Nerdism at its best

March 10, 2014

How Does Spyware, Malware or Crapware Get on My Computer?

Have you ever wondered how malware, spyware, scareware, crapware, or other undesirable software might get on a computer? I will illustrate how easily your system can be infected.

My example system, running Windows 7, was set up from a worst case scenario point of view: Someone who was only interested in quickly getting to all the “fun stuff” on the internet with absolutely no concern for personal or computer security.

Freshly Installed – Pre Malware

Here you can see the number of processes (and type) that were running on our freshly installed Windows 7 system. The install was so fresh that the only protection that this system had was the Windows Firewall and Windows Defender to keep the malware and virus hordes at bay.

infested01.png

How Some Malware Gets On Your Computer

Malware, spyware, and other junk software makes it onto your computer for a number of reasons:

  • You installed something you really shouldn’t have, from an untrustworthy source. Often these include screensavers, toolbars, or torrents that you didn’t scan for viruses.
  • You didn’t pay attention when installing a “reputable” application that bundles “optional” crapware.
  • You’ve already managed to get yourself infected, and the malware installs even more malware.
  • You aren’t using a quality Anti-Virus or Anti-Spyware application.

Watch Out for Insidious Bundled Crapware

One of the biggest problems recently is that the makers of popular software keep selling out, and including “optional” crapware that nobody needs or wants. This way they profit off the unsuspecting users that aren’t tech-savvy enough to know any better. They should be ashamed.

In my example system I installed Digsby Messenger, a very popular “reputable” application. This was the regular install version and as you can see in the following screenshots, there are attempts to get you to install undesirable software or make “not so good” changes on your computer. If a person is not careful, then their system becomes infected.

Here you can see the attempt to add the “My.Freeze.com Toolbar” to your browser(s)…definitely not good! Notice that while it does state that the software may be removed later, some people may 1.) Not notice it (lack of attention), 2.) Be in too much of a hurry to install the software to notice, or 3.) Not be familiar or comfortable with removing the software after it is already installed on their system.

The real trick with Digsby (and other software that is set up with the same installation style) is that clicking on “Decline” still allows the installation of Digsby itself to proceed. But can you imagine how things can end up for those people who may think or believe that the only way to get Digsby or similar software installed is to click on “Accept”? It has a really deceptive style!

If you have many programs that attempt to install “value-added” software like this on your system, you will quickly find that the majority (or all) of your operating system’s resources are being used up by malware (i.e. background processes). You are also likely to find that you will have unstable or very sluggish browser response, and are likely to have your personal and computer’s security compromised.

Just How Quickly Can a System Become Infected?

It only took 2.5 hours to reach the level described …simply surfing wherever for “whatever looked interesting or different”, downloading things like screensavers, file-sharing applications, and installing questionable software from advertisements.

The possibilities for becoming infected with viruses or malware were rather high with little to no protection or forethought given concerning what was installed or for the websites visited. Searches for various “less than desirable” pictures, screensavers, clicking on ads, etc. made it very easy to find trouble…perhaps the better way to phrase that is that it was very easy for trouble to find my example system.

Here you can see a screenshot of the desktop of my example system. Notice that there are icons for file sharing programs, fake anti-malware programs, icons for various screensavers, less than nice websites (possible additional infection vectors), and a virtual dancing woman. Nothing good here!

infested04.pngA quick look at an over abundance of toolbars plaguing Internet Explorer…by this point the browser was already having some problems starting properly (very slow), some episodes of crashing, and some browser hijacking had occurred.

infested06A Good Look at Scareware

What is scareware? It is software that once installed on your system will try to trick you into believing that you have a highly infected system with some very high “numbers of infections” found. These programs will constantly bother you to register and purchase the software in order to clean up your computer system.

Here you can see two examples of well known scareware. SpywareStop and AntiSpyware 2009. Do not be surprised if you notice that these two “separate” softwares seem to be extremely alike in looks, style, and operation. They are exactly alike…the same wolf just different sheep skins. This is a common practice to stay ahead of legitimate anti-malware and anti-virus software and not be deleted before hopefully being purchased by unsuspecting computer users.

A good look at the two screens that appeared every time I started my example system…absolutely no hesitation to “remind us” how infected our computer was and that we should register the software now.

infested08A Look at the Processes Running After Infection

Compare the screenshot of running processes shown at the beginning of this article and then the running processes shown here. You can already see a significant increase. Not good for you or your computer!

infested18.png

Conclusion

While nothing super horrible got onto my example system within those 2.5 hours, it is still easy to see just how quickly a system can start to become a mess. Imagine a system that has been exposed for a much longer period of time and is heavily infected! The best approach is to avoid trouble from the beginning.

February 6, 2014

Changing Your Habits Online

Another good example of how the Blackhats are steps ahead of the Whitehats, looks like we might start to see another huge increase in fake av and other similar malware. The TDL-4 botnet is quite advanced using boot sector to launch its self before the OS to keep its self hidden from av and malware detections and also allows it to re download malware on to the computer over and over again.

http://news.cnet.com/8301-13506_3-20075725-17/tdl-4-the-indestructible-botnet/

http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot

Now you might be asking how you can stay protected against such attacks, well first of all change your browsing habits. I’ve found that when I say “change your browsing habits” many people have no idea what I’m talking about. This is an unfortunate truth in our world, and by writing this post that I can help to educate some of you. The internet is full of viruses, trojans, malware, and spyware. Whether you are using a Mac or PC, updating your operating system is very important. Updates are released on a regular basis to help protect your computer and to keep it running smoothly.

Update your Web Browser

Your web browser is your gateway to the internet and is often times the entry point for computer viruses. It is therefore important that you frequently check for updates to your browser.

Internet Explorer – Updates are includes as part of your Windows updates
Mozilla Firefox

Go to http://www.mozilla.com/en-US/firefox/upgrade.html
Download the latest version and run the installer. This will not delete any bookmarks or personal settings
Safari
– Safari updates are included with Mac OS X updates.
Chrome – Updates its self in the background

General Browsing Habits

  1. Always check the address bar at the top of the screen to ensure you’re at the official website, and not a carbon copy of the website you think you’re at, hosted at a different address.
  2. Never click on pop-ups
  3. Always look for the little yellow padlock and the letters “https” rather than “http” when signing into an online account or making online purchases. This means that information you provide, such as your name, address, and credit card information, is being encrypted on it’s way to the web server that hosts the website you’re buying from. This is important because this information crosses many public devices before reaching its destination, and a man in the middle can access this data if it’s not encrypted.
  4. Avoid shady sites which promise offers too good to be true such as: free electronics, free software that you normally have to pay for, pirated software, nude celebrities, and the list goes on.
  5. Install Anti-Virus software. I prefer Avira, alongside malwarebytes anti-malware pro but there are other providers out there as well. It’s up to you to get the lowdown on each and make an informed decision as to which product to use.
  6. Always keep in mind that your Anti-Virus software is not a get out of jail free card to do whatever you like on the Internet and not get a virus. If you do not practice the safe browsing habits listed here, along with some good ole’ fashion common sense, in conjunction with your AV software, then you may do something which circumvents your AV software’s protection (such as downloading and installing a virus yourself).

E-mail Habits

  1. Don’t open e-mails from people you don’t know.
  2. Don’t open e-mail attachments from people you don’t know.
  3. Avoid using your e-mail address for random registrations. It is highly advisable to create a throwaway e-mail for programs/sites that require registration. View these Google search results for some Disposable Email services (Note: some sites disallow use of these accounts)
  4. Beware of e-mail attachments from people you do know. If the e-mail said nothing about an attachment or you weren’t expecting one, get in touch with the person through some medium other than e-mail and find out what’s in the attachment, and make sure they sent it.
  5. Never respond to Spam e-mails. If you don’t want to part with thousands of dollars of your own money, then trash those generic e-mails from random foreign guys, who needs an American citizen to set him up a bank account for whatever contrived reason, and will split the millions he makes by doing this with you, but somewhere along the line needs you to wire him a large cash sum. You’re not investing in your future; you’re giving your money to a con artist.

Social Networking Habits

  1. Be careful who you add as a friend to your social networking account. Day in and day out you probably post personal information such as names of people you know, where you work, where you’re currently at, what you’re doing, phone numbers, addresses, where you go to school, where you work, etc. This information can be used against you in many different ways.
  2. Keep a close eye on what applications you add. There are many applications on social networking sites like Facebook, Myspace, LinkedIn, etc which enhance our social networking experience. What we often don’t consider is what kind of privileges we’re bestowing to the people who wrote the software. Just as programs you install on your computer or phones can do malicious things, apps you add to your profile can do malicious things as well, or in the very least unexpected things.
  3. Watch out for strange messages from your friends which are full of bad spelling and grammar, and contain links to external pages There are worms and other malware, a prime example being the Koobface worm, which spread fake messages asking you to check out a video in a link, or some other action. The link actually leads to an attack site where a script will try to install malware on your computer.