Better Understanding of Malware | Applied Technology Business Services Blog

I have repaired many computers and have encountered most forms of malicious software. The question I am asked most often by the infected party is “How did it happen?”. After the fact, that is a very difficult thing to determine.

The term “computer virus” has become a catch-all phrase that incorporates all forms of “malware”, “spyware”, and “adware”. The thread that binds these malicious programs together is the fact that they are employed for nefarious purposes. The differences, briefly, include the “worm” which can travel from machine to machine over a network exploiting security holes in operating systems and programs, the “virus” which is self-replicating and must be executed (run – like any other program), and the “trojan horse” which, true to its name, presents itself in some friendly way, concealing malicious intent, and must also be executed.

The best way to avoid worms: keep your software and operating system up to date by installing the latest security patches, and use a firewall.

To avoid viruses: install and run a reputable antivirus program, and keep it up to date. Don’t install software if you don’t know where it came from. If it’s free, unless it was recommended by a reputable source, I avoid it. Avoid file-sharing: music and video are commonly shared files and often the source is unknown. Avoid opening email attachments where the file ends in “.exe”, “.zip”, “.bat”, “.com”, “.vbs”, “.scr” to name a few (make sure “Hide extensions for know file types” is unchecked in Windows Folder Options, under View). Be careful of Microsoft Office files that contain “macros” – again, know the source.

To avoid Trojan Horses: remember ‘”all that glitters is not gold”, know what types of alerts are legitimate Windows alerts and know the legitimate alerts from your particular anti-virus program. Also, follow the steps for avoiding viruses.

With regard to email messages, don’t fall for messages that try to create a sense of urgency with statements like “Your account has been compromised” or “Your account information has been stolen”. These email messages generally provide a link where you can “log in” to correct the situation. In reality, these emails are cover for a “phishing” scheme where you are lead to a phony web page, created to look incredibly realistic. Once you enter your log in credentials – you’ve just given the schemer all he/she needs to know: that you have an account at Bank of America/Wachovia/TD Bank, that your user name is XYZ and your password is 1234.

Look closely at the link contained in the message. Generally, a user friendly address is provided indicating ‘bankofamerica.com/login’ when the address behind the link is along the lines of ‘bankofamerica.iwillgetyou.com/login’. As you should be suspicious of strangers at your door, or telemarketers asking questions like ‘what’s your street address?’ and ‘What kind of security system do you have?’, you should also be suspicious of an email telling you that your account has been compromised and providing a link for you to ‘log in’. If you are unsure, log on to your account by typing the actual web site address yourself, or by using the link saved to your “favorites” – or call the company in question and ask if they sent out an alert. Most companies will tell you that they would never send out an email of that nature and would instead suspend your account until you reinstate it. By the way – Microsoft will never contact you by email to let you know that there’s an update you need to install.

Recently, I received a call from someone who was very alarmed by what she was seeing on her computer screen. Apparently, there were pop-ups and messages indicating the presence of “viruses” and “trojans”. Not knowing whether those pop-ups were legitimate or not, I suggested that she simply power off the computer. She did better than that! She put it into standby which enabled me to later pick up right where she left off. Because of that, I was able to document a trojan attack attempt. I detailed it in the hopes that it will help you guard yourself against similar attempts. Visit the next page if you’d like to see a malware attack in progress.