Think you have a virus?
Is your computer running awfully slow and is sluggish? Does a mysterious program keep popping up on your desktop every 10 seconds? Do you get a lot of popups while browsing the web, random error messages, or the Blue Screen of Death (BSOD)?
If so, then I've got some bad news for you. There is a probable chance that your system is infected. In order to understand the infection, we need to be able to identify the characteristics of infections. There are many types of infections and they all have different characteristics.
Malware is a broad term meaning malicious software including, but not limited to, trojans, worms, viruses, logic bombs, and spyware.
Malware isn't simply poorly coded software that causes memory leaks and other issues with Operating Systems; this software is created solely with the intent of collecting information, annoying the user, and causing mild to severe harm to a user's Operating System and sometimes hardware.
Since we've gone over the broad umbrella of Malware, let us delve into the specifics.
Spyware does exactly as its name implies. Spyware is used to collect bits of information about a user when the computer is being used. This is done without the users knowledge and is done in the background without the users knowledge.
Spyware is known the change computer settings, install programs, changing internet settings, change internet homepages, slow connection speeds, and other types of things that can invade a users privacy.
Spyware can lead to identity theft, credit card fraud, stealing of banking information, and password that gain access into encrypted content. A popular spyware program is called a keylogger which literally logs every keystroke to a remote location via browser exploitation and the internet.
Yet another form of spyware is called scareware which is design specifically to get a user to buy a product. This type of spyware will often have messages claiming a users computer to be infected and in order to remove said infections a full version will need to be purchased. This can lead to credit card fraud since they usually require payment by credit card.
Spyware has specific traits to it, however. This will allow you to identify a spyware infected computer.
- Slow system performance
- Significant decrease in connection speed
- Random programs being installed without your knowledge or consent
- Background has changed and will not change back
- Popups claiming that your web browser is out of date or system is infected
- Not able to uninstall programs
- Desktop has changed and cannot be changed back
- Mouse pointer moves itself
- Mouse pointer disappears
- Cannot access run or task manager
- Windows start bar/button goes missing
- Computer shuts down and starts up by itself
- Documents and files are printed by themselves
- Slow internet connection
- Dramatic loss of hard drive space
- Denial of Service attacks
- Web Server being brought down
- Annoying popups on your desktop
- Cannot access task manager
- Cannot access Run
- Cannot System Restore
- Cannot visit certain websites like mcafee.com or kaspersky.com
- Boot Sector Virus
- Master Boot Record (MBR) Virus
- File Infecter Virus
- Macro Viruses
- Slows system performance
- Dramatically slows web browser
- Sluggish internet connection
- Random error messages
- Blue Screen of Death (BSOD)
- Not able to access run
- Not able to access task manager
- Processes running with random characters and/or numbers
- No access to System Restore
- Blocked access to certain or all applications
- Unable to access anti-virus websites e.g. mcafee.com or kaspersky.com
These are some symptoms of Spyware; How to prevent spyware will be covered later on in the article.
Named after the Trojan Horse in which Greek solders housed themselves in for a surprise attack in Troy. This Trojan Horse was intended to deceive the Troy solders, making them think it was a gift of peace rather than a surprise attack.
A computer infection called a Trojan or Trojan Horse is no different. These trojans have hidden agendas and hidden functionality.
A trojans sole purpose is to acquire information about a users, initiate distributed denial of service attacks on web server, data theft, deleting files, installing unsolicited programs, etc.
Sometimes trojans can be relatively harmless and other times they can infect the master boot record (mbr) or partition tables which will cause a critical failure of a users operating system. This will crash the computer and essentially render the computer unusable unless the OS is reinstalled.
Especially dangerous Trojans will allow a hacker to physically hijack a users computer. Depending on the complexity and severity of the trojan, the hacker can disable the keyboard, mouse, monitor, change the desktop background, access the administrator command prompt, access the registry, and delete critical OS files.
The traits of a torjan are similar to spyware since a trojan is basically a form of spyware. They do, however, differ from spyware.
Worms are unlike a Torjan Horse or Spyware. Worms are self-replicating programs that uses a network to send copies of itself to other computers. Worms are specifically target computers with unencrypted internet access, weak network passwords, weak computer passwords, and computers with out-dated antivirus software.
Perhaps one of the worst worms ever in the history of technology is the ILOVEYOU worm which arrived in email boxed in early May of 2004. This internet worm contained the text, "ILOVEYOU" as the subject line and the content of the email. There was also an attachment called "LOVE-LETTER-FOR-YOU.TXT.vbs". This visual basic extension was hidden from unsuspecting users to see and tricked users into thinking it was a mere text file with more lovely words. However wonderful as it was, upon opening the .txt file the worm automatically sent a copy of the email to everyone in the users windows address book with the users email address. The worm also made malicious changes to the Windows Operating System and replicated itself throughout the registry. The worm estimated $5.5 billion damage and infected 50 million systems.
Bad worms can infect a computer and render it basically unusable. Worms can literally hijack a users computer and use the system as a zombie computer where it send copies of the worms to anyone and everyone.
Worms are somewhat tricky to detect since they depend heavily on a network connection to work. The majority of the worms out there don't contain payloads or additional code to seriously harm a system. They're mainly implemented to see how many systems can be infected, to bring down a website, or to cause a nuisance.
Grayware is a different form of malware and is solely intended to make a user bang their head against their monitor. They also harm a system but it's done in a highly obnoxious fashion. Popups, banner ads on websites, remote access tools, dialers, and irksome jokes are embedded in grayware.
Grayware can cause serious security holes in a system and it can also introduce more severe infections like spyware, viruses, and logic bombs.
Viruses are in their own category at times. Some consider a virus to not be a form of malware and some do.
A virus will attach itself to a program of file and will begin to copy itself. These file transfers will cause the virus to spread as it is passed through one computer to the next. Viruses might change data, corrupt data, or degrade the performance of a users system by taking up memory and disk space.
Viruses have for main categories, they are the following:
Boot Sector Virus
A boot sector virus infects the boot records on a hard drives and also floppy disks. Once the users boots the computer the virus will be saved in the boot record and infect other types of media as data is written to them.
MBR viruses infect the Master Boot Record of a hard disk which is the first of a hard drive. The MBR contains the partition table, bootstrapping files to load the OS after the POST has run, and a unique digital signature to identify the disk media.
The virus will fester on the mbr upon successful boot and will infect other files and may even corrupt a users partition table and critical system files that load the OS.
File Infecter Virus
A file infecter virus will infect files that contain .exe and .com files. Sometimes these viruses will remain in the memory and infect other files and applications. This type of virus will only infect files as they are executed.
Macro viruses will infect certain data files and most notably, Microsoft Office Files such as, Word documents, Excel spreadsheets, Power Point presentations, and Access databases.
A macro virus may also share the traits of a worm and spread themselves across a network.