What is Malware, Malware -short for MALicious softWARE- is a term used to broadly classify a form of software which is installed in a computer system mostly without the owners permission with malicious intentions. It includes Trojans, viruses, key loggers, malicious active content, rogue programs and dialers among others.
There is another form of software which may be termed as “Trackware”, -because they track, store and analyze your browsing patterns thereby compromising your privacy on the World Wide Web. They are probably less malicious, but unwanted at the same time. It includes Spyware, Web bugs, tracking cookies, and “forced” adware.
Spyware is defined loosely as any program that secretly gathers information about you and or your computer use through your Internet connection. Typically, a Spyware program gathers information about you by monitoring your computing activities and then transmits it across the Internet to a central server for onward distribution to interested parties for advertising purposes. These programs can also download files, run other programs in the background, and change your system settings.
In addition to violating your privacy and potentially damaging your system, Spyware can slow your computer down by stealing processing time from the CPU. Even though the name may indicate so, Spyware is not an illegal type of software in any way as yet. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product.
Another potential problem is that many are poorly written, may contain programming bugs and errors and can cause problems with the normal operation of your computer. One of the causes of your web browser hanging and crashing frequently with those “General Protection Faults” may be due to one of those badly written Spyware programs interfering with its normal operation.
What is spyware?
The Steve Gibson answer:
Spyware is ANY SOFTWARE which employs a user’s Internet connection in the background (the so-called “backchannel”) without their knowledge or explicit permission. Silent background use of an Internet “backchannel” connection MUST BE PRECEDED by a complete and truthful disclosure of proposed backchannel usage, followed by the receipt of explicit, informed, consent for such use. ANY SOFTWARE communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed: Spyware. http://grc.com/optout.htm
There are also PC surveillance utilities like key loggers, email and chat loggers, which monitor all activity on a computer. Though designed for businesses, parents and similar environments they can be easily abused if they are installed on your computer without your knowledge.
Adware is usually a freeware displaying advertising banners within the program interface. The developer creates revenue by selling advertising space in the software product, instead of you having to pay for it. Occasionally, some Adware will also act as spyware which includes information gathering code to send non-sensitive information back to third parties. Some people think that Adware are same as spyware, but Adware isn’t necessarily spyware. While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement, there is almost no way for the user to actually control what data is being sent. In addition to privacy concerns, frequent downloading of advertisement banners and other ads while the user is browsing can slow down the system immensely and for users paying for dialup services by time used, ad-loading and hidden communications with servers can be very costly.
Most of the time, if you prefer a “non advertised” product, you have the option to purchase a version that does not display any banners.
A program that comes in secretly and quietly, but it carries a destructive payload. Once you become infected by the worm or virus that that Trojan carries into your computer, it can be very difficult to repair the damage. Trojans often carry programs that allow someone else to have total and complete access to your computer. Trojans usually come attached to another file, such as an .avi, or .exe, or even a .jpg. Many people do not see full file extensions, so what may appear as games.zip in reality could be games.zip.exe. Once the person opens up this file, the Trojan goes to work, many times destroying the computer’s functionability. Scary, eh? You can read more about this here, on our Trojans, Viruses, and Worms reference page. Your best line of defense is to NEVER accept files from someone you don’t know, and if you have any doubts, then do NOT open the file. Get and use a virus detection program, such as Inoculate and keep it updated regularly.
A piece of programming code usually disguised as something else that causes some unexpected and, for the victim, usually undesirable event and which is often designed so that it is automatically spread to other computer users. Viruses can be transmitted by sending them as attachments to an e-mail note, by downloading infected programming from other sites, or be present on a diskette or CD. The best protection against a virus is to know the origin of each program or file you load into your computer or open from your e-mail program.
Browser Hijacking is caused by malicious code which can alter your browser settings without your knowledge. Browser Hijackers are extremely common.
Here’s a list of the typical effects a Browser Hijacker can have on your system.
Altering the Homepage, Search Page of your browser.
Changing various options in your Internet settings.
Blocking access to certain functions (parts or all of the internet options screen, registry editor etc)
Changing to reset (iereset.inf) file to prevent user being able to reset web settings within the internet explorer options screen.
Automatically add sites to your trusted zone
Hijack of URL prefixes, therefore if you enter a site in your browser without a prefix (ie google.com), internet explorer automatically appends http:// to the address.
This function can be abused to redirect you to any site if you omit the prefix
Altering your winsock list of providers used to resolve domain names.
Adding a proxy server so all your traffic could be intercepted.
Altering your user stylesheet (normally used for visually impaired users), thereby changing the way websites appear.
A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. An attacker enters the victims computer through a security loop hole, like a weak password or a missing patch and then installs his favorite collection of tools which will provide him backdoor(s) to remotely access the cracked system and also mask the fact that the system is compromised.
Though not very prevalent currently other than an open source NT rootkit called Hacker Defender, some malware programs are reportedly using rootkit like mechanisms to hide in the bowels of Windows to evade detection and removal.
Here is what Kurt Dillard, Rootkit guru and program manager with Microsoft Solutions for Security says about Rootkits:
The name of the malware category rootkits comes from the Unix-based operating systems’ most powerful account — the “root” — which has capabilities similar to the built-in Administrator account in Windows.
Years ago, an attacker who compromised a computer would gain root privileges and install his collection of applications and utilities, known as a “kit,” on the compromised system. The rootkit provided the attacker with capabilities like ongoing remote access to the compromised system, an FTP daemon for hosting pirated software or an IRC daemon for hosting illicit chat channels shared by the attacker with his cohorts…………..
Typically, rootkits do not exploit operating system flaws, but rather their extensibility. Windows, for example, is modular, flexible and designed as an easy platform upon which to build powerful applications. Rootkits created for Windows take advantage of these same features by extending and altering the operating system with their own suite of useful behaviors — useful, that is, to the attacker. What is a rootkit?
rootkits: Invisible Assault on Windows
Web bug or Web beacons
Also called a Web bug or a pixel tag or a clear GIF. Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, that is placed on a Web site or in an e-mail that is used to monitor the behavior of the user visiting the Web site or sending the e-mail. When the HTML code for the Web beacon points to a site to retrieve the image, at the same time it can pass along information such as the IP address of the computer that retrieved the image, the time the Web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values.
Web beacons are typically used by a third-party to monitor the activity of a site. A Web beacon can be detected by viewing the source code of a Web page and looking for any IMG tags that load from a different server than the rest of the site. Turning off the browser’s cookies will prevent Web beacons from tracking the user’s activity. The Web beacon will still account for an anonymous visit, but the user’s unique information will not be recorded.
A Keylogger (KeyLogger, Key Logger, or Keystroke Logger) is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user.
A freeware program to detect Keyloggers running in your system is KL-Detector: detect keylogging activity on your computer!. It can detect keyloggers, but you should remove them by yourself.
Pest Patrol – About Keyloggers
Once installed, they can be extremely difficult to remove. The dialer will configure your settings to route you from your chosen ISP to a network specified by the dialer’s programming. The alarming part of this is that you could be charged any amount per minute that the dialer’s distributor has selected, from pennies to hundreds of dollars. Most often the only indication that you might have a dialer on your system is when you receive your phone bill.
What is frightening here is that you do not need to download these programs yourself. A site might attempt to hide the installation by swamping your connection with popup ads so you do not notice the program attempting to install. If you do not have the appropriate security settings for your browser, these programs can and do install without any notice and do not require that you click to agree. A common method is to force a silent install and have wording in the application’s EULA (End User License Agreement) that states that you agree to the charges if the software is installed. The dialer is installed, you connect to the net, and you are billed, regardless of whether or not you agreed to, or even knew that it was being installed.
When the charges on your phone bill finally arrive and you protest them, the dialer companies might make it extremely difficult for you to obtain credit for the charges. You might even be asked to send them a copy of your birth certificate or other personal information. Do not send any personal information!
Any cookie that is shared among two or more unrelated sites for the purpose of tracking a user’s browsing and/or gathering and/or sharing information which many users regard as “private”. Definitions of “private” may differ. Some consider any code “private” if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: “1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * ” The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.
These are the more common varieties of malware prevalent in the web at present today.