Spyware, trojans, and other nasties
Someone has stolen your computer. What is worse you may not have realised. This is the story of life today on the Internet, and how to keep safe.
Something seems to be wrong with my computer, it
is running really slowly. Oh, and we keep getting all these pop up ads
for porn and gambling sites every time we try to browse the web.
This article is aimed mostly at users of computers running MS Windows. Some of the concepts however will apply regardless of the type of computer you use.
For years there have been many bits of malevolent software (or malware) circulating, a good number of which were computer viruses. While some of these did nasty things to your computer, most were irritations. Today, with help from some anti-virus software, most can be dealt with swiftly. Prior to large scale and popular use of the Internet, viruses were typically propagated by infecting files, that then got passed around on floppy disc, or on Local Area Networks.
The common theme of many early virus attacks was that of damage. The result of an infection was frequently obvious your computer stopped working, or files were corrupted or deleted etc. You knew when you had been hit, because damage had been caused. This also meant that you were alerted to the infection and could set about dealing with it.
The world has moved on
The interconnected world has given rise to newer malware threats which vastly speed up the process of infecting computers using the internet, it also provides far more sinister motivations for creating them. With many people and businesses now reliant on their computers and the internet for their day to day work, the opportunities presented to the less than ethical sections of our society to make money from wrongdoing have grown rapidly. Organised crime has moved into the software business!
Rise of the botnet
There is now far more profit to be made by an attacker from gaining the use of your computer without you finding out, certainly more than there ever was in simply causing damage for the sake of it. If someone can co-opt your computer to carry out a criminal act on their behalf, then they will think "so much the better", as it helps cover their tracks. What is more, it can become far more effective if they can get lots of computers working for them.
Lots of malware you encounter these days that has a backdoor or remote access capability. This allows a remote and unknown criminal to take control of your computer and direct it to download and execute any software of their choosing.
You computer may not appear to be doing much, but without your consent it may be used to help relay spam messages, carry out extortion or Denial of Service attacks, steal you identity, raid you bank or credit card accounts, and generally snoop into all sorts of areas of your life!
Collections of hundreds of thousands of computers compromised in this way and controlled remotely are called botnets. The owners of these botnets will even trade the services of their computers on the open market!
How does my computer get compromised?
A multitude of ways:
The classic scenario is when you open an attachment on an email only to find out that it is not what you thought. Alas it is not always that simple. Just looking at the wrong email can be enough in some cases!
You download a useful sounding program only to find that other undesirable applications (the Trojan or Trojan Horse) are included with it.
You visit a web page (either by intention or accident) that has been specifically constructed to exploit a security flaw in the software you may be using.
You install software that claims to detect and remove spyware! Sadly the vast majority of spyware detection programs now available are nothing of the sort! The creators of these applications have now realised that public awareness of the subject is growing, and are using it to dupe people into installing software that in many cases is itself spyware, and some times significantly worse.
How will I know?
You may see some or all of the following:
How do I protect my computer?
This really is a case of prevention being much better than cure. You can carry out a few simple tasks that will prevent most of these problems occurring in the first place.
Applications that will help prevent problems
As a very minimum level of protection you will need to be running:
Software that will prevent installation of unwanted programs in the first place can also be very handy!
Top tips to keep you safe
The best protection you can get is that of learning how to modify your behaviour with the computer so as to reduce the risks in the first place. Making sure that you are current with all the security fixes provided by the maker of your operating system is fundamental. Many items of malware survive in spite of fixes that prevent their spread having been widely available for a year or more. This is simply a result of people not keeping their computers up to date.
How do I fix my computer once it is compromised?
This is a task that will vary in complexity from something that is simple enough to be accomplished by a non technical user with no difficulty, to something that will defeat even a specialist technician armed with a multitude of software tools and years of experience. You have been warned!
Rather like when fixing a car, it is handy to have a working one in order to go and get bits etc. So it is with fixing a compromised computer. Having access to another working one is almost essential so that you can get access to the tools you will need, and also research what you need to do with them.
To clear minor problems, a sweep with an anti-virus and anti adware product will usually do it. More seriously compromised computer may prevent you from running these tools however. Some malware will attempt to block removal of itself and even attempt to shutdown the tools you will need to use. Starting the computer in safe mode can help stop some of these tasks getting started at boot time which may make you job easier.
You may need to turn off the windows "System Restore" capability to clear away infected files from the restore folder. This will also prevent it reloading the infected files back onto your computer the next time you use the system restore capability!.
You may need a process killer like Task Manager to stop malicious applications running before you can remove them. If the malware recognises and defeats the built in task manager then you may need to find an alternative program (see the security software section for more advice). Sometimes simply making a copy of the taskmgr.exe file in your windows directory and renaming it to something else will fool many monitoring processes that would otherwise stop it. It is often worth the effort to expand a new copy of any utility files like this from your windows install disk. That way you can be sure that you are not using a version that may have been deliberately altered by the malware.
You may need to get well acquainted with windows regedit (note that indiscriminate use of this program can cause as much or more damage than the malware itself!).
The most sophisticated infections are almost impossible to remove manually, and you will need a specially written program designed to remove these types of infections.
Finally you may find that in some cases it is either not possible to remove the problem or it is at least not viable in terms of time or cost. In which case consider backing up all of your files and data, then reformatting the PCs hard drive before reinstalling all your operating system followed by all your applications using your original install disks. You will then need to add security software as described above before reconnecting to the internet to access all the outstanding security patches that will need to be re-applied. Finally you can restore your data from your backup.
|Home | Contact | Services | Info | Shop|
Copyright © 2017 Internode Ltd All Rights Reserved