Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • WinDeals
  • E-Books
  • Lounge
  • Polls
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Has your PC become a spammer's botnet zombie?

Windows Secrets Newsletter • Issue 181 • 2009-01-15 • Circulation: over 400,000

Table of contents 
  • Top Story: Has your PC become a spammer’s botnet zombie?
  • Known Issues: Downgrading Vista to XP is possible … maybe
  • Wacky Web Week: I’d eat an apple a day to keep this doctor away!
  • LangaList Plus: Determine your PC’s true memory ceiling
  • Best Software: Prevent your system from becoming infected
  • Windows Secrets: Google search results lead to browser hijackers
  • Patch Watch: Critical patch for Windows file-sharing bug
 
Top Story

Has your PC become a spammer’s botnet zombie?

Scott Dunn 2 Has your PC become a spammers botnet zombie? By Scott Dunn

Worldwide spam traffic dramatically dropped after a major spam server was temporarily shut down last fall, raising public awareness of botnets: networks of PCs that have been turned into spam-spewing robots.

Most antivirus applications are ill-equipped to stop this kind of malware, but you can reduce the risk of having your PC become zombified.

Last November, a provider of Internet connectivity named Hurricane Electric pulled the plug on hosting company McColo. Immediately, the worldwide volume of spam dropped a whopping 65%, according to some estimates.

As explained by Brian Krebs in an article at WashingtonPost.com, Hurricane — one of the two companies McColo depended on for its Internet connection — took the action after the newspaper informed the provider of McColo’s role in hosting all sorts of Internet bad guys.

According to Krebs, McColo’s clients included “international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products, and child pornography via e-mail.”

The spam reduction held for a couple of weeks before rebounding, according to a Nov. 26 story at InfoWorld.com.

McColo’s servers didn’t send out the spam themselves. Instead, they provided the command and control for a vast network of PCs infected with malware. A collection of hacked PCs that have been turned into automated spamming machines is known as a robot network or “botnet.” Security professionals name these botnets after the malware that runs them, which include Asprox, Rustock, Cutwail, and Srizbil.

The malware creators rent their botnets to spammers, who in turn use the control servers to coordinate the transmission of huge amounts of junk mail, as explained in another Washington Post story.

Your computer could be a spam zombie and you might never know it. And if you think your security software is keeping your computer safe from botnet slavery, you’d better think again.

A recent study by security firm FireEye revealed that antivirus products detect bots less than half the time. The study tested AV programs using Virus Total’s free malware-scan service; consult that site for a list of the AV products tested.

Your four-step spambot-safety program

What can you do to prevent becoming a botnet victim? Although there are no perfect solutions, the following actions will help prevent your system from being compromised. (My thanks to the security blog written by Wiz Feinberg for many of the tips.)

Step 1: Keep your security products up-to-date. Although the FireEye study found little protection against bots from antivirus products, the study’s author, FireEye chief scientist Stuart Staniford, did note that “AV works better and better on old stuff — by the time something has been out for a couple of months, and is still in use, it’s likely that 70% to 80% of products will detect it.”

Update your antivirus program regularly with the latest patches and virus definitions; even if the app doesn’t catch the latest bot, your AV protection will reduce your risk of catching older malware still circulating around the Internet.

Step 2: Use a software firewall. By carefully monitoring your Internet connection, you’ll reduce your risk of infection by botnet malware. By default, the firewalls built into Windows XP and Vista monitor only incoming connections. The firewalls can be configured to monitor outbound traffic, but doing so is technical and problematic for most users. The differences between the firewalls in XP and Vista are described in this Microsoft TechNet article.

Many free, third-party software firewalls are bidirectional. Third-party firewalls sometimes require updates after you install Patch Tuesday fixes from Microsoft, but the added functionality of these firewalls can make this inconvenience worth living with. WS senior editor Ian “Gizmo” Richards describes the best products in his July 31, 2008, column.

Step 3: Get a free diagnosis. Some security products are intended specifically to combat the botnet plague. For example, RUBotted is a free utility from Trend Micro that sits quietly in your system tray and monitors suspicious activity (more info). If the program spots an infection, it alerts you to take action. The program is currently a beta, but it worked fine for me.

According to a post by security blogger Feinberg, RUBotted encourages you to scan your system with Trend Micro’s free HouseCall online virus-scanning service, which detects and removes many malware infections. Note that on my system, RUBotted uses 8MB of RAM.

W20090115 RUBotted Has your PC become a spammers botnet zombie?
Figure 1. Scan your system with Trend Micro’s RUBotted to ensure that your PC is bot-free.

Full disclosure: Feinberg’s blog is sponsored in part by RUBotted’s manufacturer, Trend Micro. But I don’t consider this to be an argument against using RUBotted.

Step 4: Try Norton AntiBot. Another bot-specific security product is Symantec’s Norton AntiBot (more info). This $30 program claims to monitor, detect, and remove bots before they can cause harm. Norton AntiBot uses behavioral analysis rather than definitions for specific bots and received an Editor’s Choice award from PC Magazine in 2007.

Security sites such as Marshal continue to report spam-bot activity. The buggers are delivering junk mail, malware, and other odious data to millions of victims. By using the above bot-prevention tools and techniques, you’ll reduce the chances that your machine’s a spammer’s helper.

Scott Dunn is a contributing editor of the Windows Secrets Newsletter. He has been a contributor to PC World since 1992 and currently writes for the Here’s How section of that magazine.
 
Known Issues

Downgrading Vista to XP is possible … maybe

Dennis OReilly 1 Downgrading Vista to XP is possible ... maybe By Dennis O’Reilly

Reverting a Vista PC to XP requires an installation CD for each OS and can be done only on OEM editions of Vista Business and Ultimate.

Users of Vista Home Basic and Home Premium — and anyone who used a retail version of Vista to upgrade an XP machine — must buy a copy of XP to make the switch.

Last week’s Top Story on Microsoft’s decision to extend yet again the deadline for buying a PC with Windows XP installed caused many readers to wonder whether they could dump their copy of Vista in favor of its predecessor. Reader Jim Harvey put it this way:
  • “We have Vista Home Edition installed on a newly refurbished Gateway computer purchased for my wife for Christmas. However, trying to cope with all the operational changes in Vista has proven to be too frustrating for her.

    “We would like to downgrade the new computer back to the old XP license we have on our replaced computer, but we don’t know how to do so. Is there a legitimate way to install our old licensed version of XP , still on the replaced computer, onto our new Gateway and get rid of Vista?”
Unfortunately, the only way you can revert a machine running Vista Home Basic or Home Premium is to buy a copy of XP and install it over the Vista configuration. However, anyone who bought a PC with an OEM edition of Vista Business or Vista Ultimate can downgrade to XP Pro.

Even if you installed a retail version of Vista on an XP machine, you have to purchase a new copy of XP to revert to that OS. Fortunately, OEM versions of XP Home and Pro cost as little as $90 and $120, respectively, online. (Note that OEM releases can be installed on only one system and come with zero support from the vendor.)

Computerworld’s Gregg Keizer describes the XP-downgrade limitations and offers step-by-step instructions for making the Vista-to-XP switch in this FAQ.

Other places to look for missing disk space

Fred Langa’s Jan. 8, 2009, column (paid content) described several ways to recover hard-disk space. Reader Kevin Kleinhomer wrote in to remind us of a couple of other tools that might help track down the missing bytes.
  • “In his most recent article, Fred talks about a reader with missing space, but I think he missed a very important tip for the reader: Chkdsk. It could be a corrupted file system that is the root cause of the missing disk space. I have seen this many, many times.

    “A less likely possibility would be a rootkit. Booting off one of the many recently reported-on [rootkit-revealing] tools would hopefully turn this up.”
Running Windows’ built-in disk-checking utility couldn’t be easier: click Start, Run (in XP) or just Start (in Vista), type cmd, and press Enter. At the command prompt, type the following:

chkdsk x: /r

The x represents the letter of the drive you want to check, and the /r switch instructs the utility to repair errors, find bad sectors, and recover whatever data it’s able to.

Microsoft’s Help and Support site provides complete instructions for using the Chkdsk utility in article 315265 (the article specifies XP, but the information applies to Vista as well).

Scott Spanbauer reviews several free tools for detecting and removing rootkits in his May 22, 2008, Best Software column (paid content).

Go to the source for a copy of Ubuntu on disc

The rap on Linux — at least among Windows users — has long been that the alternative OS is too difficult to install and use. Scott Spanbauer’s Jan. 8, 2009, Best Software column (paid content) described the free Wubi installer utility for the Ubuntu distribution of Linux. Reader Howard Harner points out that you can also get a free copy of Ubuntu on disc, if you’re patient.
  • “I’m glad to see your discussion of Ubuntu, since I have been using it as an alternative to uSoft [Microsoft Windows] for years. For older computers, cruising the Web, and copying CDs, it’s great.

    “You didn’t mention that one can get a free disk from Ubuntu that contains two versions of the OS — a full-install copy and a version that will run on top of Windows — by going to their Web site and filling out the short application form. It usually takes less than two weeks to receive it.”
In fact, many Windows users choose to run Ubuntu off the CD rather than to create a hard-drive partition for the OS. Of course, you can burn your own Ubuntu CD. You’ll find the download and instructions for creating your disc on the Ubuntu Community Documentation page.

Readers Jim, Kevin, and Howard will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.
 
Wacky Web Week

I’d eat an apple a day to keep this doctor away!

Id eat an apple a day to keep this doctor away! By Katy Abby

It seems like every time you turn on the TV, there’s an eye-catching new pharmaceutical commercial airing. Each new pill is packaged more beautifully than the last, and drug makers’ lofty claims promise an enticing array of health improvements — as long as you ignore the dubious side effects.

Still, the advertisements often skirt the big issues — what exactly are these new miracle pills for? Where do you turn for more information? Watch what happens when one man decides to seek some answers and ends up with more information than he bargained for! Play the video
 
LangaList Plus

Determine your PC’s true memory ceiling

Fred Langa 1 Determine your PCs true memory ceiling By Fred Langa

Buying RAM for Windows is like buying shoes for kids: what’s a fine fit one day is soon too small.

How much is too much RAM, and how high can your system memory go?


A gigabyte ain’t as much as it used to be

When Terry Maier bought a new laptop just two years ago, a full gigabyte of RAM seemed ample. But apps and OSes always want more. Now RAM prices are dropping fast, and Terry’s thinking about adding more. How much can he add to his system and still have it do any good?
  • “I have an HP DV8225NR laptop computer that is about two years old. I cannot read the larger-capacity memory cards — 4GB and higher. Do you know if there’s an update or upgrade that can be downloaded to allow the computer to read these cards?”
The short, incomplete answer is no, Terry, there’s no such update. The complete answer takes a bit longer but will help you understand what’s going on — not only for your current system, but for any future system you may own. Here’s the full story behind how much RAM a given system can handle.

First, there’s hardware. Each system has a fundamental physical limit on the amount of memory it can accommodate. Most PCs and laptops sold today have a 32-bit internal architecture.

That means that the computer can generate distinct, internal memory addresses that start at zero and go up to a binary number (ones and zeros) that’s 32 digits long. Mathematically, that’s 2 to the 32nd power — or about 4.2 billion memory addresses to play with. This translates to about 4GB.

The 32-bit limit is fundamental and real: a 32-bit PC cannot generate an internal 33-bit address, so once all 4.2 billion addresses are in use, you’re done. About 4GB is all you get for RAM in a 32-bit PC, period.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Best Software

Prevent your system from becoming infected

Ian Gizmo Richards 1 Prevent your system from becoming infected By Ian “Gizmo” Richards

What will be the major security risks in 2009? More importantly, what can you do to protect your PC against these risks?

Be forewarned: the answers are not quite what you expect.

There’s more in that download than meets the eye

Most PC users have a distorted view of the nature of the security risks they face. Conventional wisdom holds that the three biggest threats come from (1) criminals exploiting flaws in Windows and other software products; (2) e-mail-borne viruses; and, more recently, (3) visits to malicious Web sites.

These threats, though real, are relatively minor players: each accounts for only a few percent of home PC infections. No, folks — the biggest threat doesn’t come from any of these exotic sources but from something much more common and pedestrian: downloading infected programs.

The people who make their living cleaning up infected PCs have known this for years. When they ask users when their problem started, the answer is all too commonly “after I downloaded and installed a new program.”

Tech-support personnel in corporations will tell you the same thing, and they’ll often single out senior managers as particularly susceptible to malware-bearing downloads.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Windows Secrets

Google search results lead to browser hijackers

Mark Edwards 1 Google search results lead to browser hijackers By Mark Joseph Edwards

A piece of malware in circulation since last September redirects links in search results to hacker sites.

Reports of infection are widespread, but fortunately, you can remove this persistent threat relatively easily.

Search links redirected to malware downloads

For at least the past four months, an Internet attack has been under way that transforms the links in search results into browser hijackers. Known as the go.google, go.yahoo, or go.msn virus, it infects systems to redirect certain Google, Yahoo, and MSN search-results pages to hacker-operated sites.

Even worse, the virus takes several steps to prevent you from removing it. The infection blocks access to certain antivirus sites and shuts down many antivirus tools. The go.google virus in particular appears to be widespread: a quick search of Google for go.google virus turns up no fewer than 4 million pages where people discuss this nasty critter!

Getting this bugger off your computer is a two-step process. First, scan your system with a malware-removal tool. If you’re unable to open and download updates for your regular antivirus and anti-malware software, use a noninfected computer to download to a flash drive a program such as the free Malwarebytes Anti-Malware (more info) and SuperAntiSpyware (more info). Finally, plug the flash drive into the infected computer and run the antivirus program from that device.

Note that even if you are able to download a malware-removal tool on the virus-laden PC, the virus may prevent you from running it. To get around that problem, rename the anti-malware tool’s executable file. For example, change SuperAntiSpyware.exe to mytool.exe. Now you should be able to launch the app.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Patch Watch

Critical patch for Windows file-sharing bug

Susan Bradley 1 Critical patch for Windows file sharing bug By Susan Bradley

The lone patch for January addresses three vulnerabilities that some experts claim will be the next big worm event.

While the threat to Windows users may not be quite so dire, be sure to reboot after you install this patch, even though Windows Update may not prompt you to do so.

MS09-001 (958687)
Bolster firewalls to block remote-code attacks

We kick off the new year with only one security patch, but MS09-001 (958687) plugs three holes in the Microsoft Server Message Block (SMB) file-sharing protocol that pose a significant threat, many security analysts claim.

Microsoft labels the update critical for Windows 2000, XP, and Server 2003 and moderate for Windows Vista and Server 2008. In Microsoft’s Security Vulnerability Research & Defense blog, Mark Wodrich recommends updating domain controllers and SMB servers first, since these systems are more vulnerable to a denial-of-service (DoS) attack. He claims the risk is lower for “non-critical workstations.”

As stated by Gregg Keizer in a Computerworld article, security experts such as Eric Schultze from patch vendor Shavlik warn that this will be the next big worm event. I don’t agree, nor do I concur with Microsoft’s assessment that the patch must be deployed immediately to all domain controllers and servers.

I’m not saying that you shouldn’t install the update on Windows PCs as soon as you can, nor do I suggest that you delay deploying it to servers. As I see it, the most probable result of this vulnerability is a DoS attack on your servers. A DoS attack can crash a server and cause other harm, but the threat of someone stealing information from the server is a much-higher risk for me.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.56
  • LizaMoon infection: a blow-by-blow account 4.46
  • RPV: Win7′s least-known data-protection system 4.35
  • Recovery: the last step in total data security 4.31
  • The sorry tale of the (un)Secure Sockets Layer 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Get wired performance from your Wi-Fi network 4.24
  • Caution: Bumps in the road to IPv6 4.23
  • Patch Watch adds problem-patch update chart 4.23
  • ZeuS Trojan reinvents itself as bots rock on 4.22
  • Pros and cons of a ‘keyfile’ password 4.21
  • April brings showers of browser patches 4.20
  • Readers comment on the LizaMoon infection story 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • The advanced system-recover toolkit 4.18
  • One year and 99 security bulletins later 4.18
  • Don’t pay for software you don’t need — Part 3 4.17
  • What to do when Windows refuses to boot 4.17
  • Make the most of Windows 7′s Libraries 4.16
  • Keeping you up to date: say no to .NET — again 4.16
  • Internet Explorer gets another round of patches 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Big-time Wi-Fi security for the small office 4.14
  • Office File Validation patch leads to problems 4.14
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb