The war against Adware is just beginning

[polonus]

Hi ye all,

Deafeating extended threats.

Much like it is with Spam to-day, Adware will transform to avoid detection and removal. Keeping machines clean will require a multi-layered approach and remediation strategy, including:

1. Educated users on the dangers of freeware and Internet downloads.
2. Tighten the Web gateway policy with URL-filtering and download restrictions (filtering on CAB & OCX files downloads)
3. Tighten Webbrowser's settings and maintain the current version of the browser.
4. Lockdown desktops to prevent new applications from laoding.
5. Use a two factor authentication.
6. Selectively use single purpose anti-malware tools to clean up desktops.
7. Ask your AV vendow to include more extended threats in the signature files.
8. Deploy enterprise anti-spyware tools only as a means of last resort.

greets,

polonus

[polonus]

Another step is the beta extension Ad Nauseam extension making the clicking circle full
to help you defend against surveillance and tracking by ad-networks:
At the moment only for firefox: https://dhowe.github.io/AdNauseam/
Being prepared also to come to Chrome.

polonus

[Michael (alan1998)]

99% of someones security is not their protection, rather the smartness of what they do online. If you're smart, theoretically, one would not need protection... Now, that being said, you have special cases with USB Worms. But for adware. Rule of thumb. Only go to Official Websites, read the EULA's, check, make sure none of the check-boxes are checked, or if they are, you know what it's doing. Read the EULA (End User License Agreement).

Now, obviously, people like me prefer having the security in case. But you cannot rely on it 100% people. If you do, don't be surprised if you get infected by adware!

(Great program to HELP is Unchecky. It won't block everything. But it does help for the slip ups!)

Unchecky download: http://unchecky.com/

Notes for Downloading: Have ad-blocker setup and functional. Sites like Bleeping Computer have ads that matching there's, making it slightly difficult to find the "Real McCoy".

Edit Reason: Fixed the Spelling errors

[essexboy]

You have not seen the real bad boy yet http://www.bleepingcomputer.com/forums/t/559220/operation-global-iii-ransomware-not-only-encrypts-but-infects-your-data-as-well/

The Operation Global III ransomware is a computer infection that encrypts the data and executables on your computer so that they cannot be opened unless you pay a ransom. The current ransom for this infection is approximately $250 USD and must be paid with bitcoins. This particular ransomware is in some ways very basic, but includes new functionality that makes it more dangerous than previous ransomware infections. This is because not only does the Operation Global III ransomware encrypt your files, but it displays a lock screen that blocks you from using your computer till you pay the ransom, and also acts like a virus that infects your files with malicious code to spread to other computers. Thankfully, a decryption tool was able to be made, which is discussed at the end of this article.

When the ransomware is started it will display the above lockscreen so that you cant use your computer. It will also change your encrypted files extensions to .EXE and then infect them with malicious code that allows it to spread to other computers when the files are opened. If one of these files is then double-clicked it will launch the encrypter and encrypt and infect any new files. If one of these files is double-clicked on a previously unaffected computer, then this computer will become encrypted and infected as well.

Potentially the most dangerous feature of this ransomware is that it will look for unmounted network shares and mount them as a drive letter on your computer. It will then proceed to encrypt and infect the files found on these network shares as well. All previous ransomware infections would only target drive letters on the existing computer and would ignore unmapped network shares. Operation Global III on the other hands raises the ante by going after all network shares and infecting any files or executables it finds on them. As Windows by default does not display file extensions, someone on another computer would open one of these files not realizing that they are executables and then their computer would become infected as well.

[Michael (alan1998)]

You have not seen the real bad boy yet http://www.bleepingcomputer.com/forums/t/559220/operation-global-iii-ransomware-not-only-encrypts-but-infects-your-data-as-well/

The Operation Global III ransomware is a computer infection that encrypts the data and executables on your computer so that they cannot be opened unless you pay a ransom. The current ransom for this infection is approximately $250 USD and must be paid with bitcoins. This particular ransomware is in some ways very basic, but includes new functionality that makes it more dangerous than previous ransomware infections. This is because not only does the Operation Global III ransomware encrypt your files, but it displays a lock screen that blocks you from using your computer till you pay the ransom, and also acts like a virus that infects your files with malicious code to spread to other computers. Thankfully, a decryption tool was able to be made, which is discussed at the end of this article.

When the ransomware is started it will display the above lockscreen so that you cant use your computer. It will also change your encrypted files extensions to .EXE and then infect them with malicious code that allows it to spread to other computers when the files are opened. If one of these files is then double-clicked it will launch the encrypter and encrypt and infect any new files. If one of these files is double-clicked on a previously unaffected computer, then this computer will become encrypted and infected as well.

Potentially the most dangerous feature of this ransomware is that it will look for unmounted network shares and mount them as a drive letter on your computer. It will then proceed to encrypt and infect the files found on these network shares as well. All previous ransomware infections would only target drive letters on the existing computer and would ignore unmapped network shares. Operation Global III on the other hands raises the ante by going after all network shares and infecting any files or executables it finds on them. As Windows by default does not display file extensions, someone on another computer would open one of these files not realizing that they are executables and then their computer would become infected as well.

That, is NASTY. If I understood right.... It's a combination of Win32:Sality/Vitro and Crytowall/CryptoLocker? *Shudders*. They'll never stop with new ideas. It's nice (someone) made a decryption tool for that though. Anything to clean up the malicious code from the files like the Sality Cleaner?

[essexboy]

Nope, recover your data and wipe the computer, re-install

[Pondus]

write down everything on paper ... it can't encrypt that   

[Michael (alan1998)]

write down everything on paper ... it can't encrypt that   

Maybe not, but I find I lose paper more then my documents!! Rule of Thumb still applies though. Don't open the susipicous emails (Which, I do anyways). Browse carefully (No torrenting, Downloading watching things you really ought not to be) and don't click on downloaded files unless it's from an Official site.

Edit: Essex, does Cryptoprevent block the encryption? Any ideas about that?

[Pondus]

Don't open the susipicous emails (Which, I do anyways)

use US mail, it is safe to open     ..... well unless it is sendt from Ted Kaczynski

[Para-Noid]

use US mail, it is safe to open     ..... well unless it is sendt from Ted Kaczynski

He's doing life without parole as a gift of the People of the United States.
I'm pretty sure that if he mails something it's safe to open. 

[Michael (alan1998)]

Pondus, I'm Canadian, not American, remember? (I had to google this Ted Guy). Seems he a serial killer.....

Yeah, I wouldn't open that either lol.

[Staticguy]

-Use common sense when doing stuffs online.
- Only go to trusted and official websites.
- Use strong passwords.
- Install trustworthy antivirus program like AVG or Avast (keep both programs up-to-date)
- Install antimalware programs like MBAM Free and SuperAntiSpyware Free (keep both programs up-to-date)
- Keep your Windows OS up-to-date by installing updates provided by Microsoft Update.
- Keep your other programs i.e. flash, java,adobe, and your other program you use up-to-date.
- Keep a back-up copy of your computer in an external hard disk.

[Michael (alan1998)]

Unless AVG has gotten better over the years, I don't find it trustworthy...

[Staticguy]

Unless AVG has gotten better over the years, I don't find it trustworthy...

I have it installed in my desktop computer. Does a good job with it. Desktop is also 2 and a half years old. I am writing this forum in my laptop with Avast 2015. Both of them is Windows 7 SP1

I have used many antivirus program in the past Panda Cloud antivirus, mcafee, trend micro, MSE, Windows Live One Care. None of these are good and not trustworthy.

I have used AVG for many years (i think since the release of AVG 2012) and I have been using Avast in my laptop when it released version 7. I have been using MBAM Free since version 1.70 and SAS Free since version 5.0.1108.