Email
Password
Remember meForgot password?
    Log in with Twitter

article imageVirus? No, Parasite

By Jason MacIsaac     Sep 9, 2004 in Technology
TORONTO (djc Features) — You’ve got your spam filter. Your antivirus software. You think you’re pretty safe from the nuisances and hazards of being online. But have you protected yourself from parasites?
Parasites? I hadn’t heard of them either, until I caught one. Combining the annoyance of spam with the danger of viruses, “parasite” is a catch-all term for commercial software that surreptitiously installs itself into your PC and causes havoc. They’re hidden in legitimate applications like file-sharing software, or silently installed in a “drive-by download” as a plug-in, just by browsing a Web page.
“You might be surprised how widespread the issue is,” says Andrew Clover. “These days, every two-bit porn-site marketer has its own hijacker.” Mr. Clover describes himself as “just a random programmer, Web developer and security nut,” who “got annoyed enough by the problem to start documenting it.” Clover’s site, doxdesk.com, has a script that can detect parasites on your PC.
Some parasites take the form of “spyware,” which reports your surfing habits to the creators of the parasite — and their clients. Others are more insidious, such as “DialerOffline,” which installs a program that will use your modem to dial premium porn numbers if you’re foolish enough to run it. The one I caught, “ISTBar,” added new toolbars to Internet Explorer (IE), providing convenient and glaring links to porn sites. Have fun explaining that one to the boss.
Browser hijacking and alteration is a common parasite tactic. Parasites such as “ClientMan,” for example, can change your browser so that links or keywords on a site point to some commercial service — once again, usually porn. “Bulla” can actually block out a page’s ad code and replace it with its own (in addition to being annoying, the sites you visit are being deprived of potential revenue if you can’t see their ads). In this case, the actual website hasn’t changed, but the parasite is controlling how you view it. Other parasites will simply change your browser’s homepage to a different site or bombard you with pop-ups, usually for porn (big surprise).
The very worst of the lot can break your PC’s security wide open. Doxdesk.com says the v2 variant of the “SubSearch” parasite features a critical security hole: It can be directed by any webpage to download any file and write it anywhere to the file system, including over other program files which may then be run.
But can you really get infected just by visiting a webpage?
It sounds like Internet paranoia, but it ain’t. IE’s ActiveX controls may download a parasite with no prompting or warning if your security settings are low. You won’t know you’ve got one until a zillion banner ads pop up. If you’re an IE user, Clover advises you to go into Internet Options > Security > Internet Zone > Custom Level, and then set “Download signed ActiveX controls” to “Disable” or “Prompt”; and “Download unsigned ActiveX controls” to “Disable.”
So why haven’t you heard about parasites before? Possibly because their first victims were afraid to come out of the closet — porn sites have traditionally been the source of parasites. But Clover says their use is spreading. “You can end up with dodgy downloads from anywhere these days, from misspelled and expired domains to personal homepages, hosting services and even the big corporations.”
Doxdesk.com’s parasites section has information on how you can remove the most common pests. Most have no uninstall function and manual removal can be tricky. So you might want to try Lavasoft’s Ad-Aware or PepiMK Software’s Spybot Search & Destroy. They’ll do it for you. JavaCool’s SpywareBlast can actually inoculate your system from known parasites. Of course, like viruses, more are being made all the time.
A change of platform may also protect you — for a while. Since IE is the dominant browser, so far all known parasites work through it. At the moment, Mac and Mozilla Web surfers are safe. “However,” cautions Clover, “there is no reason Mozilla, Opera, Linux or Mac systems could not be targeted by a parasite, and as people move away from IE/Windows we may see this happen.”
Clover’s final bit of advice will sound familiar to anyone who’s had to deal with viruses. It could be modern computing’s greatest maxim: “Don’t run any software by any company you don’t completely 100 per cent trust.”
Get Yourself Checked at these Para-Sites:
Doxdesk Parasite Detection Script/Information Page:
http://www.doxdesk.com/parasite
LavaSoft Ad-Aware:
http://www.lavasoft.de/software/adaware
PepiMK Software’s Spybot Search & Destroy:
http://security.kolla.de
JavaCool SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html

This article is part of Digital Journal's national magazine edition. Pick up your copy of Digital Journal in bookstores across Canada. Or subscribe to Digital Journal now, and receive 8 issues for $19.95 + GST ($39.95 USD).
More about Spyware, Virus, Computers
 
Latest News
Top News