January 26, 2012 MALWARE

Malware: Threats and Risks – What You Can Do About It, Part 1

If even a small minority of all the hackers out there focused their intelligence, inventiveness and imagination away from malware and into constructive web-based endeavors, we’d all be better off.

That said, don’t hold your breath. Malware is an ongoing problem and scourge to both public and private entities and you need to understand what it is and how to deal with it.  It’s a huge topic so I’ll break up the text into multiple posts.

First of all, you need to know what malware is – executable code that runs on your computer and is designed to cause some sort of damage – either by harming your data or stealing it.  But the operative word is ‘executable’ – it’s a program, therefore it has to be activated, and in most cases requires someone unknowingly installing the malware and running it.

Hackers are constantly looking for new ways to trick users into ‘clicking’ on something – and that simple one stroke click can activate the software and quickly start wreaking havoc.

Last month, for instance, we decided to test a computer sans any AV/malware protection, went online and started browsing.   We checked out Google for Indian flags and clicked on one – suddenly messages popped up that allegedly were from the operating system stating that the disk was broken, partitions couldn’t be found, and other formidable looking warnings.  All looked legit.

Then an alleged Microsoft tool popped up offering to ‘scan’ the warnings.  I know what the real program looks like – this one was an almost identical clone but there were obvious clues that it was a fake.  But since we were running an experiment, we followed along, clicked, and the program claimed to have scanned our entire system in less than two minutes.  Of course, it found several issues that required an immediate fix, and up popped another screen requesting gobs of personal information, including a credit card number – to purchase the software and fix the computer.

We downloaded a Kaspersky emergency cleanup tool and cleared the virus, but even when the computer was clean we still couldn’t access our data –  the scanning tool had set the hidden attribute to all files on the disk, OS, data, programs – everything was hidden and it appeared that the disk was empty.  Once the hidden attribute (attrib-h) was removed, the system was restored.

But you can also get dinged from stealth programs that read what you type – known as keyloggers.  Fortunately this is becoming less commonplace as good AV software will become aware of keyloggers by their behavior.  There’s also software that functions as a browser add-on that can protect your secure websites – if you try to do online banking, for instance, and you’re not connected to the right IP address, the software will stop you.

Lastly, beware of malware being distributed now via HTTP – rather than hand delivering a nice little virus to you via email, the hacker will place the code on a web server and entice you to go a particular website.  In most cases, these are legitimate websites that have been compromised – unbeknown to the site’s owners.  A script attached at the bottom of the home page index.html file can add hidden links to this page which the user won’t see.  So while browsing, the mouse causes a piece of malware code to start running, it’s installed on the computer, and the hacker’s off to the races and starts pilfering your data.

Getting a bit nervous?  Stay tuned for Part 2 where I’ll wax eloquent on malware and email issues.


Photo by Michael Dziedzic on Unsplash