2014 Update On Malicious Programs

As far as malicious software is concerned much has changed since I last wrote about it. So here is an updated report on the current situation (summer 2014) ans my personal advice on how to stay safe on the Internet. I will talk about

• Definitions
Protective tools for the home user
• How to avoid these troubles and a
• Conclusion

Definitions:

Malware: Short for malicious software. It is a general term used to describe all viruses, worms, spyware, and pretty much anything that is specifically designed to cause harm to your PC, steal your information or throw never ending torrents of advertisements at you.

Virus: A program that copies itself and infects a PC, spreading from one file to another, and then from one PC to another when infected files are copied or shared.

Spyware: Any software that collects your information without your knowledge and usually sends that information back to the creator(s) so they can use that personal information in some nefarious way.

Scareware: A relatively new type of attack, where a user is tricked into downloading what appears to be an antivirus application, which then proceeds to tell you that your PC is infected with hundreds of viruses, and can only be cleaned if you pay for a full license. Of course, these scareware applications are nothing more than malware that holds your PC hostage until you pay for the “full” version. In many cases you can't uninstall them and/or the render the PC unusable.

Trojan horses: Applications that look like they are doing something innocuous, but secretly have malicious code that does something else. In many cases, trojans will create a backdoor that allows your PC to be remotely controlled, either directly or as part of a botnet—a network of computers also infected with this trojan and/or other malicious software. The major difference between a virus and a Trojan is that trojans don't replicate themselves—they must be installed by an unwitting user.

A computer worm uses a network to send copies of itself to other PCs, usually utilizing a security hole to travel from one computer to the next, often automatically without user intervention and often via email.

Ransomware usually encrypts your files that then are useless to you and some even “lock” your computer. The software requests an often quite substantial payment for the means to restore your files into usable form – which even after payment sometimes fails. 

Protective tools for the home user

You will always want to run a specialized anti virus program and a specialized on-demand only malware removal tool. I will recommend the only two programs I have learned to trust over the years – and that are easy enough to handle for the home user.

Anti virus: The release of Microsoft Security Essentials has changed the landscape of antivirus software. We finally have a completely free application that protects against viruses, spyware, and other malware without killing system performance like some of the "suites" tend to do. In my extensive personal experience it barely slows down even relatively slow machines and it's user interface is the easiest to use of all I know.

Don't only take my word for it. AV-Test.org found that it detects 98% of their enormous malware database and AV-Comparatives (a widely known anti-malware testing group) found that MSE was one of only three products that did well at both finding and removing malware.

Anti malware: Modern malware, mostly called PuP (potentially unwanted program), is very different from classic viruses. Most anti-virus programs can not detect PuPs and thus do nothing about it. And, as if to add insult to injury, most of them come on the computer because the user got tricked into allowing their installation.

I recommend Malwarebytes Anti-Malware (MBAM for short). Please download it from these two links only (they both go to the same destination).

MBAM is a time proven product and available in a totally sufficient free version. You have to watch during the original install and when you install a program update. The last window of the installer looks like this:

Please pay attention to the marked entry; it's check box is preselected! That means the “trial version” will be activated and after the trial period ends you would have to pay for using the program.

You have to uncheck this check mark.

Eventually the program itself needs to be updated; the installer will run again and again you have to pay attention to this little detail to avoid the for-pay version!

See this article on how to correctly use MBAM.

How to avoid all these troubles

When it comes to protecting yourself, it's laughable how many people install multiple antivirus applications but don't keep their system updated with the latest patches for the operating system.

If everybody would simply keep their system and all programs up to date, we wouldn't have to worry so much about these problems. If the constant rebooting action of Windows Update has you frustrated, you can always temporarily delay the reboot; remember, only after the reboot the patches are completely installed and active to protect your computer..

Keeping your applications updated is critically important to protect your computer's security. Your firewall won't protect you, and an antivirus software is unlikely to help if you're using an old, vulnerable version of Adobe Flash or Adobe Reader.

Conclusion

In the end, good browsing habits and common sense should be your first line of defense against any kind of malware. I recommend to always run a good security suite like MSE and additionally to use MBAM as an on-demand scanner. That way you're as well protected as easily possible and you can scan your system for malware whenever you want.

So here's the bottom line: In my not so insignificant experience MSE and the on-demand free version MBAM work very well together . Coupled with good browsing habits and common sense this a good combination of security tools and judiciously using them should keep you well protected.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Warning: Old Fiend With New Muscle

In the title I say "old fiend" and it is an old adversary in new clothes and with significantly more muscle. 

Instead of repeating the background story please first head over to my September 2012 article and come back here after you have read it.

So what's new?  Besides the new name, Crypto Locker, a couple of major improvements have been made to that nasty piece of maliciuos software:

• The encryption is now "NSA grade", meaning there is no way out! Your data files most likely will remain lost!
   
• The ransom has been raised in some variants of this malware  to close to $1000.
   
• Now even files on other than the system drive C: will be encrypted. That renders restore partitions useless.
• Is your backup disk permanently connected to the computer? Then the files on this drive get encrypted as well and all your backups are totally useless!
   
• Now even files on network connected other computers can get encrypted.
   
• Many victims that actually did pay the ransom got a decryption key that did not work! Their files remained inaccessible and were totally lost.
   
• To pay ransom in some instances credit card information was given to the obviously wrong people; credit cards got maxed out in minutes! That is much more trouble than the loss of years of pictures, emails and other files!
   
• Many attempts to save files turned out to be more expensive than a brand new computer would have been, Even with a new computer your files remain lost!

So far, and that may change soon, CryptoLocker 

• arrives on victims computers in an email from an arbitrary sender they often don't know.
   
• arrives on victims computers as an email attachment; this requires the victim to explicitly execute the attachment, that is double click on it and eventually even ignore the warning from Windows about running a downloaded program.
   
• arrives on victims computers after the victim clicked on a link in an email without first checking the link and it's real target.

You say you don't do either of these arguably fairly dumb and dangerous things? Good for you! Are you 100% certain that everybody who eventually uses your computer is as careful, as attentive and as cautious? Think about your sweet teenage granddaughter, your kid's friends, visitors and so on.


You ask why your anti virus program did not catch the bad program? Simply because this form of CryptoLocker is new. It requires time and quite some effort to design detection methods and find secure ways to neutralize these modern and very sophisticated threats.

As of this writing we all are unprotected and need to use due diligence. Always wear your common sense hat!

The only currently known "protection" against damage by CryptoLocker is to have a recent image backup of your system drive and/or to have a set of restore DVDs that were created when the system was still functioning correctly.

If you need to use either of the aforementioned a System Repair disk is required. Did you already create one?

If you need help to set up a sensible backup routine and/or to create the disks mentioned above please contact me. You find a useable email address in the left sidebar at the end of the text titled "Welcome".

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.
 

Malicious Software - Definitions

Personally I do not assign a lot of importance to differentiate the many kinds of malicious software I encounter almost every day. I take the general approach “It is malicious and we don’t want it on your computer; remove it.”

But sometimes customers ask if it was a virus or a worm and I find it hard to explain the difference in terms accessible to a lay person.

I my web travels I found Squidoo and on Squidoo I found some hopefully useful definitions; I felt I had to mostly copy the definitions and use them as boilerplate for my own text because the same site recommends commercial anti virus and security software that I tell my customers NOT to use.

Rogue Security Software
Currently this class of malware is an outright epidemic. Rogue software is a form of malware that manipulates and scares people into buying a so called “full version” of fake applications, mostly supposed virus removal software. Rogue software displays bogus scan reports and alerts to trick the user into paying good money to the crook who got the rogue program on your computer. In the process of paying you give your credit card information directly to the crook as well! These rogue programs can take over the whole computer system to prevent their removal and in most cases block other applications including legitimate anti-malware programs from running. Some rogue programs are relatively easy to remove but some use stealth techniques that make removal very difficult and time consuming. 

Browser Hijacking
Hijacking is a form of malicious software behavior. Browser and network settings on the user's computer are changed; user activity is redirected to web sites of choice of the Hijack’s creator. Usually you will be redirected to start pages and search pages for paid advertising and/or web pages that attempt to install other malicious software.

Rootkits
A Rootkit is the sum of software and techniques that allow itself and some other, mostly malicious piece of software to be hidden from detection with regular means of the operating system. The hidden malicious components of rootkits often are Key Loggers or Trojans that allow backdoor access to the computer. Rootkits are among the most difficult to remove pieces of malware. Some rootkits are so well hidden and protected from ANY access that re-building the operating system from scratch is the only viable solution.

Key Loggers
Key Loggers are programs created to monitor user keystrokes; the information is logged and reported to the person or organization who installed the key Logger. They may be used by organizations to monitor employees activities. Key Loggers are also used as spyware to steal confidential information and commit identity theft. The logging of keystrokes takes place long before “classic” security measures like encryption can be employed.

Computer Viruses
A computer virus is infectious and sometimes destructive software that can replicate itself and go on to infect other computers. A computer virus is usually executable software. Computer viruses can be contacted through downloads and various modes of email and instant messaging attachments. The virus then attaches itself to existing programs on the target computer. The main aim is to corrupt the computer system. 

Worms
Similar to a computer virus, worms are infectious and self-replicating; they replicate on computer networks and via email. The worm utilizes a computer network or email to send replicas of itself to connected computes on that network or to email addresses. 

Trojan horse
A Trojan horse program (or Trojan for short) is a form of computer malware that gets installed on a computer system through deceptive means. Trojans often are presented to the user as a form of free software or an add-on. However, once installed, the Trojan gives it’s creator access to the computer; then the hacker can carry out their mostly criminal operations using the infected computer without any knowledge of the computer’s user.

Spyware
Spyware is a form of malware that collects and sends information about computer usage and other confidential and personal data to it’s creator. It generally gets installed secretively through deception such as free online scanning, a browser add-on or plugin, dubious websites and/or infected images or PDF files. Even search results have been “poisoned” and abused to install spyware.

Adware
Adware is short for Advertisement-supported software. These programs are designed to display advertisements on a computer system. Most adware programs are secretly collecting information on what you do and look at on the Internet so they can show you “relevant” ads; therefore they can also be classified as spyware. 

Please stay tuned as I intend to publish an updated article on how to avoid the all too common obstacles and dangers posed by malicious software.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.