Virus/Trojan/Worm/Spyware/Rogue Security Software/Malware

Virus / Trojan / Worm / Spyware / Rogue Security Software / Malware

What is a computer virus?
A computer virus is a small software program that spreads from one computer to another and interferes with computer operation. All computer viruses are man-made. A computer virus might corrupt or delete data on a computer, use an email program to spread the virus to other computers, or even delete everything on the hard disk. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
Computer viruses are frequently spread by attachments in email messages or by instant messaging messages. Therefore, you must never open an email attachment unless you know who sent the message or you are expecting the email attachment. Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in pirated software or in other files or programs that you might download.

What is a worm?
A worm is computer code that spreads without user interaction, A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer’s resources and possibly shutting the system down. When used in all capital letters, WORM is an acronym for write once, read many, an optical disk technology that allows you to write data onto a disk just once. After that, the data is permanent and can be read any number of times. Most worms are transmitted as email attachments that infect your computer when they’re opened. The worm scans the infected computer for files, such as address books or temporary webpages, that contain email addresses. The worm uses the addresses to send infected email messages, and frequently mimics (or spoofs) the “From” addresses in later email messages so that those infected messages seem to be from someone you know. Worms then spread automatically through email messages, networks, or operating system vulnerabilities, frequently overwhelming those systems before the cause is known. Worms aren’t always destructive to computers, but they usually cause computer and network performance and stability problems.

What is a trojan horse?
The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. A trojan horse is a malicious software program that hides inside other programs. It enters a computer hidden inside a legitimate program, such as a screen saver. Then it puts code into the operating system that enables a hacker to access the infected computer. Trojan horses do not usually spread by themselves. They are spread by viruses, worms, or downloaded software. A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

Trojan horses are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horses are:

  • Remote Access Trojans
  • Data Sending Trojans
  • Destructive Trojans
  • Proxy Trojans
  • FTP Trojans
  • security software disabler Trojans
  • denial-of-service attack (DoS) Trojans

What is spyware?
Spyware can install on your computer without your knowledge. These programs can change your computer’s configuration or collect advertising data and personal information. Spyware can track Internet search habits and can also redirect your web browser to a different website than you intend to go to. Any software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer’s memory resources and also by eating bandwidth as it sends information back to the spyware’s home base via the user’s Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.

Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers.

What is a rogue security software?
A rogue security software program tries to make you think that your computer is infected by a virus and usually prompts you to download or buy a product that removes the virus. Also called smitfraud, scareware, or rogue security software, this type of software is defined as malware – it is designed specifically to damage or disrupt a computer system. In this case, not only is the software going to disrupt your system, it’s going to try and trick you into making a purchase using your credit card. The names of these products frequently contain words like Antivirus, Shield, Security, Protection, or Fixer. This makes them sound legitimate. They frequently run right after you download them, or the next time that your computer starts. Rogue security software can prevent applications, such as Internet Explorer, from opening. Rogue security software might also display legitimate and important Windows files as infections. Typical error messages or pop-up messages might contain the following phrases:

Warning! Your computer is infected! This computer is infected by spyware and adware.

Note If you receive a message in a popup dialog box that resembles this warning, press ALT + F4 on your keyboard to close the dialog box. Do not click anything inside the dialog box. If a warning, such as the one here, keeps appearing when you try to close the dialog box, it’s a good indication that the message is malicious.

Are you sure you want to navigate from this page? Your computer is infected! They can cause data lost and file corruption and need to be treated as soon as possible. Press CANCEL to prevent it. Return to System Security and download it to secure your PC. Press OK to Continue or Cancel to stay on the current page.

If you see this kind of message, then don’t download or buy the software.

This specific type of malware appears to users in the form of a fake Windows warning on your computer system that reads you have a specific number of viruses on your computer (usually in the hundreds) and that this software has detected those viruses. To get rid of them you must download and purchase the full-version of the antivirus software. It’s important to remember that by purchasing the “claimed full version to remove the viruses” you will be submitting your personal information to unscrupulous persons and may also end up being a victim of credit card or identity fraud or theft.

The good news is that you probably do not have a computer that is infested with hundreds of viruses as the rouge software claims. The bad news is that the rogue antivirus software itself is on your computer and you must remove it, a process that is hindered as the rouge software usually locks the control panel and the Add/Remove Programs function to prevent users from removing it. Other things that may be disrupted by the rogue software include being unable to visit reputable and valid antivirus and malware Web sites, being able to install legitimate antivirus software and also being unable to access your desktop.

Common names of some rogue antivirus software include; AntiVirus (2007, 2008, and 2009), MS-Antispyware, XP AntiVirus (2007, 2008, and 2009), Home Antivirus 2009, SpyWareGuard, Malware Cleaner, Extra Antivirus, as well as many other names.

How does rogue security software get on my computer?

Rogue security software designers create legitimate looking pop-up windows that advertise security update software. These windows might appear on your screen while you surf the web.

The “updates” or “alerts” in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer.

Rogue security software might also appear in the list of search results when you are searching for trustworthy antispyware software, so it is important to protect your computer.

What does rogue security software do?

Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.

Some rogue security software might also:

  • Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
  • Use social engineering to steal your personal information.
  • Install malware that can go undetected as it steals your data.
  • Launch pop-up windows with false or misleading alerts.
  • Slow your computer or corrupt files.
  • Disable Windows updates or disable updates to legitimate antivirus software.
  • Prevent you from visiting antivirus vendor websites.

Rogue security software might also attempt to spoof the Microsoft security update process. Here’s an example of rogue security software that’s disguised as a Microsoft alert but that doesn’t come from Microsoft.

Example of a warning from a rogue security program known as AntivirusXP.

To help protect yourself from rogue security software:

  • Install a firewall and keep it turned on.
  • Use  automatic updating to keep your operating system and software up to date.
  • Install antivirus and antispyware software and keep it updated.
  • Use caution when you click links in email or on social networking websites.
  • Use a standard user account instead of an administrator account.
  • Familiarize yourself with common phishing scams.

What is a malware?
Malware is a term that is used for malicious software that is designed to do damage or unwanted actions to a computer system. Examples of malware includes everything listed above.