Navigation

Malware and web threats

By . Last modified: 2014-08-14.

What is malware and what are its types - viruses, trojans, rootkits, adware, spyware, etc? How to protect a Windows computer?

According to Wikipedia article, "Malware, a portmanteau from the words malicious and software, is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses."

Viruses

A computer virus is a program that can copy itself and infect a computer without your permission or knowledge. But do not call other types of malware, such as trojans, rootkits and spyware by the name of "virus". These are totally different types of malware.
Viruses may spread via floppy disks, CD-s, DVD-s, USB drives, e-mail, instant messaging, file sharing, local networks and the Internet. Viruses corrupt or devour files to help spreading themselves, but mostly their actions are just annoying.

Worms

Worm is a self-copying program that spreads via networks without any of your intervention. Worms always cause some damage to networks, mostly by slowing down or even halting the network. Some worms also delete or encrypt files or send your documents via e-mail.
Cybercriminals use worms to spread backdoors for gaining control over infected computers.

Trojan horses or trojans

Remember the ancient Greek story about how the Greek took over the city of Troy by sending a huge hollow horse that hid Greek soldiers as a gift to Trojans?
Trojan horse in computer terms is a program that acts and looks like a normal one (say, screensaver or racing game), but when you launch the program, it does secretly something malicious in background - deletes files, opens backdoor access to hackers, downloads other malicious programs to your computer, etc.
Please do not mix it up with a normal program infected with a virus - virus-infected program does not do anything more than spreading the virus.

Rootkits

Rootkit is a program that is able to hide itself and its malicious actions from operating system (i.e. Windows, Linux, Mac OS). Rootkit often replaces important system files to hide its actions and then downloads some other malicious software such as spyware or adware and is then capable of doing all sorts of malicious things without you, Windows or antivirus programs ever noticing it. Rootkits often come as trojan horses, disguised as fun programs or screensavers.

Backdoors

Backdoor is a program or a modification to a program that lets hackers and cybercriminals bypass authentication methods and easily access your computer. While a normal user would have to enter username and password to access another computer via network, backdoor gives an opportunity to access computers and their contents without any usernames or passwords. Usually, backdoors are used for sending spam e-mails from infected computers.

Keyloggers

Keylogger is a program that records everything you type in using your keyboard without you ever noticing it. Its main usage is stealing passwords to bank accounts and networks that have sensitive information. Keylogger collects information and sends it to cybercriminals at certain intervals.

Spyware, adware and scareware (rogue software, ransomware, fake antiviruses)

Spyware is a program that is secretly installed on your computer and silently tracks your browsing habits and other actions. Sometimes spyware secretly downloads other types of malware to give hackers a complete control over your computer. As spyware changes system settings and uses your internet connection for sending cybercriminals information collected about you, you will notice slow Internet connection.

Adware is using information collected by spyware for displaying web advertisements to you. Often these ads are leading to malicious web sites that try to secretly install other malware on your computer via unpatched security holes in your operating system, internet browser or its add-ons.

Scareware (aka rogue software, fake anti-virus, ransomware) is a malicious program that pretends to scan your computer for malware or other problems (such as disk fragmentation, registry problems, etc) and then demands payment for cleaning it. For example, you visit some web page and there is an advertisement that pretends to be scanning your computer in just few seconds (real antivirus and antimalware scans take at least several minutes!). Then it displays a warning message that your computer is infected and needs cleaning. When you click on the ad, you will be directed to a web page that installs or offers to install some program for removing viruses from your computer. This program then pretends to be scanning your computer again (at an unreasonably high speed) and presents you with a list of non-existent viruses. This program then asks for your name and credit card information and offers to "clean" your computer for $5-150.

Many fake antiviruses try to resemble the looks and names of well-known security software, such as Microsoft Security Essentials or AVG Anti-Virus. Do not fall for such scams. Always use major search engines to search for the name of the proposed security suite. If you see many links about "How to remove" plus the program name, you can be sure it is a fake one.

Let's see a variant that tries to look like Microsoft Security Essentials (image courtesy of BleepingComputer). See how it is desperately trying to trick you into buying (activating) the useless program by stating that your PC is really-really infected?
Fake Antivirus named AntiVirus AntiSpyware 2011

Another rogue antivirus that is trying to be a system optimizer. Again, many red items here trying to convince you into buying the pointless thing. Image courtesy of BleepingComputer again.
Fake Antivirus and system optimizer named Windows Troublemakers Agent

Some variants of ransomware are stating that files or hard drive on your computer are encrypted and you must pay to decrypt and get access to your data. Most such programs do not really encrypt anything and they can be easily removed using popular anti-virus software.

You can check the legitimacy of your antivirus program by visiting Common Computing Security Standards Trusted Vendors page or VirusTotal about page (scroll down to Credits section). If your antivirus program is not listed in either lists, be very cautious!

Check out an extensive list of scareware at Malware Lab's Rogue Gallery.

Dialers

Dialers are dangerous for those using dial-up networking, i.e. calling via modem and telephone line. A fraudulent dialer automatically calls to premium-rate numbers and therefore causes you a huge telephone bill. Dialers use security holes for spreading and they change your Internet Provider numbers to premium-rate numbers. For example, you live in Kentucky, but your modem calls to Nigeria without you knowing it - what a long-distance bill it makes!

Web threats - phishing, drive-by attacks, clickjacking

Web threats have been growing with the growth of the Internet. Mostly such threats target Windows-based computers, because Windows is the prevalent operating system among users and therefore best possible platform for spreading malware.

Phishing means tricking you into visiting a malicious website and entering your personal information - first and last name, credit card numbers or bank login details. Such tricking is usually done via spam e-mails that promise you huge lotto winnings (you have won loads of money, but you can't really remember even playing that lotto) or pretend to be from your bank manager (your bank has lost your personal information, come fill it in on their website; but banks never ask any information via e-mail or website!).
Other types of phishing include spreading malware by inviting you to some malicious web page that promises cheap holiday travels or goods, or striking news and nude pictures of celebrities or any other offers that actually are too good to be true. Those offers are mostly sent via e-mail or instant messaging programs.

Vishing - also known as "voice phishing", happens when criminals use telephone or VoIP systems (for example, Skype) to deliver pre-recorded messages that try to scare users into downloading a malicious program or visit a malicious web site. For example, you might get a Skype call that says your PC is infected and you must download a program to clean it. Actually, the downloaded program is malware itself.

Drive-by attacks take place when hackers secretly infect legitimate web sites. These are very nasty things, because you would barely notice any difference, if any at all! Cybercriminals put a small script to the end of a web page and the script silently downloads some malicious software to your computer using some unpatched security hole. All it takes is a two-second visit to an infected web page!

Clickjacking happens while displaying a normal page with malevolent content hidden beneath it. Visitors are tempted to click on the page - for example, to play a video - and that click actually does something else. This is very common in Facebook schemes: a user visits some malicious page via a link and his/her click on a video actually activates hidden "Like" or "Share" button so that the link to the page now appears on his/her wall also. That's how these rogue links go viral. Clickjacking is so common among Facebook crooks that the techinque is now also called likejacking.
Also, if watching a video, photo or some news story requires filling a survey, you can be 99% sure that this is a scam. Surveys are real and make cybercriminals some money, but you do all the hard work and all you get is a malicious link on your Facebook wall or Twitter page.

Botnets and how cybercriminals make money using your computer

Botnets are collections of computers that got infected using any combination of above described ways. Botnet owner has total control of those computers, often called zombies. Bigger botnets often include more than a million of infected computers worldwide and even back in 2006, an average botnet size was 20 000 computers. By now, it is considerably larger. In 2009, Conficker (also known as DownAdUp or Kimo) worm created a botnet of 10 million computers in a few weeks just by exploiting computers that were unpatched by lazy or unknowing users.

When a botnet is large enough, spammers and cybercriminals purchase access to the botnet from botnet owner. They give infected computers commands to send out billions spam e-mails or attack specific websites or servers to create a Distributed Denial-Of-Service (DDoS) attack. This website or server would then stop operating due to an overload.

Reports say that cybercrime revenue was already exceeding 100 billion U.S. dollars back in 2008.

What can you do to prevent all this from happening?

After such gloomy article you might think you are totally unprotected. Actually, you are not... or at least you can protect yourself and your computer following the described steps. As viruses, worms and malware use mostly unpatched security holes and computers not protected by antivirus and antimalware software for spreading, you have to:

  • Patch and update your software - Windows and all installed programs, especially internet browsers (Internet Explorer, Mozilla Firefox, Apple Safari, Google Chrome and Opera) and internet-related software (Adobe Flash, AIR and Shockwave players, Adobe Reader, Oracle Java Runtime Environment) and, of course, Microsoft Office programs.
  • Use anti-virus and anti-malware programs.
  • Always check links in e-mails and online conversations before clicking them. Links can be deceiving - anyone can link to a malicious web site and present the link as a link to www.google.com, for example. Usually you have to stop your mouse pointer on the link and you will see a small pop-up with link's real destination address or the address appears in Status bar of the program.
    Use WOT Safe Surfing Tool for staying away from malicious web sites.
  • Protect your user names and passwords with Trusteer Rapport.
  • If an e-mail with wonderful offers is full of spelling mistakes, it is most probably spam or phishing e-mail, do not visit any links displayed in the e-mail.
    Remember, if an offer sounds too good to be true, it probably is. 

The best thing - you can do all of the above for free! Smile

 

Sub Navigation

Sub Navigation
Next: Creating strong passwords
Previous: Browser and Plug-in Check
comments powered by Disqus