Max Secure Spyware Detector can detect and remove the following types of spyware successfully:
Adware : Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear to be associated with the product.
Annoyance : Any trojan that does not cause damage other than to annoy a user, such as by turning the text on the screen upside down, or making mouse motions erratic.
ANSI Bomb : Character sequences that reprogram specific keys on the keyboard. If ANSI.SYS is loaded, some bombs will display colorful messages, or have interesting (but unwanted) graphical effects.
AOL Pest:: Any password stealer, exploit, DoS attack, or ICQ hack aimed at users of AOL. ICQ is an instant messenger service from mirabilis.com, now AOL. ICQ is a favorite service among hackers, and ICQ features are built into many trojans (such as stealing user’s passwords, UINs, or notifying the hacker). Users of ICQ are warned “”By using the ICQ service and software… you may be subject to various risks, including… Spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, ‘imposturing’, electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be considered unlawful.”
AV Killer : Any hacker tool intended to disable a user’s anti-virus software to help elude detection. Some will also disable personal firewalls.
Backdoor :A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a “backdoor” is designed to exploit a vulnerability in a system, and open it to future access by an attacker.
Binder : A tool that combines two or more files into a single file, usually for the purpose of hiding one of them. A binder compiles the list of files that you select into one host file, which you can rename. A host file is a simple custom compiled program that will decompress and launch the source programs. When you start the host, the embedded files in it are automatically decompressed and launched. When a trojan is bound with Notepad, for instance, the result will appear to be Notepad, and appear to run like Notepad, but the Trojan will also be run.
Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE’s memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it “a spy we send to infiltrate the browser’s land.” BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.
Commercial RAT : Any commercial product that is normally used for remote administration, but which might be exploited to do this without user consent or awareness.
Cracking Misc : Any document and/or tool that provides guidance on how to remove copy protection.
Cracking Tool : Any software designed to modify other software for the purpose of removing usage restrictions. An example is a ‘patcher’ or ‘patch generator’, that will replace bytes at specified locations in a file, rendering it a licensed version. A music file ripper is a program that enables the user to digitally copy songs from a CD into many different formats such as MP3, WAV, or AIFC.
DDoS : A Distributed Denial of Service (DDoS) attack is one that pits many machines against a single victim. An example is the attacks of February 2000 against some of the biggest websites. Even though these websites have a theoretical bandwidth of a gigabit/second, distributing many agents throughout the Internet flooding them with traffic can bring them down. The Internet is defenseless against these attacks. The best defense is for users everywhere to run PestPatrol, and remove DDoS clients when they are found, so that their machines are not used as attack tools. Another approach is for ISPs to do “”egress filtering””: prevent packets from going outbound that do not originate from IP addresses assigned to the ISP. This cuts down on the problem of spoofed IP addresses.
Dialer : Software that dials a phone number. Some dialers connect to local Internet Service Providers and are beneficial as configured. Others connect to toll numbers without user awareness or permission.
DoS : An exploit whose purpose is to deny somebody the use of the service: namely to crash or hang a program or the entire system. Examples of DoS attacks include flooding the victim with more traffic than can be handled; flooding a service (like IRC) with more events than it can handle bomb; crashing a TCP/IP stack by sending corrupt packets; crashing a service by interacting with it in an unexpected way; or hanging a system by causing it to go into an infinite loop. For example, the Ping of Death exploit crashed machines by sending illegally fragmented packets at a victim. A common word for DoS is “”nuke””, which was first popularized by the WinNuke program.
Downloader : A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.
Dropper : In viruses and trojans, the dropper is the part of the program that installs the hostile code onto the system.
Encryption Tool : Any software that can be used to scramble documents, software, or systems so that only those possessing a valid key are able to unscramble it. Encryption tools are used to secure information; sometimes unauthorized use of encryption tools in an organization is a cause for concern.
Error Hijacker : Any software that resets your browser’s settings to display a new error page when a requested URL is not found. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.
Exploit : A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service.
Firewall Killer : Any hacker tool intended to disable a user’s personal firewall. Some will also disable resident anti-virus software.
Flooder : A program that overloads a connection by any mechanism, such as fast pinging, causing a DoS attack.
FTP Server : When installed without user awareness, an FTP server allows an attacker to download any file in the user’s machine, to upload new files to that machine, and to replace any existing file with an uploaded file.
Hacking Tutorial : A Hacking Tutorial explains how to break into systems.
Hijacker: Any software that resets your browser’s settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.
Hoax : Not a pest, not a virus, not a worm, not a trojan. A hoax is a worrisome warning, usually transmitted by e-mail. Examples of hoaxes: ‘If you receive an e-mail that has a subject line of X, then … This is a very bad thing, and blah blah blah… Please pass this on to everyone in your address book.” Before following the instructions in the e-mail, do a simple internet search for the subject line, the file name, etc. to see if others regard this as a hoax. Hoaxes are not detected by PestPatrol. But some are included in our Pest Encyclopedia for your information.
Homepage Hijacker : Any software that changes your browser’s home page to some other site. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.
Hostile ActiveX : An ActiveX control is essentially a Windows program that can be distributed from a web page. These controls can do literally anything a Windows program can do. A Hostile ActiveX program does something that its user did not intend for it to do, such as erasing a hard drive, dropping a virus or trojan into your machine, or scanning your drive for tax records or documents. As with other Trojans, a Hostile ActiveX control will normally appear to have some other function than what it actually has.
Hostile Java : Browsers include a “”virtual machine”” that encapsulates the Java program and prevents it from accessing your local machine. The theory behind this is that a Java “”applet”” is really content — like graphics — rather than full application software. However, as of July, 2000, all known browsers have had bugs in their Java virtual machines that would allow hostile applets to “”break out”” of this “”sandbox”” and access other parts of the system. Most security experts browse with Java disabled on their computers, or encapsulate it with further sandboxes/virtual-machines.
Hostile Script : A script is a text file with a .VBS, .WSH, .JS, .HTA, .JSE, .VBE extension that is executed by Microsoft WScript or Microsoft Scripting Host Application, interpreting the instructions in the script and acting on them. A hostile script performs unwanted actions.
HTTP Server : When installed without user awareness, an HTTP server allows an attacker to use a web browser to view and thus retrieve information collected by other software placed in the user’s machine.
IRC War : Any tool that uses Internet Relay Chat for spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, ‘imposturing’, electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be considered unlawful.
Key Generator : Any tool designed to break software copy protection by extracting internally-stored keys, which can then be entered into the program to convince it that the user is an authorized purchaser.
Key Logger : (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).
Loader : Any program designed to load another program.
Mail Bomber : Software that will flood a victim’s inbox with hundreds or thousands of pieces of mail. Such mail generally does not correctly reveal its source.
Mailer : A program that creates and sends email with forged headers, so that the source of the mail it sends cannot be traced.
Misc Tool : Any tool that might be used in planning an attack on a system, developing tools for such an attack, or performing it.
Notifier : Any tool designed for stealth notification of an attacker that a victim has installed and run some pest. Such notification might be done by FTP, SMS, SMTP, or other method, and might contain a variety of information. Often used in combination with a Packer, a Binder and a Downloader.
Nuker : A program that disables a machine through damage to the registry, key files, the file system, etc.
P2P : Any peer-to-peer file swapping program, such as Audiogalaxy, Bearshare, Blubster, E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite, Limewire, Morpheus, Shareaza, WinMX and Xolox. In an organization, can degrade network performance and consume vast amounts of storage. May create security issues as outsiders are granted access to internal files. Often bundled with Adware or Spyware.
Packer : A utility which compresses a file, encrypting it in the process. It adds a header that automatically expands the file in memory, when it is executed, and then transfers control to that file. Some packers can unpack without starting the packed file. Packers are “”useful”” for trojan authors as they make their work undetectable by anti-virus products.
Password Capture : A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password.
Password Cracker : A tool to decrypt a password or password file. PestPatrol uses the term both for programs that take an algorithmic approach to cracking, as well as those that use brute force with a password cracking word list. Password crackers have legitimate uses by security administrators, who want to find weak passwords in order to change them and improve system security.
Password Cracking Word List : A list of words that a brute force password cracker can use to muscle its way into a system.
Phreaking Tool : Any executable that assists in hacking the phone system, such as by using a sound card to imitate various audible tones.
Port Scanner : In hacker reconnaissance, a port scan attempts to connect to all 65536 ports on a machine in order to see if anybody is listening on those ports. Ports scans are not illegal in many places, in part because they don’t actually compromise the system, in part because they can easily be spoofed, so it is hard to prove guilt, and in part because virtually any machine on the Internet can be induced to scan another machine. Many people think that port scanning is an overt hostile act and should be made illegal. An attacker will often sweep thousands (or millions) of machines rather than a single machine looking for any system that might be vulnerable. Port scans are always automated through tools called Port Scanners.
Probe Tool : A tool that explores another system, looking for vulnerabilities. While these can be used by security managers, wishing to shore up their security, the tools are as likely used by attackers to evaluate where to start an attack. An example is an NT Security Scanner.
Proxy : Any firewall that blocks and re-creates a connection between two points. As a defensive tool, a proxy in an organization hides a user from the outside world. As a pest, a proxy hides an attacker from a user. As a pest, a proxy is a tool that can be used to anonymize a connection between an attacker and your machine, making the connection more difficult to trace. The attacker interacts with the proxy; the proxy translates the interaction and interacts with your machine. As attack tools, SMTP and FTP proxies are often used in conjunction with Firewall Killers, Downloaders, RATs, and Trojans.
RAT : A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a “”client”” in the attacker’s machine, and a “”server”” in the victim’s machine. Examples include Back Orifice, NetBus, SubSeven, and Hack’a’tack. What happens when a server is installed in a victim’s machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker — who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.
Search Hijacker: Any software that resets your browser’s settings to point to other sites when you perform a search. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search results when such a hijacker is running will sometimes differ from non-hijacked results.
Sniffer : A wiretap that eavesdrops on computer networks. The attacker must be between the sender and the receiver in order to sniff traffic. This is easy in corporations using shared media. Sniffers are frequently used as part of automated programs to sift information off the wire, such as clear-text passwords, and sometimes password hashes (to be cracked).
SPAM Tool : Any software designed to extract email addresses from web sites and other sources, remove “”dangerous”” or “”illegal”” addresses, and/or efficiently send unsolicited (and perhaps untraceable) mail to these addresses.
Spoofer : To spoof is to forge your identity. Attackers use spoofers to forge their IP address (IP spoofing). The most common use of spoofing today is smurf and fraggle attacks. These attacks use spoofed packets against amplifiers in order to overload the victim’s connection. This is done by sending a single packet to a broadcast address with the victim as the source address. All the machines within the broadcast domain then respond back to the victim, overloading the victim’s Internet connection. Since smurfing accounts for more than half the traffic on some backbones, ISPs are starting to take spoofing seriously and have started implementing measures within their routers that verify valid source addresses before passing the packets.
Spyware: Any product that employs a user’s Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed.
Surveillance : Any software designed to use a webcam, microphone, screen capture, or other approaches to monitor and capture information. Some such software will transmit this captured information to a remote source.
Telnet Server : Software that allows a remote user of a Telnet client to connect as a remote terminal from anywhere on the Internet and control a computer in which the server software is running.
Toolbar: A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects.
Tracking Cookie: Any cookie that is shared among two or more web pages for the purpose of tracking a user’s surfing history.
Trojan : Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user’s account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.
Trojan Creation Tool : A program designed to create Trojans. Some of these tools merely wrap existing Trojans, to make them harder to detect. Others add a trojan to an existing product (such as RegEdit.exe), making it a Dropper.
Trojan Horse : A Trojan Horse portrays itself as something other than what it is at the point of execution. While it may advertise its activity after launching, this information is not apparent to the user beforehand. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls.
Trojan Source : Source code is written by a programmer in a high-level language and readable by people but not computers. Source code must be converted to object code or machine language before a computer can read or execute the program. Trojan Source can be compiled to create working trojans, or modified and compiled by programmers to make new working trojans.
Usage Track : Usage tracks permit any user (or their software agent) with access to your computer to see what you’ve been doing. Such tracks benefit you if you have left the tracks, but might benefit another user as well.
Virus Creation Tool : A program designed to generate viruses. Even early virus creation tools were able to generate hundreds or thousands of different, functioning viruses, which were initially undetectable by current scanners.
Virus Source : Source code is written by a programmer in a high-level language and readable by people but not computers. Source code must be converted to object code or machine language before a computer can read or execute the program. Virus Source can be compiled to create working viruses, or modified and compiled by programmers to make new working viruses.
Virus Tutorial : We don’t think there is much need for viruses in today’s offices, so we don’t think there is much need to learn how to create them. Virus Tutorials explain ‘how to’.
War Dialer : (demon-dialing, carrier-scanning) War-dialing was popularized in the 1983 movie War Games. It is the process of dialing all the numbers in a range in order to find any machine that answers. Many corporations have desktop computers with attached modems; attackers can dial in order to break into the desktop, and thereafter the corporation. Similarly, many companies have servers with attached modems that aren’t considered as part of the general security scheme. Since most security emphasis these days is on Internet-related attacks, war-dialing represents the “”soft underbelly”” of the security infrastructure that can be exploited.
Worm: A program that propagates itself by attacking other machines and copying itself to them. Both worms and viruses are self-replicating code that travels from machine to machine by various means. Both worms and viruses have, as their first objective, merely propagation. Both can be destructive, depending on what payload, if any, they have been given. But there are some differences: worms may replace files, but do not insert themselves into files. In contrast, viruses insert themselves in files, but do not replace them.
Worm Creation Tool : A program designed to generate worms. Worm creation tools can often generate hundreds or thousands of different, functioning worms, most of which are initially undetectable by current scanners.