Malicious Logic -- A Threat To Your Computer

Phish    Scams

Malicious logic has been an issue in the computer industry since about 1990. "Malware" is a broad term for the various harmful forms of code that hackers try to get onto your system. The term "virus" works just as well, but you'll see that it has a specific meaning now.

Some common terms to know:

"malware": a broad term that covers all forms of harmful code. People use the term "virus" as the same thing and that's fine too.
How it spreads:
"virus": the original malware, a virus is a piece of malicious logic that copies itself onto other computers. That's if we're being technical about terms.
"worm": malicious logic that spreads by mailing itself as an attachment.
"Trojan" or "Trojan horse": malicious logic that installs on your computer under cover of a harmless program. Downloaded games are notorious for bearing Trojans but they are only one of many sources. A spam e-mail may link to a website with a Trojan download rather than carry the malware in the e-mail itself.
What it does:
"spyware": malicious logic that sends information from your computer to a hacker. 
"adware": technically not malware, but adware causes unwelcome messages to pop up on your system.
"zombie": malware hackers use to control your computer and, in most cases, use it as a node to send spam.
There are still malware pieces around that pop up rude messages, hijack your Internet browser, or destroy files.

Malware may combine these elements -- that is, a zombie may be a Trojan and it may also be a worm.

Spam and phishing are not themselves forms of malware, but spam and phishing messages often have malware attached or they may link to a site that will try to get you to download malware.

What can malware do?

The early viruses were basically pranks. They might slow a computer down, damage or delete data, or cause other problems -- often very expensive problems for businesses. But they didn't do anything very valuable for the hackers who set them loose.

Malware has changed drastically. Most important, spyware and Trojans can find valuable information on a computer and send the information to a hacker. Some people have been victims of identity theft and credit fraud because a hacker got their credit data or other sensitive information.

"Zombie" malware gives a hacker control over your computer. Hackers create networks of zombie-infected computers, called botnets. The hacker can use the botnet to send spam by the thousands and sometimes botnets are used to attack a website so that it can't do any legitimate business. This is called a Distributed Denial of Service attack (DDS or DDOS).

If your computer gets infected with a worm, the worm will try to send itself to any e-mail contacts you have. This is especially dangerous because your e-mail contacts are likely to trust the e-mail -- after all, it came from you! They may open the attachment (the "worm" element) and infect their own computers. You can guess the rest.

How does malware get onto a computer?

When we traded floppy disks, they were the most common way of spreading malware, and even now you could download a malicious file from any media. But now people usually load malware on their computers in two basic ways: e-mail attachments and downloads from websites.

Hackers send malware attached to e-mails and wait for the users to open the attachment. The attachment installs the malware payload, often behind the installation of something that looks harmless like a game (the Trojan element). We've had two attempted attacks recently where a phish claimed to be confirming an order and the message said the order details were in the attached ZIP PDF file. Our anti-virus guard had already identified the Trojan/spyware payload. On-line companies send out order confirmations in e-mail, but it's almost always the body of the e-mail. There's no reason for the order information to be a PDF file and there's no reason for a PDF file to be zipped.

Spam e-mail often contains links that lead to hacker websites and that will try to download malware from the hacker's site. Gaming sites are notorious as sources of malware. Visitors -- commonly young people but not just young people -- visit a gaming site and accept a download of a cool game or video. They get the cool game or video and the hacker gets a new zombie. This is a special hazard for home computers if you have teenagers.

What do I do about malware?

E-mail and download safety:

E-mail attachments are a valuable way of sharing data and other files, including family pictures. If you're going to send an e-mail of any kind, I suggest you put something like this in the subject line:
     Brenda Jones  -- Int'l Widgets Inc -- Excel file
     Bill and Sue -- pictures of kids

This is a good habit anyway, since it tells the e-mail recipient who you are and what the e-mail is about. It also helps the recipient see that the e-mail isn't spam and that attachments are safe. It's also a good idea to phone or send an e-mail ahead of the attachment e-mail so your partner knows that it's coming. And include your phone number in the e-mail so the recipient can call you and verify that the attachment is safe. We've seen some spam with subject lines like "Mark Adams wrote: " but that isn't quite the same pattern.

At the receiving end, the answer is simple: Only open an attachment if you know where it came from and why you're receiving it. If you have any doubts, any at all, try to call the person who sent the e-mail. If you can't reach the sender, delete the e-mail and then delete it from your Deleted Items folder. If you really need the file, the sender still has it. Get in touch with the sender and the sender can e-mail the file again.
Dangerous files can come from people you know. Entré has blocked malware attacks from major corporations and from people we know because a virus or worm got loose behind a network firewall and starting blasting e-mail lists.

The same basic rule applies to downloads from websites. You must only accept a download if you went looking for it, at a site you know is safe, and you know why you need that download. We download files from websites all the time to work on our computers and to do business.  So it's absolutely crucial that you only download safe files.

Anti-virus software and spam blockers

Anti-virus software recognizes both established malware and some patterns that usually identify malware. The malware teams are constantly changing the form of the attacks, so it's vital to keep your anti-virus software up to date. Since a lot of malware comes attached to spam, or has links in spam, a spam blocker will reduce your exposure to malware too.

SpamBayes (http://spambayes.sourceforge.net/windows.html) is an excellent spam blocker for network use and you can also use it on a home computer.

Internet and e-mail content filters can also help. If you block access to gaming sites and if you block certain terms in e-mail, there will be much less chance of running into malware.

Firewall

Firewall hardware and software block external access to your computer but they still let you receive e-mail and use the Internet. There are many types to suit different business needs. If you need to permit some access from outside your network, you'll use one type of firewall. If you want to block all access, you'll use a different type. Our security experts can help you select an appropriate firewall. Windows XP comes with an appropriate firewall for home users.

Removal

If a malware attack gets through your safeguards, you'll probably need professional help to remove the malware and to try to repair any damage it's done. You may also need to contact your credit card companies or banks if there's reason to think your identity information has been stolen. We're always ready to help you if you have malware problems.

Entré Technology Services, LLC 406.256.5700