you have to be running in “SAFE Mode” before you can remove viruses which have loaded themselves into system memory

This is particularly true for the Klez virus.

If you haven’t updated your anti-virus program since last month’s article, you are at risk of catching some of the newer viruses that have been released this month. I update my systems weekly and recommend that you do it as well.