What is Malware? Definition: Definition: A generic term used to describe any form of malicious software; e.g., Virus, Trojan horse, Spyware, Adware, Malicious ActiveX web page, Rootkit, Zombie.A generic term used to describe any form of malicious software; e.g., Virus, Trojan horse, Spyware, Adware, Malicious ActiveX web page, Rootkit, Zombie. Jonathan Held Presented 9/13/2005
Install strange programs Install strange programs Slow internet connections Slow internet connections Slow PC performance Slow PC performance Cause system instabilities/ crashes Cause system instabilities/ crashes Web popups Web popups Change IE settings Change IE settings View / Steal any information on the PC View / Steal any information on the PC Open you up to identity theft Open you up to identity theft Log all keystrokes typed Log all keystrokes typed Cause your PC to attack others (laptops) Cause your PC to attack others (laptops) Render your PC unusable Render your PC unusable What Harm Can Malware Do?
90% of home users are infected with malware. 90% of home users are infected with malware. 20% of home computers are infected with a virus 20% of home computers are infected with a virus 88% of the infected users don’t even know they are infected with malware. 88% of the infected users don’t even know they are infected with malware. 2 of every 3 users don’t have an activated firewall, & 1 of the 3 firewall-using folks have their firewalls improperly configured 2 of every 3 users don’t have an activated firewall, & 1 of the 3 firewall-using folks have their firewalls improperly configured Some worms have infected millions of computers within just a few minutes. Some worms have infected millions of computers within just a few minutes. Malware is responsible for a third of all Windows application crashes Malware is responsible for a third of all Windows application crashes Viruses alone cost businesses around the world $55 billion per year. Viruses alone cost businesses around the world $55 billion per year. How Bad is the Problem?
HOW TO TELL IF YOUR COMPUTER IS INFECTED WITH MALWARE Sluggish system, Decrease in system performance. Computer boots up slower than usual. Pop-up ads, while you're not even running your web browser. Unwanted changes to Web Browser settings - home page, search page, new toolbars, new added Favorites. Hard Drive keeps losing free space. New messages, errors, and icons, for programs you never installed, especially on startup. Programs crash more often, even after rebooting. Suspicious or new Windows processes. (Advanced Users)
What are the different types of Malware? How do they get onto my computer?
TROJAN Files SPYWARE ADWARE / POPUPS KEYLOGGER Rogue FTP server Remote Acc.Backdoor VIRUS DDOS ZOMBIE SPAM RELAY (SpamBot) ROOTKIT DIALER DIFFERENT TYPES OF MALWARE Best to Worst DAMAGE All malware will cause sluggish performance and crashes, and here are some additional annoyances: Nuisance Some viruses can cause data loss. Telephone fraud, overseas #s Hard Drive space will dwindle Any data on your computer can be viewed or stolen, even your keystrokes. COMPLETE SYSTEM COMPROMISE. Your PC is used only to attack others BROWSER HIJACK
Malware is usually “Bundled” This makes some sophisticated Malware difficult to remove. Windows reinstallation is sometimes required, and recommended annually.
SPYWARE: Any program which secretly collects and transmits user information (visited websites, search terms, etc) through the user's Internet connection without user’s knowledge, usually for advertising purposes. Aside from privacy issue, it also slows down computer and internet connection, and creates system instability and crashes. VIRUS: A small “parasite” program that attached to a program or file on your computer’s hard drive without your knowledge, and runs against your wishes. Viruses replicate themselves when the file is shared with others. Their payload is usually harmful, deleting files, opening up the PC for other infections, Slowing the computer to a halt, etc. WORM: Similar to a virus, but more powerful – doesn’t need a host “file”, and Spreads much more quickly over network. EXPLOIT / HACK: small programs or methods which attacks particular unpatched security holes. Not self-replicating. An attack vector which opens up the PC for further infection. Once a computer is Hacked, the hacker has complete control over the PC, and can proceed to install viruses, spyware, FTP servers, and anything else. TERMS
BROWSER HIJACK: Web sites that, when visited, set the user's default browser home page to an unwanted URL, change the default search engine, or add unwanted toolbars and other custom plugins/add-ons to the user's browser and system. FIREWALL – Software which runs in the background and blocks suspicious activity to & from a computer’s 65,000 network ports. Will block *most* Malware, But not all. Windows XP SP2 has a Firewall built-in. PATCH (WindowsUpdate.com) – a small modification to the Windows OS code, to close up a recently discovered vulnerability. TERMS
Removal
I THINK MY PC IS INFECTED WITH MALWARE …WHAT NOW? If it's an IFEM computer, tell Jon. Update and run Spyware Scanner first, if you have time. Run 2 spyware scanners. Make sure to update them first. They will detect and remove most of your spyware. (Microsoft Anti-Spyware, Spybot Search&Destroy, Ad-Aware) Run a full virus scan. Update your virus definitions first. Go to Control Panel, Add/Remove Programs, and remove any programs you've never heard of, or you don't need. (don't touch the Microsoft programs!)
Microsoft AntiSpyware. Easy to use, easy to install, has straightforward friendly "real-time" protection. Spybot Search&Destroy. Catches more Malware than the Microsoft product, but "real time" protection is sub-par. Ad-Aware. Similar to SpybotSD above, a little easier to use. Does not offer “real-time” protection. HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
I THINK MY PC IS INFECTED WITH MALWARE – WHAT NOW? ► If it's a browser Hijack, Run "Hijack This", or MS AntiSpyware. ► Use a Process Viewer, such as TaskInfo (Advanced users) Terminate suspicious processes and Services, check Registry “Start” section. As a last resort: ► Reformat hard drive, reinstall Windows & all your programs. (back up your files first!) OR ► Take your PC to a repair service, such as HomePCHelpers or Geeksquad.
Serv-U.exe GAIN.exe akjughwtlpztq.exe Slave.exe dameware.exe fxsvc.exe Winshel.exe service.exe Microsofts.exe MALWARE PROCESSES
Installation files for these programs are in The IFEM Shared Folder, for your use: \\shiva\shared\Malware Tools\
How does Malware spread?
attachments, and shared infected files. attachments, and shared infected files. “Bundled” with a software installation (usually Shareware and Web toobars & add-ons) (IFEM installs policy) “Bundled” with a software installation (usually Shareware and Web toobars & add-ons) (IFEM installs policy) An infected PC on the network An infected PC on the network Peer-To-Peer (P2P) applications and services (like Skype, Kazaa, Limewire, etc) Peer-To-Peer (P2P) applications and services (like Skype, Kazaa, Limewire, etc) Worm or Virus Worm or Virus Exploit / Hack (Exploits of security flaws within the operating system or the web browser) Exploit / Hack (Exploits of security flaws within the operating system or the web browser) How did I get Malware on my Computer? How does it spread?
VISITING MALICIOUS WEB SITES Clicking a web popup. For example, Clicking “close” or “OK” on a pop-up or ad when it’s really a link to another web page. Automatic installations by visiting certain web sites (“drive-by-download” ) How did I get Malware on my Computer? How does it spread?
…tricks users into installation by the use of deceptive buttons and hyperlinks, false error boxes and system notices, uncloseable popups,or other confusing GUI elements; …falsely poses as Microsoft Windows Update software,"anti-spyware" software, or other software that may be desired by users.
SHAREWARE Adware (Sponsored) Crippleware (Certain features are Disabled, or limited “Save” cabability) Nagware Software downloadable free of charge, but the author usually requests that you pay a small fee if you like the program. Shareware is inexpensive because it is usually produced by a single programmer and is offered directly to customers. Some shareware is “bundled” with spyware. Always check customer reviews or Google Before you install shareware, and make sure to run spyware scan after you install. Limited Trial (15 days, etc) Honorware Different Types:
Prevention
HOW DO I PROTECT MY COMPUTER IN THE FUTURE? ► Keep your Anti-Virus program AND Anti-Spyware Scanner up to date. Run them in background at all times. Do full scans a few times per month. ► Install *all* critical Windows Updates, from OR make sure it's set to “Automatic". Laptops must be updated manually, every week or two. ► Install Windows XP Service Pack 2 (look for "Windows Firewall" in CP) ► MAKE SURE YOUR XP SP2 FIREWALL IS TURNED ON. A firewall will protect against SOME malware, not all.
► Don’t view or open spam or unknown attachments. ► Don't click on ANY web pop-ups! ► Set Internet Explorer browser settings to “High”. (optional) ► MAKE SURE you have a strong password for all accounts on your PC. ► Be careful what software you install. Look up the program on Google first, to check if the program is safe. Always do a Spyware scan after installing software. ► Never give out passwords or other protected information, and don't leave them lying around. HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
Microsoft AntiSpyware. Easy to use, easy to install, has straightforward friendly "real-time" protection. Spybot Search&Destroy. Catches more Malware than the Microsoft product, but "real time" protection is sub-par. Ad-Aware. Similar to SpybotSD above, a little easier to use. Does not offer “real-time” protection. HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
► DDOS Attacks. ► Spamming relays. ► Paid by advertising agencies and companies. ► To get personal useful information, such as credit card and SS numbers. ► for fun. ► To show off their skills. WHY DO PEOPLE CREATE VIRUSES AND MALWARE?
Will this stop? No, not in the near future. Currently, few laws are in place, and no one is being convicted, in any country. No, not in the near future. Currently, few laws are in place, and no one is being convicted, in any country. The income potential is attractive to those wishing to work from home, or make extra money. The income potential is attractive to those wishing to work from home, or make extra money. Prevention and awareness is the only protection! Prevention and awareness is the only protection!
Spyware Scanner Screenshots
WindowsXP SP2 Internet Explorer ► added protection from Popups and ActiveX installations!
This website attempted to install unsolicited software or change settings