Wednesday, August 29, 2007

SmartHide Release!!!

Online Security and Privacy solutions company Arovax LLC is glad to announce the final release of its innovative and future-oriented software – Arovax SmartHide.
It was designed to provide you with the most important defence on the web – anonymity. SmartHide will keep your IP address hidden, encrypt and compress your traffic, secure all the protocols on your PC (E-mail, Web-browsing, IM, P2P, etc) and even more.
Great changes and upgrades have been made to its beta-version to adjust SmartHide to the needs of our main experts – our clients!
The hole program has been renewed and a few features have appeared.

Unique proposition!
Now each registered user can invite three friends to join SmartHide users’ community and try the program on their own. They can test and enjoy the program for free!
In SmartHide Release 433 (SSL) port has been closed to prevent Internet criminals from using it to cheat banks and processing services. Paid version of SmartHide won’t have this limitation.

Other modifications and add-ons are the following:
  • Accelerated network session authorization and startup.
  • Available individual authorization - now every user can get his/her personal copy of SmartHide.
  • News section has been added - follow the latest news of Arovax SmartHide changes and road-maps without going to the website. SmartHide official website also has been updated.
  • FAQ page has been added to help the beginners who only start using SmartHide as a security protection tool.
  • Also our support system has been modified. Now every registered user can contact our support team and ask any question he or she is interested with.
All beta-testers can enjoy free limited version of Arovax SmartHide by receiving an Invitation code upon request to the admin's PM on the forum.

If you have any questions or inquiries, please contact Arovax Company:

Product Page:

Arovax Community:

Wednesday, August 22, 2007

Arovax Antispyware Signature Database update from 08/22/2007:

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about updates you can find at this forum thread>>>

How to Read Virus Names

Antivirus vendors generally assign virus names consisting of a prefix, the name, and a suffix. Not all vendors follow this convention, however, and even those who do may sometimes use different designators. When attempting to find information about a particular virus, it can be helpful to understand how the names are formed.

The prefix
The prefix (when used) identifies the type of virus or malware it is. W32 or Win32, for example, denote that it is a Windows 32-bit infector and thus impacts Windows 95, 98, 2000, 2003, XP, Me, NT 4.0. Those that impact only Windows 95/98 often have prefixes of W95. Other vendors apply prefixes that are more indicative of the type of threat, rather than the platform it infects. For example, a TROJ prefix implies the file is a Trojan Horse, an I-Worm prefix indicates it is an Internet/email worm, and OM signifies that it is a Microsoft Office macro virus.
W97M, WM, X2KM are other examples of macro virus prefixes that denote both the fact that it is a macro virus and provides clues as to what versions of Office (or products within Office) are impacted. The prefix is usually separated from the name by an underscore, a period, or a slash.

The name
Following the prefix is the actual name of the malware. For example, W32/Bagle has a prefix of W32 and the worm itself is dubbed Bagle.

The suffix
Many viruses belong to the same family but are slightly different. To differentiate between these variants, antivirus vendors assign an alphabetical suffix. The original virus (or worm, Trojan, etc.) generally does not have a suffix assigned until after further variants of the same threat are discovered. For example, W32/Bagle became W32/Bagle.A after the 'B' variant was discovered. Subsequent variants are assigned descending letters of the alphabet, i.e. Bagle.A, Bagle.B, Bagle.C through to Bagle.Z. When the end of the alphabet has been reached, the count starts over. This will repeat as many times as necessary. As of October 2004, the prolific Gaobot variants had reached W32/Gaobot.BOW.

The modifier
Some vendors also add a modifier after the suffix that further describes what type of malware it is. For example, @mm signifies a mass-mailing email worm and @dl is used by some to designate a downloader. Using the above information, we can quickly see that W32/Bagle.BB@mm is a Bagle variant that is a mass-mailing email worm impacting Windows 32-bit systems.

Thursday, August 16, 2007

Arovax Antispyware Signature Database update from 08/15/2007:

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find at this forum thread>>>

Tuesday, August 14, 2007

One Virus - Different Names

A group of security experts known as the Computer AntiVirus Researcher Organization (CARO) first attempted to develop a standard virus naming scheme in the form of the 1991 New Virus Naming Convention" (NVNC '91). But a great amount of new types of Internet infections had appeared since then and different AV laboratories began to name them creating criterias and categories on their own. This results in that different vendors assign different names to the same virus.

Costin Raiu illustrated this situation in a sipmle but popular way:
"If we were to name every new virus with some word derived from its payload, like "March6", "January Friday 13th" or "CrashWindows" the fictional exchange illustrated below could become commonplace:
(A1 - Analyst1, works for the respectable AV company C1)
(A2 - Analyst2, works for the most respectable AV company C2)
(A3 - Analyst3, works for the (even more) respectable AV company C3)

A1: "Hey A2, have you seen that new beast, the 'Newyork' virus?"
A2: "You mean the one which fills all the files on disk with 'New York'?"
A1: "No, that's the 'NYFiller' virus, I mean the one which shows a message box with the text 'New York New York'"
A2: "Could be, I remember having seen two of them, one was a macro virus and the other one infecting Linux ELF files"
A1: "Hm, the 'Newyork' I was thinking of actually infects Windows PE files"
A2: "Ah, but I think I know what you mean, however, the one I've seen shows a message box stating 'New Orleans New Orleans'. We are calling it 'NewOrleans', of course."
A1: "Hm, that must be a new version of our 'NewYork' virus with a modified message. I think you should rename your 'NewOrleans' virus to something like 'NewYork(version:Orleans)'."
A2: "Hey, wait a minute, why not rename _your_ virus to 'NewOrleans(York)'?"
A3: "Hey guys, have you seen the new virus which fills all the files on disk with 'New Delhi'? We're calling it 'NewDelhi', of course."
A1: "Arghhh..."
A2: "Who designed this stupid payload-based naming scheme anyway...?"

Tuesday, August 07, 2007

Keyloggers Know What You Have Written

About keyloggers
Keylogger is a software program or hardware device that is used to monitor and log each of the keys a user types into a computer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user. Because these programs and hardware devices monitor the keys typed in a user can easily find user passwords and other information a user may not wish others to know about.
Keyloggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Unfortunately, keyloggers can also be embedded in spyware allowing your information to be transmitted to an unknown third party.

Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. A keylogger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL and sets the hook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory.

There are other approaches to capturing info about what you are doing.
  • Some keyloggers capture screens, rather than keystrokes.
  • Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.
Keyloggers types
1. Hardware Keyloggers. These are small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for long periods of time - however, they of course require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.
2. Software using a hooking mechanism. This type logging is accomplished by using the Windows function SetWindowsHookExe that monitors all keystrokes. The spyware will typically come packaged as an executable file that initiates the hook function, plus a DLL file to handle the logging functions. An application that calls SetWindowsHookExe is capable of capturing even autocomplete passwords.
3. Kernel/driver keyloggers. This type of keylogger is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be virtually undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start.

Preventing keystroke capture
  • On the web application side, one method to avoid keystroke capture is to use a virtual keyboard for entering the username and password. A virtual keyboard is analogous to a graphical keypad where a user clicks on the characters rather than types them on the keyboard. This approach may not be practical for every user, for obvious reasons. However, it can be still be useful for very sensitive applications. Note however that even this approach is not completely secure, as some keyloggers are designed to capture screenshots on every mouse-click.
  • Another method of avoiding keystroke capture is to ask the user to enter the characters of the password randomly. For example, an application can ask the user to enter the 1st, 3rd and 5th (odd placed) characters of the password and then the characters in the even places. However this sequence has to change every time or else anyone capturing the password can easily reconstruct the original password - and additionally, the application must support this approach.

Thursday, August 02, 2007

Arovax SmartHide Open Beta-Test and Wishlist

Dear Arovax Community!

Before the upcoming release of new Beta-version of Arovax SmartHide we are starting an open beta-test of the previous version of Arovax SmartHide Beta.

Arovax SmartHide
is a perfect solution for the biggest online problem - Complete Anonymity.
This unique program will keep your IP address (and your identity) hidden; secure all the protocols on your PC (E-mail, Web-browsing, Instant Messaging); provide full encryption of your traffic while working in Internet, and a lot more.

Being extremely user-friendly, Arovax SmartHide secures the data you send over Internet. You also get compression of all your traffic, so you can pay less to your internet providers!

Everyone who wants to test the previous version of Arovax SmartHide - please visit this thread of our forum for further instructions.

Arovax Antispyware Signature Database update from 08/01/2007:

We would like to inform you that Arovax Antispyware Signature Database has been updated.
Full information about this you can find at this forum thread>>>

Wednesday, August 01, 2007

Botnets: What are They?

A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet.
Any such computer is referred to as a zombie - in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based.
According to a report from antivirus labs, botnets - not spam, viruses, or worms - currently pose the biggest threat to the Internet. An average of 57,000 active bots was observed per day over the six months of 2006.
An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks.
The main problem with botnets is that they are hidden and may stay undetected unless you are specifically looking for certain activity.

What can you do to protect yourself?
  • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage.
  • Install a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send.
  • Use good passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices.
  • Keep software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities.
  • Follow good security practices - Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection.