Protect yourself from malware

Malware vulnerability is on of the few reasons I stay away from my Windows PC when surfing the net. While some of these can be just common annoyances like tracking cookies or keyloggers, some are very malicious and can wreak havoc on your system and your important files.
What is Malware?

Malware is a type of software designed to take over and/or damage your OS in one way or another. Once installed, it can be difficult to remove but that depends on the severity of the malware program as well as the degree of damage it brings which can range from being annoying to rendering your PC inoperable.

The most common types of malware include:

* Virus - A program written intentionally to enter a computer without the users permission or knowledge which then attaches to files or boot sectors and replicates and spreads. Other viruses can cause serious damage to your files and system.
* Worms - they are stand-alone software that modify their host operating system, and are likely to be started as part of the boot process.
* Wabbit - Self-replicating malware. Unlike viruses, they do not infect host programs but repeatedly replicates itself on a local computer. They’re really something more of an annoyance than a threat
* Trojan - Harmful software that is disguised as legitimate software.
* Backdoor - Software that allows remote access to the computer system without the user’s permission
* Spyware - a Software that collects and sends information. Keyloggers are a prime example
* Browser Hijack - a script or program that alters a computer’s browser settings

How does malware spread?

The most common way malware spreads on the net is via email or blogspam. These seemingly random messages contain links to sites that, once opened, either runs a script that downloads or installs malware or presents a link to a file with a very tempting filename.

Here are other ways on how malware spreads:

* Downloading infected files using Peer-to-Peer file sharing programs (e.g. Kazaa).
* Downloading infected files from an untrusted source.
* Putting an infected computer disk (floppy, CD, USB Memory stick, or DVD) into your computer.
* Clicking on a web site dialog box.
* Connecting an unsecure computer to the network.
* Clicking random links from Instant Messaging (IMs)
* Randomly opening sites from any SERP (search engine results page)

How do you spot a malware site?

Take this example:
If you search for: ‘drunk dogs site:.cn’ chances are, you’ll get one of these:

Malware site from Google SERP

Congratulations, you’ve just found a malware site.

There are a number of reasons why that site is suspicious:

* The plethora of “keywords” you see as the description. If you notice, a lot of comment and trackback spam nowadays are full of these. If you’ve ever wondered what they were for, you’re looking at the reason now.
* The seemingly random domain name. If you’re a legitimate person and not just a bot, would you register your site as www.ldwasdadwad.cn?
* The .cn TLD (top level domain). Although I’m not branding ALL .cn sites as malware sources, statistics and and security bulletins prove that most malware sites are hosted with .cn TLDs. If you want to read more on the read Computer World’s article on the subversion of Search Engines.

How do I protect myself?

* Never open a file from an unknown source. Although it’s probably over kill, I suggest that you mark all recently downloaded or installed items on your computer without your prior knowledge to be malware.
* Update your OS. If possible, download and install all security fixes. No matter how much you have Windows it’s always good practice to patch up your OS to prevent others from exploiting it’s holes.
* Install security software like AVs and ASs. Although some people don’t recommend using them, it’s better to be over cautious especially if you’re not the only one using your computer. There are tons of free security software out there like AVG, Avast and Adware to name a few. Try them out and see which works for you.
* Activate the Guest account. If multiple people are using your PC, restrict their access by using a guest account or equivalent. Sure, you may end up editing the Policies so they can save and edit files but at least they won’t be able to install malware behind your back, unintentionally or otherwise.
* Stop look and read that URL! Taking my example above, you’ll note how easy it is to spot if a site is legit or dupe. Just read the URL.
* Use common sense. The spread of most malware relies on carelessness on the part of the victim. If a sudden message pops in your IM that looks as if it’s screaming “Hey click me I’m a spam site”, do yourself a favor and close the window.

Posted in | 5 comments

Minimizing the Effects of Malware on Your Computer

Malware is short for “malicious software;” it includes viruses — programs that copy themselves without your permission — and spyware, programs installed without your consent to monitor or control your computer activity. Criminals are hard at work thinking up creative ways to get malware on your computer. They create appealing web sites, desirable downloads, and compelling stories to lure you to links that will download malware, especially on computers that don’t use adequate security software. Then, they use the malware to steal personal information, send spam, and commit fraud.

It doesn’t have to be that way. So says a website with tips from the federal government and the technology industry that is helping consumers be on guard against Internet fraud, secure their computers, and protect their personal information. Indeed, OnGuardOnline.gov says consumers can minimize the havoc malware can wreak, and reclaim their computers and their electronic information.

Computers may be infected with malware if they:

  • slow down, malfunction, or display repeated error messages;
  • wont shut down or restart;
  • serve up a lot of pop-up ads, or display them when youre not surfing the web; or
  • display web pages or programs you didnt intend to use, or send emails you didnt write.

If you suspect malware is on your computer

If you suspect malware is lurking on your computer, stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information. Malware on your computer could be sending your personal information to identity thieves.
Then, confirm that your security software is active and current: at a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. You can buy stand-alone programs for each element or a security suite that includes these programs from a variety of sources, including commercial vendors or from your Internet Service Provider. Security software that comes pre-installed on a computer generally works for a short time unless you pay a subscription fee to keep it in effect. In any case, security software protects against the newest threats only if it is up-to-date. Thats why it is critical to set your security software and operating system (like Windows or Apples OS) to update automatically.

Some scam artists distribute malware disguised as anti-spyware software. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. Thats a tactic scammers have used to spread malware, and that has attracted the attention of the Federal Trade Commission, the nations consumer protection agency, as well as a number of state law enforcement agencies. Visit OnGuardOnline.gov to find a list of security tools from legitimate security vendors selected by GetNetWise, a project of the Internet Education Foundation.

Once you confirm that your security software is up-to-date, run it to scan your computer for viruses and spyware. Delete everything the program identifies as a problem. You may have to restart your computer for the changes to take effect.

If you suspect that your computer still is infected, you may want to run a second anti-spyware or anti-virus program. Some computer security experts recommend installing one program for real-time protection, and another for periodic scans of your machine as a way to stop malware that might have slipped past the first program.

Finally, if the problem persists after you exhaust your own ability to diagnose and treat it, you might want to call for professional help. If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you’ve installed, and a short description of the problem. Your notes will help you give an accurate description to the technician.

If you need professional help, if your machine isn’t covered by a warranty, or if your security software isn’t doing the job properly, you may need to pay for technical support. Many companies — including some affiliated with retail stores — offer tech support via the phone, online, at their store, or in your home. Telephone or online help generally are the least expensive ways to access support services — especially if there’s a toll-free helpline — but you may have to do some of the work yourself. Taking your computer to a store usually is less expensive than hiring a technician or repair person to come into your home.

Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future. If your security software or operating system was out-of-date, download the newest version and set it to update automatically. Use the opportunity to back up important files by copying them onto a removable disc. Other ways to minimize the chances of a malware download in the future:

  • Don’t click on a link in an email or open an attachment unless you know who sent it and what it is. Links in email can send you to sites that automatically download malware to your machine. Opening attachments — even those that appear to come from a friend or co-worker — also can install malware on your computer.
  • Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
  • Talk about safe computing. Tell your kids that some online activity can put a computer at risk: clicking on pop-ups, downloading free games or programs, or posting personal information.

Posted in | 0 comments

How malware spreads

Once they’ve infected a system, viruses and the like can be very difficult to remove. For that reason, your best defense against them is to prevent them from infecting your computer in the first place.

The most useful tool you can use to keep malware off your computer is your cerebral cortex. Just as malware is written to exploit vulnerabilities in computer systems, the distribution of malware exploits the stupidity of users.

Malware is typically spread in the following ways:

Posted in Labels: | 0 comments

Malaware from Email attachments

One of the most common ways viruses make their way into computers is through spam. Attachments are embedded in these junk email messages and sent by the millions to every email address in existence, for unsuspecting recipients to click, open, and execute. But how can people be that dumb, you may ask? Well, consider the filename of a typical Trojan horse:

kittens playing with yarn.jpg .scr

Since Windows has its filename extensions hidden by default, this is how the file looks to most Vista users:

kittens playing with yarn.jpg

In other words, most people wouldn’t recognize that this is an .scr (screensaver) file and not a photo of kittens. (The long space in the filename ensures that it won’t be easy to spot, even if extensions are visible.)

And since many spam filters and antivirus programs block .exe files, but not .scr files—which just happen to be renamed .exe files—this innocuous-looking file is more than likely to spawn a nasty virus on someone’s computer with nothing more than an innocent double-click.

So, how do you protect yourself from these? First, don’t open email attachments you weren’t expecting, and manually scan everything else with an up-to-date virus scanner (discussed later in this section). Next, employ a good, passive spam filter, and ask your ISP to filter out viruses on the server side.

Where do these email attachments with malaware come from

Where do these email attachments come from, you may ask? As part of their objective to duplicate and distribute themselves, many viruses hijack your email program and use it to send infected files to everyone in your address book. In nearly all cases, these viruses are designed to work with the email software most people have on their systems, namely Microsoft Outlook and Windows Mail (formerly Outlook Express). If you want to significantly hobble your computer’s susceptibility to this type of attack, you’d be wise to use any other email software, such as Mozilla Thunderbird (http://www.mozilla.com) or stick with web-based email like Gmail (http://www.gmail.com) or Windows Live Mail (http:// mail.live.com).

Malaware on Infected files

Viruses don’t just invade your computer and wreak havoc, they replicate themselves and bury copies of themselves in other files. This means that once your computer has been infected, the virus is likely sitting dormant in any of the applications and even personal documents stored on your hard disk. This not only means that you may be spreading thevirus each time you email documents to others, but that others may be unwittingly sharing viruses with you.

One of the most common types of viruses involves macros, small scripts (programming code) embedded in documents. By some estimates, roughly three out of every four viruses is actually a macro written for Microsoft Word or Excel. These macros are executed automatically when the documents that contain them are opened, at which point they attach themselves to the global template so that they can infect every document you subsequently open and save. Both Word and Excel have security features that restrict this feature, but these measures are clumsy and most people disable them so they can work on the rest of their documents. In other words, don’t rely on the virus protection built in toMicrosoft Office to eliminate the threat of these types of viruses.

Malaware from Peer-to-peer (P2P) file sharing

Napster started the P2P file-sharing craze years ago, but modern file sharing goes far beyond the trading of harmless music files. It’s estimated that some 40% of the files available on these P2P networks contain viruses, Trojan horses, and other unwelcome guests, but even these aren’t necessarily the biggest cause of concern.

To facilitate the exchange of files, these P2P programs open network ports and create gaping holes in your computer’s firewall, any of which can be exploited by a variety of worms and intruders. And since people typically leave these programs running all the time (whether they intend to or not), these security holes are constantly open for business.

But wait...there’s more! If the constant threat of viruses and Trojan horses isn’t enough, many P2P programs themselves come with a broad assortment of spyware and adware, intentionally installed on your system along with the applications themselves. Kazaa, one of the most popular file-sharing clients, is also the biggest perpetrator of this, and the likely culprit if your system has become infected with spyware. (Note that other products like Morpheus, BearShare, Imesh, and Limewire do this, too, just in case you were thinking there was a completely “safe” alternative.)

Malaware from Web sites

It may sound like the rantings of a conspiracy theorist, but even the act of visiting some web sites can infect your PC with spyware and adware. Not that it can happen transparently, but many people just don’t recognize the red flags even when they’re staring them in the face. Specifically, these are the “add-ins” employed by some web sites that provide custom cursors,
interactive menus, or other eye candy. While loading a web page, you may see a message asking if it’s OK to install some ActiveX gadget “necessary” to view the page (e.g., Comet Cursor); here, the answer is simple: no.

Just as many viruses are written to exploit Microsoft Outlook, most spyware and adware targets Microsoft Internet Explorer. By switching to a browser like Firefox, you can eliminate the threat posed by many of these nasty programs.

Posted in Labels: | 0 comments

Malaware from Network and Internet connections

Finally, your network connection (both to your LAN and to the Internet) can serve as a conduit for a worm, the special kind of virus that doesn’t need your help to infect your system. Obviously, the most effective way to protect your system is to unplug it from the network, but a slightly more realistic solution is to use a firewall. Vista comes with a built-in firewall,
although a router provides much better protection.