Beware of Malware: Malicious software can be dangerous

The following is a by-no-means comprehensive collection of the various types of malware you’ll find at one time or another while on the Internet. As news spreads concerning Lenovo’s built in spyware, SuperFish, and security is on everybody’s mind, this article aims to identify the various types of malware the typical computer user is exposed to from the Internet.

The term malware is a portmanteau word derived from the term malicious software. The various types most commonly encountered are detailed in this blog.

The threats

Adware is loosely defined as advertising-supported software, such as the popular WeatherBug package, which constantly displays weather conditions on your desktop. But it’s intrusive and bothersome to the user as it pushes ads onto your desktop and in the worst case monitors your online activity and sells the information to advertisers, often reselling the same collected data to many companies seeking to target those users whose browsing habits reveal them to have an interest in the type of product offered for sale.

The user usually, but not always, gives consent to the adware provider, usually unwittingly, when he accepts the user consent terms, a  form often pages long and usually unread, that the provider includes in the installation process. Some adware, such as many “free” games, utilities and even music programs will bombard you with ads until you agree to pay for the product, at which time the ads are removed.

Popups are advertisements that literally pop up on your screen as you browse many otherwise free sites, such as news services and social sites. They not only are tailored to your interests based on the content you are reading, they take over your screen and make it difficult to dismiss them by placing the kill button in hard to find places.

Often paying for a subscription to the site will eliminate popups. Some browsers, such as Google’s Chrome, actively block popups, ironically by throwing one up at the bottom of the screen, informing you that it has just done this, and asking if you wish it to continue blocking popups.

Broad category

Spyware is a broad term for software that helps gather information about a person or organization without their knowledge and often without their consent. Spyware can also take over one’s computer using it as a node in an ever growing covert network of similarly hijacked computers.

There are four basic types of spyware: system monitors, which funnel your data to companies or government spying agencies; Trojans, malware which ride into your system piggybacking on what otherwise seems to be legitimate software; and tracking cookies, bits of code used by websites you have visited and which are left behind on your machine ostensibly to await your return and greatly speed up the reloading of the page next time you visit. But cookies also contain data on your browsing habits, abetting spyware by essentially collecting personal data which resides in your computer and making it accessible to spyware.

Some spyware is installed on work computers to monitor employees’ use of their time, and whether they are working apace (through use of keyloggers, which monitor keypresses and sites visited to measure employee speed and attention to their assigned tasks).

But spyware can also grab control of the computer from the user, change crucial settings in software or browsers, redirect calls to intended sites, slow connection speeds, and download additional unwanted software.

Beware Greeks bearing gifts

A Trojan is a malicious program purporting to be a desirable software tool that actually performs malicious activity. They employ a commonly used technique among black hat hackers to gain access to otherwise protected computers. This method is known cynically as social engineering, which is obtaining private data by pretending to be a friend or company affiliate who convinces you it is necessary and proper to give out passwords and other private account information. Hackers don’t always remotely scour your hard drive examining code to ferret out personal data. Sometimes they just talk you into giving it up.

Trojans mimic this technique by presenting themselves as benign, useful or interesting programs, but, once installed, create back doors–hidden, unprotected, unnoticed entryways to your computer exploited by hackers to gain control of your computer to do with it as they wish, from crashing the computer, corrupting data, stealing your personal banking or financial data and take your money, conducting industrial espionage, using the infected computer as a proxy for high risk illegal activities; basically anything nefarious the Trojan master wishes.

Bloatware has two distinct meanings. The first describes the tendency of commercial software to incorporate new features in new releases and upgrades that significantly increase the size of the program, demanding considerably more disk space and RAM to install and run, thus placing additional strain on computer resources and often slowing it down considerably.

The term is also used to describe the commercial practice of preloading usually unwanted and often useless software on new computers and cellphones, taking up valuable storage space and generally considered a nuisance. Deals are reached between OEMs and software companies to load these programs at the factory. Sometimes they are useful products, such as antivirus software, but more often they are time-limited programs such as system tune up utilities that work 30 days then nag you incessantly to subscribe and/or purchase them, and they are usually hard to remove.

In the case of cellphone bloatware, these programs are often impossible to delete, unless you root the device, that is, gain administrative powers the service provider otherwise reserves to itself, and delete the unwanted software, risking the possibility of bricking your phone and definitely voiding your new phone warrantee in the process.

Viruses are bits of malicious code designed to replicate themselves and to infect other computers. They are often spread by attachments to emails or instant messages, though they can often infect your computer through simply visiting a dodgy website, from which they leap onto your browser and spread throughout your computer. They can also be disguised as funny images, greeting cards, and audio and video files. Their purpose is nearly always to scramble or erase data, often interfering with the smooth operation of your computer, and to spread to other computers.

Some viruses delete files, some replicate themselves repeatedly on the host computer, eventually filling the hard drive rendering the PC useless. They mimic organic viruses by focusing solely on infection, replication, and jumping from host to host. Antivirus software is vital to protect against the thousands of species of viruses that run rampant on the internet, and once the AV software obtains the invader’s definition and can easily protect against it, malicious code writers can change a tiny bit of a register here, a data instruction there, and in short order make it immune from AV software. Thus the need for nearly daily downloads of updated virus definitions.

Transmission vector

A worm is a form of malware much like a virus, though it needn’t attach itself to an existing program. They are relatively benign, as they, unlike viruses, usually don’t destroy files or modify them by themselves. Their most common design function is to merely spread within a network, and to jump to new, uninfected networks. Usually the most harm they do is to cause increased network traffic. But they can carry so-called payloads, or sets of instructions, which are commonly used to create zombie computers, which can then be controlled by the author of the worm.

These malignant payloads can infect entire networks, such as those used by businesses, or create new ones by surreptitiously linking otherwise unnetworked computers through creating ad hoc online network connections. For instance, your home computer may be linked through hidden instruction sets to other standalones through the Internet. These  kinds of hijacked existing networks or hidden, unnoticed networks are known as botnets, used by spammers for sending junk emails while cloaking their website’s address.

Spammers, or purveyors of mass market, widely distributed unwanted advertising, have been linked to funding the creation of such worms, and worm writers have been caught trying to sell to spam marketers the IP addresses of already infected machines and networks.

They have also been used as ransomware, in which crucial data on the targeted computer or network is encrypted and the legitimate owner forced to pay a ransom to regain access to his data.

Other criminal hackers have tried to blackmail companies by threatening denial of service attacks, in which the infected network makes so many calls to the targeted network that the system overloads and crashes. These calls are usually issued by botnets, the highjacked or improvised networks mentioned above, composed of zombie computers and controlled by the villains who created them using worms to establish the necessary network linking protocols.

Targeted network crashes

Denial of service attacks are usually directed at banks, businesses, credit card companies and other high profile, high traffic sites. Distributed DoS attacks are perpetrated by networks consisting of two or more connected computers, while the more common DoS is launched by botnets. The purpose is to temporarily or indefinitely crash a website or host. In 2014, DoS attacks reached an average rate of 28 per hour.

Computer and network security holes are discovered in legitimate software and operating systems every day, and Windows computers are particularly at risk, simply because they still dominate the installed base of home and business computers, giving the high tech bandits more bang for their buck. You have probably noticed the high frequency of delivery of software patches delivered by Microsoft to your computers through the Internet, intended to plug these security holes exploited by hackers who spend much of their time looking for such breaches.

Macintosh computers are much less frequently targeted by the various species of malware wildlife populating the Web, not because they are immune, but simply because of the law of diminishing returns. There are Mac specific versions of malware though, and Mac users should take the same precautions as Windows users.

Many new PCs come preloaded with free or subscription based antivirus programs, and if you don’t have one, download or buy one and install it. In a future article I will survey the available brands and their relative costs and effectiveness. But if you’re currently unprotected, I recommend the excellent AVG Antivirus 2015, which is free for home users, $39.99 for business users.

Follow up on SuperFish

The SuperFish adware, which I wrote about in my previous column, apparently affects Lenovo PCs intended solely for home use. Enterprise customers are said not to be affected. But this still impacts millions of owners of the Chinese owned and manufactured machines. Defcon security chief researcher Marc Rogers told ZDNet that all consumers should check their machines to see if they are affected, and, “If they are affected, they should not use their laptop for any kind of secure transaction until they are able to confirm [the adware] has been removed.”

Lenovo has issued a removal tool, and Microsoft has updated Windows Defender to root out the heavyweight, industrial grade adware. SuperFish has caused apocalyptic damage to all computing security developed over the last ten years, and there remains doubt that Lenovo’s removal tool effectively restores that security, because it merely removes the program, and does little to restore the root level files it has modified.

Microsoft’s fix appears to be more thorough, and Windows Defender is the tool that I’d recommend. Just update the program from within the software, and run it before resuming business as usual.

But the malicious adware is so extensively pernicious, and penetrates standard security so deeply, that some security experts say the only way to completely and surely eliminate any trace of the software is to wipe one’s hard drive and do a clean install of Windows, and not from the Lenovo recovery disks but from a newly purchased copy of the operating system.

The damage to Lenovo’s reputation this debacle has generated, and the havoc it has wreaked on commercial interactions conducted online, is truly unprecedented. There remains among security experts a high degree of suspicion and doubt that any fix available now can rid your PC of every trace of the adware or the damage to the files, certificates, and protocols that have been developed over the years.

So for those who are critically dependent on absolute security online, a clean install of the OS is the only 100 percent guaranteed fix.

Paul Croke

Paul Croke, former newspaper editor and longtime Washington DC area freelance writer, has loved gadgets and consumer electronics since he saw his first Dick Tracy watch. He writes about consumer technology.