Malware comes in many formats. Whether it has been developed to steal information, run unwanted programs, block access to your data, or simply show adverts, it is potentially a big problem for anyone using a computer. We have listed a few variants below and some advice on how to best avoid becoming a ‘victim’. For further advice, please contact us … we’ll be happy to help.
Summary: An Adware program is one that displays advertisements on your computer or within the program itself.
Not all Adware applications are malicious in nature. In fact there are many legitimate programs, including games, that now display ads on your computer or within the software itself. These types of programs display adverts to generate further revenue for the developers, or to promote other software that they may sell. One advantage of a legitimate Adware program is that you can sometimes download and use the software for free – Instead of the developers charging for the software they will display advertisements to cover the costs of development and to generate revenue they would normally get from selling the product. If you then wish to remove the advertisements, but would like to continue using the program, you can often pay a registration fee to the developer. Legitimate Adware programs will contain an End User License Agreement that will explicitly state if and how advertisements will be shown through the software. When you uninstall these types of Adware, the program will be completely removed and will cease displaying advertisements on your computer.
On the other hand, there are Adware programs that are considered malware or Potentially Unwanted Programs (PUP). These are programs that display advertisements on your computer without your permission or the knowledge of what program is generating them. They are also designed to make uninstalling difficult, so that they can continue earning revenue through their advertisements.
Malware like this is typically installed on your computer through two methods. The first method is where the application pretends to be something innocuous so that you will download and install it, but once installed all it does is display ads. The other method is where software is installed without your permission or knowledge through operating system or software vulnerabilities on your computer. Adware of this type is the most difficult to remove and typically uses protection mechanisms that make it hard to run security programs to assist in removal.
Adware applications classified as PUPs are typically bundled within other free programs that you download from the Internet. When you install the main program, the adware programs will be installed as well and will display advertisements on your computer. These programs will often not clearly delineate in the End User License Agreement how or when advertisements will be displayed.
Summary: A Browser Hijacker is a program that changes the settings in your web browser and makes it difficult to change them back.
A Browser Hijacker is a program that changes the home page or search settings of an installed web browser without your permission. There are many legitimate programs that make these types of changes, but they will allow you to switch back to a different setting if you wish. Browser Hijackers, on the other hand, will make it difficult for you to switch from the hijacked settings or not let you change them at all. There are some hijackers that will modify Windows shortcuts without your knowledge, to automatically load a particular web site when you start them – This could cause web sites to launch in programs that normally would not browse the web, such as Microsoft Word.
Browser Hijackers are typically bundled with free programs that you download from the Internet. These programs are free because they include adware programs, including browser hijackers, which generate revenue for the developer when they are installed. Many hijackers can be removed by simply uninstalling them from the ‘Add or Remove Programs’ or ‘Uninstall Programs’ options in Windows control panel. Some are more tenacious and require anti-virus programs or specialized tools.
Summary: A Ransomware program is a program that literally ransoms the data or functionality of your computer until you perform an action, which is typically to purchase the program or send someone money.
Ransomware is software that takes your data or your whole computer hostage, in order to force you to give someone money in return for fixing the problem(s). These programs typically change the behavior of your computer in the following ways:
- Make it so that you can not execute programs other than ones required to pay the ransom
- Terminate any non-essential programs that may be running
- Encrypt your data so that you can no longer access or open it
- Remove your ability to browse the Internet, other than to locations that will allow you to pay the ransom
Once you pay the requested ransom, the criminals may send you a code that you can input into the Ransomware program that will then allow you to use your computer or decrypt your data. In some situations, though, even if you do pay the ransom, the criminals will just take your money and run, leaving the problem(s) unresolved.
Though the loss of your data and computer can be devastating, sending the ransom could be even more so. Paying the ransom could put you at risk for Identity Theft as the information you send may be useful to a criminal. Therefore, we suggest that you never pay these ransoms, as in almost all situations a solution will be found that will allow you to remove the ransomware, or restore your data, without you having to pay the ransom. Therefore, if you ever run into a ransomware, please do not send the payment. Instead you should ask around in our forum or research your situation through Google, as the answer will most likely be already published or at least being worked on.
Summary: A Rogue Program is a program that in itself is typically not harmful, but typically use deceptive advertising and false positives as a scare tactic to have you purchase a registered licence of the software.
Rogue Programs & Scareware
Most Rogue programs state that they are legitimate applications, but are typically clones of other lackluster products repackaged with new names and graphics. Most Rogue programs also use highly aggressive sales tactics which include adware, Trojans that display fake security alerts, or claims that they have won awards from major publications and companies. What it all boils down to though, is that these types of programs are either deliberately deceptive or displaying numerous false positives in order to convince you to purchase some software. Developers of this type of Rogue software are often affiliates of the actual developer and are prepared to go to any lengths to force a purchase and earn their money.
A common approach by Rogue programs is to display either fake or exaggerated results when the program scans (or pretends to scan) your computer. When the ‘scan’ is finished you will be shown a list of legitimate files and Windows Registry keys that are flagged as security threats. In some cases, the Rogue programs actually create the files and Windows Registry keys on your computer so that they can be detected as malware. Then in order to remove these threats, you are encouraged to purchase a license of the software. It should be noted that there is nothing normally wrong with a program requiring you to purchase it before it will remove any infections, genuine demo software often works like this. It is wrong, however, to display false information to scare you into doing it.
Rogue software is typically introduced into a computer when a user visits pornographic sites or sites that offer illegal access to copyrighted content. In some cases, computers can be infected by just visiting these sites (depending on what security updates are installed) and in other cases you must first run an executable. Either way, your computer may have malware installed that displays adverts and/or fake security alerts stating that you have some security risk and must install a piece of software, the Rogue, to remove it.
Summary: Spyware comes in the form of malicious programs that monitor the activity on your computer and then send information to a remote user or program.
Malicious Spyware has evolved to steal and pass on personal data such as login names, account passwords, and other personal information. This information will then be used for identity theft or other criminal activities. Spyware of this type is typically very difficult to remove and tends to utilize other malware to protect itself from removal.
Spyware applications may also monitor a user’s internet activity. This information can then be analyzed and used to offer new services or advertisements, perhaps through other malware, to the end user. Information may also be sold to other companies for market analysis and the creation of targeted advertising campaigns.
The transmission of program usage, errors, and other information is also very common in legitimate applications. Whilst they may admit to this, companies often package this type of behavior in phrases such as helping them to improve the program, or to allow them to offer you a better end-user experience. The difference, though, is that these legitimate applications ask you first and allow you to opt out from sending data back.
It is also not uncommon for Freeware programs to include Spyware and Adware in their programs, or to come bundled with extra Adware software installers, as a way of generating revenue. Therefore, when downloading a program that is considered Freeware, you should always read the program’s End User License Agreement (EULA). This license agreement should be shown before you install the software and will state whether or not the program(s) will transmit personal information from your computer to a remote location. From the information in the EULA, you can then decide whether or not you wish to install the program and/or other parts of a bundle.
Summary: Whether it be from the movies or from history class, one of the most well known stories is that of the Trojan Horse. In the story, a giant horse was created that looked innocent to the Trojans, but was in fact hiding Greek warriors who took the city of Troy while its residents were asleep. In computer terms, a Trojan is designed to behave in a similar manner. Users are tricked into thinking they are installing a legitimate, and safe, application but are in instead installing a piece of malware that will perform harmful actions on their computer, without permission or knowledge.
As a more detailed description, Trojan Horses are programs that disguise themselves as harmless and beneficial programs but instead have a hidden purpose that you are unaware of. Examples of the types of actions that a Trojan may perform are:
- Delete files and data
- Lock you out of your computer
- Install ‘backdoors’ so someone can access your computer remotely, without your knowledge.
- Execute commands on your computer
- Encrypt all of your data and then blackmail you in order to receive the key to decrypt them.
- Download and install other malware
- Log the keystrokes you make on the computer.
- Steal passwords that you enter into certain types of sites.
- Restart your computer
- Turn off programs such as firewalls and anti-malware programs.
- Take screen shots of what is running on your computer.
- Take screen shots using attached web cams.
- Apply security patches to your computer.
- Make annoying sounds on your computer.
- Display images on your computer
- Eject your CD Tray.
- Print documents on your printer.
As you can see from the above examples, not Trojan actions are harmful, but they are all unwanted. Examples of how Trojans masquerade as beneficial programs are:
Fake Video Codecs – These Trojans masquerade as video codecs that you need to install in order to view certain, often pornographic, videos on the Internet. Once downloaded, these programs will typically install a variety of malware including rogue anti-spyware programs.
Warez Key Generators and Cracks – Using programs on the Internet that state they provide serial numbers or cracks so that you can use protected and copyrighted software is not only illegal, but typically foolish. Most of these applications are in fact Trojans that install backdoors, keyloggers, worms, and other malware. So, you may be saving a few dollars by not buying the software, but in the long run it may cost you much more when someone steals your information and uses it for identity theft.
Games and Game Updates – It is not uncommon for a malware writer to create a very sophisticated game that may actually be fun, but in reality is a shell to hide malware that it will install on your computer. For example, in 2001 a game called Whack-a-mole was widely distributed via email. What the unsuspecting player did not know is that when they played the game it installed a Trojan that allowed a hacker to get into their computer remotely and access all of their documents and files.
Screen Savers – Let’s face it, the screen savers that come with Windows are not the most awe inspiring. Due to this, it is not uncommon for people to search for screen savers on the Internet and install them on their computer. Unfortunately what looks like a screen saver may actually be a Trojan Horse that while showing little dogs playing on your screen, is actually deleting all of your files.
Summary:A worm is a program that has the ability to spread from one computer to another on its own using email, shared folders, and weak passwords.
Worms typically propagate through the use of removable media, through a network, or via e-mail. Regardless of how the particular program self-replicates, as long as it is able to infect another computer it is classified as a worm. The vast majority of worms are malicious in intent and are being used for DDOS attacks and to steal private information. In the past, there have been some attempts of authors creating worm of good intent. These worms typically would attempt to download a patch onto the computer so they are no longer vulnerable to a particular exploit. Though the intent was good, the worm is still malware as it is performing unauthorized activity on your computer.
Well known worms are:
- Conficker / Downadup
Think you might have malware on your PC? Contact us now and we’ll do our best to help.