Lavasoft News ----- Original Message ----- From: The Eye To: percy10@xxxxxxxxxxxxxxx Sent: Friday, January 16, 2004 7:58 PM Subject: The Eye - Issue 1.6 - Lavasoft News The Eye -------------------------------------------------------------------- Issue 1.6 January 15, 2004 -------------------------------------------------------------------- In This Issue Do Not Click That Link! This Issue's Tip & Trick Question & Answer Section Send Us Your Questions Printable Version Do Not Click That Link! Melanie Boston - Lavasoft Support Think it is okay to click that link if you can see a URL in the Status bar, Address bar, and/or Title bar of the Outlook Express and/or Internet Explorer windows? If you place your mouse pointer over a hyperlink (website link) in Microsoft Internet Explorer, Microsoft Outlook Express, or Microsoft Outlook, the URL (address) of the website appears in the 'Status bar' at the bottom of the window. When a link is clicked and Internet Explorer opens, the address of the website appears in Internet Explorer's 'Address bar', and the title of the WebPage appears in the 'Title bar' of the window. Malicious users can create links to a deceptive (spoofed) website that displays the URL to a legitimate looking website in the Status bar, Address bar, and/or Title bar. For example, a link showing http;//www.ProtectYourself.com may be spoofed and actually take you to http;//www.InstallATrojanOrVirus.net. You would not be able to tell that you were on InstallATrojanOrVirus.net just by looking at the WebPage, Status bar, Address bar, and/or Title bar. Malicious users change attack styles constantly and create spoofed websites by using tactics other than those discussed here. You can help protect yourself from spoofed Websites. By receiving e-mail in text format rather than in HTML so that the actual URL of a web link will be displayed. Do not click any hyperlinks that you do not trust; never click a link sent to you from someone you do not know. If you have doubts about a link, type the URL into Internet Explorers Address bar yourself rather than clicking the link. Verify the name of the server providing the page you are viewing before you enter any sensitive information, always verify that the Website is using Secure Sockets Layer/Transport Layer Security (SSL/TLS) and that there is a lock icon in the lower right Status bar. Double-click on the lock icon and check the name that appears next to 'Issued to'. Compare the website name found in the digital certificate to the URL of the website. If they do not match then leave the website immediately. If the Website is not using SSL/TLS then DO NOT send any personal or sensitive information. SSL/TLS helps protect information by encrypting it as it is sent across the Internet and also helps prove that you are sending data to the correct server. Note: The lock icon will not appear if the Status bar is disabled. To enable the Status bar if it is disabled, click 'View', then select 'Status Bar'. Do not take any chances with your sensitive information. If you suspect the authenticity of a website, leave it immediately. There are ways you can attempt identify a spoofed Website, URL or malicious hyperlink. You can use Javascript commands, Internet Explorer's History bar, open a new instance (new window) of Internet Explorer and paste in the suspicious URL, or better yet, before you click the link - try to identify the actual URL of the hyperlink. Before you click the link - attempt to identify the URL of a hyperlink. Doing this you can see the actual full URL for the hyperlink. Right click the hyperlink, Select 'Copy Shortcut'. Open a text editor, notepad will do. In the toolbar at the top of notepad, Click 'Edit', Select 'Paste'. A spoofed URL might have one or more of the following: %00 %01 @ For example: http;//www.ProtectYourself.com%01@xxxxxxxxxxxxxxxxxxxxxxxxx would actually open InstallATrojanOrVirus.net but the URL in the Address bar or the Status bar in Internet Explorer would show as http;//www.ProtectYourself.com. Imagine this, http;//www.ProtectYourself.com%01@xxxxxxxxxxxxxxxxxxxxxxxxx/uninstallwindows.vbs? This would trigger a download of uninstallwindows.vbs! Pretty darn sneaky! Protect yourself and do not click that link! Open a new instance (window) of Internet Explorer and paste the URL into the Address bar. In the Address bar of the current Internet Explorer window, Select (highlight) the text in the Address bar, Right click the text, Select 'Copy'. Close then reopen Internet Explorer. Right click in the Address bar, Select 'Paste'. Press 'Enter' on your keyboard. Use Internet Explorer's History bar and attempt to identify the actual URL for the current Website. Click 'View', Select 'Explorer Bar', Click 'History'. Compare the URL in the Address bar with the URLs that appear in the History bar on the left. Use caution when you type script into the Address bar. Script typed into the Address bar can take the same actions on the local system as could the currently logged on user. Identify the actual URL for the current Website using a Javascript command. By using a Javascript command in Internet Explorer a message box will show the actual URL for Website you are on. Type (or copy and paste) the following command into the Address bar then press 'Enter' your keyboard: javascript:alert("Actual URL address: " + location.protocol + "//" + location.hostname + "/"); Or for a more complete description of the URL, copy and paste the following Javascript command into the Address bar. javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof."); Compare the URL in the message box with the URL shown in the Address bar. If they do not match, it is likely that it is a spoofed site misrepresenting itself. In this case, close Internet Explorer and exit the site or press ALT+F4 on your keyboard. -------------------------------------------------------------------------- This Issue's Tip & Trick Tip: Take Control of your Internet Explorer Favorites Melanie Boston - Lavasoft Support Have a long list of 'Favorites' in Internet Explorer? Did you know that you can configure Internet Explorer so that only recently used Favorites are shown? In the Internet Explorer toolbar; Click 'Tools', Select 'Internet Options', Select the 'Advanced' tab, Scroll to 'Browsing' Check 'Enable Personalized Favorites Menu', Click 'OK'. If you need to view the entire Favorites list, Click 'Favorites', Click the drop down arrow. Trick: Edit the Title Bar of Internet Explorer Melanie Boston - Lavasoft Support Did you know that you can edit the title bar of your Internet Explorer browser? Always create a backup copy of the registry prior to making any changes. Remember, editing the registry incorrectly could result in undesired operation, including complete loss of access to the Operating System. To backup the registry, follow the steps in the Microsoft Knowledge Base article which corresponds to your version of Windows for backing up the entire registry: How to Back Up the Registry in Windows 98 and Windows Millennium Edition http://support.microsoft.com/default.aspx?scid=256419 HOW TO: Backup, Edit, and Restore the Registry in Windows NT 4.0 http://support.microsoft.com/default.aspx?scid=323170 HOW TO: Backup, Edit, and Restore the Registry in Windows 2000 http://support.microsoft.com/default.aspx?scid=322755 HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Windows Server 2003 http://support.microsoft.com/default.aspx?scid=322756 After backing up the registry, open regedit: Click 'Start', Select 'Run', In the box that pops up type regedit Press 'ENTER' on your keyboard to display the registry editor, Navigate the location below in your registry and make the corresponding change. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main The Value may need to be created. Set the data to the text you wish to appear on the title bar of Internet Explorer. Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Value Data: Enter the text you want to display in the Internet Explorer titlebar. Data Type: REG_SZ To navigate the registry: Click the + that's to the left of; HKEY_CURRENT_USER, Software, Microsoft, Internet Explorer, Main If you need to create the value, In the toolbar at the top of the registry editor: Click 'Edit', Select 'New', Select 'String Value', Right click on the 'New Value' that is created, Select 'Rename', Rename the value: Window Title Right click on 'Window Title', Select 'Modify', Value Data: Enter the text you want to display in the Internet Explorer titlebar. Click 'OK'. -------------------------------------------------------------------------- Question & Answer Section Melanie Boston - Lavasoft Support "Ad-aware is not scanning all of the folders on my system. How do I correct this?" Perform a reference file update prior to scanning. To use the "Webupdate" module: Open Ad-aware, Click the "Webupdate" (the globe image) quick link at the top right of the Ad-aware interface, Click "Connect", When the window says 'Webupdate complete' click "Finish". Be certain that you have all areas of your system selected to be scanned. Open Ad-aware, select the "Scan now" button to open the "preparing scan" screen. Select Use custom (default) scanning options, Click either "Customize" or the "Settings" quick launch button (featuring a gear symbol) at the top right to display the "Scan Settings" main menu. Select the "General" button on the left, Check "Automatically save log-file" and "Safe mode", Select the "Scanning" button on the left, Click on the "Click here to select drives and folders" hotlink to open the directory selection window. A list of the drives or folders will now be displayed. Select the drives/folders you wish to include in the scan. Within the "Memory and Registry" section please select the following: "Scan active processes" "Scan registry" "Deep Scan Registry" "Scan my Hosts file" And, if you use Internet Explorer also select: "Scan my IE Favorites for banned URL's" Click on the 'Automation' button, Select 'Use custom (default) scanning options', Click the "Tweak" button, Click the + that's to the left of Cleaning Engine; Check "Automatically mark all objects in result list", "Automatically try to unregister objects prior to deletion", and "Let windows remove files in use at next reboot", If you are using NT or 2000 then also select "NT\2000: Allow unloading explorer to unload shell extensions prior to deletion", Click "Proceed" to save your preferences permanently and close the settings window. Click "Next" to begin the scan.. After the scan is completed, remove the items of your choice, reboot the system. Rescan with Ad-aware. -------------------------------------------------------------------------- Send Us Your Questions We're looking for questions you feel should be answered in future editions of The Eye. Submit your questions to the Editor here and we'll answer the frequently asked questions. Note: The Editor email address is not for support questions requiring a response. You're more than welcome to post support questions at our Support Forums, or for users of the registered versions of Ad-aware (Plus and Professional), you also have the option to email our Support Department. -------------------------------------------------------------------------- If you have any questions about anything found in this newsletter, please contact us at our Support Forums. You can unsubscribe at any time by clicking here. The Eye, brought to you by Lavasoft News © 2004 Nicolas Stark Computing AB All rights reserved. Lavasoft and the Lavasoft logo are Registered Trademarks of Nicolas Stark Computing AB. Registered trademarks/servicemarks and trademarks/servicemarks are those of their respective companes. To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk