Viruses, Trojans & Malware
Malware, short for “malicious software,” includes viruses and spyware to steal personal information, send spam, and commit fraud. Criminals create appealing websites, desirable downloads, and compelling stories to lure you to links that will download malware – especially on computers that don’t use adequate security software. But you can minimize the havoc that malware can wreak and reclaim your computer and electronic information.
There is really no guaranteed solution to prevent malware from invading your computer, especially since criminals spend a lot of time keeping ahead of the curve to find new and innovative ways to break down your computer’s security defenses.
That said, you can do a lot to guard against malware, such as running Anti Virus Software, Scheduling OS (both Mac & PC), and AV Security Updates, Installing Safe*Connect and being cautious about downloading software and clicking links.
Types of Malware and How They Work
Some categories of malware are:
- Virus – Software that can replicate itself and spread to other computers or are programmed to damage a computer by deleting files, reformatting the hard disk, or using up computer memory.
- Adware – Software that is financially supported (or financially supports another program) by displaying ads when you’re connected to the Internet.
- Spyware – Software that surreptitiously gathers information and transmits it to interested parties. Types of information that is gathered includes the Web sites visited, browser and system information, and your computer IP address.
- Browser hijacking software – Advertising software that modifies your browser settings (e.g., default home page, search bars, toolbars), creates desktop shortcuts, and displays intermittent advertising pop-ups. Once a browser is hijacked, the software may also redirect links to other sites that advertise, or sites that collect Web usage information.
There are several ways that these programs can end up on your computer:
Software that comes bundled with “other software,” often called a Trojan. For example, an instant messenger software bundled with a program such as WildTangent, a known spyware offender. Peer-to-peer file sharing software, such as Kaaza, LimeWire, and eMule, bundle various types of malware that are categorized as spyware or adware. Software that promises to speed up the Internet connection or assist with downloads (e.g., My Web Search) will often contain adware.
Malware can exploit security holes in Internet Explorer as a way of invading your machine. Sometimes Web sites state that software is needed to view the site, in an attempt to trick users into clicking Yes thus installing software onto their machines. Another trick is if you click No, many error windows display. Other sites will tell you that using a certificate makes their site “safe” which is not the case. Certificate verification means only that the company that wrote the software is the same as the company whose name appears on the download prompt.
Some malware provides no uninstall option, and installs code in unexpected and hidden places (e.g., the Windows registry) or modifies the operating system, thus making it more difficult to remove.
If you suspect malware is on your computer:
- Stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information.
- Confirm that your security software is active and current. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall.
- Once your security software is up-to-date, run it to scan your computer for viruses and spyware, deleting anything the program identifies as a problem.
- If you suspect your computer is still infected, you may want to run a second anti-virus or anti-spyware program – or call in professional help.
- Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future.
- Malware can be submitted to US-CERT for analysis at: http://malware.us-cert.gov/MalwareSubmission/pages/submission.jsf
EMET – Enhanced Mitigation Experience Toolkit version 5.2 | Microsoft Windows
Helping to Safeguard Against Zero-Day Exploits
Microsoft offers a free anti-exploit tool for the mitigation of exploits applying Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to processes and applications that do not use DEP & ASLR natively. DEP is a security feature that can help protect a system by monitoring programs, ensuring system memory is used correctly. ASLR, makes it more challenging for exploits and malware to determine the location of a given process by randomizing memory addresses used by system files and programs. Both DEP & ASLR can create a formidable barrier for attackers when attempting to exploit vulnerabilities. EMET can help prevent infection by locking down third-party applications, such as Chrome or Firefox which can be manually added to EMET. Adobe Flash & Microsoft ActiveX exploits have been successfully blocked by the EMET tool. EMET, in addition to your preferred Anti-Virus solution, can help mitigate exploits and malware from wreaking havoc on your system, greatly reducing the risk of system compromise.
EMET User Guide: