Malware, Spyware, Phishing...... WTF is all this?

[ElderGeek]

With all the hype in the media about the Conficker virus that was supposed to cause havoc around the world yesterday, the topic of viruses has once again moved to the top of the list of many PC users concerns. In the past 10 years there have been many terms created to describe different threats to the PC user. Below are definitions for them for your review.

Malware = Malicious computer software that interferes with normal computer functions or sends personal data about the user to unauthorized parties over the Internet. Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software.

Spyware = 1. Software that secretly gathers information about a person or organization.
2. Any malicious software that is designed to take partial or full control of a computer's operation without the knowledge of its user.

Virus = typically a short program designed to disperse copies of itself to other computers and disrupt those computers' normal operations. A computer virus usually attaches or inserts itself to or in an executable file or the boot sector (the area that contains the first instructions executed by a computer when it is started or restarted) of a disk; those that infect both files and boot records are called bimodal viruses. Although some viruses are merely disruptive, others can destroy or corrupt data or cause an operating system or applications program to malfunction. Computer viruses are spread via floppy disks, networks, or on-line services. Several thousand computer viruses are known, and on average three to five new strains are discovered every day. Virus programs can also infect advanced cellular telephones.

A Bomb = A form of virus that is a program that resides silently in a computer's memory until it is triggered by a specific condition, such as a date.

A Worm = A form of virus that is a destructive program that propagates itself over a network, reproducing as it goes.

Trojan Horse = A form of virus that is a malicious program that passes itself off as a benign application; it cannot reproduce itself and, like a virus, must be distributed by diskette or electronic mail.

Phishing = the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords. No company asks for personal info via email. Only when YOU access their website AND log into your account, will this info be asked for or verified.

Browser Hijacker = is a form of malware or spyware that replaces the existing internet browser home page, error page, or search page with its own. These are generally used to force hits to a particular website. Some rogue security software will also hijack the start page generally displaying a message such as "WARNING! Your computer is infected with spyware!" to lead to an anti-spyware vendor's page. The start page will return to normal settings once you've bought their software. But sometimes not.

Zombie Computer = is a computer attached to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a 'botnet', and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies. Zombies have been used extensively to send e-mail spam, conduct distributed denial of service attacks, or used to commit click fraud against sites displaying pay per click advertising. Others can host phishing or money mule recruiting websites.


Now most Anti Virus programs scan for these pests automagically, as do other specific scanners. The challange is that the nimrods that write these programs are always trying to find ways around the scanners so the Cat-n-Mouse game continues.

One item that gets a bad rap is the computer cookie. While it can be used for malicious intent, and was in the early days of the internet. Now it is used mostly for good.

HTTP cookie = A system invented by Netscape to allow a web server to send a web browser a packet of information that will be sent back by the browser each time it accesses the same server. Cookies can contain any arbitrary information the server chooses to put in them and are used to maintain state between HTTP transactions, which are otherwise stateless.

Typically this is used to authenticate or identify a registered user [Like your username and password for this forum for example] of a website without requiring them to sign in again every time they access it. Other uses are, e.g. maintaining a "shopping basket" of goods you have selected to purchase during a session at a site, site personalisation (presenting different pages to different users) or tracking which pages a user has visited on a site, e.g. for marketing purposes. [ElderGeek] Some people think this is a Spyware function, which it is, but usually no personal info is transfered.

The browser limits the size of each cookie and the number each server can store. This prevents a malicious site consuming lots of disk space. The only information that cookies can return to the server is what that same server previously sent out. The main privacy concern is that, by default, you do not know when a site has sent or received a cookie so you are not necessarily aware that it has identified you as a returning user, though most reputable sites make this obvious by displaying your user name on the page.

Special note! - After using a public PC, e.g. a PC in an Internet cafe, or even your buddy's house, you should remove all cookies to prevent the browser identifying the next user as you if they happen to visit the same sites. If it is your buddy's or family member's PC, you will also remove their cookies, forcing them to log into websites and forums, etc. the next time they visit, which might piss them off....

I realize this is rather dry reading but the more one is aware, the chances of being infected are less. Keep your Anti Virus software up to date, pay attention on what you click on, and suspect all email from persons you don't know.

[panici33]

Simple question, how do you remove cookies?

[Bowtie]

depends on the browser you use.

IE 7 & 8 --> Click the tools button and in the drop down choose Internet Options, On the general tab under browsing history, click delete. Next a window will open and you can choose what you want to delete by clicking that button for what you want deleted. If you have IE 6, run windows updates and get yourself upgraded asap.

Firefox --> click tools and select clear private data and this will clear all your cookies, browse history, passwords, and filled in forms. To pick and choose what you want to delete click tools and select options, then click the Privacy tab. Under Private Data click settings and in the pop up window choose what you want to have cleared. You can also have the data auto cleared when ever you close the browser by choosing the Always clear my private data when i close Firefox.

There are other browsers out there that can be used but since these are the two main ones used I won't go into those

[maddmatt02]

I think someone got one of those bombs onto my laptop.

well, not really, but I was doing some homework online, all the sudden my screen just went black, and then my wireless aircard turned itself off, and it continued to show HDD activity. I shut the laptop, but the HDD light was practically steady for a long time. and then when I opened it up it said resuming windows and got into it a bit and then stopped again and the wifi card turned off again. so I held the power button to turn it off, turned it back on, and it asked me the safe mode or normal mode, and I didnt get to it in time to choose and it turned off on its own again. I pulled the battery for 15 minutes and then plugged it all back in and now it works.

I have the AVG 3 pack, but its been unable to update for weeks now, while the same program on the other laptop updates fine...

[ElderGeek]

I'm an

Do you get an error message at all? Is your subscription still active?

[maddmatt02]

well, I got the program a certain way you may not condone, especially since your an authorized reseller.

and the identical files used to install it on my computer, I used to install it on my girlfriends laptop.

hers still updates fine, but on mine the box shows it attempting to connect to update.avg......, then backup.avg......., then update.avg again......., back and forth a few times, and then says the connection to the udpate server has failed.

Im going to someday get rid of the program completely and reinstall it and see if it works, but whatever happened last night was a little crazy, but the computer has worked perfect last night after that and so far this morning. it did find a threat a while back every day and id remove it and then next day it found it again, but one day it found a different one and after I removed that threat it hasnt found anything again. I cant remember for sure, but I think the updates were failing before that threat.

[ElderGeek]

I am guessing you used the same license number as your girl friend. When you try to update, it kicks you because that license is for a single user.

What version number is it? 7.5, 8.0?? 7.5 will not be able to update after April 12. So we need to upgrade by then. The newest version is v8.5. Re-installing it will not help.

Do you have Anti Virus, Anti Virus w/firewall, or Internet Security?

There is also the possibilty you still have an infection given it found things everyday for awhile. On the last scan that it found an infection, did you remove it, quarrantine it, or ignore it. There are some log files we can check to see what the infection is.

Click on the link in my sig, give me a call and we can see what we can do.

[maddmatt02]

it says internet security 3 pack. version 8.0.238.

and we had both computers on for a while and it always let both update, I installed it on mine first, and then even after I had installed it on hers mine still updated for a while. weird thing is (just remembered this) I took my laptop to mexico and when hooked up down there through direcway it did update. I get back home and it wont update again through my satellite connection.

and when I removed them, I clicked remove threat a couple times, and clicked move to vault a couple. and it would pop up something asking to "remove threat as power user".

also, my license says active.

shows a license number
license type: full
expires: wed, june 16, 2010
number of seats: 3

my virus database version is 270.11.22/2015

and my antivirus and antispyware both say out of date. but the rest of the icons all say active.

and actually right now windows defender cant update either. it said that onc but then worked later and hasnt said that for over a month.

[maddmatt02]

oh yeah, just read what you wrote again, it never found them during system scans, when id start up my computer it would probably show up within 5-10 minutes something would pop up saying it detected it on open or something. system scan only ever finds a load of tracking cookies.

[ElderGeek]

I wasn't sure what you meant when you said 3 pack.

3 pack = number of seats: 3 So your legal.

This means you can install it on three systems, So your legal. It looks like we have a network issue instead of a license issue.

Check your PMs