Malware: Wading Through the Jargon

By | March 29, 2006

Knowing the jargon is the first step to protecting your data and your computer system so that you can concentrate on more important work or play. This is the definitive guide to all you need to know about malicious code. Malware has been with us since 1981.

One of the earliest prophetic examples, however, of the susbstantial damage that viruses could generate was recorded in 1987 when a large network (ARPANET) used by universities and the US government was infected and disrupted by a virus.

Robert Morris, son of a computer security expert for the National Security Agency, sent malicious code through ARPANET, affecting about 10% of the connected computer hosts. The code reproduced itself and filtered through network computers; consequently, the size of the files filled computers´ memories, thus disabling numerous machines.

Today 90% of computers with an Internet connection are infected by viruses, Trojans, worms, spyware and adware. But what are these? What do they do exactly? What are the risks to you and to everyone else? What can non-tech users do to learn the jargon and be armed with critical information to beat the odds and keep their computers as clean as possible?

This article is the definitive guide to learning the types of threats, their consequences and how you can combat them.

What are Viruses?

Viruses are programs or pieces of code that are designed to perform a negative operation without your permission. Viruses are usually loaded, without your knowledge, through Floppy, CD or similar devices, through networks and through the Internet. Some of these illegal operations may be harmless while others are extremely malicious and often wreak havoc across thousands of computers. Computer viruses attach themselves to other programs (usually executables) or files so they can spread from one system to another through human intervention (e.g., sending an attachment via email). At times these files may be dormant until you actually run the particular program executable.

What are Worms?

Even a simple virus may bring a system to a halt by using up all the memory on your computer. The more dangerous viruses usually transmit themselves across networks and bypass security systems. Viruses that replicate themselves and use memory but that do not attach themselves to another program are called Worms. These are a sub class of virus with the dangerous property of being able to travel without human intervention. These viruses infect other computers through a variety of ways including email. Peer-to-Peer programs (like Kazaa or e-mule) and Internet Relay Chat.

The worm Oscarbot.AY, for example, according to Panda Software, “connects to the IRC server, joins a certain channel and waits for remote control commands to be carried out on the affected computer. These control commands include downloading and running files, update its own code and delete itself, for example”. The worm can also be instructed to spread by using AOL Instant Messenger.

The biggest danger with worms is their ability to replicate themselves within your system. The net result is that rather than your computer sending out a single virus, it could send out hundreds or thousands copies. First detected last year and still in circulation, Netsky.P, according to Panda Software, is a worm that is automatically activated when the infected email is viewed through Outlook´s Preview Pane. Netsky.P is a severe threat and exploits vulnerability in Internet Explorer which allows e-mail attachments to be run automatically. It propagates through email and peer-to-peer programs so it is considered to be highly and easily infectious. In this way your computer can infect several tens or hundreds of others.

In many cases worms consume so much system memory and/or network bandwidth causing web servers, network servers and individual systems to crash or stop responding.

What are Trojans Horses?

As the name suggests, Trojans are malicious programs that disguise themselves as a useful or benign software “tricking” recipients into opening or installing them on their systems.

At first glance, Trojans appear to be legitimate software or files from a legitimate source but some actually can wreak serious damage to infected systems. The less harmless Trojans change your desktop by adding icons or changing your browser´s home page. The more harmful ones actually delete files and destroy data or information on your computer. There are Trojans that create a “backdoor” or a “trapdoor” – this is an undocumented way that hackers use to gain access to a program, an online service or an entire computer system. This gives hackers free reign on your computer and allows them to compromise your confidential or personal information (including credit card details if stored digitally). Trojans do not reproduce by infecting other files nor do they self-replicate.

What are Spyware, Adware and Diallers?

Away from the realm of viruses, Trojans and worms but closely related is the infamous spyware, adware and diallers. Any software that collects information on the user without his or her knowledge is spyware. This software usually transmits the information (email addresses, passwords, URLs visited, credit card details) gathered via the Internet to a third-party. Most applications use the data collected for advertising purposes – others write spyware to collect data and, once collected, to sell that data to third parties. Spyware applications are usually bundled as a hidden component of free- or shareware that are downloaded through the Internet. Similar to a Trojan horse, users unwittingly install the product which contains the spyware (disguised). Spyware uses up computer memory and other resources while also effecting your bandwidth as it sends all the collected data through your Internet connection. The often leads to crashes and/or general system instability.

ISTbar is a rampant low threat spyware program that installs other spyware and adware programs while displaying pop-ups adverts from adult sites, changing your Internet explorer homepage to, and adding a toolbar to your Internet Explorer.

While Spyware is illegitimate, Adware is very legitimate. Sometimes software companies offer their programs, games or utilities free of charge with sponsored links or adverts offering products until you pay to register (and remove the adverts). In most cases you will be able to use the full features of the product but you will be unable to disable viewing the adverts until you purchase a registration key. This is a legitimate source of revenue for companies offering their software free to users (for example, Eudora). However, while Eudora in its sponsored mode is not malicious others track your habits and provide information about you to third parties.

Diallers are programs that disconnect your telephone connection to the Internet and initiate another call to a premium-rate number (often international) with the obvious consequence to your phone bill!

What are Keyloggers, Hijackers and Trackware?

Keyloggers or trackware are often considered as spyware in that they are applications that record your key-strokes (on your key board) on to an encrypted log file. Keyloggers can record instant messages, emails and any information that you are typing at the time. Some even record email addresses you use and the websites you visit. These surveillance tools will send information to third-parties without your knowledge. Hijackers change user information such as browser home and search pages, interfering with search pages. Some programs allow hackers to actually hijack your system completely.

What are Denial of Service (DoS) Attacks?

DoS Attacks are designed flood networks (including Internet) it with useless traffic. To Internet Service Providers, for example, this means that their service network which connects hundreds of thousands of users to the Internet is brought to a halt for a number of hours.

What are Root Kits?

Recently, a friend of mine told me a story of how, last year, her network was threatened when hackers breached her web-hosting system with the intent of searching for and stealing credit card details. These hackers installed what is called a root kit which overwrites certain operating system files with the hacker´s version of the program and eventually the system. Once the root kit is installed onto the system, the hackers will kill the original processes to start their own. If reboots are needed, hackers may trick administrators into thinking that a critical system has become unstable – so the administrator would reboot the system. When the computer is restarted, the hacker´s program is loaded and the critical operating system files are at the mercy of the hackers to do as they bid.

Leave a Reply