2.9 Malicious software and Spam

Malware is a term used to describe software that damages your computer and compromises your security and the confidentiality of your information. It can be broken up into several categories, including viruses and spyware. Millions of computers around the world have been infected by a virus or spyware, causing huge problems in the industry. The Internet has become the most widely used medium for spreading malware, and we are always battling to protect ourselves from myriads of old and newly written malicious infections.

On today's Internet, a computer infected with malware can be used by third parties to orhestrate digital attacks on other systems. A vulnerability in a computer's defence systems is exploited by infecting it with the attacker's particular virus. The virus gives its creator remote control of the computers, creating what is known as a Botnet. These Botnets can then be used to attack a particular website or the servers of an organisation or government. Such attacks are called Distributed Denial of Service (DDoS) attacks as they overwhelm the servers by making millions of simultaneous requests for service.

Such attacks have gained widespread popularity during the last decade, and are often implemented by using an array of infected computers. Websites of human rights organisations are frequently disabled by them. It is very difficult to counter a DDoS attack and preventing the initial infection is key. It is too late to be ambivalent about virus protection, since unbeknownst to you, your infected computer could be participating in a DDoS attack against a website.

Similar to a human virus, computer viruses infect computers and other technical devices with the intent of changing their stability, operation or integrity. They are usually small pieces of software code that are executed on your computer following a specific action you take. They also have a tendency to re-create and multiply. You can receive a virus in an email, on a USB memory card or by simply browsing to a specific website. Sometimes it is possible to be infected by a virus just by being connected to the Internet.

History

The first recognised instance of a spreadable computer virus was the Elk Cloner. It was written around 1982 by a 15-year-old high school student Rich Skrenta and was aimed at Apple II systems. Elk Cloner spread by infecting the Apple II's operating system and was transmitted on floppy disks. When the computer was booted from an infected floppy, a copy of the virus would automatically start. Whenever a new floppy disk was inserted into an infected computer, the virus copied itself to it, thereby allowing itself to spread. It did not cause specific harm to the computer, but was merely an annoyance. On every 50th booting, the virus would display a short 'poem':

The Morris Worm, written by Robert Tappan Morris in 1998, became the first well-known malware spread on the Internet. It was estimated to have infected around 6,000 computers worldwide and led to the creation of a new industry for countering similar attacks, headed by CERT (Computer Emergency Response Team), a US federal-funded research institute and development cen- tre (http://www.cert.org).

The MyDoom virus of 2004 accounted for 1 in 12 of every email sent on the Internet and was able to co-ordinate the biggest Distributed Denial of Service attack⁶⁵, involving more then 1 million computers from all over the globe.

• A virus is a piece of computer code that damages the software (and of late, also the hardware) of your PC, with possible effects of data loss or computer malfunction. Viruses must be executed (run or opened) by the user and can replicate themselves to infect other computers.
  Infection: viruses come as email attachments, files loaded from floppy disks or other removable media. Files that could contain viruses usually (but not always) have the following extensions: .exe .com .bat .vbs .php .class .jbs .scr .pif
  
• A worm – is similar to a virus but the former does not try to delete or corrupt information on your computer. Worms usually come embedded in an email message. They exploit security vulnerabilities in operating systems and spread themselves to other computers via the network or the Internet.
  Infection: worms infect your computer as soon as you open the email message in which they are hiding. An infected computer could also be sending and receiving worms by simply being connected to the Internet.


• Trojans(Trojan horses, backdoor Trojans) are programs posing as legitimate software but actually containing malicious code. They do not replicate themselves but can force your computer to download a virus or per-form a pre-programmed function (such as attack another website). Backdoor Trojans can give full access to your computer to an outsider. They could give an attacker access to all your programs and documents. Infection: Trojans pose as legitimate programs and become active when you execute them. Sometimes viruses install Trojans on your computer.


• Keyloggers are malicious programs that track your movements on the computer and the Internet and send this information to an outsider. Their main aim is to undermine the computer's security and to reveal information about its user for reasons of profit or gain.
  Infection: Keyloggers can appear in email and come embedded in programs you install. You can be infected simply by visiting a wrong web page (especially relevant to Internet Explorer) or using file-sharing software. They can come in email attachments or get installed with a virus.

Mobile phones are also affected in today's virus filled world, taking advantage of Bluetooth and Media Messaging to spread themselves around. BlackBerries are not excluded with a vulnerability that allows malware to become trusted applications. Skype and MSN, iMac built-in video cameras and even newly released wireless pacemakers can all be 'owned' by a virus writer. Malicious code has been found in images on photo sharing websites and millions of unsuspecting (and poorly configured or not updated) web platforms have been 'injected' with viral code . Either our ignorance or their creativity has spawned a hostile digital world with little room for error. Your only hope is to arm yourself with good software and a bunch of common sense – to build a castle for your digital home.

An organisational policy that pro-actively prevents downloading and executing of viruses is required. Some of it can be done at the program level, by setting specific settings to make your programs more robust against viruses and by obtaining and running anti-virus, anti-spyware and firewall software. All software, including fixes for Windows, must be actively sought and updated. This will increase your protection against newly written malware. The main approach to tackling malware is at the policy level.

You need to:

• Keep a backup of your important documents on removable media
• Block all malicious email attachments at your server or program level
• Never open any email attachments that you are not expecting and those originating from unknown sources, and try not to click on any links embedded in an email message, especially from sources who you do not yet know
• Run a full scan of your system at least once a week
• Do not download unnecessary programs onto your computer. MSN and Yahoo Chat programs are popular targets for spreading viruses. Try to refrain from using these programs and file-sharing software on your work computer.
• Stay informed about the latest threats

• Disconnect it from the Internet and from any networks immediately.
• Close all programs and run a full anti-virus scan. Some programs allow you to schedule a boot scan which will check your entire computer upon restart. This is useful as some viruses hide in files that Windows cannot check when it is running. Delete any viruses found and write down their names. Then
  run the scan again, until you have no more warnings.
• Connect to the Internet and obtain the latest information on the particular
  virus you have received. You can check www.symantec.com or www.sophos.com or www.f-secure.com for the latest information about viruses, the damage they can cause and methods of their detection, prevention and deletion. Update your Windows operating system with any necessary patches.
• If a virus is found on a computer that resides in a network, disconnect all computers from the Internet and then from the network. All users should stop working, and the steps listed above must be taken for every computer. This may sound like an exhausting process, but it is an absolute necessity.

In 1999, BubbleBoy becomes the first ever worm that did not depend on the user opening an email attachment to be infected. As soon as the infected email message is viewed, the worm is set to work. This trend is followed by many virus writers and continues to baffle the most expensive security systems whilst preying on our never ending curiosity to see the content of a suspicious looking email.

Switch off the email preview option in your email program. Additionally choose to open email only in simple text format. This will prevent malicious code hiding in the email's body to be executed.

You are defenceless on the Internet if you do not have an anti-virus, anti-spy- ware and firewall software installed. These need to be constantly updated and rigorously configured. You shouldn't have to spend any money at all. Companies like Avast, Comodo and Safer Networking offer free home use of their anti-malware and firewall software.⁶⁶

The most important rule is to be aware and vigilant. Take the required precautions but do not let the existence of anti-virus or anti-spyware programs give you a false sense of security. As you might have guessed from the above, it is a never-ending battle. Viruses spread not only because of their clever programming, but because of the carelessness and nonchalance of the user.

Spam is the process of sending bulk and unsolicited emails. They normally take the form of advertising or nonsense messages that often fill up our email boxes. Spam is an activity aimed at increasing the profits of companies, and increasingly of spam gangs. It is a lucrative method, for the costs of mass distribution are minimal – far cheaper then postal junk mail and other means of mass advertising. Spam now accounts for 50% of all Internet activity and is an enormous problem to individuals and to businesses. This section will tell you how to reduce the amount of spam in your email box.

Many on-line companies provide lists of their customers' email addresses to organisations specialising in sending unsolicited commercial email (spam). Other companies mine email addresses from messages posted on mailing lists, newsgroups, or domain name registration data. In a test by the US Federal Trade Commission, an email address, posted in a chat room, began receiving spam within eight minutes of submitting a post⁶⁷.

History

Preventing spam

Do not list your email address on any websites or list servers. If this is not possible, disguise it by putting # or 'at' instead of using the normal @ symbol. This will prevent web-spiders from capturing your email addressing

user#frontlinedefenders#org -> user AT frontlinedenfeders DOT org

If you are sending a large group email, insert the contacts into the 'Bcc' field. This will hide the existence of the mass email and prevent spammers from using the list for their purposes. Try to use several email addresses. One will be your private email which you will give out only to trusted contacts. You can use other addresses for registration and authentication when on the Internet. Thus you will be able to separate private email accounts from those that get spammed.

If your account is already facing massive spamming and the filters are simply not working any more, you have no other option but open a new email account and be more vigilant.