Digital Threats from the InternetIn this article you will read about the things you should be aware of being an Internet user. We will introduce you the types of viruses you may across the World Wide Web and we will also give you some advice how to protect your computer.
VirusA virus is a self-replicating malicious software. It spreads being attached to other files (documents with the ability to contain macros, images, movies, music, almost anything which could be executed or run by a user or another software) and it can infect boot sectors of drives as well to make sure it will be started automatically every time. A computer virus, unlike biological viruses, cannot evolve or come out of nowhere by itself, there is always a programmer who creates and spreads it. Most of the viruses cause damage to users, but not all. There were quite some which were written for fun, let's say displaying a funny text or image on the screen on a certain day to surprise the owner of the computer who did not know that a hidden software resided on the machine. Some viruses were made as part of scientific research, of course these are the minority. Some programmers think that virus-making is a creative, artistic activity, just like writing a novel.
The term 'virus' can be used to refer to specific malicious soft wares like Trojans, spywares, diallers and other ones. If you download a good anti-virus software then it will not only take care of viruses in a narrow sense, but all other types of viruses, too.
WormComputer worms are similar to viruses (they are also self-replicating), but while viruses are attached to another software, worms can function separately and propagate themselves without the need to be attached to a host file. Worms can delete files on your computer, send files via e-mails, even themselves to spread across the Internet. If a virus can propagate itself quickly and efficiently then it can slow down the World Wide Web by heavily using network resources to transmit data (especially if these worms carry other files, e.g. backdoor software to bypass authentication and build up a remote connection to easily access and manipulate the infected computer).
Trojan horse (Trojan)Trojans are different in a way that they were originally not meant to spread between computers, though nowdays more and more do. Either being part of another software or a separate file, they want to trick to the users to execute them. A common tactic is to change the file extension like 'sexypicture.jpg.exe' so the careless user thinks it is a picture (especially easy to achieve if the browser is set to hide common file extensions when asking for confirmation to download and open some file). This camouflage approach explains the name 'Trojan horse', if you have heard the Greek myth of the siege of Troy (the enemy got inside the walls of Troy by building huge wooden horse and hiding inside of it, and when the people of Troy did not see the enemy and thought they have fled, they pulled the horse inside, but late at night the enemy broke out and attacked the citizens).
DiallerDiallers are used to make connection to a server by dialling a phone number over an analog or ISDN line. Fraudulent diallers call premium-rate numbers and how will you have to pay for the next phone bill? Well, the sky is the limit! Those users who use broadband connections and are not connected to phone lines are safe, of course. Diallers need a regular (analog or ISDN) phone line to make a call, they will not work on DSL, cable or satellite Internet connections. Be careful when you are supposed to use a dialler to download something or access a web site: always check the calling rates and take into consideration how much time you will need to stay connected to the service. If the calling rate is not clearly stated, it is best to just leave it, because you can probably get the same or very similar content for free at other web sites.
SpywareSpywares are pretty nasty tools. They collect personal data from your computer and send it to a company who analyses it to gain precious information for their business. A spyware can reveal much about you: which sites do you visit while surfing the Internet, how much time do you spend there, what is your credit card number. Many spywares drive users crazy by displaying unwanted pop-up windows to advertise certain services or products (a cheap way of advertising, because spyware's maker does not have to pay for a company to reach the target users, the can be reached directly with the help of the spyware software, without any additional cost or restrictions). Spywares can also route HTTP requests to advertising sites, making a huge profit for the maker by forcing thousands of users to see ads. (The important thing here is that advertising sites usually pay for only 1 click per user form a specific IP address, so it is useless if one clicks on ads which make revenue for him or her. But if thousands of infected users visit that revenue-making site, having different IP addresses... Now that can make a huge profit!) The advertising type of spywares is commonly known as 'adwares'.
What is different in spywares from viruses is that it does not replicate itself to spread that way. However, it is installed on your computer without asking you about it, or if it is not possible because of strict security rules, it asks, but disguises itself. In such case the spyware calls itself a security update, for instance, to deceive you in hope that you are an unexperienced user.
According to a study by the National Cyber-Security Alliance from October 2004, 80% of surveyed users' computers had some form of spyware, with an average of 93 spyware components per computer. 89% of surveyed users with spyware reported that they did not know of its presence, and 95% reported that they had not given permission for it to be installed (the source can be found at: http://www.staysafeonline.info/pdf/safety_study_v04.pdf).
RootkitThis is a special kind of software, which once installed, is totally hidden on your computer. The term 'rootkit' originates from the fact that these software were created for UNIX operating systems at first, to gain root access on computers without administrator rights. It was actually a software packet, a 'kit', which contained many useful applications to tweak a system.
One of its most dangerous activity is that it leaves a 'backdoor' on the target system, and can gain control over it without the needed privileges. It can also hide keyloggers which can send data about what you type in on your computer. Imagine a situation where a keylogger is hidden on your PC and you surf to your favourite online book shop to buy a new book. At the point where you enter your credit card number the keylogger saves your card number and sends it in e-mail to the person who attacked your PC and activated a keylogger there. It does not matter that the online bookshop receives your credit card info across a secured connection, the keylogger examines which keys you have pressed, and that is certainly not encoded in any way...
You already may have heard of the so-called 'zombie PCs'. These are computers that are used as resources for large-scale attacks. Each of these hacked computers can be forced by their intruders to attack, let's say, a web site together at the same time. The target site will not be able to handle that much of traffic in that interval and it will 'die', so to say. These are the infamous 'Denial of Service' (DoS) attacks.
So, what is to be done if we want to be safe as much as we can be as everyday users? Here is some advice:
1. Install an anti-virus software and make sure it scans files, e-mails and surfed sites, too. That is, everything. If you play games on your PC then you probably turn off automatic protection while playing, but never forget to turn it on again after you finish!
2. Set your anti-virus software to automatically download virus signature files (containing information about the newest viruses and Trojans). This way your PC will always have up-to-date prevention.
3. If you get some files on a removable media type (floppy, CD, DVD, USB pendrive, etc) always scan it for infected files first in case you turned off automatic file protection.
4. Install a firewall software to prevent intrusion attempts via opened ports on your system.
5. Never open an e-mail attachment if you do not know the sender, or some who you already know sends an e-mail which is suspicious. Usually you find out if it was really your friend who wrote to you or not. If a spammer uses your friend's e-mail address than you will recognize that the letter is not written in the style your friend would do. Also, be cautious if you get attachments without asking for anything from those who you know. The safest thing to do is not to open anything you have not asked for before. Phising (this is a form of social engineering, attempting to gather sensitive personal data) is very easy to discover in most cases: your bank will never ask for your personal details in e-mail, and just think it over, how possible it is that an African investor could make $20.000.000 for you if you send him some thousand dollars? :)
6. Set your browser to ask your permission before installing or running anything. It is much better to see confirmation boxes before each operation than infecting yourself and bearing the consequences.
We live in a century when a new computer or one on which a new operating system is installed cannot stay uninfected for more than 20 minutes, approximately. Because there is no user who would not surf the Internet, but nowdays, without any proper defence, it just like stepping on a minefield...
Author: Tom @ 23rd of January, 2006