Malicious Software

"malicious software": virus, trojan, spyware, etc.

There are many different kinds of programs which do bad things on your computer. They have technical names like virus, bot, trojan, spyware, key logger, adware, and more. All of them together can be called "malware". ("mal" is from Latin for "bad".)

What does malware do?

What does "dangerous emails and webpages" mean? What do they actually do?

Malware will be annoying or harmful to your own computer:

•  destroy files
•  modify files
•  change settings on your computer (to annoy you)
•  slow your computer down by using it to do other things (see below).

But these days it does more than that!

It gets information from your computer:

•  Get email addresses from Outlook Express and other programs, and send them (through your internet connection) so they can use for spam.
•  steals information about your surfing habits (what you click on, pages, ads etc what you search for, what websites you visit.)
•  Captures your keystrokes and sends them to someone (passwords! credit card numbers! personal information!)
•  Change settings on your computer (to enable it to do the bad stuff)

It puts things on your computer:

•  Redirects your home page or searches
•  Puts ads on your computer
•  Add links (to ads) in web pages you visit, in your favorites/bookmarks, on your desktop
•  change security settings in MSIE so that you will see sites you thought you had blocked, popup ads, etc.
•  Puts itself on flash drive to infect the next computer.

It does this by installing programs on your computer to do these things .. plus more we don't know about!

It uses your computer! to harm others, or more: to steal 
This uses your bandwidth and your computer ram, causing your connection and programs to run more slowly. Also makes it harder to trace the attack to its real source.

•  Uses your computer to relay spam
•  Uses your computer to send malware to other computers
Uses your computer to relay stolen information from other computers.
•  Use your computer to store files (often illegal) and make them available to others – shifting liability away from the attackers.
•  Use your computer to attack other computers (send viruses, DOS attacks, ...)
•  Use your computer as file server (transfer files between other computers, use your storage space).

It is used by rival businesses (and governments):

to attack rival spammers/hackers

to attack other businesses

And there is now big money for the bad guys:

send spam to the stolen email addresses (money from advertisers in the spam)

sell the stolen email addresses to other spammers

steal from bank account (transfer to another account)

order things with stolen credit card number

resell malware on the black market for cash -- tens of thousands of dollars each! -- which are, in turn, used by exploiters to steal

 

How does the malware get into your computer?

•  From email - as web page, as javascript, as image, ...
•  From a web page: infected (hacked or on purpose) webpages have code that attempts to install malware on visiting PCs.
•  From you installing it yourself, thinking it is a good program! (common ones are screensavers, browser toolbars, and even .. "anti-virus" programs)

How to protect yourself:

If you walk down the street, you don't hold out your hands (or your wallet!) and accept or give things to anyone you see. You have learned from childhood to recognise and choose, so it seems natural and you don't have to think about it. (In the west we call it "street smarts".) Computers are new, and we learn computer as adults. So it seems hard and complicated to "be safe" with computers. It isn't really — it's just something more to learn as you go through life.

If you can use Linux or Macintosh, do it.

Then ...

•  Just be sensible about what websites you visit.
•  Install software only through the repository, or through trusted websites.

If you must use MS Windows, the most useful things you can do are:

First: Don't

•  Don't use Internet Explorer (use FireFox or Opera or ...)
•  Don't use Outlook/Outlook Express (use Thunderbird or Eudora or ...)

Why? These programs are "tied in" to the operating system, and so are very easy for malware to get through to your computer.

Second: Do

•  Install a good anti-virus program, such as AVG or Awast or ClamWin
•  Keep it updated! otherwise it is no good, might as well not have it.
•  Install and use a firewall. 
  If you are running Windows XP you can use the built-in software firewall under Control Panel. Also there are free versions of firewalls that work on all versions of Windows.
•  (What is a firewall? What is an anti-virus program?)

Develop "net smarts" to go with your "street smarts"

Email:

•  Don't open mail or attachments from someone you don't know. 
  It will have a virus, and the minute you open it, you won't see anything to tell you, but you will have released the virus to infect your computer and also the other computers in your office.
•  Be careful opening email attachments, even from friends. 
  They may have viruses that your friends didn't put there.
•  Don't view your mail "as web page", view it "as text" 
  The things that make a "web page" (such as javascript) can get infected with viruses.

Web:

•  Be careful clicking on web links found on less reputable web sites. Um - don't even *go* to "less reputable" websites.
•  Pay attention to the "url" 
  (what is a url?) 
  If you think you are going to the Microsoft website, and the url says http://www.microsoft.comehere.com ... well maybe it is not actually Microsofts website!
•  Pay attention when clicking on web searches 
  The first link isn't always the best link - May be an advertisement site. May be a bad website.
•  Pay attention to links on a web page: 
  Does it say "advertisement" anywhere near the link?
•  If something seems "to good to be true", it probably is! 
  This is as true on websites as in life. If some website is offering you free downloads, free exciting pictures, etc, they are probably getting something from you in return: your virus-filled computer.

Passwords:

•  I bet i could get into the email accounts of about half the people i know! I would try things like this: tibet123 tpprc123 tashi70 tashi59 tashi310
•  If i can try this, a hacker can too — and get into your email, online accounts, and your computer.
•  How do hackers get passwords: not by sitting and clicking - but by running a program that has a file of words and names, and tries them over and over. A program doesn't get tired! It can keep trying until it gets it.
•  How to make a good password:
•  If you can remember it easily, the hacker probably can guess it. Bad! Make difficult passwords, and Keep a record of them *safely* somewhere.
•  What is a good password? 
  It has letters (upper and lowercase), numbers, punc.
•  Waaaah, that's too hard! 
  ... No, it's not: Start with a word that means something to you: 
  You already do this! So: 
  tashimarch10 
  Then, change it: replace some letters with numbers, punctuation, uppercase. 
  Tash;m8r10 
  Because it starts with a word that means something, you may be surprised that after typing it a few times, you *will* be able to remember it. 
  And a hacker can't guess it.
•  Use different passwords for different accounts: 
  That's too hard! ... No, it's not: 
  website file uploads: Tash;m8r10tp yahoo mail: Tash;m8r10yh google mail: Tash;m8r10gm 
  See, i use an abbreviation for the different sites at the end of the password.
•  Change your passwords every few months. 
  That's too hard! ... Well ... i admit it is annoying. But it's like brushing your teeth — Just do it.