Malware

What is it and how to protect yourself



Malware means malicious software. They are the bad guys and we need to protect our computer from them. Fortunately there are plenty of safeguards we can use to foil their attempts. We describe seven categories under which attacks occur and how to prevent them.

  1. Computer viruses
  2. Trojans
  3. Spyware
  4. Adware
  5. Worms
  6. Real time hacker attacks
  7. Phish (identity theft)

1. Computer Viruses

A Computer Virus is a computer program that replicates on computer systems by incorporating itself into shared programs. Viruses range from harmless pranks that merely display an annoying message to programs that destroy programs, files or disable a computer altogether.

Whether they're considered malicious or malevolent all viruses spread rapidly. From one computer to millions around the world by stealing your email address book and sending itself to everyone you know. Some well known examples include the "I Love You" virus and WinVar. If you use WebMail, all ISP's have email antivirus programs on their servers and many provide antivirus programs to their subscribers for free or at a reduced price.

One type of virus is known as a Zombie. This type of virus allows someone to take control of your computer to send spam email or facilitate a Denial of Service or (DoS) attack.

You need an anti-virus program on your computer to protect yourself from infection. Trial versions of many commercial programs like McAffe or Norton come on new computers. Typically they run for about six months and then need to be purchased. There are also free antivirus programs like Avast or MSE (Microsoft Security Essentials) that are every bit as good as the commercial versions but free. Some need to be renewed every year but they stay free for basic protection.


2. Trojans

One type of virus is known as a Trojan Horse. This is a virus disguised as a useful program. The scenario usually happens like this: a user may download a program from the Internet because they think it may be of some use, but once the program is opened (or run) it releases a virus that erases their hard drive or wreaks havoc on their system.

The moral is: don't open any attachment that has an executable file like a .exe, .com, .dll or .cmd and keep your antivirus program up-to-date.

Also do not download any programs unless you know the provider scans programs for malware. See our help topic on Free Software.


3. Spyware

Spyware is software that gathers information about a user as he or she navigates around the Web. It is intended to track surfing habits in order to build marketing profiles. Spyware is often included in "free downloads" from the Web, where the license agreement (which so many of us accept without reading) may mention that information about your habits will be transmitted back to the company's Web site. Spyware is a major cause cause for public concern about privacy on the Internet.

Often third parties install an HTTP Cookie on your Web Browser to track your browsing. The Firefox web browser has an Add-on called Collusion that allows you to track and remove these cookies. See the Collusion video on TED.com.

If you insist on using web browser other than Firefox, you can try malware removal programs like AdwCleaner, MalwareBytes or Spybot to remove those cookies.


4. Adware

In general adware refers to any software application in which advertising banners are displayed while the program is running. These ads are commonly viewed through pop-up windows or through a bar that appears on a computer screen. Adware is a nuisance because it continually interferes with what you are doing! The justification for adware is that it helps recover programming development cost and therefore holds down the cost for the user. We don't believe that is a rational justification for the intrusion of privacy.

Adware, like spyware, is a major cause for concern regarding privacy because it usually includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge. This practice has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center (EPIC). It's become necessary to download and install anti-adware programs in order to protect your privacy and your data.

You can use free programs like Ad-Aware or AdwCeaner to remove existing adware and protect your computer from new infections.


5. Worms

A worm is a virus that does not infect other programs. It makes copies of itself, and infects additional computers (typically by making use of network connections) but does not attach itself to additional programs; however a worm might alter, install, or destroy files and programs.

A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting system access down. Also see virus.

Computer worms also differ with how they propagate the worm's code from one system to another. Most computer worms simply propagate their main body as an attachment in an e-mail.

The now famous Stuxnet is a computer worm designed for use against Iran's nuclear program. Most antivirus programs will protect against worms.


6. Real time hacker attacks

These are people and computers that take the opportunity, when you are connected to the Internet, to disrupt your computer, or try to steal your identity in some way. Since this happens during the normal course of visiting web sites, it can and generally does go unknown to you while you on line. A class of program called a Firewall is used to prevent hacker attacks.

A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

If your computer has Microsoft XP or later installed, your computer already has a very good free firewall. To activate it you will need to do the following:

  1. Open the start menu (start button), and click once on Control Panel.
  2. Left click on the System & Security icon.
  3. Left click on the Windows Firewall icon.
  4. Left click once on Turn Windows Firewall on or off.
  5. Only if the On radio button is not active, left click once on the On radio button.
  6. Left click once on the OK button.
  7. Returnn to Control Panel > System and Security.
  8. Mouse - Left click once on Turn Automatic updating on or off.
  9. Click on the left "Change Settings".
  10. Only if the Install radio button is not active, left click once on the Install radio button.
  11. Left click once on the OK button.

IMPORTANT: If you already have a firewall installed on your computer, other than Microsoft's, do not install Microsoft's.

Computers these days will not run properly with two or more Firewalls installed or running at the same time. This is also true for Antivirus programs.

If you don't use the Windows firewall or need a more effective one, try Zonealarm.


8. Phish (identity theft)

The last form of Internet attack covered in this course is called a Phish (pronounced fish). This form does not come hidden in a program. It is most generally found blatantly in the contents of an Email message. The sender goes to great length to make the Email appear official, that is, it came from a reputable source. It depends on your believing it's official, because inside the body of the message it will ask you to activate a link so you can re-enter some personal information the message claims the sender needs.

Here's an example: You receive an email message that appears to come from your bank. It looks official when you open it. It may even have your bank's logo on it. Then, the message goes on to say that for some reason they have had a data problem and no longer believe your account name is properly associated with account and pin numbers. They require you to verify the accuracy of your account. They want you to link to a Web Page and enter your name, account numbers, and pin numbers. They may even ask for your social security number to verify that you are the person you say you are. Baloney!

Never respond to an email that asks you for personal information; no matter how important it looks. If you do suspect there is a problem with your account, you contact your bank, etc., using contact procedures you received directly from the bank, to see if there really is a problem.

We've saved this warning for last because it's a very important one. Identity theft can cost you all your money, and put you in debt way over your head, if you are not careful. That's why you should be in the habit of deleting, without opening, any emails that look in any way suspicious. For example, if you don't recognize the senders address, the subject doesn't look right, there are spelling and grammar errors, or it doesn't make good sense. These should be deleted immediately. Granted, you may miss a few messages that you might have wanted, but there will not be many. Read only those that pass your scrutiny. And never act on one that does get by, but looks phishy when read.


A few examples of phishing emails:


Adelaid Bank malware

Example 1 From a bank in Adelaid. Don't click on "Please click here to Read". Call the bank instead.


BoA malware

Example 2 Phishing from what appears to be from the Bank of America. The link will take you to a false BoA site.


TX IRS malware

Example 3 Phishing from what appears to be a government
agency. Telephone the agency if you have any real concern.


PayPal malware

Example 4 Phishing from what appears to be PayPal. Don't click on the link. It will take you to
a false Paypal site. Instead go to the PayPal site you know and sign into your account to see
if the email is true. Be aware that PayPal will call you if there is really unusual activity
on your account. They do not email security issues.

 


Protection and Removal Programs

Some of the protection programs are exclusive, meaning that you can run only one on any computer. Multiple programs of the same type will cause your computer to slow down dramatically. For example, if your new computer comes with a trial version of McAfee antivirus and you then install the free Avast antivirus, your computer will slow to a crawl. The same is true if have a trial version of McAfee antivirus and install a purchased version of Norton antivirus. Never install two antivirus programs. The same is true for Firewalls.

Should you change antivirus programs or firewalls do one of the following:

If the new program is on a CD: First uninstall or disable the old program. Then install the new program from the CD and check for updates.

If the new program is downloaded from the internet: First download and save the new program. Then, if you are already infected, disconnect your computer from the Internet (this can be as simple as disconnecting the Internet cable). Then install the new program, re-connect to the Internet and check for updates.

Multiple copies of the other programs will not cause a problem. If one doesn't work, try another.


Here's a re-list of links to download the programs mentioned in this article:


For additional information on malware go to the SANS site or subscribe to the Cyber Security newsletter at U.S. Cyber Security to obtain new alerts via email.