Archive for September 2011
Internet connectivity has become essential in our lives. Most of us work from home, while few do the office work from home. Therefore, it is important to have a reliable and fast Internet connection. Many of us complain about slow Internet speed and want to increase it by increasing memory or upgrade system processor or ultimately buy a new computer. You can increase the RAM, if the is RAM is less for the number of programs you use. This slows down not only the computer but also the Internet speed. More RAM can be added any time you feel it is necessary. If you have a 0.5 GB system you may choose to make it to 2 GB and this will certainly make the system faster and the Internet speed too increases.
But if you have a system with high configuration and a high RAM, you may need to think of other choices to run the system as well as the Internet faster. Check if there is anything within the system that is slowing down the Internet speed such as presence of a virus or an adware, spyware or malicious software which will contribute in bringing down the speed of the Internet.
Check the system with the latest version of anti-virus software. Run the scan to see if the system is infected with adware, spyware or a virus. If the scan results show positive, quarantine that particular group and fix the problem. This should automatically increase the system speed as well as the Internet speed.
If the system is not infected with any malicious program and still the Internet speed is low, you can increase by removing all the temporary Internet Files, cookies (not the ones that are eaten, but that of computer’s), remove all those unused programs and files (not used on regular basis by the user but they are always running).
Gone are the dial-up days, when it was taking irritatingly long hours to connect to Internet, with broadband the connectivity should not be an issue at all. Take care of your system and you are connected to the Internet at rocket speed.
The amount of data present on the net has been growing very rapidly over the years. This situation has created an increase in demand for an internet connection with high speed that will allow web users to access or even download huge media files for example, in a short period of time. Performing an internet speed test is essential. Having a very old and slow modem is simply useless by today’s standards to play online games or watch streaming video. The easiest solution will be to buy better hardware and getting a faster internet connection, but it’s also the most expensive option. Before opting to undertake such actions, you should make sure you are using your current setup to its maximum potential.
You will be surprised to find out, that by changing few settings of your computer, you will manage to improve your internet speed by even 50% on some occasions.
In order to monitor improvements to your internet connection, you first need to perform an internet speed test. There are quite a number of free software utilities online that will enable you to perform a connection test, however you should consider other software utilities that will give you much more detail. Such software will check your internet connection in real time, which is essential. This way you can easily identify problems such as slow servers, unused bandwidth and test the speed between your pc and a web server. Changing the various settings while online and performing various tests is the key.
For people who are not networking experts, speed up software solutions will help in applying most optimizations very easily and within a couple clicks. Such software usually detects your current configuration and hardware and optimizes your settings automatically. Performing an internet speed test regularly, will then be able to identify easily which optimization was the most effective.
Trojans
These days, we can see a dramatic upsurge computers infections with trojans, they are the preferred tools for hackers. As in the old legend with the Trojan Horse, this type of malware masquerades as a useful program or is hidden (binded) in a useful program, tricking the user to execute it, “as it is” or together with the program that carry it. A Trojan horse neither replicates nor copies itself, but the damages it brings to the computer are huge. Once installed in a system, it gives to the hacker the ability to download or upload and execute other malware in the compromised system, or ability to steal passwords, other documents, to change the settings, registry or to edit important system files like “hosts” file.
“Hosts” file exists in any Windows based system and is referenced prior to perform any DNS lookups. Editing this file can lead to phishing attacks or can stop the AntiViruses software connect to the update site. The file has not an extension but is a plain text file that can be viewed with Notepad and the original content of the file is this entry in a line:
127.0.0.1 localhost
Adding a second line can map the URL address to another IP which can be a phishing site asking you for your login credentials or redirect you to an advertising site. For example this line: 
.x.x.x microsoft.com will redirect you to the IP x.x.x.x, when you type in your browser address “microsoft.com” and hit “Go”. x.x.x.x can be an advertising site or another malicious site, you got the idea. A lot of computer users save the used passwords and usernames in the browsers Passwords Manager, every modern browser ask you to save the used password if you want to. These passwords are encrypted and saved mostly in Application Data…Profile folder or in the registry sometimes for Download Managers, example Internet Download Manager.
In a normal Windows installation Mozilla Firefox save the passwords database–signons.sqlite, the key file–key3.db and the certificate–cert8.db used for encryption and decryption in:
C:Documents and Settings%username%Application DataMozillaFirefoxProfiles
Users think their passwords are safe because are long enough, contains special characters, numbers and letters and are stored in an encrypted database, but the main problem is the hacker who has access to the whole storage system of the computer, can download the whole browser Profile folder with key, certificate and signons database files, and decrypt the passwords extremely easy in their computers. So, programs as Firepassword, though an useful program, can be used in criminal activities as decrypting and stealing Mozilla Firefox saved passwords.
The same with premium file hosting accounts that can be easy stolen reading the registry keys and values where the Download Managers save the passwords, it does not matter encrypted or not. In fact, a single email password stolen is enough for the hacker, he can request in the randomly picked sites (rapidshare.com, hotfile.com, paypal.com and other sites of interest) the “Forgotten password” and often they find active accounts of the victim, accessing these other accounts by the hacker beeing a piece of cake after they found the right password and username. Using these methods the privacy is gone and the hacker can access banking sites or make online transactions very easy, using for example your paypal account and quickly deleting the confirmation email received from Paypal after the finish of the transaction and the victims will not be aware of what is happening–they will find about the fraudulous transactions from the monthly Bank Report of Activity, when is too late.
To prevent all these troubles it’s recommended to NOT use the saving passwords browser facility. Using a trojan an hacker can monitor in real time your computer, your webcam, your running processes and can kill them (for example an antivirus), can make screenshots, can use your computer for sending spam, can delete your entire harddisk, he will own your computer in a few words.
A trojan can bypass the traditional signature based detection using an executables crypter. Crypters are programs that obfuscate, encrypt the trojan body and then attach a small stub to the new resulting executable with the decryption role. The trojans are encrypted using passwords and different encryption algorithms as DES, Blowfish, AES (Rijndael), RC4, GOST or Twofish. The stub, which has appended also the password used for encryption, decrypt and run in RAM memory the trojan, thus very often avoiding the AntiVirus detection.
When installing, the trojan inject itself in the default browser process or Instant Messenger process but any other “Host” process can be choosen by the hacker at the trojan building time. Also the hacker can choose any name for the trojan or any icon, can choose at what IP it connects and port used, between 0 and 65536. Very often we can read in security forums that a trojan has a certain name for his executable, or drop in Temporary folder a file with a name but this name is totally random one, chosen by the hacker.Also the installation folder can be Temporary folder, System folder, Application Data folder or any other folder. Details about what the trojan does, what name has or what registry value it write to the harddisk are worthless, because these variables always differ from infection to infection.
Very often the trojans uses reverse connections for their communications, thus they can bypass easily a strong firewall and even the communications are encrypted using for example the Camellia algorithm and a key, so sniffing the traffic will not reveal very much about the kind of the traffic. Also the trojans using different methods as written in the registry in the StartUp keys or in the StartUp files or folder, wants to be assured they will run again at System StartUp time–Boot time. For example registry keys which run a program at computer boot:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
or
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
But the registry keys that cause programs to run each time that a user logs on, are many, many more and monitoring registry keys by the AntiViruses often gives NO results. The only way to prevent the computer infections with trojans or other malicious code, is to download programs only from trusted sources, to run an up-to-date AntiVirus, and to scan with a multi-engine online scanning service.
Another subcategories of the trojans are Droppers and Downloaders.
Droppers are trojans containing other malicious programs inside. Once the trojan is installed it will decompress and run secretly his payload. There is a lot of online advertisement companies that use Trojan-Droppers to silently drop their adware or spyware in the compromised systems. By dropping and decompressing these malicious programs directly in memory and running them, antiviruses fail to detect them on the harddisk. To avoid resources consumption, the antiviruses use a lot for scanning harddisk operations like read or write on it, and not so much RAM memory operations so decrypting a spyware directly in memory is often used by malware creators.
Downloaders are tiny trojans, but very used by the hackers. Their goal is to download from a site one or more files and execute them. It’s very difficult for AntiViruses to detect them, because their operations are only a few, they connect to a site, download a file, sometimes change his extension to.exe because the downloaded file can be a false.jpg or.gif or.mp3 file and execute it. Of course the downloaded files are always malicious codes, trojans, worms or spyware. To prevent these computer infections, it’s recommended to use a firewall or a program for monitoring the Network activity.