Malware: What is it really?
Malware is a household name nowadays. So is virus, worm, and trojan. To us, criminal hackers (as opposed to the good-guy hackers fighting for us, or simply learning how the system works) are the boogie men and these are their weapons, their tools. These malicious programs, A.K.A Malware, are indeed tools. They are used by criminal hackers to manipulate your computer into doing what they want, but just as a painter has more than one kind of brush, a criminal hacker has many different kinds of malware at his disposal.
At its core, malware is just a piece of code. Some are extremely simple, even just a single line. Others are far more complicated, spanning thousands upon thousands of lines of code–calling servers and other networks into play–creating a virtual army against you. Large or small, they all have one thing in common: If they don’t have a chance to run, they are harmless. A knife is only harmful if it stabs or cuts you. Keep it in the sheath and it is just a paper weight. Likewise we can render malware impotent by identifying it for what it is, and avoiding it’s sting.
The first step in preventing malware from running is to identify it. As you can probably guess, this is easier said than done. Thieves and assassins rarely identify themselves. However, they all have their signs, and that is how you detect them.
Here is a quick rundown of the common types of malware and how to avoid falling victim to them:
Virus: These are small lines of code that attach themselves other programs. When that program is run the extra code executes, and the deed is done. The important fact to consider here is that anything can be “run” in the world on computers. A picture is “run” when you view it, and email can run when it is opened, and a web page can run when visited. The best defence against viruses is a good quality antivirus. We at MintzIT suggest Bitdefender Total Security.
There is a constant war of attrition between the producers of malware and the producers of antiviruses. An antivirus program protects you by quickly scanning every file against a known list of malware before the file(s) execute, thus protecting you from the malicious effects. New and improved malware are produced every day and so the best antiviruses use an AI to detect previously unknown malware.
Trojan: These are malware masquerading as legitimate and useful programs. Much like the ancient wooden horse, these tricksters look and run like any other program. Often found in the form of free games, PC Cleaner utilities, Adobe Flash. Trojans do, or at least appear to do, what they claim to, but in the background they are also sneaking in other malware. Often it is a trojan that invites the more damaging malware into your PC, such as a Rootkit. Be very mindful of what programs you download, and from where it is being downloaded from. Nothing is truly free on the world wide web. Always consider what the hidden cost is.
Worm: Ever split a worm in two and found yourself with two worms? Well, I haven’t either, but we’ve all heard about the legendary regeneration and reproduction abilities of the humble worm. So what is the malware worm is good at? You guessed it: reproduction. The worm is designed to immediately seek out each and every avenue of spreading itself as fast and as far as possible. Email is generally the most popular option, but a shared USB flash drive, social media sites, and file sharing programs are just as effective. Be wary of email attachments and if you find a USB drive just lying around, think twice about plugging it in.
Rootkit: The Rootkit gets its name from the old UNIX term root. It’s the hidden user that runs all the system processes that keeps you computer running. A rootkit is a “kit” that uses “root” privileges to wreck havoc on your system, all without your knowledge. Think government agents: men in black suits. What if a thief or assassin got hold of FBI gear–the suit, badge and everything else? They could walk right through your front door and take all you stuff and you’d be powerless to resist. Or they could bug your house and listen to your every word. Scary! How does one protect against a rootkit, then? Simple: Don't let it run as root in the first place. Rootkits require privileges to give themselves privileges. This is accomplished in two ways. One, they trick you into giving them the access. Trojans often install rootkits as a part of their install process. The 2nd method is through exploits. An exploit is a bug or error in the code that makes up a legitimate program. The best defence against exploits is to keep your programs up to date and uninstall any old programs that you no longer use. Adobe Flash Player, Java, and web browsers like FireFox and Internet Explorer should ALWAYS be kept up to date.
Adware: Adware is perhaps the least dangerous of the bunch, but also the most annoying. It is not inherently malicious, but simply any program that displays unsolicited ads. Often, legitimate software will offer a free version with ads and then requires you to pay to remove them. This may be a fair trade of for some, but be wary. Ads that generate revenue for the software producer need to report back to prove that they are working. That is how the producers get paid. Even if that open connection to the internet is only being used for that purpose, it is still an open door to your computer and thus a vulnerability. MintzIT strongly advises that no adware be installed on any system. Either purchase the full version or go without.
Spyware: Spyware does exactly as the name says: it spies on you. Anything you type (including passwords), any website you go to, any file you open, it is all fair game. Probably the most common advice I’ve given to anyone who thinks that their computer might be infected is to not login to their bank, check their email, or open any sensitive file until it is cleaned up. The next step is to change your password on every site you have accessed, on a clean computer of course!
Cleaning up spyware usually takes a handful of tools, so should be left to the professionals.
Ransomware: I’ve saved the best for last today. You’ve probably heard of ransomware. It’s been on the news a lot recently, and for good reason. Ransomware encrypts your files–and often backups and other computers on the same network–preventing anyone without the proper key from reading them, and the criminals in control of the malware hold the key. They will charge you hundreds, even thousands of dollars for that key. Unfortunately, once ransomware has encrypted your files there really is nothing you can do but pay or accept the lost and start fresh. Furthermore the process in which these people operate makes it nearly impossible to track them down for arrest. So once again, the best defense is to not let the Ransomware run in the first place. This is best accomplished by following some basic computer best practices:
- Always log in with a non-administrative account. Never log in with an administrative account.
- Use Application Whitelisting to prevent any unknown application from running.
- Download applications from the developer website, not from "free software" sites.
To be protected in the event ransomware strikes, use an internet-based backup service such as CrashPlan or Carbonite. Local backups are often victims of the encryption.
Kyle Dozier, CompTIA A+, Network+, Security+, ACSP
Certified IT Consultant
Mintz InfoTech, Inc.
505.814.1413 • 888.479.0690 • www.mintzit.com