The worldwide web is the main source of malware. Malware can penetrate your computer as a result of the following actions:
To know what can threat your data you should know what malicious programs (Malware) exist and how they function. Malware can be subdivided in the following types:
Viruses: programs that infect other programs by adding to them a virus code to get access at an infected file start-up. This simple definition discovers the main action of a virus – infection. The spreading speed of viruses is lower than that of worms.
Worms: this type of Malware uses network resources for spreading. This class was called worms because of its peculiar feature to “creep” from computer to computer using network, mail and other informational channels. Thanks to it spreading speed of worms is very high.
Worms intrude your computer, calculate network addresses of other computers and send to these addresses its copies. Besides network addresses, the data of the mail clients' address books is used as well. Representatives of this Malware type sometimes create working files on system discs, but may not deploy computer resources (except the operating memory).
Trojans: programs that execute on infected computers unauthorized by user actions; i.e. depending on the conditions delete information on discs, make the system freeze, steal personal information, etc. this Malware type is not a virus in traditional understanding (i.e. does not infect other programs or data): Trojans cannot intrude the PC by themselves and are spread by violators as “useful” and necessary software. And still harm caused by Trojans is higher than of traditional virus attack.
Spyware: software that allows to collect data about a specific user or organization, who are not aware of it. You may not even guess about having spyware on your computer. As a rule the aim of spyware is to:
Collecting information is not the main function of these programs, they also threat security. Minimum two known programs – Gator and eZula – allow violator not only collect information but also control the computer. Another example of spyware are programs embedded in the browser installed on the computer and retransfer traffic. You have definitely come across such programs, when inquiring one address of a web-site, another web-site was opened. One of the spyware is phishing- delivery.
Phishing is a mail delivery whose aim is to get from the user confidential financial information as a rule. Phishing is a form of a social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The messages contain link to a deliberately false site where user is suggested to enter number of his/her credit card and other confidential information.
Adware: program code embedded to the software without user being aware of it to show advertising. As a rule adware is embedded in the software that is distributed free. Advertisement is in the working interface. Adware often gathers and transfer to its distributor personal information of the user.
Riskware: this software is not a virus, but contains in itself potential threat. By some conditions presence of such riskware on your PC puts your data at risk. To this software refer utilities of remote administration, programs that use Dial Up-connection and some others to connect with pay-per-minute internet sites.
Jokes: software that does not harm your computer but displays messages that this harm has already been caused, or is going to be caused on some conditions. This software often warns user about not existing danger, e.g. display messages about hard disc formatting (though no formatting is really happening), detect viruses in not infected files and etc.
Rootkit: these are utilities used to conceal malicious activity. They disguise Malware, to prevent from being detected by the antivirus applications. Rootkits can also modify operating system on the computer and substitute its main functions to disguise its presence and actions that violator makes on the infected computer.
Other malware: different programs that have been developed to create other Malware, organizing DoS-attacks on remote servers, intruding other computers, etc. Hack Tools, virus constructors and other refer to such programs.
Spam: anonymous, mass undesirable mail correspondence. Spam is political and propaganda delivery, mails that ask to help somebody. Another category of spam are messages suggesting you to cash a great sum of money or inviting you to financial pyramids, and mails that steal passwords and credit card number, messages suggesting to send them to your friends (messages of happiness), etc. spam increases load on mail servers and increases the risk lose information that is important for the user.
If you suspect that your computer is infected with viruses, we recommend you:
There is a number of signs or symptoms indicating that your computer is infected. If you have started to notice weird things happening on your PC, such as:
then it is likely that your computer is infected with malware.
Additional signs of email infections:
There are also indirect signs of a malware infection on your computer:
In 90% of cases, these indirect signs are caused by incorrect functioning of some hardware or software. Still, such signs have a little chance of being caused by an infection. If you experience any signs of this type, it is recommended to:
Cybercriminals use Trojan-Ransom.Win32.Rector for disrupting normal performance of computers and for unauthorized modification of data making it unusable. Once the data has been “taken hostage” (blocked), its owner (user) receives a ransom demand. The victim is supposed to deliver the ransom in exchange for pirate's promise to send a utility that would restore the data or repair the PC.
Kaspersky Lab specialists have developed a special utility for decrypting the data encrypted by Trojan-Ransom.Win32.Rector.
The malicious program Trojan-Ransom.Win32.Rector encrypts files with extensions .jpg, .doc, .pdf, .rar. An offers to unblock files comes in from a cybercriminal named “††KOPPEKTOP††”. He is offering to communicate with him using the following contacts:
ICQ: 557973252 or 481095
Sometimes he asks to leave a message in the guest book of one of his websites:
The messages displayed on the desktop of an infected computer are in Cyrillic.
Log files have names like: UtilityName.Version_Date_Time_log.txt.
For example, C:\RectorDecryptor.22.214.171.124_10.02.2011_15.31.43_log.txt.
If the RectorDecryptor utility cannot disinfect files, download and launch the XoristDecryptor utility.
If the RectorDecryptor utility cannot disinfect files, download and launch the RakhniDecryptor utility.
To be protected from ransom malware, download and install
Kaspersky Internet Security 2015. Tha application provides high-level protection against ransom malware.
Please let us know what you think about the site design, improvements we could add and any errors we need to eliminate
Leave your feedback, max. 500 characters
Thank you for submitting your feedback.
We will review your feedback shortly.