Internet Safety – The World of Malware

This article is a modified mirror of my article posted on Experts-Exchange. The EE article has been awarded special recognition from the EE community for quality of content and has been featured in their weekly digest as well as included in the front-page rotation of articles.


The Internet has become a critical tool in education and entertainment, as well as communications – business and personal. The Internet is a great tool to share information, but it comes with great risks.

One of the biggest dangers of the Internet is exposure to malicious software (malware for short). Malware is software that is written to steal your information and damage your computer system.

Malware Types

The basic types of malicious software include the following.

Adware places advertisements, often as pop-ups, on your computer desktop and internet browser windows, usually pertaining to the content found on your computer or the keywords typed in documents and internet browser.
Spyware tracks your internet and computer use with the intention of reporting information back to its author or other party, possibly including programs, keywords, account numbers and passwords.
Viruses are typically destructive, intending to disable your computer or programs. Virus are sometimes tied to other malware. Many viruses automatically spread via e-mail or a network.

 

Malware Classifications

Beyond the above listed basic types of malware, malware is also classified by the infection mechanism or payload type.

Dialers are amongst the oldest payloads, originally taking advantage of your modem to redirect traffic or connect to pay services, these malware now take advantage of your broadband or other internet connections to accomplish similar redirects or distributed attacks; not to be confused with a hijack.
Downloader malware often adds itself to your system or browser startup intending to download or update malicious content on your computer without detection by security software.
Hijack software usually takes over your internet browser and forces exposure to content or malicious web-sites.
Keyloggers record your keystrokes as you type, in an effort to steal your usernames and passwords, as well as other sensitive information.
A Rootkit infection is loaded before the operating system from within the disk boot sector or along with the operating system files on startup. These are the most difficult to remove and often critically damage a computer’s operating system.
Trojans install malicious software on computers, posing to provide some other purpose and commonly create a backdoor into a computer system for other undetected use.
A Worm is a self-propagating program that spreads through your computer and other computers across networks and e-mail systems.

 

Infection Methods

Malicious software reaches your computer by many means, sometimes without detection by your security software.

Networks are an easy method of attack for worms. A worm will automatically detect computers on a network and attempt to infect them by taking advantage of security inefficiencies within the target system – particularly operating system design flaws.
Malicious or infected web-sites are a growing method of malware attack. These sites take advantage of scripting features and security failures within common internet browsers and operating systems. These infection attempts may occur in the background without your knowledge or be a pop-up message in your browser.
Internet File Sharing tools like Ares, Bearshare, bitTorrent, Frostwire, Limewire, mIRC, and many others are peer-to-peer file sharing applications which provide any easy path of intrusion, although the applications themselves are not malicious.
Social Engineering is a method of gaining information through casual communication, but it is also a method of encouraging someone to install malware and bypass security systems by human intervention.
E-mail continues to be a strong technique for spreading malware, particularly worms and spyware. Usually an infected e-mail will have an attachment which the message body tricks the reader to launch or automatically launches the attachment.

You might be thinking that all that sounds pretty scary and well frankly, it is. Even with today’s sophisticated security software, malware still damages computers because that malware is also becoming more sophisticated.

Computer Viruses and other malicious software are not random occurrences. Someone wrote the program to do what the malware does.

The operating system or manufacturer of your computer is not relevant to your risk of malware infection. Whether your computer is running Microsoft Windows, Apple OS, Linux, Android, or any other operating system, you are still susceptible to having malicious software affect your computer.

Just because someone hasn’t written a virus for your computer yet, doesn’t mean it won’t happen.

Internet Safety

The best way to protect your computer is to disconnect it from the network, internet and never share removable media with other computers. Of course, this is not realistic.  Through some personal behaviors and available technology, you can use internet safety and better protect your computer from these threats.

System Updates

As security flaws are found, many companies release updates to their product or drivers. Check with the manufacturer of your computer and operating system for service packs and security updates. Keeping your application revisions current helps too, like Document Readers and Internet Browsers.

Security Software

A full-functioning security suite is your best bet to help protect your computer, but the product you choose is dictated by your budget and your computer. Full suites usually include anti-virus, anti-malware (spyware/adware), e-mail scanning and firewall protection.

As the security suites become more sophisticated, they also require greater horsepower from your computer. If you have a slower computer, then a modern security suite might not work for you. Slow computers prevent security software from detecting and removing malicious software before the malware does its damage. In this case lighter-weight stand alone security software may work, but you need to be sensitive to the risks of some web-sites.

Paying a lot of money for your security software doesn’t necessarily mean you are getting a better product, though be careful of the free security software – I only know of one that is a good product, but for the sake of this article I am avoiding the mention of brand names.

Most security software providers offer free evaluations of their product. Take advantage of this and check how each product behaves on your computer. Look into industry sites not related to a manufacturer of the security software for technical reviews.

Caution – You should not have more than one security suite or product of the same type installed at the same time. These applications will conflict, dramatically impacting performance and possibly damage your system. Uninstall your current product before trying a different one.

Protective Behaviors

Having good security software installed, running, and up to date is essential to protecting your computer and data. There are a few other things you can do to help protect your computer and data.

  • Aside from utilities like Java, Flash Player, and Silverlight (to name a few), be wary of web-sites that require you to install their software to use content like video or text. Questionable sites may use this as a method to gain access to your computer.
  • Don’t be fooled by phony virus scanner pop-ups. These phony alerts mimic popular security software and may try to trick you into installing additional software, or giving credit card or logon information.
  • Just like the last bullet point, don’t be fooled by phony e-mails, web-sites, and instant messages. Phishing, as this is called, is the action of pretending to be your financial institution or other provider in an effort to trick you into revealing your username, password, and other personal or financial information.
  • Look at the URL of the site you are visiting or considering to visit and make sure it is what you are expecting. With very few exceptions, legitimate web-sites will use a domain name (www.domainname.com) not an IP address (123.234.123.234). Sometimes malicious sites will use a variant of a popular domain, like www.your-bank.com or yourbank.domain.com instead of www.yourbank.com.
  • Do not open attachments or follow links in an e-mail you received, unless you were expecting it – even if it comes from a family member, friend, or colleague. Send them a quick e-mail to check if they actually sent the message and trust the content.
  • Disable server services on computers that do not need to answer network requests. Server Service allows other computers on the network to access your computer.
  • Disable Auto-run for removable media and network drives. This will also disable it for CD/DVD drives, which may not be a desirable result, but it protects from automatically launching malicious software that may be present when connecting jump/thumb drives and network drives.

Symptoms of Infection

Depending on the severity of the infection and design of the malicious software, the effects on computers will be different. The following lists common symptoms of infection.

  • Slowness – The computer becomes significantly slower than normal. This could also be a symptom of computer resource issues also, like low disk space, memory or CPU availability.
  • Typing Delay or Missing Letters – When infected with key logging malware, sometimes your typing is briefly delayed to display on-screen and characters that you type might be missing. Alternatively some malware will change letters as you type.
  • Junk and Infected Email is sent to people in your address book. These e-mails may contain and attachment or a link to a web-site. Typically the malicious software will masquerade as you.
  • Files disappear from your computer erroneously or program shortcuts stop working.
  • Pop-up and Pop-behind windows keep appearing on your computer whether or not you are using your internet browser.
  • Hijacked Browser – Whenever you go to your favorite search engine or a preferred website, you are redirected to an unexpected or malicious website.

If you suspect your computer has become contaminated with malware and you are not experienced in technology enough to feel confident in finding and cleaning malicious software from your computer, take your computer to a qualified expert.

Q & A

I have security software installed. How did I become infected?

No internet safety product on the market is 100% effective, although they have improved greatly over the years. Anti-virus products rely on a “signature” from the software manufacturer to find “known” malware. Malware doesn’t become “known” until it is in the wild, infecting computers and someone reports it to the security companies. The security software programmers work diligently to find the fixes for the malware as soon as they become aware of its existence.
One of the progressive efforts that security software is making is in detecting virus-like behaviors to stop some new malware from spreading. Often the security software will ask if a program should be trusted; be careful when answering this question if you are uncertain.

How do I disable autorun?

This varies by the operating system version on your computer.  Use Experts-Exchange search tool to search for “disable autorun” and your operating system (Windows XP, Apple OS, for example). Using the Experts-Exchange search will ensure your computer safety by sticking with the site contents.

I have scanned my computer, but it seems to still be infected

If Malicious Software is able to load before your security software loads, then that malware may be able to hide from your security software. This is common with rootkit style viruses. These are much more difficult to remove and should be done by a qualified expert.

My computer seems to be clean, but it is still sending virus e-mails to people.

Please note the previous answer about malware that hides from security software.  Now it is possible that your computer is clean, but instead your e-mail application or provider has been “hijacked”. Change your e-mail password and see if the issue stops. Alternatively, the e-mail may be sent from another location using your address as the “From”.  You may be forced to change your e-mail address and tell people to block your old one.

How can I protect my data?

Using an online backup service that retains multiple version of your files, like Carbonite, helps ensure that when your files get damaged by malicious software, you can recover the files.

Disclaimer

Ultimately it is up to the computer user to exercise internet safety. No one, including me, can guarantee that you and your computer will not become a victim of malicious software. The information I provide in this article is based on my experience with technology and securing computers in the last 30+ years. This information is presented in an effort to educate people and help them protect themselves.

Brand and product names mentioned within this article are property of their respective organizations. The presence of these names does not imply my support of the organization or their support of me or this article.

Leave a Reply