The worldwide web is the main source of malware. Malware can penetrate your computer as a result of the following actions:
Visiting a website that contains a malicious code. Drive-by attacks can be taken as an example. A drive-by attack is carried out in two steps. First, a malefactor makes users visit a website by using spam sent via e-mail or published on bulletin boards. The website contains a code that redirects the request to a third-party server that hosts an exploit. During drive-by attacks malefactors use a wide range of exploits that target vulnerabilities of browsers and their plug-ins, ActiveX controls, and third-party software. The server that hosts exploits can use the data from HTTP request headers to get the information about the version of the user's browser and operating system. When the information about the victim's operating system is received, the corresponding exploit is activated. If the attack is successful, a Trojan is secretly installed on the computer, so the malefactors take control of the infected machine. They can get access to confidential data stored on the computer and use the machine to carry out DoS attacks.
Earlier malefactors created malicious websites, but now hackers tend to infect harmless websites by inserting script exploits or redirection codes, which makes browser attacks more dangerous.
Downloading malicious software disguised as keygens, cracks, patches, etc.
Downloading files via peer-to-peer networks (for example, torrents).
To know what can threat your data you should know what malicious programs (Malware) exist and how they function. Malware can be subdivided in the following types:
Viruses: programs that infect other programs by adding to them a virus code to get access at an infected file start-up. This simple definition discovers the main action of a virus – infection. The spreading speed of viruses is lower than that of worms.
Worms: this type of Malware uses network resources for spreading. This class was called worms because of its peculiar feature to “creep” from computer to computer using network, mail and other informational channels. Thanks to it spreading speed of worms is very high.
Worms intrude your computer, calculate network addresses of other computers and send to these addresses its copies. Besides network addresses, the data of the mail clients' address books is used as well. Representatives of this Malware type sometimes create working files on system discs, but may not deploy computer resources (except the operating memory).
Trojans: programs that execute on infected computers unauthorized by user actions; i.e. depending on the conditions delete information on discs, make the system freeze, steal personal information, etc. this Malware type is not a virus in traditional understanding (i.e. does not infect other programs or data): Trojans cannot intrude the PC by themselves and are spread by violators as “useful” and necessary software. And still harm caused by Trojans is higher than of traditional virus attack.
Spyware: software that allows to collect data about a specific user or organization, who are not aware of it. You may not even guess about having spyware on your computer. As a rule the aim of spyware is to:
Collecting information is not the main function of these programs, they also threat security. Minimum two known programs – Gator and eZula – allow violator not only collect information but also control the computer. Another example of spyware are programs embedded in the browser installed on the computer and retransfer traffic. You have definitely come across such programs, when inquiring one address of a web-site, another web-site was opened. One of the spyware is phishing- delivery.
Phishing is a mail delivery whose aim is to get from the user confidential financial information as a rule. Phishing is a form of a social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The messages contain link to a deliberately false site where user is suggested to enter number of his/her credit card and other confidential information.
Adware: program code embedded to the software without user being aware of it to show advertising. As a rule adware is embedded in the software that is distributed free. Advertisement is in the working interface. Adware often gathers and transfer to its distributor personal information of the user.
Riskware: this software is not a virus, but contains in itself potential threat. By some conditions presence of such riskware on your PC puts your data at risk. To this software refer utilities of remote administration, programs that use Dial Up-connection and some others to connect with pay-per-minute internet sites.
Jokes: software that does not harm your computer but displays messages that this harm has already been caused, or is going to be caused on some conditions. This software often warns user about not existing danger, e.g. display messages about hard disc formatting (though no formatting is really happening), detect viruses in not infected files and etc.
Rootkit: these are utilities used to conceal malicious activity. They disguise Malware, to prevent from being detected by the antivirus applications. Rootkits can also modify operating system on the computer and substitute its main functions to disguise its presence and actions that violator makes on the infected computer.
Other malware: different programs that have been developed to create other Malware, organizing DoS-attacks on remote servers, intruding other computers, etc. Hack Tools, virus constructors and other refer to such programs.
Spam: anonymous, mass undesirable mail correspondence. Spam is political and propaganda delivery, mails that ask to help somebody. Another category of spam are messages suggesting you to cash a great sum of money or inviting you to financial pyramids, and mails that steal passwords and credit card number, messages suggesting to send them to your friends (messages of happiness), etc. spam increases load on mail servers and increases the risk lose information that is important for the user.
If you suspect that your computer is infected with viruses, we recommend you:
There is a number of signs or symptoms indicating that your computer is infected. If you have started to notice weird things happening on your PC, such as:
then it is likely that your computer is infected with malware.
Additional signs of email infections:
There are also indirect signs of a malware infection on your computer:
In 90% of cases, these indirect signs are caused by incorrect functioning of some hardware or software. Still, such signs have a little chance of being caused by an infection. If you experience any signs of this type, it is recommended to:
A rootkit is a program or a program kit that hides the presence of malware in the system.
A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).
Kaspersky Lab has developed the TDSSKiller utility that allows removing rootkits.
The utility supports the following operating systems:
The TDSSKiller utility fights malware family Rootkit.Win32.TDSS,
bootkits and rootkits:
How to remove a bootkitHow to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?How to detect and remove unknown rootkits
Please let us know what you think about the site design, improvements we could add and any errors we need to eliminate.