Is your computer running slower than it should be? Do you sometimes receive strange errors, or notice glitches in your programs, or does your computer seem to be working very hard with nothing running? Chances are, your system is infected with malware.
Malware means mal (bad) + ware (software). It is software specifically designed to do bad things on your computer without your consent. In the past, the most common form of malware was the computer virus. It was written with mischief in mind, and would be responsible for taking down systems, damaging files, and getting users to put keyboards through monitors. The effects were usually very easy to spot, and you knew almost immediately (although a little too late) that you were infected. Unfortunately, the focus of malware writers has moved from mischief, to money.
How do they make money from infecting you? Sometimes it is as simple as monitoring your browsing habits, and selling them to marketing firms. More often than not, however, it is much more devious. So what can you do about it?
The first thing you need to know is what you are up against. Here are some of the most common types of malware currently prevalent:
Keyloggers
Keyloggers sit hidden in the background, recording every stroke of the keyboard. This means they record every user name, password, credit card number, e-mail, etc. This is then sent off to a waiting computer overseas. Your information is then tabulated, and is either directly used by identity thieves or sold to the highest bidder.
Extortion Malware
This type of malware is more overt than the rest, although usually impossible to detect until it is too late. It will usually damage or disable your computer’s performance and functionality and make you purchase something to restore it. An example of this is a piece of malware that encrypts every document on your hard drive, making it unreadable, and points you to a website in Russia where you purchase the decryption keys.
Another example (that is pretty widespread right now), is a type of malware that disables your ability to get onto the Internet, and has a notification claiming to be Windows saying that it has found an infection. When clicked on, the notification opens up a web browser, and points the user to a website where the user can purchase the “antivirus software” needed to remove the infection.
Bots
This type of malware turns your computer into a “bot”, (short for robot), which logs onto a remote server and waits for commands. These bots then go on to form “botnets”, which are massive networks of infected machines. The use of these bots depends entirely on who controls the botnet. Most of the time, the bots are used to send out spam. Some hackers or groups use these bots to attack other systems, using what is called a DDOS (Distributed Denial Of Service) thus disabling websites on the Internet. The possibilities are endless. The only thing one can be sure of is that whatever the botnet is ordered to do, it is usually illegal, with your computer an unwitting accomplice.
Spyware
The most common type of illicit software that infects users’ workstations is spyware. This software is usually very noticeable, forcing pop-ups, spam, porn sites and generally ruining your productivity on that computer. Most of these monitor what you do, and sell the results, in addition to forcing unwanted websites on you.
Backdoors
These pieces of malware turn your computer into a portal (door) into your network thus giving hackers access, via the infected computer, to attack and exploit the rest of your network. This portal will usually bypass any firewalls and protections set in place for security of your network.
Droppers / Monitors
These pieces of software don’t appear to do anything harmful in and of themselves. They are usually the hardest to find, and the first thing a computer gets infected with. What droppers and monitors do is:
A) Download and install malware from the Internet;
B) Reinstall malware if it is removed;
C) Disable/cripple anti-virus/anti-malware software.
How you get infected
Unfortunately, a person’s computer is rarely infected with only one of these types of malware; rather it is usually infected with several. A dropper usually installs several different pieces of malware on a system, totally hidden behind the scenes. Many popular virus scanners get disabled by the installed malware and remain totally unaware of any infection. According to a recent study, about 1 in 4 computers in the U.S. are infected with some type of malware.
So how do you get infected? The most common method of infection is through insecure web browsers, hacked websites, and attack websites. Next is downloading and running a piece of malware, under the impression that it is something else.
How to get uninfected
Once a computer is infected, most virus scanners are powerless to clean the computer while the malware is running. The most effective way Enterprise Technology Services has found is to use an offline scanning mechanism, such as a boot CD, or taking the hard drive out and scanning it offline with another computer.
No one-shot piece of software exists that will clean out all malware. The best practice is to scan your machine with several. There are several high-quality services available such as Avira Antivir, Malwarebytes, Spybot Search and Destroy, and AVG Antivirus.
Our current process is as follows:
If you can boot into the machine, download Malwarebytes Anti-Malware from http://www.malwarebytes.org. Install, update, scan, and remove all that it can. After it runs, it will ask you to reboot. Reboot, scan again, and make sure nothing else comes up.
If you can’t boot into the machine, or if you can’t get rid of everything with Malwarebytes Anti-Malware, then from a clean computer, build yourself an Ultimate Boot CD For Windows. The instructions are located here: http://www.ubcd4win.com/howto.htm
After the CD is created and burned, boot off of it, and use Avira Antivirus to scan the hard drive.
How to prevent future infections
KEEP YOUR SYSTEM UPDATED. Run Windows update, update Adobe Flash, Java, and anything else that needs to be updated often. New exploits are being released daily, as are patches for these exploits. Most system infections could have been avoided if the systems were patched.
Do not download or run anything from an untrusted source. If you aren’t sure about something, google it, and see what comes up about the program.
Run anti-malware software often. (At least once a week).
How to lock down your blog
So now you have your computer squeaky clean, how do you prevent your blog from being hacked and used to attack other sites?
For locking down WordPress, click here.
For locking down Joomla, click here.
About The Author: Dan Lawson is the Director of Technology at Enterprise Technology Services, LLC, a technology company based in NYC. Enterprise Technology Services provides large enterprise-grade systems to small businesses by sharing the resources across many companies. It maintains stringent standards in providing its clients with a cost-effective, redundant network which maximizes their efficiency and minimizes the downtime through the use of centralized services. To find out more about this company, go to entechserv.com.
Related posts:
- Upgrade to Wordpress 2.8.4; Older Wordpress Versions Under Attack! Words have been spread everywhere on the internet that...
Related posts brought to you by Yet Another Related Posts Plugin.
