Spyware Removal

Cyber security researchers and analysts have uncovered the existence of a spy network based in China that was used to steal sensitive, classified government documents from India – as well data from the Dalai Lama’s office and the United Nations.

The “Shadow Network”, as this network is now known, has been traced to two people living in Chengdu, China. China is largely believed to possess a Cyber Warfare Doctrine that is designed to achieve global “electronic dominance” by 2050.

With a yearly budget of $55 million allotted for it and over 10,000 hackers working in tandem, China is second only to U.S. when it comes to cyber snooping prowess.

As more details emerge about the intentions of these hackers, it is clear that they had targeted the upcoming Commonwealth games in India. The idea was to make Commonwealth games an utter failure later this year. The plans included studying the network architecture. This includes ticket sales, online registration servers all of which would crash at the time of the inaugural ceremony.

The hackers had also looked into tender documents for the Commonwealth games network infrastructure. Intelligence agencies feel this could be for studying vulnerabilities in the system for possible attacks. In 2008 and 2009 too, there were many incidences of small attacks on computers of the Indian Ministry of External Affairs.

As many as 450 computers belonging to the India Government – including that of the then National Security Adviser (NSA) M.K. Narayanan and Deputy NSA Shekhar Dutt and the chiefs of the navy, army and air force besides officials in the defense intelligence agencies were infected. The infected computers were taken offline and replaced.

Do you think someone is spying on your internet activity? Though Norton or McAfee might be able to locate spyware, some may be so well-written as to escape detection. In any case, downloading more software willy-nilly in an attempt to protect your computer is more likely to make things worse. Here are some steps a Microsoft Windows user can take to detect spyware activity; Macintosh OS/X, Linux, and users of other operating systems will have similar but different methods available.

- Press Ctrl-Alt-Del (all 3 keys simultaneously, known as a “three-finger salute”). This should pop up the Task Manager, or whatever Microsoft is calling it lately. One of the tabs should be Processes; click that tab.

1) Look up every process name on the Internet. Don’t trust all the information that you find, but try to get a general consensus from the more reliable sites whether that process name is likely to be malevolent or not.

2) Even if a process name is normal and expected (like svchost.exe), it’s still possible that a “hacker” was able to overwrite the normal system process with a tainted one.

3) If a process looks suspicious, for example u-r-0wn3d.exe, you will need to attempt removal. See Tips for ideas on that process.

- Open a command window, also known as a “DOS box”, by clicking Start | Run | cmd, or Start | Run | command on older systems. Type in the command: netstat -an. This will show you a list of systems you have connected to, and systems connected to you, and all “listening” ports. Learn the port numbers: 80 and 443 are typical for the “web”; 135, 139, and 445 are for Microsoft networks; find out what they all mean. If you see something suspicious, netstat -anbv might show you what process is doing the communication.