Ad-Aware - How to Protect Your PC from Spyware and Adware!


Detect and remove all dangerous spyware and adware from your PC with Ad-Aware from Lavasoft. Protect yourself against identity theft. Free download.

Enhance Your Computer Security and keep your PC Secure!

What is Ad-aware?
Ad-aware is THE award winning, multi-trackware detection and removal utility (designed for Windows 98 / 98SE / ME / NT40 / 2000 / XP Home / XP Pro and soon Vista) that will comprehensively scan your memory, registry, hard, removable and optical drives for known Datamining, aggressive advertising, Parasites, Scumware, Keyloggers, selected traditional Trojans, Dialers, Malware, Browser hijackers, and tracking components.

Ad-aware will provide you with the confidence to surf the Internet knowing that your privacy will remain intact.

Time to clean house
Ad-aware employs a regularly updated reference file and a powerful in-depth scanning engine to place the spotlight on these risks to your privacy.
Through use of our all-new and totally integrated WebUpdate module, you can be assured that you will always have the most complete and up-to-date AntiTrackware solution on the planet!

What's new in Ad-aware
· Leading anti data-mining utility, features the best maintained and updated target base  
· Targets hundreds of systems and thousands of variations  
· All new, vastly improved, in-depth scanning engine  
· Includes an Advanced process browser full supporting installed extensions, linked to the in-depth scan engine  
· Fully customizable automated scanning modes  
· Web-update module now fully integrated into the Ad-aware interface  
· Entirely new, highly improved user interface  
· All new plug-in concept allows for powerful expandability and updating without the need to download a new core-application  
· Automatic quarantine (backup) function capability  
· Enhanced logging capabilities  
· Powerful tweaking options allows tweaking all aspects of Ad-aware  
· Extended in-depth registry scans  
· Exporting and printing of HTML reports  
· Powerful command line options, to load config scripts and reference files from, and send log files to remote drives  
· Blocks Browser hijacker attempts, Active-X installations, IE save attempts, and unauthorized auto start entries  
· Includes a Popup stopper with customizable black-list  
· Smart process-blocking, including filter lists  
· Enhanced menus providing many more options.  
· Plus many other enhancements!  

Enhance Your Computer Security!


 

     
 
Ad-Aware 2007 will be released worldwide on June 7.  Make sure to read "Ad-Aware 2007 Premiere" article for a peek at what is included in the features of Ad-Aware 2007 Pro, Plus, and Free versions.

 

For the he latest on spyware trends and advancements in online crime, read on.  Even as law enforcement officials try to keep up the fight against cyber crime, it's important to stay educated on the latest threats, so you know how to protect your PC and yourself.  Get the scoop on e-surveillance, the raging botnet battle, and the booming business of cyber crime. 

Ad-Aware 2007 Premier

Key features included in each version of Ad-Aware 2007.

At Lavasoft, their mission is to develop and deliver the highest quality anti-spyware solutions, in order to give computer users the power to control their privacy and security.  Ad-Aware 2007 is Lavasoft’s answer to the rapidly changing threat landscape in today’s cyber world.  The fully redesigned Ad-Aware 2007 has a new architecture that allows for more program flexibility and improved malware detection as the industry continues to grow in sophistication.

“The launch of Ad-Aware 2007 is an important step for Lavasoft, setting the groundwork for their focus on the next generation of malware and spyware threats.

At the same time, Lavasoft know that security does not have to be complicated to be effective and relevant.  Ad-Aware 2007 was developed with direct input from computer users representing the spectrum of ability, and the fresh new interface smoothly guides users through the complexities of detecting and removing malware, while still providing advanced options for experienced users.

With Ad-Aware 2007, Lavasoft has responded to the needs of the everyday computer user at home as well as the IT individual in a business setting.  Ad-Aware 2007’s fully rebuilt engine results in faster scanning times, and is stocked with convenient new additions like automatic scans and Web updates with the Scheduler feature, the TrackSweep privacy tool that erases tracks left behind from Internet browsing with the click of a button, and the built-in Hosts File Editor to block advertisement sites and reverse browser hijack entries.

The 2007 product will be released in three different versions: Ad-Aware 2007 Pro, Ad-Aware 2007 Plus, and Ad-Aware 2007 Free (formerly known as Personal). Take a look at the host of new features included in Ad-Aware 2007 Pro, Plus, and Free  below.

While Ad-Aware 2007 will not be Vista compatible right away, a Vista compatible version (32-bit) will be released at the end of August 2007, and all Ad-Aware users with a valid license will immediately receive the Vista compatible version update upon its release.

Remember, if you have a valid Ad-Aware SE license, you are eligible for an update to the new Ad-Aware 2007 version, completely free of charge!

 

Cyber-Stalkers Invade Personal Spaces
It's not just remote hackers that are trying to track your online activity and gain access to your personal information.  Read below about cyber-stalking, e-surveillance and how to protect yourself.

You know that the world is becoming a smaller place when it is possible to find an address and get directions with a few clicks on a mobile device. Another few clicks and you can find out the precise coordinates marking your location in space.  You may even keep a record of it in time, if you were so inclined.

If it’s easy for you, think about how easy it is for others.  But why would anyone want to know your precise whereabouts, and what could they do with that information?

Plenty, it turns out.

You don’t need to be a high-profile artist to be the subject of unwanted attention.  Cyber-stalking can come from a former partner or spouse, a total stranger, or perhaps an estranged co-worker.

The Washington Post recently reported that stalkers with cursory computer knowledge have been able to track the e-mail and Web activity of current or recently divorced spouses.  Stalkers can choose from an array of spyware, GPS devices on their own or embedded in mobile phones, and tiny cameras, to keep track of their victims.  By working in this way, they can remain anonymous and operate anywhere from a distance of a few blocks, to many time zones away.

The victims of cyber crime may not readily know who is invading their privacy.  This, in itself, can make victims feel powerless.  But what is worse is that they may not know the extent of the information that may have been compromised.  The range of possibilities, from legal documents and financial transactions, to intimate correspondence, is enormous.

Armed with that information, a stalker can decide to show up unannounced to track a victim.  Another may choose to send harassing e-mails, electronic junk mail, and computer viruses.  And yet another, as reported on CNET News, could intend to use the collected information as ammunition to help win a divorce settlement.

Whichever form they take, these tactics are meant to induce fear.  Police departments are being trained to deal with cyber-stalking, but prosecuting these crimes presents many challenges.

How can you protect yourself against cyber-stalking? According to Douglas Schweitzer, an Internet security specialist with Computer World, it is wise to be cautious with your personal information. Follow these guidelines to protect yourself:

 

  • Don’t use your real name as your screen name or user ID.

  • Don’t share personal information in public online spaces or give it to strangers in e-mail or chat rooms.

  • Don’t post personal information as part of a user profile.

  • Make sure that your Internet provider and any online communities you frequent have policies that prohibit cyber-stalking.

  • Change passwords frequently.

  • Hand-deliver important documents.

 

Botnets Grow in Size and Sophistication
The battle of the botnets has begun in earnest. Botnets have become a leading player in the world of cyber crime.

Botnets, networks of thousands of computers used to spread malware, have become the hottest commodity of cyber criminals.  Malicious code, as dangerous as it is, has taken a back seat to the means to deliver it.  As a result, hackers and spammers are no longer the sole leading figures responsible for perpetrating cyber crime.

Botnet controllers are responsible for pulling the strings of an increasingly professional and sophisticated cyber crime community.  Emerging as a new serious brand of player, they are threatening the very openness of the Internet that we have come to take for granted.

Botnets have the ability to attack the Internet en masse.  As a result, the frequency and complexity of attacks is escalating.  Another contributing factor is the professionalism displayed by the cyber criminals.

An example of this was recently reported on PC World.  Security firm Panda Software discovered an innovative application called Zunker, which was used to control and monitor botnet computers in as many as 54 countries.  The tool had been designed to be easy to use and allowed the owner the ability to tune the performance of the network.

As another sign of sophistication, security researchers have found that a growing number of botnets are being used only once.  The botnet controller rents the network to the highest bidder and, once an attack is completed, abandons it.  This strategy makes it more difficult for law enforcement to track the botnet controllers, or ‘bot herders’ as they are also called.

Bringing those criminals to justice, though difficult, is not impossible.   Witness the sentencing of Jeanson Ancheta, 21, of California to a term of 57 months in a federal prison.  Ancheta, a bot herder, controlled and rented 400,000 computers to other cyber criminals who used the network to launch security attacks. 

Contributing to the problem is the large number of home users whose computers do not have adequate protection and are easy prey for botnet operators.  It is critical that home users install up-to-date firewalls and security software, in addition to practicing caution when going online.

Notwithstanding all the challenges ahead, security experts remain optimistic that the botnet threat can be mitigated without having to alter how we currently use the Internet.  The prospect of a closed Internet is not something that would benefit anyone, cyber criminals included.

 

Cyber Criminals: Savvy, Professional and Organized
Malware suppliers are tailoring their techniques, using personalisation schemes and even embracing their competition, all for the pursuit of profits.

Malware goes mainstream.

Sound far-fetched?

Think service contracts, personalisation, and upgrades.  It’s all there. Suppliers of malware have become quite sophisticated in their offerings. Their motivation? Think one simple word: profits.

Malware suppliers have adopted many of the same business practices used by leading software providers.  But they are going one step further.   By embracing their competitors, malware suppliers are becoming more like a consortium in their ability to strategically deliver customised offerings, to tap into synergies, and, significantly, to share market intelligence.

Large enterprises may continue to be the most visible of the victims of cyber crime, but they are no longer its main focus.  Small to medium-sized firms provide much more viable targets.  But how do malware suppliers find the right targets?

One thing is for sure: they are not reinventing the wheel.

Malware suppliers are borrowing market research concepts and turning them into tools that can gather relevant information about potential targets.  Armed with treasures such as browser version, operating system software, IP address, and level of security patch, malware writers have a ready end-user profile at hand.

The Internet Security Systems X-Force team at IBM, headed by Gunter Ollman has been actively researching the methods used by cyber criminals.  In a recent Info World article, Ollman states that the most sophisticated of these cyber criminals are trading information such as IP addresses to ensure that their latest work is not discovered.

Though they may not have face-to-face meetings or send e-mail correspondence, these cyber criminals have other means of communicating with each other.  Whether through chat rooms or bulletin boards, they collaborate in ways that help extend the reach of their malicious code.

There is strength in numbers.

As recently reported in Info World, McAfee’s latest research report shows that criminals are connecting in greater volume than ever before.  Dave Marcus, a security research manager at McAfee’s Avert Labs believes that the criminals are doing a better job at communicating than the security industry itself.

Countries like Russia and China, which do not participate in worldwide groups that fight malware use, have become hotbeds for cyber criminals.   With no shortage of outlets for the distribution of their malicious code, their activity is expected to flourish in 2007.

VoIP systems are expected to see an increased volume of threats, as are mobile devices like smart-phones.  Threats in the form of phishing attacks, spyware, and mobile spam will become more commonplace.

What’s an end-user to do?  Natalie Lambert, of Forrester Research, recommends using a multi-layer approach to safeguard yourself.  Having a single security measure, such as an anti-virus program, is no longer enough and can’t protect against specific, targeted attacks, the type that are becoming de rigueur for sophisticated malware suppliers.

 

Top Computer Crimes of 2007 U.S. News & World Report
Only halfway through the year, 2007 is already proving to be an impressive year for cyber criminals in America.  Take a look at the top cyber crimes for the year's first quarter, pulled together from the U.S. Justice Department's Computer Crime Section, the FBI, and Immigration and Customs Enforcement.

May 15, 2007

Top Computer Crimes of 2007 (First Quarter)

This year is already shaping up as an impressive one for computer crime in America, with cases ranging from massive fraud to sophisticated "hack, pump, and dump" stock scams. Here are highlights of the top cybercrimes for the year's first quarter, drawn from cases at the U.S. Justice Department's Computer Crime Section, the FBI, and Immigration and Customs Enforcement:
Indian Hackers " Pump and Dump " Scheme: On March 12, federal officials unsealed an indictment charging three individuals from Chennai, India, with conspiracy, securities and wire fraud, and identity theft tied to the hijacking of online brokerage accounts in what authorities call a "hack, pump, and dump" scheme. According to the indictment, last year the defendants, based primarily in Thailand and India, set up online brokerage accounts, hacked into other accounts to buy thinly traded stocks, and once the stock had risen, they sold off their own shares. Among the victims are at least 60 customers and nine brokerage firms in the United States and overseas, with over $2 million in losses.

Accurint Computer Fraud and ID Theft: On March 5, a federal judge sentenced five men for conspiracy to commit computer fraud and identity theft tied to intrusion of the Accurint database. Using Trojan horses, social engineering, and other techniques, the defendants obtained user login IDs and passwords and then made unauthorized entries into the Accurint database, which is widely used by law enforcement. All five men are restricted from using computers and were ordered to pay $105,750.29 in restitution to Lexis/Nexis (Accurint's owner) and the Port Orange Fla., Police Department.

Cisco Defrauded of Millions of Dollars: On February 27, Michael A. Daly of Danvers, Mass., was charged with using false identities and private mailboxes in at least 39 states to allegedly defraud Cisco Systems of networking equipment. Daly stands accused of carrying out the fraud at least 700 times, asking for replacement parts, selling them for a profit, and spending the money on, among other things, classic automobiles.

Virus Transmitter Nabbed by FBI: In February, Richard C. Honour of Kenmore, Wash., pleaded guilty to releasing malicious computer viruses that infected DarkMyst and other Internet Relay Chat systems. Until the FBI showed up at his door, Honour got his kicks by inviting fellow IRC users to click on a movie link, which downloaded malware and created backdoor access to their computers.

Theft of Morgan Stanley Hedge Fund Secrets: On February 1, federal prosecutors announced the guilty plea of Ira Chilowitz to charges tied to the theft from his ex-employer, Morgan Stanley, of hedge fund trade secrets. Chilowitz oversaw secure computer connections between Morgan Stanley and its Prime Brokerage clients, and had access to numerous internal documents, including a list of all of the firm's hedge fund clients and the formulas used to calculate rates they paid for certain services. He pleaded guilty to four counts of conspiracy, transportation of stolen property, theft of trade secrets, and unauthorized computer access.

Child Pornography Cases: The feds continued to rack up arrest after arrest of online traffickers in child pornography, working through Operation Predator (run by Immigration and Customs Enforcement) and the Innocent Images Initiative (run by the FBI). Among the latest perps: Billy Joe Bowser, 34, and Anthony Adams, 49, of Springfield, Ill. Between them the two men had more than 100,000 images of child porn that included kids under 2 years old, trading them on a chat room called "Kiddypics & Kiddyvids" using WinMX software for "peer-to-peer" file sharing. On March 5, Bowser received the maximum sentence of 20 years in prison; Adams got 19 years.


Security Shorts
Lavasoft News has compiled a list of "security shorts" - summaries of other online security stories making news around the world this past month.

Security Bill Takes on Botnet Battle
A new bill introduced in the United States Congress, the Cyber Security Enhancement Act, is aiming to widen penalties for cyber crime, including creating criminal penalties for botnet attacks used to aid in identity theft, denial-of-service attacks, and the spread of spam and spyware.  The legislation would also allow prosecutors to pursue racketeering charges against cyber criminal groups, expand sentencing guidelines for cyber crime, and add $30 million U.S. a year to the budgets of federal agencies combating cyber crime.

Cyber Security Bill Targets Botnets
Cyber Security Enhancement Act seeks criminal penalties for botnet attacks used to aid identity theft, enial-of-service attacks, and the spread of spam and spyware.
Tuesday, May 15, 2007 9:00 AM PDT

A tech trade group and a leading cybersecurity vendor applauded new legislation introduced in the U.S. Congress that would broaden penalties for cybercrime, including first-time penalties for botnet attacks.

The Cyber Security Enhancement Act, introduced Monday, would create for the first time criminal penalties for botnet attacks often used to aid identity theft, denial-of-service attacks and the spread of spam and spyware. Botnets are groups of compromised computers that hackers can control remotely.

The bill, introduced by Representatives Adam Schiff, a California Democrat, and Steve Chabot, an Ohio Republican, would also allow prosecutors to pursue racketeering charges against cybercriminal groups, would expand sentencing guidelines for cybercrime by allowing the forfeiture of property used to commit the crime, and would add US$30 million a year to the budgets of federal agencies fighting cybercrime.

The Business Software Alliance (BSA), a trade group, and Symantec Corp., a security vendor, both offered support for the legislation. BSA and other tech trade groups have pushed Congress to pass tougher cybersecurity legislation, and BSA said its member company CEOs will push for passage of the bill when they meet in Washington, D.C., in June.

"For too long. cyber criminals have taken advantage of legal blind spots and an under-resourced law enforcement community to brazenly threaten online confidence and security," BSA President and CEO Robert Holleyman said in a statement. "This legislation will give law enforcement updated and improved tools to combat what has become a growing, organized criminal enterprise."

Symantec, in a statement, cheered the cosponsors effort to target botnets. The sophistication of cybercrimes, particularly botnets, "far outstrips the laws on the books," said John Thompson, the company's chairman and CEO. The bill shows Congress is "truly serious" about combating cybercrime, he added.

The bill would also broaden the definition of electronic data theft related to interstate or foreign communication, and expand the cyber extortion statute.


Google Warns of Web Malware
The sheer volume of malware being hosted on websites was revealed through a Google study based on a year-long scan of over 4.5 million sites. “The Ghost in the Browser” study reports that one in 10 web pages are laced with malicious code. Of the sites the Google research team analyzed, 450,000 were capable of launching drive-by-downloads to install malicious code, like spyware and Trojans, onto users’ computers. Another 700,000 web pages were found to contain code that could compromise PCs.
 

Google searches web's dark side

Malicious programs are installed by visits to a booby-trapped site
One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC.
Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "in-depth analysis".

About 450,000 were capable of launching so-called "drive-by downloads", sites that install malicious code, such as spyware, without a user's knowledge.

A further 700,000 pages were thought to contain code that could compromise a user's computer, the team report.

To address the problem, the researchers say the company has "started an effort to identify all web pages on the internet that could be malicious".

Phantom sites

Drive-by downloads are an increasingly common way to infect a computer or steal sensitive information.

They usually consist of malicious programs that automatically install when a potential victim visits a booby-trapped website.

"To entice users to install malware, adversaries employ social engineering," wrote Google researcher Niels Provos and his colleagues in a paper titled The Ghost In The Browser.

Finding all the web-based infection vectors is a significant challenge and requires almost complete knowledge of the web

Google researchers
Hi-tech crime unit


Avoiding attacks

"The user is presented with links that promise access to 'interesting' pages with explicit pornographic content, copyrighted software or media. A common example are sites that display thumbnails to adult videos."

The vast majority exploit vulnerabilities in Microsoft's Internet Explorer browser to install themselves.

Some downloads, such as those that alter bookmarks, install unwanted toolbars or change the start page of a browser, are an annoyance. But increasingly, criminals are using drive-bys to install keyloggers that steal login and password information.

Other pieces of malicious code hijack a computer turning it into a "bot", a remotely controlled PC.

Drive-by downloads represent a shift away from traditional methods of infecting a computer, such as spam and email attachments.

Attack plan

As well as characterising the scale of the problem on the net, the Google study analysed the main methods by which criminals inject malicious code on to innocent web pages.

Spam e-mails are a common way to infect a computer

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.

Widgets are small programs that may, for example, display a calendar on a webpage or a web traffic counter. These are often downloaded from third-party sites.

The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found.

For example, postings in blogs and forums that contain links to images or other content could unwittingly infect a user.

The study also found that gangs were able to hijack web servers, effectively taking over and infecting all of the web pages hosted on the computer.

In a test, the researchers' computer was infected with 50 different pieces of malware by visiting a web page hosted on a hijacked server.

The firm is now in the process of mapping the malware threat.

Google, part of the StopBadware coalition, already warns users if they are about to visit a potentially harmful website, displaying a message that reads "this site may harm your computer" next to the search results.

"Marking pages with a label allows users to avoid exposure to such sites and results in fewer users being infected," the researchers wrote.

However, the task will not be easy, they say.

"Finding all the web-based infection vectors is a significant challenge and requires almost complete knowledge of the web as a whole," they wrote.

 

Mobile Phone Threats Continue to Climb
By the end of 2007, the number of mobile phone viruses is expected to double, a McAfee official recently told Reuters. Spyware and virus threats on phones have risen as mobile malware writers find new ways to break into the cell phone software market. Security firm F-Secure reported that two new spying tools are now facing mobile devices running Windows Mobile and Symbian S60 3 rd edition operating systems.
Read more

Hacking Through Windows Update
A component of Windows Update is being used to stealthily get malicious code downloads past firewalls, researchers at Symantec have reported. Hackers are taking advantage of the Background Intelligent Transfer Service (BITS), a Windows component that allows files to be transferred between machines, to bypass local firewalls in order to sneak in malicious downloads.
Read more

Top Threat: Memory Stick Security
Removable media devices are viewed as the top security concern for corporations, according to a new study from Centennial Software. Nearly 40 percent of IT managers surveyed responded that removable media devices like USB memory sticks and MP3 players are the biggest security threat for their companies. While recognizing the risk, according to the report, 80 percent of firms do not have protection measures in place.
Read more

 

New Targets in Detection (May 2007)
Protect your privacy with a complete list of new targets for May 2007.
Read more

Lavasoft Blog
If you want to go behind the walls of Lavasoft, hear what we are up to, what we are thinking and what is happening in the industry, the Lavasoft Company Blog is the place to go for regular, up-to-date information.
Read more

 
 
Enhance computer Privacy with Lavasoft Ad-aware SE Plus or Lavasoft Ad-aware SE Professional.
Stats
Computer users are safety savvy when it comes to understanding potential threats coming in through their e-mail inboxes, like phishing, viruses, and malware. Results from an E-mail Sender and Provider Coalition survey show that over 80 percent of users recognize and report spam through functions in their e-mail service. Yet, it only takes one e-mail user in 10,000 to buy something from a spammer to keep them in business.

Source: Network World
 
Term of the Month
RSS is a type of web feed format used to publish constantly updated web-based content like blogs and news feeds. RSS stands for Really Simple Syndication, and can also refer to Rich Site Summary or RDF Site Summary. RSS delivers information as an XML file called an RSS feed or webfeed. By subscribing to a website's RSS feed, new content from that site is retrieved and presented to the computer user through their feed reader or feed aggregator program.

Source: en.wikipedia.org
 
Tech Tips
It can be difficult and time consuming to keep track of all the news available on the web. Sign up for RSS feeds to stay up-to-date with news from your favorite websites. RSS is a convenient way to distribute news, plus it allows you to control the amount of data you receive online and decrease your online traffic, saving you time by not having to visit individual sites. To use RSS feeds, simply choose an RSS reader tool and then load RSS feeds into your reader from the sites you are interested in.


Lavasoft's Company Blog and the News from Research blog have RSS feeds up and running. By subscribing to the News from Research blog, you will be notified whenever a new Definitions File is released.
 
Helpful Homepage
Stop Badware.org is a "neighborhood watch" group dedicated to fighting badware - spyware, malware and deceptive adware. Educate yourself by reading their in-depth reports on applications and websites, or fight back by submitting your badware story to aid their clearinghouse effort.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com