Sophos Anti-Rootkit

Free rootkit detection and removal tool 

Download now

Rootkit scanning, detection and removal

Our free software, Sophos Anti-Rootkit scans, detects and removes any rootkit that is hidden on your computer using advanced rootkit detection technology.
Rootkits can lie hidden on computers and remain undetected by antivirus software. Although new rootkits can be prevented from infecting the system, if you had any rootkits before you installed your antivirus, they may never be revealed.
Removing rootkits without compromising system integrity is particularly challenging and needs to be done with care.

Simplified management

Using Sophos Anti-Rootkit is easy. Whether you use its simple graphical user interface or run it from the command line, you can easily detect and remove any rootkits on your computer.

Easy to use

Sophos Anti-Rootkit provides an extra layer of protection, by safely and reliably detecting and removing any rootkit that might have hidden itself on your system.

Stay free of rootkits

As part of its complete protection of endpoint computers, Sophos Endpoint Security and Data Protection has an integrated detection functionality that removes and prevents them being installed onto your desktops, laptops and servers.

System requirements

Sophos Anti-Rootkit will support the following operating systems:

• Windows 2000
• Windows XP
• Windows Vista
• Windows 7
• Windows Server 2003
• Windows Server 2008
• 64-bit platforms

Sophos Anti-Rootkit requires a minimum of 128 Mb RAM.

Read More

Mac Malware Becoming a Serious Threat 2011

Overview

As Apple computers grow more popular than ever, they're an increasingly-enticing target for hackers. And these hackers aren't just mischief-makers — by targeting your computer or applications you use, these criminals are out to steal and profit from your valuable personal information. Don't let them. Get free Sophos Anti-Virus for Mac today.

Introducing Sophos Anti-Virus for Mac Home Edition.

It's easy to install, quiet to run and simple to use — it keeps you safe from viruses, Trojans and worms without getting in your way.

High-grade protection without slowing you down.

Best of all, it's free full-featured antivirus. You get business-grade protection for your Mac backed by our SophosLabs experts — they're on the job every day of the year, 24 hours a day. We'll stop, quarantine and clean up Mac or Windows threats that try to infect your computer. We can even stop new, unknown threats.

As versatile as you want it to be, as powerful as you need it to be.

Nobody likes system pop-ups or system slow-downs. That's why our product won't annoy you with messages or take up your computer's resources. And once you install Sophos Anti-Virus for Mac Home Edition, you're the boss. Want it to just scan quietly in the background as you work? No problem. Need to create a custom scan to check what you want and leave out what you don't? It can do that too.

Download now
Sophos Anti-Virus for Mac Home Edition

Read More

Why people make botnet ?

We all know what botnets are (think so), but anyway let’s see a proper definition of botnets taken from shadowserver and I quote:

A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task. Although such a collection of computers can be used for useful and constructive applications, the term botnet typically refers to such a system designed and used for illegal purposes. Such systems are composed of compromised machines that are assimilated without their owner’s knowlege.

Among the DDoS usage of botnets there are also know usages like:
Keylogging

Keylogging is perhaps the most threatening botnet feature to an individual’s privacy. Many bots listen for keyboard activity and report the keystrokes upstream to the bot herder. Some bots have builtin triggers to look for web visits to particular websites where passwords or bank account information is entered. This gives the herder unprecendented ability to gain access to personal information and accounts belonging to thousands of people.

Warez

Botnets can be used to steal, store, or propogate warez. Warez constitutes any illegally obtained and/or pirated software. Bots can search hard drives for software and licenses installed on a victims machine, and the herder can easily transfer it off for duplication and distribution. Furthermore, drones are used to archive copies of warez found from other sources. As a whole, a botnet has a great deal of storage capacity.

Spam

Botnets often are used as a mechanism of propogating spam. Compromised drones can forward spam emails or phish scams to many 3rd party victims. Furthermore, instant messaging accounts can be utilized to forward malicious links or advertisements to every contact in the victim’s address book. By spreading spam-related materials through a botnet, a herder can mitigate the threat of being caught as it is thousands of individual computers that are taking on the brunt of the dirty work.

and the one I’m gonna focus on (well, something derived from it) -> Click Fraud

Botnets can be used to engage in Click Fraud, where the bot software is used to visit web pages and automatically “click” on advertisement banners. Herders have been using this mechanism to steal large sums of money from online advertising firms that pay a small reward for each page visit. With a botnet of thousands of drones, each clicking only a few times, the returns can be quite large. Since the clicks are each coming from seperate machines scattered accross the globe, it looks like legitimate traffic to the untrained investigator.

My point is that many herders (botnet organizers) use a pretty raw Click Fraud mechanism, mainly just issue the command to the bot to retrieve the page and it’s advertisement and rebuild a query string to the advertisers website with the referer header set… as mentioned in the definition this may seem sometimes legitimate traffic to some, but big advertising companies would notice that something isn’t right, stuff like hundreds of clicks at (almost) the same time and similar scenario’s…
The new approach (better) would be to generate only website traffic at random hours because highly visited websites use pay-per-post campaigns (more info about pay-per-post)… and there are also other advertising systems like simple banner/ad placement on the website/blog and via the traffic stats you get paid…
How could botnets help? Well botnets would act as general users/viewers of the blog/website thus making legitimate traffic… masked by a randomized visit system… a general scenario:

• the herder issues the command to visit a website
• each bot receives the command, enters a random delay before executing it (in minutes) (ex: rand(60))
• the bot finally executes the visit and resets the delay time before revisit adding a day to it also

A very raw implementation could be easily implemented but varying from botnets to botnets, because some botnets are simple IRC based while others not…
So many live hits and no subscribers? Nooooo, I think that netvibes got the solution to this issue…

Read More

How to Scan for Conficker Worm

A bit of an update to the conficker worm that is supposedly scheduled for new updates and instructions today wednesday 1st. April 2009 and that nobody except for the bad guys knows what those instructions would be. Fyodor has rolled out a new nmap beta release to the nmap scripting engine that enables it to check if a particular machine is possibly infected by the conficker worm.

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 IP

A clean machine should report at the bottom: “Conficker: Likely CLEAN”, while likely infected machines say: “Conficker: Likely INFECTED”.

A useful feature to check your own network if any of your computer in the network is infected by the conficker worm.
Tenable security have also released a new Nessus plugin #36036

Read More