All About Malware
All About Malware
by Doctor Inferno on Sat 29 Dec 2007, 11:01 am
Know About Malware
What is Malware, Malware -short for MALicious softWARE- is a term used to broadly classify a form of software which is installed in a computer system mostly without the owners permission with malicious intentions. It includes Trojans, viruses, key loggers, malicious active content, rogue programs and dialers among others.
There is another form of software which may be termed as "Trackware", -because they track, store and analyze your browsing patterns thereby compromising your privacy on the World Wide Web. They are probably less malicious, but unwanted at the same time. It includes Spyware, Web bugs, tracking cookies, and "forced" adware.
Quick Definitions
Spyware
Spyware is defined loosely as any program that secretly gathers information about you and or your computer use through your Internet connection. Typically, a Spyware program gathers information about you by monitoring your computing activities and then transmits it across the Internet to a central server for onward distribution to interested parties for advertising purposes. These programs can also download files, run other programs in the background, and change your system settings.
In addition to violating your privacy and potentially damaging your system, Spyware can slow your computer down by stealing processing time from the CPU. Even though the name may indicate so, Spyware is not an illegal type of software in any way as yet. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product.
Another potential problem is that many are poorly written, may contain programming bugs and errors and can cause problems with the normal operation of your computer. One of the causes of your web browser hanging and crashing frequently with those "General Protection Faults" may be due to one of those badly written Spyware programs interfering with its normal operation.
What is spyware?
Spyware is ANY SOFTWARE which employs a user's Internet connection in the background (the so-called "backchannel") without their knowledge or explicit permission. Silent background use of an Internet "backchannel" connection MUST BE PRECEDED by a complete and truthful disclosure of proposed backchannel usage, followed by the receipt of explicit, informed, consent for such use. ANY SOFTWARE communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed: Spyware.
There are also PC surveillance utilities like key loggers, email and chat loggers, which monitor all activity on a computer. Though designed for businesses, parents and similar environments they can be easily abused if they are installed on your computer without your knowledge.
Adware
Adware is usually a freeware displaying advertising banners within the program interface. The developer creates revenue by selling advertising space in the software product, instead of you having to pay for it. Occasionally, some Adware will also act as spyware which includes information gathering code to send non-sensitive information back to third parties. Some people think that Adware are same as spyware, but Adware isn't necessarily spyware. While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement, there is almost no way for the user to actually control what data is being sent. In addition to privacy concerns, frequent downloading of advertisement banners and other ads while the user is browsing can slow down the system immensely and for users paying for dialup services by time used, ad-loading and hidden communications with servers can be very costly.
Most of the time, if you prefer a "non advertised" product, you have the option to purchase a version that does not display any banners.
Trojans
A program that comes in secretly and quietly, but it carries a destructive payload. Once you become infected by the worm or virus that that Trojan carries into your computer, it can be very difficult to repair the damage. Trojans often carry programs that allow someone else to have total and complete access to your computer. Trojans usually come attached to another file, such as an .avi, or .exe, or even a .jpg. Many people do not see full file extensions, so what may appear as games.zip in reality could be games.zip.exe. Once the person opens up this file, the Trojan goes to work, many times destroying the computer's functionability. Scary, eh? Your best line of defense is to NEVER accept files from someone you don't know, and if you have any doubts, then do NOT open the file. Get and use a virus detection program, such as Inoculate and keep it updated regularly.
Viruses
A piece of programming code usually disguised as something else that causes some unexpected and, for the victim, usually undesirable event and which is often designed so that it is automatically spread to other computer users. Viruses can be transmitted by sending them as attachments to an e-mail note, by downloading infected programming from other sites, or be present on a diskette or CD. The best protection against a virus is to know the origin of each program or file you load into your computer or open from your e-mail program.
Browser Hijackers
Browser Hijacking is caused by malicious code which can alter your browser settings without your knowledge. Browser Hijackers are extremely common.
Here's a list of the typical effects a Browser Hijacker can have on your system.
* Altering the Homepage, Search Page of your browser.
* Changing various options in your Internet settings.
* Blocking access to certain functions (parts or all of the internet options screen, registry editor etc)
* Changing to reset (iereset.inf) file to prevent user being able to reset web settings within the internet explorer options screen.
* Automatically add sites to your trusted zone
* Hijack of URL prefixes, therefore if you enter a site in your browser without a prefix (ie google.com), internet explorer automatically appends http:// to the address.
* This function can be abused to redirect you to any site if you omit the prefix
* Altering your winsock list of providers used to resolve domain names.
* Adding a proxy server so all your traffic could be intercepted.
* Altering your user stylesheet (normally used for visually impaired users), thereby changing the way websites appear.
Rootkit
A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. An attacker enters the victims computer through a security loop hole, like a weak password or a missing patch and then installs his favorite collection of tools which will provide him backdoor(s) to remotely access the cracked system and also mask the fact that the system is compromised.
Though not very prevalent currently other than an open source NT rootkit called Hacker Defender, some malware programs are reportedly using rootkit like mechanisms to hide in the bowels of Windows to evade detection and removal.
Web bug or Web beacons
Also called a Web bug or a pixel tag or a clear GIF. Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, that is placed on a Web site or in an e-mail that is used to monitor the behavior of the user visiting the Web site or sending the e-mail. When the HTML code for the Web beacon points to a site to retrieve the image, at the same time it can pass along information such as the IP address of the computer that retrieved the image, the time the Web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values.
Web beacons are typically used by a third-party to monitor the activity of a site. A Web beacon can be detected by viewing the source code of a Web page and looking for any IMG tags that load from a different server than the rest of the site. Turning off the browser's cookies will prevent Web beacons from tracking the user's activity. The Web beacon will still account for an anonymous visit, but the user's unique information will not be recorded.
Keyloggers
A Keylogger (KeyLogger, Key Logger, or Keystroke Logger) is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user.
A freeware program to detect Keyloggers running in your system is KL-Detector: detect keylogging activity on your computer!. It can detect keyloggers, but you should remove them by yourself.
Malicious Dialers
Once installed, they can be extremely difficult to remove. The dialer will configure your settings to route you from your chosen ISP to a network specified by the dialer's programming. The alarming part of this is that you could be charged any amount per minute that the dialer's distributor has selected, from pennies to hundreds of dollars. Most often the only indication that you might have a dialer on your system is when you receive your phone bill.
What is frightening here is that you do not need to download these programs yourself. A site might attempt to hide the installation by swamping your connection with popup ads so you do not notice the program attempting to install. If you do not have the appropriate security settings for your browser, these programs can and do install without any notice and do not require that you click to agree. A common method is to force a silent install and have wording in the application's EULA (End User License Agreement) that states that you agree to the charges if the software is installed. The dialer is installed, you connect to the net, and you are billed, regardless of whether or not you agreed to, or even knew that it was being installed.
When the charges on your phone bill finally arrive and you protest them, the dialer companies might make it extremely difficult for you to obtain credit for the charges. You might even be asked to send them a copy of your birth certificate or other personal information. Do not send any personal information!
Tracking cookies
Any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private". Definitions of "private" may differ. Some consider any code "private" if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: "1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * " The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.
These are the more common varieties of malware prevalent in the web at present today.
source: http://www.malwarehelp.org/
What is Malware, Malware -short for MALicious softWARE- is a term used to broadly classify a form of software which is installed in a computer system mostly without the owners permission with malicious intentions. It includes Trojans, viruses, key loggers, malicious active content, rogue programs and dialers among others.
There is another form of software which may be termed as "Trackware", -because they track, store and analyze your browsing patterns thereby compromising your privacy on the World Wide Web. They are probably less malicious, but unwanted at the same time. It includes Spyware, Web bugs, tracking cookies, and "forced" adware.
Quick Definitions
Spyware
Spyware is defined loosely as any program that secretly gathers information about you and or your computer use through your Internet connection. Typically, a Spyware program gathers information about you by monitoring your computing activities and then transmits it across the Internet to a central server for onward distribution to interested parties for advertising purposes. These programs can also download files, run other programs in the background, and change your system settings.
In addition to violating your privacy and potentially damaging your system, Spyware can slow your computer down by stealing processing time from the CPU. Even though the name may indicate so, Spyware is not an illegal type of software in any way as yet. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product.
Another potential problem is that many are poorly written, may contain programming bugs and errors and can cause problems with the normal operation of your computer. One of the causes of your web browser hanging and crashing frequently with those "General Protection Faults" may be due to one of those badly written Spyware programs interfering with its normal operation.
What is spyware?
Spyware is ANY SOFTWARE which employs a user's Internet connection in the background (the so-called "backchannel") without their knowledge or explicit permission. Silent background use of an Internet "backchannel" connection MUST BE PRECEDED by a complete and truthful disclosure of proposed backchannel usage, followed by the receipt of explicit, informed, consent for such use. ANY SOFTWARE communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed: Spyware.
There are also PC surveillance utilities like key loggers, email and chat loggers, which monitor all activity on a computer. Though designed for businesses, parents and similar environments they can be easily abused if they are installed on your computer without your knowledge.
Adware
Adware is usually a freeware displaying advertising banners within the program interface. The developer creates revenue by selling advertising space in the software product, instead of you having to pay for it. Occasionally, some Adware will also act as spyware which includes information gathering code to send non-sensitive information back to third parties. Some people think that Adware are same as spyware, but Adware isn't necessarily spyware. While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement, there is almost no way for the user to actually control what data is being sent. In addition to privacy concerns, frequent downloading of advertisement banners and other ads while the user is browsing can slow down the system immensely and for users paying for dialup services by time used, ad-loading and hidden communications with servers can be very costly.
Most of the time, if you prefer a "non advertised" product, you have the option to purchase a version that does not display any banners.
Trojans
A program that comes in secretly and quietly, but it carries a destructive payload. Once you become infected by the worm or virus that that Trojan carries into your computer, it can be very difficult to repair the damage. Trojans often carry programs that allow someone else to have total and complete access to your computer. Trojans usually come attached to another file, such as an .avi, or .exe, or even a .jpg. Many people do not see full file extensions, so what may appear as games.zip in reality could be games.zip.exe. Once the person opens up this file, the Trojan goes to work, many times destroying the computer's functionability. Scary, eh? Your best line of defense is to NEVER accept files from someone you don't know, and if you have any doubts, then do NOT open the file. Get and use a virus detection program, such as Inoculate and keep it updated regularly.
Viruses
A piece of programming code usually disguised as something else that causes some unexpected and, for the victim, usually undesirable event and which is often designed so that it is automatically spread to other computer users. Viruses can be transmitted by sending them as attachments to an e-mail note, by downloading infected programming from other sites, or be present on a diskette or CD. The best protection against a virus is to know the origin of each program or file you load into your computer or open from your e-mail program.
Browser Hijackers
Browser Hijacking is caused by malicious code which can alter your browser settings without your knowledge. Browser Hijackers are extremely common.
Here's a list of the typical effects a Browser Hijacker can have on your system.
* Altering the Homepage, Search Page of your browser.
* Changing various options in your Internet settings.
* Blocking access to certain functions (parts or all of the internet options screen, registry editor etc)
* Changing to reset (iereset.inf) file to prevent user being able to reset web settings within the internet explorer options screen.
* Automatically add sites to your trusted zone
* Hijack of URL prefixes, therefore if you enter a site in your browser without a prefix (ie google.com), internet explorer automatically appends http:// to the address.
* This function can be abused to redirect you to any site if you omit the prefix
* Altering your winsock list of providers used to resolve domain names.
* Adding a proxy server so all your traffic could be intercepted.
* Altering your user stylesheet (normally used for visually impaired users), thereby changing the way websites appear.
Rootkit
A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. An attacker enters the victims computer through a security loop hole, like a weak password or a missing patch and then installs his favorite collection of tools which will provide him backdoor(s) to remotely access the cracked system and also mask the fact that the system is compromised.
Though not very prevalent currently other than an open source NT rootkit called Hacker Defender, some malware programs are reportedly using rootkit like mechanisms to hide in the bowels of Windows to evade detection and removal.
Web bug or Web beacons
Also called a Web bug or a pixel tag or a clear GIF. Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, that is placed on a Web site or in an e-mail that is used to monitor the behavior of the user visiting the Web site or sending the e-mail. When the HTML code for the Web beacon points to a site to retrieve the image, at the same time it can pass along information such as the IP address of the computer that retrieved the image, the time the Web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values.
Web beacons are typically used by a third-party to monitor the activity of a site. A Web beacon can be detected by viewing the source code of a Web page and looking for any IMG tags that load from a different server than the rest of the site. Turning off the browser's cookies will prevent Web beacons from tracking the user's activity. The Web beacon will still account for an anonymous visit, but the user's unique information will not be recorded.
Keyloggers
A Keylogger (KeyLogger, Key Logger, or Keystroke Logger) is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user.
A freeware program to detect Keyloggers running in your system is KL-Detector: detect keylogging activity on your computer!. It can detect keyloggers, but you should remove them by yourself.
Malicious Dialers
Once installed, they can be extremely difficult to remove. The dialer will configure your settings to route you from your chosen ISP to a network specified by the dialer's programming. The alarming part of this is that you could be charged any amount per minute that the dialer's distributor has selected, from pennies to hundreds of dollars. Most often the only indication that you might have a dialer on your system is when you receive your phone bill.
What is frightening here is that you do not need to download these programs yourself. A site might attempt to hide the installation by swamping your connection with popup ads so you do not notice the program attempting to install. If you do not have the appropriate security settings for your browser, these programs can and do install without any notice and do not require that you click to agree. A common method is to force a silent install and have wording in the application's EULA (End User License Agreement) that states that you agree to the charges if the software is installed. The dialer is installed, you connect to the net, and you are billed, regardless of whether or not you agreed to, or even knew that it was being installed.
When the charges on your phone bill finally arrive and you protest them, the dialer companies might make it extremely difficult for you to obtain credit for the charges. You might even be asked to send them a copy of your birth certificate or other personal information. Do not send any personal information!
Tracking cookies
Any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private". Definitions of "private" may differ. Some consider any code "private" if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: "1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * " The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.
These are the more common varieties of malware prevalent in the web at present today.
source: http://www.malwarehelp.org/
I Don't Jump High, I Fly Low.
Last edited by Doctor Inferno on Wed 02 Jul 2008, 2:52 pm; edited 2 times in total
Doctor Inferno
- Posts : 2349
Joined : 26 Dec 2007
Location : †Virus Vault†
Operating System : [Dual Boot] XP Pro & Vista Ultimate
Country :
Re: All About Malware
by Doctor Inferno on Sat 29 Dec 2007, 11:20 am
Methods of Infection
P2P wrecks havoc
All most all of the spyware and adware come bundled with popular free programs and also by most of the peer to peer networks like Kazaa, Bearshare, Grockster, LimeWire, Morpheus among others. They install malware on your computer as part of the P2P installation process. Applications such as Cydoor, New.net, TopText, SaveNow, Webhancer, VX2, CommonName, GetNet/ClearSearch, IncrediFind and OnFlow are a few of the applications that are installed this way and may serve up ad banners and ad messages, or track your Internet surfing habits. Unfortunately, the makers of the host programs try not to advertise their programs' hidden payloads. Reading the licensing agreement (carefully) during installation will often reveal embedded licenses for the piggybacking adware.
Spyware for FREE, any takers?
Sometimes you install an application that claims to be free but at the same time will also install a secondary program. This secondary program will then monitor your surfing habits and report them back to a central database. However, when the user selects the remove the installed application, a component of the program remains behind. The next time the user connects to the Internet; this component re-downloads the remainder of program and reinstalls it.
What are Drive-by-Downloads?
Another scenario is you visit a website that pops up a window with a message like in order to properly view this website you must install this program. The FTP / HTTP Get request will initiate the download of the software onto the client machine. Installation will be performed by the user and during this installation they will be asked permission to install the malware as well as the software. Malware may also be installed through accessing a website, whose prime aim is to drop Spyware onto the client. The malware installation will be embedded within the web page. ActiveX (a Microsoft technology) is then utilized to install the malware (generally as a browser plug-in), on the client. ActiveX is a mechanism which allows applications to be run within other applications. This installation will allow the malware to operate every time the browser is opened.
-ActiveX is Microsoft's answer to the Java technology created by Sun Microsystems and is roughly equivalent to a Java applet. The main thing that you create when writing a program to run in the ActiveX environment is a component, a self-sufficient program that can be run anywhere on your web page. This component, or ActiveX control, could be anything from a scrolling marquis to an animation that is seen on the web page. It could also be an area where the visitor enters information about himself or his credit card. ActiveX is useful in marketing because it can be used to make web pages much more interesting as well as efficient and effective.
Another common method of malware intruding an unprotected system is when visiting a site in Internet Explorer that displays an advertisement or misleading download link that you have to click on to continue. That's when the site installs one or more programs on your computer, without asking any further permission. Sometimes these are referred to as 'Drive-by Downloads'.
The Vulnerability route
Another method of "infection" is through exploiting security holes in Internet Explorer. Even if a user doesn't click on something on web page, a malicious site can deliver its payload of malware. CoolWebSearch, one of the most notorious pests in recent times is suspected to be installed by pop-ups exploiting security holes in IE. Merijn Bellekom has fully documented the metamorphosis of CoolWebSearch in his Coolwebsearch chronicles.
Covert Action
Yet another method uses javascript, a web page opens another page running a javascript. When the surfer closes one web page, the javascript page covertly resets the homepage. The script is written in such a way that any time the surfer attempts to reset the homepage, the program automatically resets it again.
-A scripting language developed by Netscape to enable Web authors to design interactive sites. Although it shares many of the features and structures of the full Java language, it was developed independently. Javascript can interact with HTML source code, enabling Web authors to spice up their sites with dynamic content. JavaScript is endorsed by a number of software companies and is an open language that anyone can use without purchasing a license. It is supported by recent browsers from Netscape and Microsoft, though Internet Explorer supports only a subset, which Microsoft calls Jscript.
Many dialer programs use hidden windows, when the user opens the web browser after installation of a carrier software package, which masquerades as a useful program like free games or a screensaver, the dialer application opens in a new hidden window, turns off the sound of the users computer and calls a phone number without the users permission.
On the other hand Trojans can be spread in the guise of literally ANYTHING people find desirable, such as a free game, movie, song, etc. Victims typically download a Trojan from the web archive, got it via peer-to-peer file exchange using IRC/instant messaging/Kazaa etc., or just carelessly opened some email attachment. Trojans usually do their damage silently. The first sign of trouble is often when others tell you that you are attacking them or trying to infect them!
Viruses enter your system via e-mail, downloads, infected floppy disks, or (occasionally) hacking. You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening an infected document.
P2P wrecks havoc
All most all of the spyware and adware come bundled with popular free programs and also by most of the peer to peer networks like Kazaa, Bearshare, Grockster, LimeWire, Morpheus among others. They install malware on your computer as part of the P2P installation process. Applications such as Cydoor, New.net, TopText, SaveNow, Webhancer, VX2, CommonName, GetNet/ClearSearch, IncrediFind and OnFlow are a few of the applications that are installed this way and may serve up ad banners and ad messages, or track your Internet surfing habits. Unfortunately, the makers of the host programs try not to advertise their programs' hidden payloads. Reading the licensing agreement (carefully) during installation will often reveal embedded licenses for the piggybacking adware.
Spyware for FREE, any takers?
Sometimes you install an application that claims to be free but at the same time will also install a secondary program. This secondary program will then monitor your surfing habits and report them back to a central database. However, when the user selects the remove the installed application, a component of the program remains behind. The next time the user connects to the Internet; this component re-downloads the remainder of program and reinstalls it.
What are Drive-by-Downloads?
Another scenario is you visit a website that pops up a window with a message like in order to properly view this website you must install this program. The FTP / HTTP Get request will initiate the download of the software onto the client machine. Installation will be performed by the user and during this installation they will be asked permission to install the malware as well as the software. Malware may also be installed through accessing a website, whose prime aim is to drop Spyware onto the client. The malware installation will be embedded within the web page. ActiveX (a Microsoft technology) is then utilized to install the malware (generally as a browser plug-in), on the client. ActiveX is a mechanism which allows applications to be run within other applications. This installation will allow the malware to operate every time the browser is opened.
-ActiveX is Microsoft's answer to the Java technology created by Sun Microsystems and is roughly equivalent to a Java applet. The main thing that you create when writing a program to run in the ActiveX environment is a component, a self-sufficient program that can be run anywhere on your web page. This component, or ActiveX control, could be anything from a scrolling marquis to an animation that is seen on the web page. It could also be an area where the visitor enters information about himself or his credit card. ActiveX is useful in marketing because it can be used to make web pages much more interesting as well as efficient and effective.
Another common method of malware intruding an unprotected system is when visiting a site in Internet Explorer that displays an advertisement or misleading download link that you have to click on to continue. That's when the site installs one or more programs on your computer, without asking any further permission. Sometimes these are referred to as 'Drive-by Downloads'.
The Vulnerability route
Another method of "infection" is through exploiting security holes in Internet Explorer. Even if a user doesn't click on something on web page, a malicious site can deliver its payload of malware. CoolWebSearch, one of the most notorious pests in recent times is suspected to be installed by pop-ups exploiting security holes in IE. Merijn Bellekom has fully documented the metamorphosis of CoolWebSearch in his Coolwebsearch chronicles.
Covert Action
Yet another method uses javascript, a web page opens another page running a javascript. When the surfer closes one web page, the javascript page covertly resets the homepage. The script is written in such a way that any time the surfer attempts to reset the homepage, the program automatically resets it again.
-A scripting language developed by Netscape to enable Web authors to design interactive sites. Although it shares many of the features and structures of the full Java language, it was developed independently. Javascript can interact with HTML source code, enabling Web authors to spice up their sites with dynamic content. JavaScript is endorsed by a number of software companies and is an open language that anyone can use without purchasing a license. It is supported by recent browsers from Netscape and Microsoft, though Internet Explorer supports only a subset, which Microsoft calls Jscript.
Many dialer programs use hidden windows, when the user opens the web browser after installation of a carrier software package, which masquerades as a useful program like free games or a screensaver, the dialer application opens in a new hidden window, turns off the sound of the users computer and calls a phone number without the users permission.
On the other hand Trojans can be spread in the guise of literally ANYTHING people find desirable, such as a free game, movie, song, etc. Victims typically download a Trojan from the web archive, got it via peer-to-peer file exchange using IRC/instant messaging/Kazaa etc., or just carelessly opened some email attachment. Trojans usually do their damage silently. The first sign of trouble is often when others tell you that you are attacking them or trying to infect them!
Viruses enter your system via e-mail, downloads, infected floppy disks, or (occasionally) hacking. You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening an infected document.
I Don't Jump High, I Fly Low.
Doctor Inferno- Posts : 2349
Joined : 26 Dec 2007
Location : †Virus Vault†
Operating System : [Dual Boot] XP Pro & Vista Ultimate
Country :
Re: All About Malware
by Doctor Inferno on Sat 29 Dec 2007, 11:25 am
Symptoms of Infection
Sometimes, there are obvious signs that there is malware on your computer, sometimes there is not. At first, the signs are subtle; your Computer seems to have a mind of its own. Malware programs contact other computers for various purposes and each of them is a program of its own, therefore they use system resources such as CPU cycles, memory and an Internet connection. A sudden change in how your computer is running could be a sign of spyware or adware. The really hard part about spotting spyware symptoms is that they often appear to be normal Web or computer operations. So, you may not recognize them as a symptom.
Below are some of the symptoms that may reveal that you have malware operating on your computer. Note that a few of these symptoms could also be from a number of other reasons.
Spyware Symptoms - Symptoms that may indicate a Spyware infection
* One of the oldest and most common spyware tricks is to automatically change your Web browser's default or start-up homepage - the page that first appears when you start your browser or click the "home" button.
* You end up in a same strange site, whenever you perform a search.
* Your firewall and antivirus programs are frequently turned off automatically.
* Your network connection's activity lights blink a lot, when you are not actively doing anything on the internet.
* You are unable to stop the excessive popup windows that appears from nowhere.
* Your computer (not just your connection speed) slows down significantly whether online or offline.
* Strange icons and new shortcuts lurking in your taskbar, system tray or on your desktop.
* You find new programs in the add/remove programs of your control panel which you don't ever remember installing.
* You notice an unusual amount of new favorites and are not sure how they got there.
* Strange problems occur within windows, (performance issues, programs not working as they should, etc)
* You are redirected to a strange site instead of 404 error page, when a web page isn't found.
* You get frequent alerts from your firewall about an unknown program or process trying to access the internet.
* You get a lot of bounced back mail and see evidence of e-mails being sent without your knowledge.
* Your browsing speed becomes very slow since you installed the "ultimate search companion".
* Strange and unexpected toolbars appear in your web browser and you don't know how it got there.
* Your phone company charges you for '1-900' phone calls you didn't make.
* When you try to open spyware eradicating programs like Spybot S&D, Adaware or windows programs like Task manager, Regedit and Msconfig, they just pop up on your screen momentarily and disappear.
* The Java console appears in your task bar when you hadn't run any Java software recently.
Virus Symptoms - Symptoms that may indicate a virus infection
Hoax email messages about viruses are extremely common. Messages which suggest that just reading an email message (rather than opening an attachment) can wipe your hard disk or your BIOS usually are hoaxes, as are messages which say "Please send this email to all your friends".
If you receive virus warning messages which don't come from a known expert, the best response is to consult the website of a well-known anti-virus company. Useful information about virus hoaxes is maintained by McAfee, Nortons, Vet, and Sophos.
Some common symptoms that could indicate your system's been infected are:
* Unusual messages or displays on your monitor
* Unusual sounds or music played at random times
* Your system has less available memory than it should
* A disk or volume name has been changed
* Programs or files are suddenly missing
* Unknown programs or files have been created
* Some of your files become corrupted or suddenly don't work properly
Another method you can use to detect viruses is to monitor the byte size of the programs installed on your hard drive, particularly .exe and .com files. If you notice any unexplained change in file sizes, this is a good indication that your system has become infected. This can be a difficult and tedious method of checking your system, however, and installing anti-virus software is a better alternative.
Trojan Symptoms - Symptoms that may indicate a Trojan infection
* Your computer screen flips upside down or inverts
* Your wall paper or background settings change by themselves
* Documents or messages print on your printer by themselves
* Your windows color settings change by themselves
* Your screen saver settings change by themselves
* Your right and left mouse buttons reverse their functions
* Your mouse pointer disappears
* Your mouse moves by itself
* Your mouse starts leaving trails
* Your Windows Start button disappears
* Your computer starts reading the contents of your computer clipboard
* Your Task bar disappears
* Your computer shuts down and powers off by itself
Sometimes, there are obvious signs that there is malware on your computer, sometimes there is not. At first, the signs are subtle; your Computer seems to have a mind of its own. Malware programs contact other computers for various purposes and each of them is a program of its own, therefore they use system resources such as CPU cycles, memory and an Internet connection. A sudden change in how your computer is running could be a sign of spyware or adware. The really hard part about spotting spyware symptoms is that they often appear to be normal Web or computer operations. So, you may not recognize them as a symptom.
Below are some of the symptoms that may reveal that you have malware operating on your computer. Note that a few of these symptoms could also be from a number of other reasons.
Spyware Symptoms - Symptoms that may indicate a Spyware infection
* One of the oldest and most common spyware tricks is to automatically change your Web browser's default or start-up homepage - the page that first appears when you start your browser or click the "home" button.
* You end up in a same strange site, whenever you perform a search.
* Your firewall and antivirus programs are frequently turned off automatically.
* Your network connection's activity lights blink a lot, when you are not actively doing anything on the internet.
* You are unable to stop the excessive popup windows that appears from nowhere.
* Your computer (not just your connection speed) slows down significantly whether online or offline.
* Strange icons and new shortcuts lurking in your taskbar, system tray or on your desktop.
* You find new programs in the add/remove programs of your control panel which you don't ever remember installing.
* You notice an unusual amount of new favorites and are not sure how they got there.
* Strange problems occur within windows, (performance issues, programs not working as they should, etc)
* You are redirected to a strange site instead of 404 error page, when a web page isn't found.
* You get frequent alerts from your firewall about an unknown program or process trying to access the internet.
* You get a lot of bounced back mail and see evidence of e-mails being sent without your knowledge.
* Your browsing speed becomes very slow since you installed the "ultimate search companion".
* Strange and unexpected toolbars appear in your web browser and you don't know how it got there.
* Your phone company charges you for '1-900' phone calls you didn't make.
* When you try to open spyware eradicating programs like Spybot S&D, Adaware or windows programs like Task manager, Regedit and Msconfig, they just pop up on your screen momentarily and disappear.
* The Java console appears in your task bar when you hadn't run any Java software recently.
Virus Symptoms - Symptoms that may indicate a virus infection
Hoax email messages about viruses are extremely common. Messages which suggest that just reading an email message (rather than opening an attachment) can wipe your hard disk or your BIOS usually are hoaxes, as are messages which say "Please send this email to all your friends".
If you receive virus warning messages which don't come from a known expert, the best response is to consult the website of a well-known anti-virus company. Useful information about virus hoaxes is maintained by McAfee, Nortons, Vet, and Sophos.
Some common symptoms that could indicate your system's been infected are:
* Unusual messages or displays on your monitor
* Unusual sounds or music played at random times
* Your system has less available memory than it should
* A disk or volume name has been changed
* Programs or files are suddenly missing
* Unknown programs or files have been created
* Some of your files become corrupted or suddenly don't work properly
Another method you can use to detect viruses is to monitor the byte size of the programs installed on your hard drive, particularly .exe and .com files. If you notice any unexplained change in file sizes, this is a good indication that your system has become infected. This can be a difficult and tedious method of checking your system, however, and installing anti-virus software is a better alternative.
Trojan Symptoms - Symptoms that may indicate a Trojan infection
* Your computer screen flips upside down or inverts
* Your wall paper or background settings change by themselves
* Documents or messages print on your printer by themselves
* Your windows color settings change by themselves
* Your screen saver settings change by themselves
* Your right and left mouse buttons reverse their functions
* Your mouse pointer disappears
* Your mouse moves by itself
* Your mouse starts leaving trails
* Your Windows Start button disappears
* Your computer starts reading the contents of your computer clipboard
* Your Task bar disappears
* Your computer shuts down and powers off by itself
I Don't Jump High, I Fly Low.
Doctor Inferno- Posts : 2349
Joined : 26 Dec 2007
Location : †Virus Vault†
Operating System : [Dual Boot] XP Pro & Vista Ultimate
Country :
Re: All About Malware
by gtf004 on Sat 29 Dec 2007, 3:13 pm
Nice one Doc. This should help a lot of people, especially those who aren't very tech savvy.
gtf004- Newbie Surfer
- Posts : 18
Joined : 29 Dec 2007
Location : Florida, USA
Operating System : Windows Vista Ultimate, Windows XP Pro, Backtrack 3, Mac OSX Leopard
Country :
Re: All About Malware
by pyari on Sun 13 Jan 2008, 7:32 pm
nice info Doc. see more things like that. This is the first visit. see ya later.
