Secure Your Computer From Malware
October 24th, 2011
How prevalent is it?
What are the sources of malware?
What are some common types of malware?
How does malware use you as its accomplice?
How do you protect yourself?
Malware is a general term that refers to all “malicious software” including viruses, spyware, scareware, Trojan horses, worms, and the like. Basically bad stuff that you DO NOT want on your computer. As the name implies, malware is intended to cause harm, which it accomplishes in a number of ways: disrupting how your computer works (e.g., deleting or corrupting files, hijacking your browser and redirecting your searches, or causing a pop-up ad explosion), accessing and stealing confidential information, or using your computer to send spam or commit fraud/crime.
Criminal hackers create malware at an alarmingly fast rate and, according to the McAfee Threats Report, “the first quarter of 2011 was the most active in malware history,” with an average of 8,600 malicious websites created daily. Consumer Reports surveys show that one-third of American households were victims in 2010, costing consumers $2.3 billion. That’s more than the GDP of some countries.
Spam, online ads, and messages on social networking sites such as Facebook are common sources of computer malware distribution. Sponsored ads in popular search engines such as Google and Yahoo have been found to spread infection, and it has been reported that nearly 50% of malware cases in 2011 stemmed from manipulated search engine results. In what is known as “search engine poisoning,” hackers fill in the results of a search request with links to ads and malware.
- Computer Viruses
Similar to an ordinary infection like the flu, a virus is a malware program that can infect your computer, copy itself, and spread to others through the Internet. Viruses can damage, corrupt, or delete the contents of your computer, perhaps even causing irreparable harm. They are usually attached to programs or executable files (.exe) and start on their path of destruction once opened or run.
The launch of any new gadget usually results in a tremendous amount of fraudulent Internet activity. Rumors regarding the release of the iPhone 5 in the months before its actual launch triggered an onslaught of malicious advertising spam as shown here. All embedded links in the e-mail are fakes, pointing to what appears to be “iphone5.gif,” with the file extension indicating a picture. In fact, the real link is “iphone5.gif.exe,” which, when clicked, downloads a nasty computer virus.
- Computer Worms
Unlike a virus, a computer worm is not always attached to another program but rather roots out security and network weaknesses and self-propagates automatically without necessarily needing user intervention. Worms can be designed for a number of purposes – some just wreak havoc on systems by copying themselves endlessly and slowing down traffic, while others send out information via e-mail or create backdoors in infected computers, leaving them vulnerable to all kinds of vile schemes such as botnet attacks.
One of the fastest multiplying worms in history was 2004’s Mydoom, which spread to over 200,000 computers in a single day through administrative-sounding e-mails featuring error messages such as “The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.” The worm replicated itself and was sent to everyone in the infected computer’s address book, as well as e-mails harvested from websites. In addition to slowing down traffic, it is believed to have made infected computers part of a gigantic botnet to spam people worldwide.
- Trojan Horse
Named after the clever trick played by the Greeks to enter the city of Troy as depicted in Virgil’s The Aeneid or the 2004 Brad Pitt blockbuster, this kind of malware is disguised as one thing, such as a cool new video game or essential anti-virus software, but is, in reality, something altogether different and quite sinister. Unlike viruses and worms, Trojans are not self-replicating, but they can be used to harm the contents of your computer, access personal information, or open your computer up for use by a malicious hacker. Trojans can also be used to smuggle in viruses, worms, and spyware.
- Spyware/Privacy Invasive Software
Just like it sounds, this variant of malware is meant to invade your privacy and secretly collect information about you by logging or recording keystrokes, recording logins and passwords, scanning files, or reading cookies. The gathered data is then sent back to the hacker who will either sell it or use it to steal or maybe even advertise to you. Indeed, there is some dispute whether “adware,” software that automatically displays targeted advertisements, falls into the spyware category since it does generally collect information about your surfing habits in order to provide customized results. Spyware is often bundled with other kinds of software or can be installed as a result of a virus, worm, or Trojan horse.
The symptoms of an infected computer vary from sudden lethargy (a slow running computer) to a slow death (you can no longer get anything done and need to chuck it). You might end up with a never-ending parade of junk mail and annoying pop-up ads. Or your computer might freeze up often and reboot spontaneously. Devices such as your printer may not work properly and files or programs may be missing. In some cases, there might be no symptoms at all until a friend contacts you to ask why you’re spamming them.
Here’s the most important thing to know about most of the malware that is floating around the Internet: it can’t generally follow its intended path of madness and mayhem without a little bit of help from you. Usually, it needs YOU to click on a file attachment or a link to a malicious site, or download an infectious program and run it to make the magic happen. This is how malware is able to bypass the security gates set-up by your browser, operating system, and/or anti-virus software.
So how do hackers and criminals get you to do this? Mind control, you say? Well, that’s one way to look at it. The term computer security people like to use is “social engineering,” which essentially means trickery or deception, and much of it happens online through advertising. Criminals are a pretty smart bunch. They know you’re not going to click on something that says “evil computer virus” or “spyware program.” Instead, the e-mail attachment or pop-up might say or show something to entice you, like naked pictures of your favorite celebrity, or low cost prescription drugs, or amazing new gaming software, or a miracle weight loss product, or a program that lets you see who’s been viewing your profile on Facebook. Scareware scams (e.g., warnings about a virus detected on your computer or notices about overdue taxes), which are intended to frighten you into action, are also common. Following the instructions in one of these bogus messages will lead to a malware infection. Click here to see popular Internet scams including common malware scams.
- Don’t open unsolicited e-mails, and don’t open attachments from people you don’t know. Even if it is someone you know, be careful about opening any attachment that you were not expecting to receive.
- Be cautious when downloading software, especially shareware, pirated software, and any type of free program. Use an anti-virus program to scan other programs that you download before installing them.
- Install anti-virus, anti-spyware, and firewall software on your computer for security. Keep your security and browser software up-to-date, and pay attention to alerts and news about malware.
- If you notice any of the symptoms of an infection noted above, stop logging into any password-protected sites and run your anti-virus software. You may need to install another anti-virus program if the first one has been corrupted and isn’t working. Professional help may also be necessary to protect the contents of your computer.
- Be cautious when giving out personal information to prevent identity theft.