Recognizing Malware and How to Cope with the Inevitable

From ITS Wiki

Jump to: navigation, search

In the last Tech Tip we mentioned what Malware is and what it tries to achieve, however since Malware is so pervasive and common on the Internet these days, we felt that it would be a good idea to make this a 2 part topic.

To recap on the last message:

• Malware – A catch all term for Malicious Software, be it a virus or something designed to harvest advertising data.

• Viruses – Programs designed to damage your system in some way, and usually spread in any means possible.

• Spyware/Adware – Programs designed to harvest user data and report back to some faceless entity. May also be designed to produce ads on your system, or convince you that you need to purchase some application in order to maintain security on your system or repair an issue of some kind.

So how can make sure I don’t get malware? Honestly? You can’t; at least not forever. You can, however, lessen your chances of being infected by knowing how these things get in, how to plug some of the holes they use, and know what to look for in case you are infected so you can remove it before it gets in too deep.

So how do I get infected and how do I try to prevent it? In the “olden days” (i.e., a 2-4 years ago), you could avoid websites of questionable content and be ok, unfortunately that is no longer the case. Modern malware infections can hit from almost any site, due to the nature of how they provide advertising on their sites. Most sites, like CNN for example, want revenue from providing advertising on their websites, but don’t want to go through the hassle involved in setting up each ad, checking for content, etc, so they outsource this to a 3rd party Ad network. Now the Ad network might not be the best about checking for malware in the content they provide, or something might slip though. This means that any customer that signs up to use their system can now hand out malware laden ads to unsuspecting users. A perfect example of this is one of the members of our department was infected by malware from visiting Bloomberg.com, a legitimate financial news site.

The second part of the puzzle is how these programs get into your system. Sure you went to that site with a bad ad, but how did it get into your computer? Well there are 2 methods that most infections use these days.

1. Providing misinformation in an attempt to convince you to install their software.

2. Security vulnerabilities in some piece of software on your computer.

3. Installed as part of a package with another piece of software.

Have you ever been to a site that pops up an ad that says “Your computer might be infected” or “don’t want your boss to see what you’ve been looking at on the Internet?” These ads are tricks to convince you to install some software that you really are better off without. Sometimes they even look like legitimate programs. The best way to avoid these is to know what your antivirus program is, and if presented with one of these windows press ALT+F4 to close the window.

As for the security vulnerabilities, Java and Adobe Acrobat are two prime examples of this, as a large percentage of the malware encountered on our campus come through an exploit in Java or an Adobe PDF. You go to a site with a banner ad that uses java, it sees that you are 6 versions out of date. It knows that the version you are on has a bug in it that could allow someone to “run remote code” on your system, and is able to use that to install itself on your machine. The best way to avoid this is to update your software frequently. If you have updates from Microsoft, Adobe, or Java, its best to install them right away. Some of these updates require a reboot before they take effect however. This doesn’t mean you have to reboot right that second while you are trying to do work, but it does mean you should reboot the next time you will be away from your computer for a reasonable period of time, like when you go to lunch or when you are heading home in the evening.

The third and final method of infection I will mention is affiliated software. When you download certain software, online casino games are the worst about this, they will sometimes ask you to install a toolbar. Certain toolbars are benign, like Google, but others like MyWebSearch are part of massive networks of spyware. Think of them as the Trojan Horse from Greek mythology. You let this seemingly innocent application into your computer, but the next thing you know, your computer is overrun by angry Greeks, burning everything they see! When installing software, pay attention to what it asks and if it asks to install a toolbar or reset your homepage, say no. If it doesn’t let you say no, then chances are that software is a bad idea in the first place.

So how do I know if I have been infected? Some infections are easy to spot. Do you have a bunch of junk pop-ups for lower mortgage rates or improving your love life that came out of nowhere? Chances are you have something nasty installed on your computer. The best thing though is to know what programs you have installed on your computer, especially when it comes to Antivirus, Malware protection, and security. Here at Centre we use Microsoft Forefront Endpoint Protection for antivirus and will often use MalwareBytes and Super Anti-Spyware when an infection is found. If anything else pops up, trying to convince you that you have bad things installed on your computer (especially if it tells you that you have 100s of them) or that your hard drive or something else is about to die but you need to pay for it, chances are that program is malware.

What do I do if I become infected? If it’s a Centre owned computer, you want to enter a ticket in at helpdesk.centre.edu and be as descriptive as possible. Let us know what the program calls itself (Antivirus XP 2011 Super XL Edition!) or what it claims is wrong with your system, along with any other changes you might have noticed. For example: one program that we see often claims your hard drive is damaged and that you might notice file corruption. It then moves/hides every file on your computer so suddenly everything is missing from your desktop and start menu. As smart are our removal tools are, they don’t know when files should or should not be hidden, so sometimes we have to go digging around for them. In these cases it helps to know exactly what is affected and what we need to look for. When in doubt, more information related to an issue is better than less.

If it’s a home machine, we often use MalwareBytes and Super AntiSpyware to clean them. These are free programs that you simply install, then reboot into Safe Mode (press F8 as your computer starts up to enter this diagnostic mode), then run a scan. These programs will usually identify the issue and fix it for you and have you reboot, though they take a while to do their scans (between 15 minutes and 2 hours depending on the age of your system). Some of these programs make changes to your system, like hiding your files, that can be undone, but you have to know what to look for. In these cases its best to consult a professional.


Tyler Chelf

User Support Coordinator

Information Technology Services

Retrieved from "http://wiki.centre.edu/its/index.php/Recognizing_Malware_and_How_to_Cope_with_the_Inevitable"