How do you get malware?

Malicious websites attempt to install spyware ...

Image via Wikipedia

Seems to be the weekend of computer security postings because here comes another one. What are the ways you can be attacked by people out to do something bad to your computer.

I am assuming that you have a home network with a DLS modem, then some type of router/wireless box and then one or more computers, either wired or wireless. ALso assuming you have the firewall on the router turned on and you have set the wireless to at least wep connection/protocol. You are most likely running Windows and have a desktop system and maybe a laptop or two.

If you do not have some of these items, except the dsl, you probably already are infected with something, say a bot infection. So what the heck could you be infected by, a Virus, which is a malware program that automatically infected your system and is trying actively to infect more systems. If it’s not actively trying to infect more systems it’s not a virus its either a worm or a trojan. A worm is a program or macro, mostly macros actually, that use a certain exploit to infect systems, but once they infect them then pull more programs onto the system. The worm doesn’t have the payload, it’s just the manner to infect the system. It pulls down trojans and spyware onto your system that actually have the payload. Trojans are programs that say they are one thing but then aren’t but are malware. Malware means Malicious software. It’s pretty broad.

Key loggers and spyware are programs that once on your system spy on you to get information and send it back to the people who made the spyware. Key loggers log every key stroke you type hoping to get your username and password. Why is the username and password so useful most people only use one password, for everything. If you can get that one password you can get into their bank and steal their money.

Viruses at one point would try to infect everything they could. They bury themselves into programs on your system and when you copy a program to give it to someone else they end up with the virus. In the old days of floppy drives and everyone copying programs the most effective way to get a virus to move around was sneaker net. So the viruses in those days were set to deliver their payload at a set time or date like Friday the thirteenth or Michaelangelo’s birthday. There are actually not a lot of these type of malware around because people don’t copy programs so much anymore. Email at one time made viruses move around faster but then new technology came around and plus they are harder to get going, much harder then their replacement, worms.

Worms are spread on the internet not by programs but by files. Microsoft word has a macro language for automating things and this is an easy way to make little programs and it has way to much access to system functions than it should and so it is a perfect way to make worms. Plus the same macro language is used in Microsoft’s Internet Explorer and there are exploits in IE that are begging to be exploited so you can actually deliver worms by just having people view an infected web site. And then cross site scripting was invented where you are on one site but a script on that site could get info from other sites (so useful for putting advertising onto a web page) and is also useful for putting viruses and worms on web pages. Now with a zero day exploit you can get a worm onto your system by clicking a site with a badly protected or designed database as you can add the scripts to load worms into people databases.

Worms then load the other malware onto your system making you system do what the malware writers want it to do.

So OK how can you get malware, and how do you stop it. Well zero day exploits are just that an exploit that the software companies, say Microsoft, have never seen before, they have zero days of knowing the exploit was out there. They have not got a fix for it and if you go to a site infected with it you will get it. Now most big sites will not have this, unless there is another exploit that is used to get it onto the web servers or the server belongs to the people making the malware. OR use a non windows OS or use something other than IE.

You might also get a virus or worm by it being sent to you by email. There are a lot of spam emails sent out. Most of them are just advertising but there are a lot that are trying to get you to go to a site that is either going to give you a virus or malware OR is a phishing site. Phishing is when the malware writers or other criminals try to offer you something or by trying to look like a company you trust get you to go to their site and get you to type in your username and password for say your online banking. And while there try to infect your computer for good measure. If the phishing is tailored for one person or a select few it’s called harpooning, and if that person is a “big fish” say a company CEO, it’s called harpooning the whale or whaling.

SO with every email you receive always look at it skeptically and by looking at where it came from, would this email really come to you from that person about this topic? And if there is any doubt double check. If you can check the internet headers on the email, is it really coming from this person, or is the server it came from not really the one that the from statement would make it out to be?

Don’t open strange emails and don’t open things like PDF or word files from someone you don’t know. And the same for videos of some stupid thing or some music if you don’t know for sure that it came from a reliable source. And if you really want to see that new video of some star in a bad situation, instead of opening it from this email go on the web and see if there is such a video or is it a scam? And if there is a video, find it directly on YouTube and don’t open it from the email, delete the email.

Now the other ways people will try to get software onto your computer is by getting you to put it there. If you find a USB stick laying around, don’t put it into your computer and see what is on it. If you have a system with no hard drive that you boot only from a boot CD you can probably check it on that system.

I am assuming that other than your banking information you probably have not to much that other people would want to get off your computer. SO you are not probably a direct target of an attack like major corporations are but you still need to have that firewall running. You also need to have an antivirus and have it and your computer’s OS up to date constantly. And your web browser which as a web user is your first line of defense and it will try to keep you safe from web sites that will harm your computer, keep it updated.

Don’t fall for phishing attempts. Don’t just do what someone on the phone tells you. Verify they are who they say they are and remember that Microsoft will never call you to help you fix your computer or ever ask for your username and password for anything.

IF I get time today and tomorrow I will try to run through the life cycle of different types of attacks and describe how each one happens.

Advertisements

About echlinm

Computer Programmer/Systems Analyst/Hacker S31
This entry was posted in Computers and Internet, Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s