A Venn diagram that pretty well sums up something that plagues many technicians. Problems are not always related to PC security.
Everyone with a computer has heard of at least one of these network and PC security terms by now: viruses, spyware, phishing, scareware and spam. What are they? What do they do? Who creates them? Why?
The last two questions can be difficult to answer: perpetrators range from pranksters with odd senses of humor to thrill seekers who just want to crack existing PC security mechanisms to criminals looking to extort or steal money. The first two questions are a little easier. In this article, we’ll look at the most common types of malware and social engineering attacks and, in the process, we’ll look at the most basic ways to avoid these pitfalls.
malware (noun): software intended to damage a computer, mobile device, computer system, or computer network, or to take partial control over its operation
As the definition states, malware is any software with a malicious intent; the word derives from combining those two words (malicious and software). Let’s take a look a brief look at a few of the most common varieties now.
A computer virus is a piece of malicious code that attaches itself to another application. When the infected application is executed (run), the malicious code executes as well, looking for other programs to infect. At some future point, the virus activates and delivers its payload.
Although they get the blame just about every time PC security makes it to the evening news, real viruses meet three criteria:
- Replication. Like a virus in a human or animal, a computer virus must replicate to survive. To do this, the infected program must be executed.
- Activation. This is the point in time when the virus moves beyond reproducing and takes action.
- Objective. This is the actual damage the virus tries to deliver (whether mostly benign, such as a message, or actively malicious, such as wiping a hard drive).
Several famous viruses include Michelangelo and the Word macro virus Melissa.
Worms are pieces of self-replicating malware that reside in computer memory and travel through networks without the help of other applications or of users. Unlike viruses, they don’t need to be executed. The largest noticeable problem caused by worms is network slowdown as the many copies of the worm crawl across infected networks looking for additional hosts to infect.
The earliest known example of a true worm was Morris.
Trojans (Trojan Horses)
If you don’t know PC security, odds are still pretty good that you understand the historical reference made in the name. This type of malware disguises itself as something beneficial but is in reality malicious. In many cases, trojans are delivered via pirated software, games, screen savers or keygen (key generator) programs.
One particularly popular variety is bogus virus detection software (sometimes called scareware or rogueware), which also involves social engineering. There are several varieties for both Windows (Security Essentials – not Microsoft Security Essentials) and Mac OS X (MacProtector, MacDefender) victims, but they have several things in common:
- A user visits a web site and is warned of infections.
- The user is invited to download free software to perform a deeper scan.
- The software reports that the user is infected by a high number of potential threats – usually so many that the system shouldn’t even be functional.
- When the user clicks the ‘clean threats’ or ‘remove threats’ button, the user learns that although detection was free removal is not, and might cost anywhere from $49.95 to $79.95 or more.
Just like the basement door around the side of the house that you always leave unlocked because no one would ever even see it there, these are unprotected points of entry into a system. Usually these are installed by other malware.
Installed on systems without knowledge or consent, spyware can be designed to do anything from changing your web browser’s home page to adding search engine software to actively logging your every keystroke with the goal of identity theft and monetary gain. Spyware often results from visiting a malicious web site or is bundled – at no cost! – with other software much like a Trojan.
These attacks predate network and PC security: most have been around for as long as people have been able to speak and been inclined to get something that isn’t theirs. Before ID scanners were common, one of the best examples of social engineering was getting into clubs underage, whether through lies, bribes, fast talking or flirtation. In the world of network and PC security, there are a few more specific examples.
Just like it sounds, this one involves just looking over someone’s shoulder to gain information. It can happen at the ATM or, more commonly, it can happen in the office. The goal is simply to gain information through casual observation which can then be used at a later time.
This one is also just like it sounds: attackers look through the trash in an attempt to gain information to help a more direct attack at a later time. While this might seem difficult, it’s really not: think about all the information on preapproved credit applications or the paper copies of bills sometimes thrown away after the payment is made.
Like a fisherman doesn’t necessarily know what might wait beneath the waters, neither do those that engage in phishing, the practice of sending emails for the express purpose of tricking users into downloading a file, following a link or revealing personal information. The files are malware, the links are malicious and the personal information is later used for identity theft and monetary gain.
One phishing scam to which most people can relate is the Facebook variety: namely, a user receives a message from someone claiming to be related to that social media site, stating that some policy has changed, or some new feature has been added, or just that a password needs to be changed. A link is included that appears to be to a Facebook login page, but is actually on another server entirely and exists for the sole purpose of gathering up as many Facebook username and password combinations as possible.
Just like phishing, these attacks are designed to trick unsuspecting marks; scams of this nature, however, make use of the phone system.
One example is an automated call from your ‘credit card company’ to inform you of suspicious activity on your account. When you answer the call or return the voice mail or text message, a series of automated prompts has you verify your identity before you can complete the call and talk to an operator. To do so, you must enter personally identifiable information (PII) like your social security number, credit card number, expiration date and more. Since this is not your credit card company, you’ve just given away everything someone needs to know to pretend to be you, cancel your active card and request a new one.
Another time honored tradition, impersonation involves an attacker pretending to be someone s/he is not. How likely are you to call your cable, satellite or Internet provider if a technician shows up at your door with a badge that seems genuine and a shirt bearing the right name? Even worse, others might impersonate you with the information gathered through other techniques like dumpster diving and vishing.
The last thing I want to do is scare anyone into turning off the computer and putting on a tinfoil hat, but I do sincerely hope that this very brief introduction into a few network, home and PC security threats has you at least wary and curious about what can be done.
The absolute best countermeasures to these threats are awareness and appropriate software. There are a great many free software tools to protect against the most common PC security threats, and simple knowledge provides awareness. In general, if you wouldn’t do something in the real world then don’t do it in the digital world.
What do I mean by that?
Let’s say you’ve visited a web site that tells you your PC is running slow. It offers you a quick download to fix that, free of charge. All you have to do is click the link. You do (though you shouldn’t) and the software tells you that about sixty-two problems are slowing down your PC: just click cleanup to get rid of them. You do, and the software asks for $79.95 to finish the job.
This is analogous to a random person driving up to your house, knocking on the door and offering to do a free consultation on your car – a car that’s been working just fine, thanks. S/he goes about the free inspection, then tells you there are a lot of problems, but if you just hand over $79.95, they’ll all be repaired and you’ll be on the road safely in no time.
Hopefully the above scenario wouldn’t work on you.
The article is named for the aliens in the once-famous movie Independence Day, who fell victim to a classic social engineering scam and were then subjected to a form of malware.
As always, I invite comments and suggestions on the article over on the Molnar Home Computing Facebook page.