Wednesday, August 29, 2007

SmartHide Release!!!

Online Security and Privacy solutions company Arovax LLC is glad to announce the final release of its innovative and future-oriented software – Arovax SmartHide.
It was designed to provide you with the most important defence on the web – anonymity. SmartHide will keep your IP address hidden, encrypt and compress your traffic, secure all the protocols on your PC (E-mail, Web-browsing, IM, P2P, etc) and even more.
Great changes and upgrades have been made to its beta-version to adjust SmartHide to the needs of our main experts – our clients!
The hole program has been renewed and a few features have appeared.

Unique proposition!
Now each registered user can invite three friends to join SmartHide users’ community and try the program on their own. They can test and enjoy the program for free!
In SmartHide Release 433 (SSL) port has been closed to prevent Internet criminals from using it to cheat banks and processing services. Paid version of SmartHide won’t have this limitation.

Other modifications and add-ons are the following:
  • Accelerated network session authorization and startup.
  • Available individual authorization - now every user can get his/her personal copy of SmartHide.
  • News section has been added - follow the latest news of Arovax SmartHide changes and road-maps without going to the website. SmartHide official website also has been updated.
  • FAQ page has been added to help the beginners who only start using SmartHide as a security protection tool.
  • Also our support system has been modified. Now every registered user can contact our support team and ask any question he or she is interested with.
All beta-testers can enjoy free limited version of Arovax SmartHide by receiving an Invitation code upon request to the admin's PM on the forum.

If you have any questions or inquiries, please contact Arovax Company:

Product Page:

Arovax Community:

Wednesday, August 22, 2007

Arovax Antispyware Signature Database update from 08/22/2007:

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about updates you can find at this forum thread>>>

How to Read Virus Names

Antivirus vendors generally assign virus names consisting of a prefix, the name, and a suffix. Not all vendors follow this convention, however, and even those who do may sometimes use different designators. When attempting to find information about a particular virus, it can be helpful to understand how the names are formed.

The prefix
The prefix (when used) identifies the type of virus or malware it is. W32 or Win32, for example, denote that it is a Windows 32-bit infector and thus impacts Windows 95, 98, 2000, 2003, XP, Me, NT 4.0. Those that impact only Windows 95/98 often have prefixes of W95. Other vendors apply prefixes that are more indicative of the type of threat, rather than the platform it infects. For example, a TROJ prefix implies the file is a Trojan Horse, an I-Worm prefix indicates it is an Internet/email worm, and OM signifies that it is a Microsoft Office macro virus.
W97M, WM, X2KM are other examples of macro virus prefixes that denote both the fact that it is a macro virus and provides clues as to what versions of Office (or products within Office) are impacted. The prefix is usually separated from the name by an underscore, a period, or a slash.

The name
Following the prefix is the actual name of the malware. For example, W32/Bagle has a prefix of W32 and the worm itself is dubbed Bagle.

The suffix
Many viruses belong to the same family but are slightly different. To differentiate between these variants, antivirus vendors assign an alphabetical suffix. The original virus (or worm, Trojan, etc.) generally does not have a suffix assigned until after further variants of the same threat are discovered. For example, W32/Bagle became W32/Bagle.A after the 'B' variant was discovered. Subsequent variants are assigned descending letters of the alphabet, i.e. Bagle.A, Bagle.B, Bagle.C through to Bagle.Z. When the end of the alphabet has been reached, the count starts over. This will repeat as many times as necessary. As of October 2004, the prolific Gaobot variants had reached W32/Gaobot.BOW.

The modifier
Some vendors also add a modifier after the suffix that further describes what type of malware it is. For example, @mm signifies a mass-mailing email worm and @dl is used by some to designate a downloader. Using the above information, we can quickly see that W32/Bagle.BB@mm is a Bagle variant that is a mass-mailing email worm impacting Windows 32-bit systems.

Thursday, August 16, 2007

Arovax Antispyware Signature Database update from 08/15/2007:

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find at this forum thread>>>

Tuesday, August 14, 2007

One Virus - Different Names

A group of security experts known as the Computer AntiVirus Researcher Organization (CARO) first attempted to develop a standard virus naming scheme in the form of the 1991 New Virus Naming Convention" (NVNC '91). But a great amount of new types of Internet infections had appeared since then and different AV laboratories began to name them creating criterias and categories on their own. This results in that different vendors assign different names to the same virus.

Costin Raiu illustrated this situation in a sipmle but popular way:
"If we were to name every new virus with some word derived from its payload, like "March6", "January Friday 13th" or "CrashWindows" the fictional exchange illustrated below could become commonplace:
(A1 - Analyst1, works for the respectable AV company C1)
(A2 - Analyst2, works for the most respectable AV company C2)
(A3 - Analyst3, works for the (even more) respectable AV company C3)

A1: "Hey A2, have you seen that new beast, the 'Newyork' virus?"
A2: "You mean the one which fills all the files on disk with 'New York'?"
A1: "No, that's the 'NYFiller' virus, I mean the one which shows a message box with the text 'New York New York'"
A2: "Could be, I remember having seen two of them, one was a macro virus and the other one infecting Linux ELF files"
A1: "Hm, the 'Newyork' I was thinking of actually infects Windows PE files"
A2: "Ah, but I think I know what you mean, however, the one I've seen shows a message box stating 'New Orleans New Orleans'. We are calling it 'NewOrleans', of course."
A1: "Hm, that must be a new version of our 'NewYork' virus with a modified message. I think you should rename your 'NewOrleans' virus to something like 'NewYork(version:Orleans)'."
A2: "Hey, wait a minute, why not rename _your_ virus to 'NewOrleans(York)'?"
A3: "Hey guys, have you seen the new virus which fills all the files on disk with 'New Delhi'? We're calling it 'NewDelhi', of course."
A1: "Arghhh..."
A2: "Who designed this stupid payload-based naming scheme anyway...?"

Tuesday, August 07, 2007

Keyloggers Know What You Have Written

About keyloggers
Keylogger is a software program or hardware device that is used to monitor and log each of the keys a user types into a computer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user. Because these programs and hardware devices monitor the keys typed in a user can easily find user passwords and other information a user may not wish others to know about.
Keyloggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Unfortunately, keyloggers can also be embedded in spyware allowing your information to be transmitted to an unknown third party.

Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. A keylogger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL and sets the hook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory.

There are other approaches to capturing info about what you are doing.
  • Some keyloggers capture screens, rather than keystrokes.
  • Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.
Keyloggers types
1. Hardware Keyloggers. These are small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for long periods of time - however, they of course require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.
2. Software using a hooking mechanism. This type logging is accomplished by using the Windows function SetWindowsHookExe that monitors all keystrokes. The spyware will typically come packaged as an executable file that initiates the hook function, plus a DLL file to handle the logging functions. An application that calls SetWindowsHookExe is capable of capturing even autocomplete passwords.
3. Kernel/driver keyloggers. This type of keylogger is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be virtually undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start.

Preventing keystroke capture
  • On the web application side, one method to avoid keystroke capture is to use a virtual keyboard for entering the username and password. A virtual keyboard is analogous to a graphical keypad where a user clicks on the characters rather than types them on the keyboard. This approach may not be practical for every user, for obvious reasons. However, it can be still be useful for very sensitive applications. Note however that even this approach is not completely secure, as some keyloggers are designed to capture screenshots on every mouse-click.
  • Another method of avoiding keystroke capture is to ask the user to enter the characters of the password randomly. For example, an application can ask the user to enter the 1st, 3rd and 5th (odd placed) characters of the password and then the characters in the even places. However this sequence has to change every time or else anyone capturing the password can easily reconstruct the original password - and additionally, the application must support this approach.

Thursday, August 02, 2007

Arovax SmartHide Open Beta-Test and Wishlist

Dear Arovax Community!

Before the upcoming release of new Beta-version of Arovax SmartHide we are starting an open beta-test of the previous version of Arovax SmartHide Beta.

Arovax SmartHide
is a perfect solution for the biggest online problem - Complete Anonymity.
This unique program will keep your IP address (and your identity) hidden; secure all the protocols on your PC (E-mail, Web-browsing, Instant Messaging); provide full encryption of your traffic while working in Internet, and a lot more.

Being extremely user-friendly, Arovax SmartHide secures the data you send over Internet. You also get compression of all your traffic, so you can pay less to your internet providers!

Everyone who wants to test the previous version of Arovax SmartHide - please visit this thread of our forum for further instructions.

Arovax Antispyware Signature Database update from 08/01/2007:

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find at this forum thread>>>

Wednesday, August 01, 2007

Botnets: What are They?

A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet.
Any such computer is referred to as a zombie - in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based.
According to a report from antivirus labs, botnets - not spam, viruses, or worms - currently pose the biggest threat to the Internet. An average of 57,000 active bots was observed per day over the six months of 2006.
An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks.
The main problem with botnets is that they are hidden and may stay undetected unless you are specifically looking for certain activity.

What can you do to protect yourself?
  • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage.
  • Install a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send.
  • Use good passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices.
  • Keep software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities.
  • Follow good security practices - Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection.

Monday, July 30, 2007

Arovax AntiSpyware Roadmap (Updated 30.07.2007)

This roadmap lists features that are planned for the future. It is not complete and it is not final and it will change with time. We just would like to give you an overview of where Arovax AntiSpyware development is standing and what can you expect in the coming releases.

Current Version: 2.1.143 release!

Features on the Wall
These features get our attention right now and are planned for the nearest release.
Last edited: July 30, 2007

* Three scan modes: quick, full and optional
* Incremental database update
* Automatic software update
* Open format of the language file
* System scanning right after database update

Thursday, July 19, 2007

Arovax Antispyware Signature Database update from 07/18/2007:

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find at this forum thread>>>

Wednesday, July 18, 2007

How to Learn About the Penalties for Violating Computer Virus Laws

Everyone involved in e-commerce and digital intellectual property should understand the penalties for violating Computer Virus Laws in order to gain a full appreciation of this new problem.

How To Do Just About Everything proposes a few steps to learn about the penalties for these violations:

Step One
Look over the Computer Fraud and Abuse Act of 1984 on the Department of Justice website (see Resources below). This piece of legislation makes it illegal to sell passwords, utilize computer systems without proper authorization and steal information from a financial institution's computers.

Step Two
Contact your state's consumer protection department in order to help stop computer viruses. Most states have a consumer protection organization that has a series of ongoing campaigns, including technology and intellectual property issues. A good example of a consumer protection agency on the state level is the New York State Consumer Protection Board (see Resources below).

Step Three
Learn about computer virus laws from a qualified criminal attorney. Contact the American Bar Association to get in touch with pro bono attorneys who deal with criminal and intellectual property law (see Resources below).

Step Four
Inquire about computer viruses and ways of violating computer systems from an information technology (IT) expert. A better understanding of computer viruses violating your computer can help you develop a larger picture of your legal case. Your local university will typically have an IT department that can answer public questions.

Tuesday, July 10, 2007

Warning: Somebody's Phishing You!

Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.

Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims. In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. This information was used for identity theft.

Potential uses of your information: Control of victim's financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other goods/services, luxury purchases, hide criminal activities, receive government benefits or obtain a passport.

Tips on how to avoid phishing:
  • If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body. For example, PayPal will never ask you in an email: Credit and debit card numbers, Bank account numbers, Driver's license numbers, Email addresses, Passwords, Your full name.
  • Look for misspellings and bad grammar. While an occasional typo can slip by any organization, more than one is a tip-off to beware.
  • Beware of the @ symbol in a URL. Most browsers will ignore all characters preceding the @ symbol, so this Web address -- -- may look to the unsuspecting user like a page of Respected Company's site. But it actually takes visitors to
  • Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.
  • If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.

Saturday, July 07, 2007

Arovax AntiSpyware 2.1.143 is released!!!

New version of Arovax Antispyware became much better. Now database update and system scan can be scheduled. We also fixed some errors and improved user interface. These are the main changes in the version 2.1.143:
  • New: "Scheduler: scheduling database updates and scans"
  • New: "Arovax Company news panel"
  • New: "Full compatibility with Windows Vista"
  • Fixed: "Bug with sending reports with last scan log"
  • Fixed: "Bug with counter during files scan"
  • Fixed: "Bug with scanning files with restricted access"
Please download the latest version of Arovax Antispyware here>>>

Friday, July 06, 2007

Arovax Antispyware Signature Database update from 07/04/2007:

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find here>>>

Wednesday, June 27, 2007

Internet Worms

People use e-mail more than any other application on the internet, but it can be a frustrating experience, with spam and especially e-mail worms filling our inboxes.
Worms can spread rapidly over computer networks, the traffic they create bringing those networks to a crawl. And worms can cause other damage, such as allowing unauthorized access to a computer network, or deleting or copying files.

The first incarnations of internet worms weren't the malevolent threat they are today. These early worms (developed in 1982 at Xerox's Palo Alto Research Center by John Shock and Jon Hepps) were in fact, designed to perform useful tasks within a network.
Despite the evident usefulness of these programs it was also clear that, in the wrong hands they could quite easily be turned to malevolent uses.
The first true Internet worm (and probably the most famous) was released on 2nd November 1988 by Robert T. Morris. It attacked Sun and DEC UNIX systems attached to the Internet and within 24 hours had invaded 4,000-6,000 machines.
The Melissa Worm was first recognized on 26th March 1999, it was the first major mail worm - a form of worm which was to become hugely prevalent. Melissa was written by David L. Smith and named after a lap dancer he met in Florida.
Melissa contained a Word macro virus but unlike previous viruses of this type it could spread in a semi-active manner. It attacked Microsoft's Outlook and Word programs (Any time an infected user attached a Word document to an email, this email sent to the first 50 addresses in the recipients' address book if they use Outlook as the mail client).
In 2001 active worms made a return to prominence. The first of these worms to be noticed was called Code Red. Code Red was a relatively simple worm which affected computers running Microsoft's Internet Information Server (IIS) web server. It infected over 350,000 servers in just over 12 hours. Once it infected a system Code Red waited for 20-27 days to launch denial of service attacks on several fixed IP addresses. (Including the IP address of the White House).

How do they spread?
A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip.
If you click on the attachment to open it, you'll activate the worm, but in some versions of Microsoft Outlook, you don't even have to click on the attachment to activate it if you have the program preview pane activated.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding.
Other worms can use multiple methods of spreading. The MyDoom worm, which started spreading in January 2004, attempted to copy infected files into the folder used by Kazaa, a file-sharing program. The Nimda worm, from September 2001, was a hybrid that had four different ways of spreading. According to Computer Economics, the associated damage from Code Red and Nimda came to $3.72 billion.

How to protect your computer?
  • Make sure you visit Windows Update site frequently.
  • Most antivirus programs also provide a feature that allows you to update their definitions automatically – make sure you enable that as well.
  • Remove Spyware and Adware.
  • Prevent Spam.
  • Basically there is no one absolute defense from anything – use a combination of software and hardware protection.
  • Don’t run files from unknown sources, and confirm with the sender the authenticity of any unexpected attachment, especially an executable file (*.exe, *.scr, *.bat, *.com, *.vbs, *.cmd, etc).