What is Malware? Malware, is short for MALicious softWARE and is a term used to broadly classify a form of software which is installed in a computer system mostly without the owners permission with malicious intentions. It includes Trojans, viruses, key loggers, malicious active content, rogue programs and diallers among others.

There is another form of software which may be termed as “Trackware”, -because they track, store and analyse your browsing patterns thereby compromising your privacy on the World Wide Web. They are probably less malicious, but unwanted at the same time. It includes Spyware, Web bugs, tracking cookies, and “forced” adware.

Quick Definitions

Following is some basic information about some of the main Malware types:

Spyware

Spyware is defined loosely as any program that secretly gathers information about you and or your computer use through your Internet connection. Typically, a Spyware program gathers information about you by monitoring your computing activities and then transmits it across the Internet to a central server for onward distribution to interested parties for advertising purposes. These programs can also download files, run other programs in the background, and change your system settings.

In addition to violating your privacy and potentially damaging your system, Spyware can slow your computer down by stealing processing time from the CPU. Even though the name may indicate so, Spyware is not an illegal type of software in any way as yet. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product.

Another potential problem is that many are poorly written, may contain programming bugs and errors and can cause problems with the normal operation of your computer. One of the causes of your web browser hanging and crashing frequently with those “General Protection Faults” may be due to one of those badly written Spyware programs interfering with its normal operation.

What is spyware?

Spyware is ANY SOFTWARE which employs a user’s Internet connection in the background (the so-called “Backchannel”) without their knowledge or explicit permission.

Silent background use of an Internet “backchannel” connection MUST BE PRECEDED by a complete and truthful disclosure of proposed backchannel usage, followed by the receipt of explicit, informed, consent for such use.

ANY SOFTWARE communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed: Spyware.

http://grc.com/optout.htm

There are also PC surveillance utilities like key loggers, email and chat loggers, which monitor all activity on a computer. Though designed for businesses, parents and similar environments they can be easily abused if they are installed on your computer without your knowledge.

Adware

Adware is usually a freeware displaying advertising banners within the program interface. The developer creates revenue by selling advertising space in the software product, instead of you having to pay for it. Occasionally, some Adware will also act as spyware which includes information gathering code to send non-sensitive information back to third parties. Some people think that Adware are same as spyware, but Adware isn’t necessarily spyware. While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement, there is almost no way for the user to actually control what data is being sent. In addition to privacy concerns, frequent downloading of advertisement banners and other ads while the user is browsing can slow down the system immensely and for users paying for dial up services by time used, ad-loading and hidden communications with servers can be very costly.

Most of the time, if you prefer a “non advertised” product, you have the option to purchase a version that does not display any banners.

Trojans

A program that comes in secretly and quietly, but it carries a destructive payload. Once you become infected by the worm or virus that that Trojan carries into your computer, it can be very difficult to repair the damage. Trojans often carry programs that allow someone else to have total and complete access to your computer. Trojans usually come attached to another file, such as an .avi, or .exe, or even a .jpg. Many people do not see full file extensions, so what may appear as games.zip in reality could be games.zip.exe. Once the person opens up this file, the Trojan goes to work, many times destroying the computer’s functionability. Scary, eh? You can read more about this here, on our Trojans, Viruses, and Worms reference page. Your best line of defence is to NEVER accept files from someone you don’t know, and if you have any doubts, then do NOT open the file. Get and use a virus detection program, such as Inoculate and keep it updated regularly.

www.ircbeginner.com/ircinfo/ircglossary.html

Viruses

A piece of programming code usually disguised as something else that causes some unexpected and, for the victim, usually undesirable event and which is often designed so that it is automatically spread to other computer users. Viruses can be transmitted by sending them as attachments to an e-mail note, by downloading infected programming from other sites, or be present on a diskette or CD. The best protection against a virus is to know the origin of each program or file you load into your computer or open from your e-mail program.

www.gslis.utexas.edu/~vlibrary/glossary/

Browser Hijackers

Browser Hijacking is caused by malicious code which can alter your browser settings without your knowledge. Browser Hijackers are extremely common.

Here’s a list of the typical effects a Browser Hijacker can have on your system:

• Altering the Homepage, Search Page of your browser
• Changing various options in your Internet settings
• Blocking access to certain functions (parts or all of the internet options screen, registry editor etc)
• Changing to reset (iereset.inf) file to prevent user being able to reset web settings within the internet explorer options screen
• Automatically add sites to your trusted zone
• Hijack of URL prefixes, therefore if you enter a site in your browser without a prefix (ie google.com), internet explorer automatically appends http:// to the address
• This function can be abused to redirect you to any site if you omit the prefix
• Altering your winsock list of providers used to resolve domain names
• Adding a proxy server so all your traffic could be intercepted
• Altering your user stylesheet (normally used for visually impaired users), thereby changing the way websites appear

http://www.adoko.com/hijackers.html

Rootkit

A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. An attacker enters the victims computer through a security loop hole, like a weak password or a missing patch and then installs his favorite collection of tools which will provide him backdoor(s) to remotely access the cracked system and also mask the fact that the system is compromised.

Though not very prevalent currently other than an open source NT rootkit called Hacker Defender, some malware programs are reportedly using rootkit like mechanisms to hide in the bowels of Windows to evade detection and removal.

The name of the malware category rootkits comes from the Unix-based operating systems’ most powerful account — the “root” — which has capabilities similar to the built-in Administrator account in Windows.

Years ago, an attacker who compromised a computer would gain root privileges and install his collection of applications and utilities, known as a “kit,” on the compromised system. The rootkit provided the attacker with capabilities like ongoing remote access to the compromised system, an FTP daemon for hosting pirated software or an IRC daemon for hosting illicit chat channels shared by the attacker with his cohorts.

Typically, rootkits do not exploit operating system flaws, but rather their extensibility. Windows, for example, is modular, flexible and designed as an easy platform upon which to build powerful applications. Rootkits created for Windows take advantage of these same features by extending and altering the operating system with their own suite of useful behaviors — useful, that is, to the attacker. What is a rootkit?

Article: Rootkits – Invisible Assault on Windows: http://www.pcworld.com/news/article/0,aid,120658,00.asp

Web bug or Web beacons

Also called a Web bug or a pixel tag or a clear GIF. Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, that is placed on a Web site or in an e-mail that is used to monitor the behavior of the user visiting the Web site or sending the e-mail. When the HTML code for the Web beacon points to a site to retrieve the image, at the same time it can pass along information such as the IP address of the computer that retrieved the image, the time the Web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values.

Web beacons are typically used by a third-party to monitor the activity of a site. A Web beacon can be detected by viewing the source code of a Web page and looking for any IMG tags that load from a different server than the rest of the site. Turning off the browser’s cookies will prevent Web beacons from tracking the user’s activity. The Web beacon will still account for an anonymous visit, but the user’s unique information will not be recorded.

http://www.webopedia.com/TERM/W/Web_beacon.html

Keyloggers

A Keylogger (KeyLogger, Key Logger, or Keystroke Logger) is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user.

A freeware program to detect Keyloggers running in your system is KL-Detector: detect keylogging activity on your computer!. It can detect keyloggers, but you should remove them by yourself.

Malicious Dialers

Once installed, they can be extremely difficult to remove. The dialler will configure your settings to route you from your chosen ISP to a network specified by the dialler’s programming. The alarming part of this is that you could be charged any amount per minute that the dialler’s distributor has selected, from pennies to hundreds of dollars. Most often the only indication that you might have a dialler on your system is when you receive your phone bill.

What is frightening here is that you do not need to download these programs yourself. A site might attempt to hide the installation by swamping your connection with popup ads so you do not notice the program attempting to install. If you do not have the appropriate security settings for your browser, these programs can and do install without any notice and do not require that you click to agree. A common method is to force a silent install and have wording in the application’s EULA (End User License Agreement) that states that you agree to the charges if the software is installed. The dialer is installed, you connect to the net, and you are billed, regardless of whether or not you agreed to, or even knew that it was being installed.

When the charges on your phone bill finally arrive and you protest them, the dialer companies might make it extremely difficult for you to obtain credit for the charges. You might even be asked to send them a copy of your birth certificate or other personal information. Do not send any personal information!

Tracking cookies

Any cookie that is shared among two or more unrelated sites for the purpose of tracking a user’s browsing and/or gathering and/or sharing information which many users regard as “private”. Definitions of “private” may differ. Some consider any code “private” if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: “1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * ” The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.

These are the more common varieties of malware prevalent in the web at present today.

What are some of the most basic security threats to your computer? Find out in this article, and learn drastic steps that can be taken to protect yourself and your system.

The IT security world has now enriched its vocabulary with such notions as spyware, adware, phishing, zombie PCs, spam robots, etc. Thus software protection from all that malware has appeared. Some developers offer specialized utilities, others supply whole packages of applications for deleting various malicious modules. These programs could be efficient, and thoroughly “clean” the system, if they could prevent zero-day threats from entering the PC.

Recently the amount of Internet threats to users’ PCs has risen disastrously. Last October, as a result of research lead under America Online and National Cyber Security Alliance initiatives, traces of spyware activity were found in more than 80% of users’ computers. The subject is relevant, so it’s time to talk about spyware, why users’ PCs are vulnerable and how to protect your computer from spyware attacks.

What is spyware?

Spyware is a general term used for software that traces user activity on the PC and collects personal info or confidential data without user consent. Spyware can register the websites you visit, the time of visits, all clicks on the keyboard (this is how credit card numbers and pin-codes are often stolen) or monitor and register secretly for software that is in turn installed on a PC.

The most dangerous spyware one which self replicates via e-mail, and installs itself without your consent using software bugs. Software intercepting e-mails and instant messages can collect and transmit confidential information to Internet, and are also dangerous and valid security concerns. Some software may also change parameters of installed security software without your consent. All this makes your computer vulnerable to spyware attacks. Depending on the type of spyware, some programs may warn the developer about users running applications on their PCs, while others are able to make holes for intrusion into the system, or set the modem to make calls, which the PC owner will eventually be billed for. Recently, some shareware programs have been referred to as spyware, such programs extract files from your computer without your consent. One of the most dangerous features of spyware is the ability to transmit collected information to the developer’s PC.

Spyware can enter your PC in a number of different ways. The most common is via e-mail or a Web browser. Also such software may be integrated into “useful” software and downloaded at the moment of “useful” program start-up. Generally such programs are integrated into popular free software, which are downloaded from the Internet, or distributed on CDs attached to magazines.

Why spyware is dangerous?

Spyware doesn’t have much influence on the way your PC runs. Usually, it doesn’t contain viruses, however it can consume a huge amount of system resources. Spyware brings lots of damage in the sense of data confidentiality. Spyware programs register every user step, both inside the system and in the Internet. All information is delivered to the malefactor who collects data in his, not your, interest!

How do I protect my PC from spyware?

Most spyware programs are integrated into freeware that you have to install on your computer, but some are automatically downloaded when you enter a Web site. If a message pops-up on your screen proposing you install a program providing access to Web site content, don’t hurry to press “OK” without checking the software. If there is no need to install some special software to view the Web site, it’s better to refuse downloading extra software.

On some Web sites you can find lists of programs containing harmful spy modules. Looking through these lists can help you learn if such programs have been installed on your computer. Sometimes PC system behavior such as slow typing, periodical alarms of installed firewalls, registration queries to unknown Web sites, system and network efficiency reduction and suspicious file discovery may indicate that spyware is inside. The best way to protect your computer from spyware is to install specialized anti-spy software.

Security Tools

A firewall is considered to be the most popular tool to protect a computer from spyware. Firewalls are integrated into operating systems (OS) and permanently examine incoming and outgoing addresses to computer network ports. They analyse data packages coming to Internet ports and mail ports according to the type of request and the addressee. Most firewalls allow or deny some types of addresses, but this is a weak point because spyware may be integrated inside many packages or disguised as a Web browser. This type of spyware cannot be detected by a firewall, and gets inside the PC to start its malicious activity. Also, firewalls are usually resource-consuming, so the price for relative security is
your PC running much slower.

The problem of firewall relative protection is successfully solved by proactive security systems. Such systems analyze all application activity on the PC for its potential maliciousness, according to predefined rules of malicious or non-dangerous behaviour. In case of a real threat, proactive systems block dangerous programs before any damage to the OS is done.

An anti-spyware solutions called Safe’n’Sec+Anti-Spyware, is a special solution consisting of Safe’n’Sec behavior analyzer — which blocks previously unknown spyware (new modifications) — and the Anti-Spyware module, which detects already known spyware with the help of extended anti-spyware signature databases. This Anti-Spyware module has the option to delete malware from the user’s PC. The solution is absolutely compatible with any traditional security software installed on your computer. Anti-Spyware solutions efficiently protect your confidential data from unauthorized access, whether you work in the system or just browse the Internet.

I have used Eset’s products for many years now and swear by them. The release of version 4 again impresses  me. The interface has been redesigned as well as the pop-up notifications. They seem to glow with pleasing bright colours. I was impressed with the Beta versions that I tested for ESET. Now its fully released, here’s my review.

ESET’s award-winning anti-malware solutions ESET NOD32 Antivirus and ESET Smart Security, for consumers and businesses. The new versions build on ESET’s ThreatSense, the industry’s most accurate proactive technology for detecting viruses and other malware, by adding over 20 new capabilities that improve malware detection, enhance system diagnostics and recovery, and improve management. The latest release continues ESET’s tradition of delivering ultimate security with fast, transparent operation and minimal load on system memory, disk or CPU. ESET’s unrivaled ability to deliver industry-leading proactive malware detection and high system performance can literally extend the life of PCs and laptops while improving their security.

‘In an increasingly complex threat environment, anti-malware solution providers are tasked with packing even more security features into endpoint security products, but must be conscious of system performance when doing so,’ said Andrew Hanson, research analyst, Security Products, IDC. ‘Current economic pressures are causing businesses to extend or freeze PC-replacement cycles, but security expenditures are still required to address the growing threat landscape. Leading security vendors will provide cost effective solutions that successfully integrate multiple layers of protection, while extending the life of the computer by conserving system resources and maintaining performance ‘ all at a price point businesses and consumers can afford.’

ESET’s new detection and diagnostic features (one shown above) safeguard users from deceptive forms of malware by digging deeper into the operating system, files and encrypted browser traffic to identify and eliminate hidden malware threats. The latest version also includes advanced self-defense technology that protects against malware designed to disable antivirus or anti-malware solutions, leaving the user completely unprotected. Together, these new features enable consumers and businesses to proactively block most new malware attacks before they can compromise systems to damage or steal data.

ESET NOD32 Antivirus 4 and ESET Smart Security 4 Business Editions also feature a full-range of management capabilities. These include support for high-end databases, fine-grained control of endpoint security, and even greater scalability for large, dispersed networks. ESET Business Editions include version 3.0 of ESET’s Remote Administrator, which enables businesses to remotely deploy and manage ESET software. New Statistics will help admins and users see trends in infection on the machine.

ESET NOD32 Antivirus 4 and ESET Smart Security 4′s new, industry-first security features include:

• Advanced Archive Scanning ‘ This new feature makes ESET’s consumer products the first to allow experienced users to fully customize scanning to do a ‘deep dive’ of archive files created with popular compression formats, including .RAR, .ZIP and others. Comprehensive controls allow users to define archive scanning with scanning depth, maximum scan time and maximum file size.
• Removable Media Access Control ‘ Gives consumers removable media security for USB flash drives and CDs ‘ protection previously extended only to businesses. The feature gives administrators the ability to allow or block mounting of removable media. If removable media is allowed, dangerous files like AUTORUN.INF are scanned for threats.
• ESET SysInspector ‘ Newly integrated into ESET NOD32 Antivirus 4 and ESET Smart Security 4, this powerful system diagnostics tool quickly discovers hidden/potentially dangerous rootkits without running a full antivirus scan. It can also reveal hidden changes to the operating system, web browser, registry and applications. The scan results are standardized and can be reviewed by IT personnel, speeding up malware analysis and removal.
• ESET SysRescue ‘ Enables users to diagnose and recover compromised systems more easily. Customers build their own system rescue CDs, which can be used to clean up and repair systems compromised by malware without re-imaging the system.

With ESET NOD32 Antivirus 4 and ESET Smart Security 4, the company also adds the following additional features to further improve threat prevention, detection and management:

• Business-class Interoperability and Management ‘ ESET includes powerful features to integrate into multi-layer security environments. Enhanced reporting, support for Cisco NAC, removable media control and improved policy authoring simplify deployment and ongoing management, with improved interoperability.
• Power Conservation ‘ Already the most efficient and lightweight anti-malware products on the market, ESET NOD32 Antivirus 4 and ESET Smart Security 4 go one step further by automatically adjusting performance on laptops to maximize battery life without compromising security.
• Improved Self-defense Technology ‘ ESET software features improved defenses against disabling of the antivirus system by malware or unauthorized users ‘ among other things by restricting changes to ESET’s processes and registry entries to authenticated users.

• User-friendly Interface ‘ Numerous enhancements to the GUI make the product even easier to use. Among many enhancements, there is auto-disabling notifications when full-screen applications like presentations, games or video are running, and a new non-graphical user interface that allows disabled and visually-impaired users to easily interact with the software using screen readers and other assistive technologies.

For a full list of ESET NOD32 Antivirus 4 and ESET Smart Security 4 features, please visit http://www.eset.com/products/.