Know Thine Enemy

By Wayne  Maruna

August, 2011

 

 

It’s sad, really, that the very first application I have to load onto any new computer I set up is an anti-virus/anti-malware program. We computer users fight a constant battle with the deranged programmers of the world who delight in wreaking havoc on our computing experience either for fun or profit.  Many of us eventually get bit to one degree or another, so I think it is worthwhile discussing the various forms of malware and the terminology you may come across.

 

Malware (malicious software) comes in a variety of forms.  In this article I will discuss viruses, Trojans, worms, rogue antivirus apps, rootkits, keyloggers, and browser hijackers.

 

The Discovery Channel website ‘howstuffworks’ gives a pretty good definition of malware:

“Malware is a catch-all phrase used to define any program that runs on a computer without the user's knowledge and performs predetermined functions that *may cause harm.”

 

The word ‘may’ is my addition to their definition. Let’s look at the most common types of malware.

 

A virus, like its biological namesake, survives to replicate itself, from computer to computer, and usually does damage as a result.  This type of malicious code attaches itself to programs or files, enabling it to spread from one machine to another. As the Microsoft Safety & Security Center points out:

“Computer viruses are often spread by attachments in email messages or instant messages. That is why it is essential that you never open email attachments unless you know who it's from and you are expecting it.  Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or programs you might download.”

 

A Trojan (short for Trojan Horse, not the other…you know…Trojan), like its namesake from classical literature, masquerades as an innocent program, but once installed, may be the most dangerous of all malware.  It can damage or delete files, block access to specific websites, and open a ‘back door’ to allow remote access into the machine, thereby giving miscreants the opportunity to steal sensitive data or install other malware like viruses and worms.

 

A worm might be considered a sub-class of the term virus, but it is able to use a computer network to send copies of itself to other machines on the network independent of user intervention. A worm may include a payload which can damage files, encrypt files, or create a back door into the infected computer.  Worms may also be payload free and designed simply to bring down systems by consuming bandwidth.

 

Rogue Anti-Virus Software is a form of scareware that appears in a fake window warning that indicates you have some outlandish number of infections, and offers to remove them for you if you will just purchase and download the software.  Not only does your credit card then get charged for software that is not the cure but is in fact the problem, but your credit card info is then in the hands of unscrupulous bandits.  The severity of the rogue can vary from relatively easy to get rid of, to making your system inoperable.  Unless any warning you see is coming from your own anti-virus program (and then not always), shut your machine down immediately and don’t take the bait.  Once it has its hooks in your machine, it can be very difficult to remove.

 

A rootkit is software installed on a computer by an intruder in such a manner that its presence is actively hidden, allowing continued privileged access which enables it to perform any of several illicit activities, among them collecting and transmitting personal data, creating machine malfunctions, or relaying spam.  Rootkits can be difficult to find and eradicate without specialized anti-malware software.  Fortunately, they are relatively rare among home computer users.

 

Key Logger programs record keystrokes entered onto the keyboard.  They are typically used to capture credit card or banking information.  You run the greatest risk of key loggers when using a public access computer, such as one in a hotel business center or a public library.  A person with criminal intent may load the program onto the system and retrieve the data from it remotely.  For this reason, avoid entering private information on public terminals.

 

Hijackers affect your web browsing by altering your web browser settings so that you are redirected to websites you did not intend to visit.  Hijackers may change your home page, redirect attempts to connect to specific websites (Google, for example), or they may generate pornographic pop-ups.

 

With the bad guys out to get us, what’s a body to do?  Make sure your anti-virus program is kept up to date and functioning.  Be a smart user.  Don’t open emails or attachments from unknown users. Question anything that looks like it might be a scam. Download files only from known trusted sites.  As an adjunct to your A/V program, I recommend you download and install MalwareBytes (MWB), an excellent on-demand malware scanner that can be safely obtained from http://download.cnet.com (then search for the title).  Update it and run a scan at least monthly. There are many ways that malware can circumvent your A/V program, so a bit of time spent with a program like MWB is time well spent.  There is a free version of the program that requires manual updating, or a paid version that self-updates and remains memory resident to provide added real-time protection. It can safely co-exist with your current A/V program.

 

Sometimes the bad guys outsmart us.  When they do, remember that if you maintain a current image backup on an external drive, you can always restore back to the latest backup.