Malware
Malware is a term for malicious software which is designed to disrupt a computer system. It is a term used to describe the whole family of nasty programs that include viruses, trojans, worms and spyware. 'Mal' is from the French word for bad or evil.
Viruses
A virus is a self-replicating program which reproduces itself by attaching itself to files or programs so it can spread. Most viruses attach themselves to an executable file (.exe), which may come as an email attachment. The virus can exist in your computer without spreading if you do not open the attachment. Just delete it and ensure it is deleted from your Deleted Items folder. Some viruses can spread widely if they send themselves out to all the names in an infected computer's address book.
The use of a host's address book is why a virus may come to you from people you know. Look at the attachment name, if it seems odd, don't open it. You can also take a look at the file type: .doc (Word documents), .jpg (picture file), .mp3 (music file), .xls (Excel spreadsheets), or .exe (executable) or .zip. Before opening the file, ask yourself, for example, why your sister, who knows little about computing, would be sending you an executable file. Be very wary of file names like PORN.EXE or a celebrity name and a word like 'nude'. Such names are often just lures to open a virus. You can also go to a website like Symantec.com or McAfee.com and look at the latest virus alerts before opening a questionable attachment. If you see the file name you were sent on such a website as a recent virus alert, just delete that email from your inbox and delete it from your Deleted Items folder.
Viruses can also be delivered in attachment to Instant Messages (IM available from providers like MSN, Yahoo Messenger, ICQ). As with other suspicious attachments, just delete the message and attachment and then permanently empty your deleted folder to make sure that it doesn't infect your computer.
The speed with which viruses can spread world-wide now is staggering Sometimes new viruses can arrive in your Inbox before they are even identified on a site like Symantec's. If your computer's anti-virus software has not yet received an automatic update from your supplier, then you are vulnerable. That is why your own caution is the best first line of defence. When in doubt, DELETE.
Worms
A worm is like a virus but is actually a separate entity that self-propagates by exploiting computer weaknesses without any human action needed. As it travels to other networks, the copying nature of a worm means it can consume too much system memory, which can grind an entire network to a halt.
Each computer system has up to 65,535 available services or ports, some of which have been designated for specific purposes and others that can be used by software programs. If these ports are left exposed, then an attacker or a worm could compromise these systems. This is one of the reasons why it is important to make sure that your operating system is updated regularly.
Case study: The Blaster worm
Six weeks before the Blaster worm hit the news headlines; Microsoft released a security patch for the Windows NT4, Windows 2000, and Windows Server 2003 and Windows XP operating systems. However, many home users and corporations either ignored or had not installed the latest security patches for their computer systems.
What was more worrying was the fact that even if anti-virus software had been kept up to date, it would have made no difference, as the worm spread so quickly, the anti-virus vendors had not released a means of detecting and eliminating it. In the case of the Blaster worm, it scanned the Internet automatically looking for open ports with the number 135. Once the open port had been discovered, the worm exploited the vulnerability associated with this port and then attempted to retrieve a copy of the file msblast.exe from the compromised host. Once the file had been retrieved, the compromised system would run it and then begin scanning the Internet for other vulnerable systems.
In the case of Windows 2000 and Windows XP systems, the effects of the Blaster worm caused symptoms such as no access to the Internet or the computer re-booting every 45 seconds. See http://www.cert.cert.org/advisories/CA-2003-20.html for further details.
Trojans & backdoors
A Trojan (or Trojan horse) is software which looks harmless but hides more sinister code (like the Trojan horse of Greek legend). Some Trojans are more obnoxious than malicious. However, some install a 'backdoor', allowing someone to take control of your computer, and sometimes the equipment attached to the computer, like a web camera. The installer then has the ability to remotely access your computer (and all its contents) at will. Thus, with a backdoor installed, your computer has been 'compromised' and you have lost control of your machine to an intruder.
Trojans have recently become far more subtle. It used to be very obvious when someone took control of your machine. Now, the installer wants to avoid detection, so will be far less overt in their misuse of your machine.
What is a zombie computer?
If someone has 'compromised' your computer, either by use of a Trojan or by hacking, the computer is under their control and has been made a 'zombie'. This means that they have access to all the information held on your computer. They can also use your computer at will to store illicit material, send spam, or they can even sell your computing power.
If your computer is compromised, you might not even notice anything unusual except that at certain times your computer might run more slowly (as it would be if it was busy sending out a few thousand spam emails at the same time you wanted to do your work). Another sign can be that your machine indicates you are sending vast amounts more data than you are receiving, yet you are only sending your usual moderate amount of email. This scenario is how some with uncapped high speed Internet accounts can suddenly get a bill for thousands of dollars over their usual monthly costs (this is also known as bandwidth theft).
As far-fetched as it sounds, these criminals can then bundle a group of compromised computers (maybe 5-10,000) into what is now termed a 'botnet' and offer that combined computing power for sale for an hourly fee (e.g. $3000 per hour). That might be very attractive to a spammer wanting to send millions of emails, or potentially to a terrorist wanting to launch a cyber-strike of some kind. In this way, you can see how the computer security (or lack of) on your home computer can potentially have serious security implications for others.
Cookies
Cookies aren't always malware; some are very benign and actually designed for your shopping or browsing convenience. A cookie is a small text file that is loaded into your computer during a website visit and records your preferences at that particular website. The cookie reports back on that shopping profile during the next return visit. For example, you browse through travel packages to Fiji and Hawaii on a commercial travel website. When you return to that site there will likely be Balinese and Thai vacations advertised prominently, because the site will have read the cookie on your machine about your previous visit and customised the homepage for you. Information from cookies can also be used for market research, and third parties, often advertisers on sites visited can also attach cookies to customise ads displayed on future visits.
Spyware
By definition, spyware is ''a program that runs on your computer and records what you do. These programs range from the relatively harmless to those that track everything you do on your computer and send the results to someone else, who can then use this information for whatever they want''.1
In some cases spyware has been bundled into peer-to-peer file sharing products with other software without the user's knowledge or slipped in the fine print of a EULA (End User License Agreement). This is why it is important to always read the entire EULA when you download software from the Internet.
Spyware is often sold as a spouse monitor, child monitor, a surveillance tool or simply as a tool to spy on users to gain unauthorised access to their computer systems. Spyware can also be known as snoopware, PC surveillance, key loggers, system recorders, parental control software, PC recorders, detective software and Internet monitoring software. The spyware itself covertly gathers the user's information and activity on the Internet, without their knowledge. The spy software can record keystrokes as they are typed in, passwords, credit card numbers, sensitive information, where you browse, chat logs and even take screenshots of your computer, whilst you are on the Internet. The latest versions of spyware can even permit the routine e-mailing or the posting of information directly to websites, where the spy can then casually view this information at any time.
Some define adware (below), as spyware. Yet some spyware is more insidious than adware, and is of no commercial use to advertisers; its function is purely surveillance. While much spyware is inadvertently downloaded from the Internet, other spyware may be intentionally installed by an individual known to the victim (spouse, ex-partner, parent, child, student, employee, etc.). It can also be installed on a public access computer (e.g. an Internet cafe) to keep track of a person's computer use.
Spyware can take the form of either hardware (like the keystroke loggers that can be discretely plugged into the back of a computer) or software such as is available from the Internet. It can thus be an effective 'stealth weapon' in everything from domestic disagreements to industrial espionage.
Adware and pop-ups
Adware is a software application which brings up banner ads or 'pop-ups' when it is running on your computer. Pop-ups are little windows which suddenly appear on your computer generally selling something or advertising another website. Pop-ups are very popular with pornography businesses and online casinos. They can be very frustrating because the same range of annoying (or offensive ads) keep appearing whenever you are online. This software can install itself if there is no firewall or other protective program on the computer.
Keystroke loggers
A software keystroke logger is a type of spyware. Its function when installed is to record the keystrokes you type on your computer keyboard and relay that information to the installer. This can capture a victim's personal data, passwords, credit card numbers, etc. A hardware keystroke logger can look like a harmless computer connector that is surreptitiously installed between the back of the computer and the keyboard connector, or it can be a USB device. It can hold a significant amount of data (e.g. 500 MB) and can be quietly retrieved by the installer and the user none the wiser. Most spyware detection software can catch the software variety of keystroke logger, but may not be able to detect the hardware device.
How do I remove spyware?
First of all you need to detect it. Typical software programs you can use include:
- Lavasoft - http://www.lavasoftusa.com/software/adaware/
- Spywareblaster - http://www.javacoolsoftware.com/spywareblaster.html
- Microsoft AntiSpyware - http://www.microsoft.com/athome/security/spyware/software/default.mspx
Many anti-virus vendors include spyware detection within their antivirus software. Always ensure you update the chosen software on a daily or weekly basis, in a similar manner to your antivirus software. If you do not update, you will not be able to protect your computer against the latest threats. Sometimes, the removal tools, although effective, need additional assistance in the form of manual removal. If you are unsure what to do, seek professional assistance from a computer repair specialist. If you want to know more about spyware and pop-ups, take a look at the spyware webpage in the Net Basics section of this website or click here.
Diallers
These programs are installed on a computer and switch the victim's time on the Internet to a premium rate phone line, often to an overseas country. That is why this activity is sometimes referred to as 'modem hijacking', because it is taking control of your modem. Sometimes unscrupulous websites lie and say that they are programs that need to be installed to download 'free' pornography, or they bury an agreement to the premium rates in lengthy terms and conditions. This is why it is important to carefully read all terms and conditions before clicking the 'I agree' button.
Page Hijackers
Page Hijackers are applications that attempt to gain control of the PC user's home page on their Internet browser and then reset it to one of the hijacker's own. Most of these use stealth techniques or dialogue boxes to trick the user to agree to them being installed. This is another reason why it is so important to thoroughly read the dialogue boxes (the grey boxes that open up asking you to agree or disagree to something) before you click 'I agree'.
Other Resources
For an overview of the current malware risks in online activities like email, surfing, IM (Instant Messaging) and filesharing, take a look at the Symantec Threat Meter at the Symantec webpage http://www.symantec.com/avcenter/home_homeoffice/index.html
References: 1. http://www.itsafe.gov.uk
Click here to return to the NetSafe Computer Security home page.
|
|
