Wednesday, January 03, 2007

The Top 10 Culprits Causing Malware Infections

By Coenraad De Beer

Viruses and spyware is no strange thing to computer users these days. Everyday we need to update our anti-virus and anti-spyware programs to keep our computers protected against these threats. A scan once a week or more is required to reveal any nasty pests, which infiltrated your system without being detected. While it is imperative to have software protecting our computers against these threats, is it just as important to know how these infections occur and where they come from.

I think it is safe to assume that the places you visit on the Internet will determine which programs are installed on your PC. Let me put it this way, the software installed on your computer will have some relevance to the sites you often visit. Lets take a few examples, when you are using Gmail, chances are good that you will have Gmail Notifier or GoogleTalk installed on your PC. When you often visit Yahoo.com or take part in their social networks, chances are good that you will have Yahoo! Toolbar or Yahoo! Messenger installed on your PC. Lets take a more practical example, users visiting Microsoft.com most probably have packages like Microsoft Office and Microsoft Windows XP installed on their computers. It is likely for supporters of the Open Source Initiative to hang out on sites like OpenSource.org, OpenOffice.com, Linux.org or SpreadFirefox.com. So your software preferences play a huge role in the type of web sites you visit and vice versa.

But what has this to do with malware infections? To be honest, everything! Let me show you what the top culprits of malware infections are and it will soon be clear to you what the connection is between the web sites you visit and the malware found on your PC.

Top culprit number 1: Pornographic web sites
Download Spyware Blaster by JavaCool Software and have a look at all the porn related web sites blocked by this program. It is also remarkable to see how many computers with traces of pornographic web sites in their browser history, are often infected with spyware and trojan horses. Unfortunately you will have innocent victims of malware infections, also with traces of pornographic web sites in their browser history, but only because the malware redirected them to these sites. However, people with pornographic material on their computers are not that innocent in this case, pornography does not go out looking for people, people go out looking for pornography.

Top culprit number 2: Illegal music (MP3) and movie downloading sites
These sites normally force you to install special downloading software on your computer so that you can download files from them. These download managers are often bundled with spyware and are trojan horses themselves, downloading tons of other spyware programs while you cheerfully download your illegal MP3's. They sometimes place tracking cookies on your PC to monitor your browsing habits and hijack your browser to make sure you return to their site or a site of a partner.

Top culprit number 3: Software Piracy web sites
If you love using illegal software, cracks, serial numbers or license key generators (keygens) then you most probably had to remove some malware infections in the past after visiting one of these sites. Most of the people using these cracks are normally technical wizards and know how to disinfect their computers. Many of these sites do not only contain harmful scripts but also fake cracks and key generators, which are nothing else but malware. Some crack developers create a working crack but distribute it with spyware or a trojan horse to make your PC their slave.

Top culprit number 4: Peer-to-peer file sharing programs and networks
The file sharing community is loaded with pornography, pirated software, music and movies. Is it not amazing that everywhere these guys make their appearance you also find spyware, viruses, trojan horses and all kinds of malware? The client software is also often bundled with spyware (or adware as they call it).

The culprits discussed so far are those connected with illegal and indecent activities. People visiting these sites and using these services deserve getting infected with malware. These culprits are also some of the biggest sources of malware epidemics. What flows from the mouth, comes from within the heart. The same rule applies to your computer, those nasty little programs crawling inside your computer is, in the case of culprits 1 to 4, the direct result of your own sinful actions and activities.

The next couple of culprits are caused by negligence and a lack of knowledge about how malware are distributed.

Top culprit number 5: Pop-up and pop-under advertisements
Another culprit that wants to caught you off guard. A pop-up window may appear out of the blue or a concealed pop-under window my load in the background without you even knowing it. These windows can start downloading malicious programs and install them on your computer. They can appear on any web site, not just illegal and other bad web sites. You can prevent these windows from opening by using a secure browser like Firefox with a built-in pop-up blocker.

Top culprit number 6: Fake anti-virus and anti-spyware tools
You visit a legitimate looking web site and suddenly a banner appears telling you that your computer is infected with spyware. You can scan your computer with all the anti-spyware software in the world, over and over again until you are blue in the face, but that banner will keep telling you that your computer is infected with spyware. This is because it is a plain image banner. The site never does a scan of your computer, it is a fixed message that will display on any computer, no matter how clean it is. Simply put, it is a blatant lie! They want you to believe that your computer is infected and that only their software can remove this spyware. If you download and install their software you will only find that it is spyware itself. You may end up infecting a completely clean system with a dirty program, trying to remove the so-called spyware.

A system scan is not a three second process, it takes time, so no scanner can tell you instantaneously that your system is infected with spyware. I do not believe in online scanners, rather use software with a good reputation, a local scan is much more faster. Most online scanners are no online scanners at all, you actually download the whole scanning engine and end up doing a local scan anyway. A real scanner will tell you the name of the malware and its location on your hard drive, if it does not give you this information, then it is fake. Even if it gives you this information, it still does not mean that the software is legitimate. Do not trust everything you see online and stick to well known anti-malware brands.

Top culprit number 7: Free games, screen savers, media players, etc.
No, not every free program comes bundled with spyware, but spyware (once again the developers prefer to call it adware, but it is still the same thing) is often the price you have to pay for the free software. It is normally a ploy to monitor your use of the program, to send the creators statistical data or to collect data about your online behaviour in order to send you targeted ads. If you try to remove the spyware you normally render the main application useless. Read the EULA (End User Licence Agreement) very carefully before installing the application. But everyone knows that nobody reads those tedious, long licence agreements, so use EULAlyzer by JavaCool Software to check for specific keywords and phrases that might reveal any spyware programs being installed or privacy breaching practices that may occur if you install the free software.

Top culprit number 8: Malicious web pages with harmful scripts
But you already mentioned this one in culprits 1 to 3. No, culprits 1 to 3 often have harmless web sites and it is the content you download from the sites that is harmful. But you also get web pages containing malicious scripts, totally innocent looking web sites, like a site donating money for cancer. You go to their homepage and suddenly a script virus strikes your computer. This is what an anti-virus shield was made for, that unexpected attack. Firefox is also designed to prevent harmful scripts and browser hijackers from accessing the system and taking advantage of flaws and weak spots in your operating system.

Top culprit number 9: E-mail
Virus worms spread themselves by forwarding a copy of the virus to all the contacts in your address book. Those contacts that are unaware of these worms will most likely open the e-mail and the file attached to it. But when you open a strange infected e-mail from an unknown sender, then you are guilty of double negligence. For the virus to be activated you need to open the e-mail and in most cases you need to deliberately open the file attachment too. By using a little common sense you will know that strange e-mails from unknown senders are dangerous, especially when they have executable attachments with file names ending with the "exe", "com", "bat" or "scr" extensions. Even dangerous e-mails from known, trustworthy contacts can easily be identified if the contents of the e-mail seems strange and out of character. By being careful and responsible when opening your e-mails, you will not only prevent your own computer from getting infected, but you will also prevent the worm from spreading any further.

Top culprit number 10: You the Internet user
What? Me? How on earth can I be a culprit? Well, you are an accomplice in the spread of malware if you do not have an active and updated anti-virus package installed on your computer, if you do not scan your computer for viruses and spyware on a regular basis, if you do not use shields like the TeaTimer tool from SpyBot (which is free by the way), the Ad-Watch shield of Ad-Aware or the resident shield of AVG Anti-spyware (all of which you have to pay for, unfortunately), if you spend your time browsing pornographic and illegal web sites and take part in the sharing of pirated software and copyrighted material (culprits 1 to 4), if you fail to be responsible with the software you install on your PC and the e-mails you open (culprits 6, 7 and 9) and if you refuse to use a secure web browser (like Firefox) built to prevent malware infections (culprits 5 and 8). Yes, I will go so far to say, that if you stay away from culprits 1 to 7 and 9, you probably won't need any virus and spyware protection at all. Culprit 8 is the only reason why you should have anti-virus and anti-spyware protection, for those unexpected attacks, over which you have no control.

Culprits 1 to 8 are the main sources of malware. Infections caused by them led to the creation of culprits 9 and 10, which distribute the malware even further. Do not turn your computer into a malware paradise or a malware distribution centre. Take responsibility, protect your computer against these threats and prevent the spread of malware.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software. Visit our Malicious Software Removal Assistance page for advice and personal assistance with the removal of stubborn and unknown malware infections.

No comments: