How to Help Prevent Viruses and Spyware From Infecting Your
Computer,"What is a virus?
A virus is a self-replicating piece of applications which often
sends itself to other computers via email or the Internet. It does not require
human intervention. Its purpose is to either replicate, cause computer damage,
or both. It typically comes from infected emails or documents and can either do
its damage in seconds, or be like a ticking time bomb waiting for the special
day to activate.
Examples of
viruses:
Boot
viruses such as Michelangelo and Disk murderer load when the computer
reads the disk. This type of virus is utterly difficult to get rid of.
Program viruses attach themselves to the
executable programs on the computer and replicate themselves to all executables
on the hard drive. Again, these are very difficult to remove. Examples include
the Sunday Virus and Cascade Virus.
Stealth viruses manipulate file sizes to
avoid detection. Examples include the Whale virus and the Frodo virus.
Polymorphic viruses change when they
replicate so they don't look identical to antivirus software or humans
attempting to find them. Examples include the Stimulate virus and Virus 101.
<b>Macro Viruses</b> infect Microsoft Office
documents (and others) and infects the normal.dot file (the template that opens
with Word when you don't open a file). These viruses infect every document that
is opened in the program, and replicates itself to other computers when
infected files are shared. Examples include the DMV and Nuclear viruses.
Viruses also got really good at DOING
something else: disabling anti-virus software. Not only could this particular
virus do its dirty deeds after this event, but other malware could also infect
the computer without fear of being caught. As a matter of fact, on many routine
service calls I would observe that the little anti-virus software icon near the
clock disappeared, and the computer user never even noticed the difference (at
least until I pointed it out!).
What is Spyware
Spyware is a general term for malware that is installed on a
computer by infected pages on the internet, or comes from software and other
packages that was installed on the computer by the user. Incorrectly labeled as
viruses, spyware has proliferated over the last 8-10 years (since about two
thousand) and has caused many computer users to have major headaches, causing
computer reformats and file loss. This type of software is what this document
is going to concentrate on.
Spyware can come in the form of Ad-ware, Hijackers, tracking
cookies (although not all tracking cookies are bad), rogue security software,
ransom-ware (an sophisticated and intricate rogue security software), and
keyloggers. New types of spyware include rootkits which can be very difficult,
if not impossible to remove from a computer system. I will speak more on that
later. The primary point of spyware, however, is that it is a piece of software
installed on a computer system without the user's consent or knowledge, and is
typically very difficult (or seemingly difficult) to remove.
Many spyware programs are installed by way of Trojans where
a piece of software is installed on the computer from the Internet. The spyware
is installed unknowingly by the user at the same time as the
""software"" giving the malware free reign of the computer.
software that installs this way includes free screensavers, free games,
programs from torrents, programs from file sharing (such as Limewire), and
other rogue software.
Other spyware programs are installed by way of infected web
pages. If you see a page with a popup that comes up and says something like
""Warning: Your computer is infected with 99999 viruses. Click here
to perform a scan of your computer,"" you are witnessing an infected
web page and rogue software that is trying to get on your computer.
Ad-ware includes pop-ups,
pop-unders, and other advertisements that appear on a computer by way of
applications that is unknowingly installed on the system. The primary purpose
of adware is to get users to click on advertisements which produce some income
for the person that made the software.
Hijackers (browser hijackers)
literally hijack a web browser and take the user to places other than where the
user wanted to go. Most of the time even the homepage gets hijacked. Again, the
purpose of a hijacker is money - when users click on the links on the hijacked
page, the malware maker receives a payout. Hijackers operate technically at
several different levels including registry changes, Hosts file changes,
browser add-on changes, LSP (Layered Service Protocol) Hijacks, and homepage
changes. Removing browser hijackers can result in browser connectivity loss
which requires additional (and more experienced) diagnostics and cleaning.
Keyloggers can determine what
the user is doing on the computer and record the keystrokes of the user while
logging into banking pages, eBay, Paypal, and other web portals crucial to the
user. The keylogger applications then transmits this information to the
""Home"" server (also known as ""calling
home"") where the bad guys can decipher the information and use it to
gain user credit card, banking, and other identity stealing information.
Rogue security software and their
more dangerous cousins, ransom-ware, are the latest varieties of malware to
cause problems for computer users. The rogue security software pretends to be
useful security software, and is generally installed by way of infected web
pages in the form of a popup that states the computer is infected with so many
thousands of viruses (also known as drive-by download). This scares the user into clicking on Scan Now or
OK, which really just installs the malware. The applications doesn't in
fact detect anything at all, even though it says it does. It then offers to
clean the computer for the actual price of the software. Paying for the software just changes the routine a
bit, with the software stating it cleaned all the infections. Examples
of this malware include Spy Sheriff (one of the originals), Antivirus 2009,
Antivirus 2010, Security Tool, and Security Essentials 2010.
Ransom-ware is similar in
nature to rogue security software, but the effects are much worse. Not only
does it want to be paid for, but it will not allow for proper operation of the
computer until it does get paid for. Even worse, some of the malware of this
type also encrypts all the data files on the computer - documents, visuals,
music, everything, with a 128 bit key that only the programmer knows.
Recovering the data is almost impossible unless the data was backed up onto an
external drive, or the user pays the ransom. This software is installed in the
same manner as the rogue security software.
the nature of malware programs and why anti-virus
software cannot protect you in many cases.
Malware is created by people that understand computers,
operating systems, and browsers MUCH better than the average Joe, AND know how
to program the computer - and they can be located anywhere on Earth. They make
their creations, test them, and then send them out of the nest to fly (and
infect) on their own. The malware is tested against every browser and operating
paradigm the bad guys can get their hands on, and they do their best to take
advantage of ANY security holes still available in the software and operating
systems.
very many times they learn about these security holes from
other hackers, and they very sometimes even learn about them from other people
that just find them without any intent to harm. Then the malware creators
advertise their infected web pages on search engines, or perhaps purposely
misspell a popular domain name, or upload (some supreme looking, but infected,
software that promises the world to the user) on a website or possibly even a
shareware site. The software starts to infect computers, slowly.
What about the antivirus enteprise outfits? Well, the antivirus and anti-spyware associations (Norton,
Mcafee, Trend, AVG, Avast, Webroot, Spybot, Ad-aware, and now Microsoft, etc.)
do not even know about this software yet. That is because no one has reported it to those companies. The bad guys
are, well, really bad! They don't tell the anti-malware companies that they are
releasing this new software!
However, once the
antivirus enteprise outfits start getting reports of the new malware, they
request samples and the sources (where it came from). Then they can
start taking them apart (reverse engineer) as necessary and work on updating
their program definitions so their software can fight the infections.
Definitions are the bits of code that the good-guy
applications uses to compare the code on the hard drive to and determine
whether it is bad software or not. Definitions want to be constantly updated so
the good guys can fight the bad guys. Years ago, definitions were updated about
once a week. Now many associations update them once a day, or even more.
Now that the malware has been ""in the
wild"" (on the internet) for some time, the good guys have a chance
to update their definitions and possibly update their applications (if
necessary) to fight the malware. Does that mean that it will remove all of the
infections all of the time going forward? <b>NO</b>! There may
still be problems with the removal routines, and sometimes the removal routines
do not even improve for many weeks, or even months. Other problems can occur
because the good software is not able to stop the bad applications from running
when the computer is on (known as processes). Rootkits are particularly good at
hooking themselves into the operating systems - they can even run in Safe Mode.
Anti-virus software
may not help! If the user (you, or a relative, friend, etc) gives the
okay to install a program (ANY program) on your computer, your antivirus software
will not be able to stop the installation, even if it has a Trojan in tow. No
matter what anti-virus software you use, even the
""rated-best"" software, cannot stop the infection from
installing!
Can you see how this is a never-ending, vicious cycle? Can you see how and why your antivirus
software will not be able to protect you? Does this mean you should stop
using anti-virus applications? No, i think not. Anti-virus software CAN help
protect you in some cases, and it CAN aid remove infections and alert you to
changes in your operating system that should not occur. But, it is NOT a
cure-all for virus infections, nor can it prevent them from occurring!
HOW do you protect yourself from these bad, nasty infections.
1) EDUCATION and Common Sense has to be used on the web.
That's right - YOU have power to stop these infections dead in their tracks
with no ifs, ands, or buts. If something doesn't feel right about what you see
on the screen, don't do it!! Don't press the button.
2) ALWAYS keep Windows and your Anti-Malware software
updated - it can't fight what it doesn't know! Only run ONE anti-virus software
program. multiple anti-spyware scanners may be used, however (like Ad-Aware and
Spybot Search and Destroy, for example).
3) Use a software
firewall. Windows 7 comes with an adequate firewall that monitors incoming AND
outgoing connections. The Windows firewall in Vista and XP are passable but do
not monitor outgoing connections (like when spyware tries to ""call
home"") Check out a free firewall like Comodo Firewall with antivirus
- it is free and it works great. Again, only one anti-virus (and one firewall),
okay?
4) as you are
browsing, stay away from porn sites, hacker sites, party poker sites, and any
sites with fun characters or where the domain name (such as search engine.com)
does not make sense. when you are doing searches on the internet, be careful
what you are popping on. Don't just click a site that looks appealing if
you don't recognize the domain. Critically think about the way the domain and
the rest of the URL looks. If it looks scary, don't go there. Same thing with
Facebook and MySpace links! Find another, safer looking place to go (think of
URLs like you think of a dark alley - you never know if danger lurks!). You can
use a web site checker (Symantec and McAfee both have one with their Security
Suite and AVG uses one, even with their free anti-virus applications) but
again, remember that nothing is 100% guaranteed.
5) Here is a way to make the bad pop-up go away (note - this
ONLY works if you have NOT clicked anything yet and the malware has not
infected your computer): Press the CTRL and ALT buttons (hold them down) and
press the DEL (or DELETE) button once. If Windows XP or before, Task Manager
will begin if XP (with Quick
Logon disabled), Vista or 7, click ""Start Task Manager.""
be sure the Programs tab is highlighted. Click the all Internet Explorer programs one at a time and click End Task
until the bad pop-up goes away, and guess what - You were saved!
6) Some techs
advocate unplugging the computer from the power when they see a bad popup like
this, or if a laptop, holding the power button for 5 seconds. One caveat
to this method, however: this is a hard shutdown, and it can in fact ruin your
Windows installation and possibly your hard drive. Therefore, I do not
personally recommend this method except in a dire emergency. Know the possible
consequences however, should you decide to try it!
Other kinds of attacks that the bad guys use to try to get
your personal information have little to do with installing software on your
computer.
Phishing attacks can come from email, or from a rogue web
page that is disguised as the real thing. A couple of years ago, rogue emails
were sent out to millions of people that looked like they came from their stock
broker, bank, PayPal, or eBay. The email stated that the account was in
default, or that their password had expired, or deeply worried the user in some
other way (this is known as Social Engineering in the computer security world).
The user, not thinking about a
possible scam, clicked on the link and freely entered all of their personal and
banking information into the rogue web page. Needless to say, most
people in modern society lost much money by not critically thinking about what
they were doing, or even looking at the entire domain. Here is an example of a
rogue webpage website address: ""http:// www. ebay.changepassword.tki.ru"".
Note that ""eBay"" is in the URL, but the actual domain is
tki.ru - this would be a Russian website, with the page URL disguised as an
eBay page. The title could even say something like ""eBay - Change
Password."" ALWAYS know the TRUE domain and NEVER provide personal
information unless you typed the URL in yourself, or used a trusted favorite
(also known as a bookmark).
‘’When it comes to software on the internet, we need to ask
ourselves - did it come to me, or did I go to it?"
If it came to you, run away (or close the browser window).
If you went to it, you probably knew what you were doing and where you were
going.
Another security risk on the internet:
Craigslist has become amazingly popular over the last few
years and for a large number of people it works well, but unfortunately it is
fraught with scammers as well! Here is the way the scam sometimes works:
You billing something to sell on Craigslist.org. You get an
email from someone who is interested (they are occassionally afraid to call!).
The person states they are rather interested in the item and want to buy it
immediately, sight unseen (a definite warning flag). They offer to send you a
Moneygram or cashier's check for much more than the item is worth. You get to
keep some extra for your trouble, they say, but they also want you to pay the
shipper an extraordinary amount to pick up the item and ship it to the
""new"" owner. The scam is that you pay your hard earned
money for the shipping, fail the item, and to boot the cashier's check turns
out to be a fraud. Not a very good day in Craigslist land, was it?
insanely enough, someone tried to scam me in much the same
way on Craigslist! I had two people email me after I listed an advertisement to
repair laptops that said they had 7 laptops to fix, and the laptops were
currently out of state. They told me to name my price and they would ship the
laptops. The scam was I would get paid with fake money, and I would pay the
""shipper"" to ship the computers - but, I would be out of
my money, there are no real computers to fix, and the fake money would be lost.
Okay, now that you have this great information on what the
malware is, how it gets on your computer, why antivirus software cannot protect
you from it, and how to stop it if it tries to get on your computer, what do
you do if you still get bit?
You could experiment with performing a ""search
engine"" search for the symptoms and look for web pages that tell you
how to remove the infection. For example, if you have a box that comes up that
wont go away, and it calls itself ""Security Tool,"" search
for that term on search engine. You don't need to travel to paid techy sites
such as consultants-exchange.com
bleepingcomputer.com is an astounding place to go for advice - a lot of people
on that site have tons of experience removing malware and are happy to help at
no cost at all.
Note that occassionally you are really going to have to get
your hands dirty and possibly learn much more about this removal stuff if you
want to try it on your own. And, it is a scary world out there.
But, there is always an different. You can hire a expert to
aid you - you can look in the online yellow pages or do an online search, or
look in your local phone book. Choose someone that is reasonably priced but not
affordable - affordable always comes at a price you might not need to pay. Look
for a business that has been around for a while - ask them when you call how
long they have been doing this and what the acomplishment rate is. sometimes
the computer is so badly infected it really needs to be wiped clean. You will
want your data saved, too. The true pro will offer a flat rate to do all of
that. do not be afraid to ask questions - that is part of what you are paying
for.
I hope this report has been beneficial to you, and I also
hope that it has helped prevent your computer from getting infected at least
once or twice. We aren't perfect, and even I have had the
""opportunity"" to do my own damage control once or twice.
Thank you for reading! Have an amazing day!
Disclaimer: I dont work for, nor do I have an interest in
any of the associations that I have discussed in this report. All company
trademarks are of their respective companies.
" "
No comments:
Post a Comment