3.

5 Security

3.5.4 Malware

What is malware?
U

“Malware”, short for malicious software, is any software used to disrupt the computer’s operation,
gather sensitive information without your knowledge, or gain access to a private computer. It
includes any software that gets installed on your machine and performs unwanted tasks, often for
some third party’s benefit.

Malware programs can range from being simple annoyances (pop-up advertising) to causing serious
computer invasion and damage (stealing passwords and data or infecting other machines on the
network). Additionally, some malware programs are designed to transmit information about your
Web-browsing habits to advertisers or other concerned parties without your knowledge.

It is unfortunate that there are people out there with malicious intent, but it is good to be aware of the
fact. You can install several utilities that will seek and destroy the malicious programs they find on
your computer.

Types of malware
U

Virus – Software that can replicate itself and spread to other computers or are programmed
to damage a computer by deleting files, reformatting the hard disk, or using up the computer
memory. All computer viruses are man-made. Even a simple virus is dangerous because it
will quickly use all available memory and bring the system to a halt. A virus requires the
user to run an infected program in order for the virus to spread.

How can you reduce the risk of getting a virus?

Use up to date anti-virus software.

Do not open an email attachment unless you are expecting it and know the source.
Be cautious when letting other users insert their USB into your computer.
Only download files from trusted web sites.
It is a good practice to back up your data regularly. If a virus does damage to your data,
you can restore the damaged files from backup.

Page 1 of 8
 3.5 Security

3.5.4 Malware

Worm – A computer worm is a self-replicating program that penetrates an operating system

with the intent of spreading malicious code. Worms utilize networks to send copies of the
original code to other computers, causing harm by consuming bandwidth or by deleting
files.
Worms are often confused with viruses; the difference lies in how they spread. Worms self-
replicate and spread across networks causing damage. They cannot be latched onto a
computer program. Worms often infect computers by exploiting bugs in legitimate software.
Typically, a high-profile, trusted web page may be tampered with so it transmits (often
invisibly) a carefully corrupted document file to the user when the page is viewed. The
corrupted file causes the viewer program to crash, opening a door for the injection of a
malicious program. To help hide the infection, the malicious program is usually a
‘downloader’ – a very small program that later connects to a remote computer over the
internet to download a more substantial piece of malicious software.

How to prevent worm infections?

A good anti-virus program can protect you to some extent, but it’s not enough on its own as it is hard
to keep it up to date. Many modern worms change hourly and it can take a day or more to create and
distribute an anti-virus update.

You also need a firewall to help block the worm’s communications, but the most effective way to
prevent worm infection is to turn off JavaScript for normal web browsing. JavaScript is a powerful
tool that makes websites interactive, and is increasingly relied on by web designers. But it is also the
most common entry point that worms use to infect your computer. So there is a trade-off. Turning off
JavaScript for normal web browsing will limit your access to many websites, but is the best form of
protection against worm infection.

Page 2 of 8
 3.5 Security

3.5.4 Malware

An interesting fact about worms:

In the 1980s, researchers were seeking ways of managing the growing internet remotely, using
programs that could distribute themselves automatically across it.

In the US, on 2 November 1988, a Cornell University student called Robert Morris released an
experimental self-replicating program onto the internet to find out how many computers were
currently connected to it. The program spread rapidly, installing itself on an estimated 10% of the
computers then connected.

Morris had no malicious intent, but a bug in his program caused many of the computers the worm
landed on to crash. He was prosecuted and expelled from Cornell, but worms had come of age and
have since evolved into an effective way of attacking systems connected to the internet!

Spam – It is flooding the Internet with many copies of the same message, in an attempt to
force the message on people who would not otherwise choose to receive it. Most spam is
commercial advertising, often for fake products, get-rich-schemes, etc... Some people define
spam as unsolicited email and you do not know who the sender is. Real spam is generally
email advertising for some product sent to a mailing list or a newsgroup.

In addition to wasting people’s time with unwanted e-mail, spam also eats up a lot of
bandwidth. Organizations are trying to fight spam, but because the Internet is public, there is
really little that can be done to prevent spam.

There are however, a few precautions the user can take to reduce the amount of spam he/she
gets on his/her email.

Use firewall software on your computer to stop attacks from people attempting to
compromise your system and possible use it to send spam.

Always check the sender and recipient information of suspicious messages. Spam
will typically be sent from falsified email addresses to conceal the real sender, with a
number of recipients in the BCC field of the message to hide the large number of
recipients.

Do not use real email addresses for signing up for (free) downloads of any kind
online.

Do not make purchases based on spam messages you receive, thus eliminating the
spammers’ economic foundation.

Page 3 of 8
 3.5 Security

3.5.4 Malware

Phishing – The act of sending an email to a user falsely claiming to be an established

legitimate enterprise in an attempt to scam the user into surrendering private information that
will be used for identity theft.
Phishing email will direct the user to
visit a website where they are asked to
update personal information such as
password, credit card, social security,
or bank account numbers, that the
legitimate organization already has. The
website, however, is bogus and set up
only to steal the information the users
enter on the page.

Page 4 of 8
 3.5 Security

3.5.4 Malware

Below is an
example of
what a phishing
e-mail may
look like.

To a user who frequently uses eBay or any online service, these e-mails may appear as if they have
come from the company described in the e-mail. However, phishing e-mails are designed to deceive
the user and trick them into visiting the links in the e-mail that are designed to steal personal

Page 5 of 8
 3.5 Security

3.5.4 Malware

information and use it for against the user’s will. Below are some helpful tips on identifying these
e-mails and how to handle them.

Page 6 of 8
 3.5 Security

3.5.4 Malware

How to identify a phishing e-mail?

Spelling and grammar – Improper spelling and grammar is an obvious sign of phishing.
Look for errors.

Company – These e-mails are sent out to thousands of different e-mail addresses and
often the person sending these e-mails has no idea who you are. If you have no affiliation
with the company the e-mails address is coming from, it is fake. For example, if the e-
mails are coming from Faysal Bank but you have an account somewhere else, it is a clear
sign of a phishing scam.

To prevent a phishing attack, never send any personal information through e-mail. If a
company is requesting you to send them personal information about your account or is
saying your account is invalid, visit the web page and log into the account as you
normally would.

Pharming – is a form of online fraud very similar to phishing as pharmers also rely upon the
same fake websites and theft of confidential information. However, where phishing must
entice a user to the website through “bait” in the form of a fake email or link, pharming re-
directs victims to the fake site even if the victim has typed the correct web address. This is
often applied to the banking sites or e-commerce sites.

While a typical website uses a domain name for its address, its actual location is determined by an IP
30TU U30T 30TU

address. When a user types a domain name into his or her Web browser's address field and hits enter,
U30T

the domain name is translated into an IP address via a DNS server. The Web browser then connects
30TU U30T

to the server at this IP address and loads the Web page data. After a user visits a certain website, the
DNS entry for that site is often stored on the user's computer in a DNS cache. This way, the
30TU U30T

computer does not have to keep accessing a DNS server whenever the user visits the website.

One way that pharming takes place is via an e-mail virus that "poisons" a user's local DNS cache. It
does this by modifying the DNS entries, or host files. For example, instead of having the IP address
17.254.3.183 direct to www.apple.com, it may direct to another website determined by the hacker.
Pharmers can also poison entire DNS servers, which means any user that uses the affected DNS
server will be redirected to the wrong website. Fortunately, most DNS servers have security features
to protect them against such attacks. Still, they are not necessarily immune, since hackers continue to
find ways to gain access to them.

While pharming is not as common as phishing scams are, it can affect many more people at once.
This is especially true if a large DNS server is modified. So, if you visit a certain website and it
appears to be significantly different than what you expected, you may be the victim of pharming.
Restart your computer to reset your DNS entries, run an antivirus program, and then try connecting

Page 7 of 8
 3.5 Security

3.5.4 Malware

to the website again. If the website still looks strange, contact your ISP and let them know their DNS
30TU U30T

server may have been pharmed.

How to protect against pharming?

The primary battle against pharming is being fought by ISPs,

as they filter out as many of the fake redirects as possible.
However, it is possible to increase your protection against
pharming scams. The most important step comes from using a
trustworthy Internet service provider in your country.

The URL is also a great place to check. Always ensure that,

once the page has loaded, the URL is spelt correctly and hasn’t
redirected to a slightly different spelling, perhaps with
additional letters or with the letters swapped around.

One of the biggest fears is that pharmers will attack major

banking services or e-commerce sites. When you reach the
payment point or the point wherein you are asked to type in
banking passwords and usernames, make sure that the “http”
has changed to “https” as the s stands for secure.

Antivirus software can also help to protect against pharming

instances, especially when you enter an unsecured site without
realizing. Keeping your anti-virus software up to date, along
with installing any updates required for the ISP, will surely
help to fight against pharming.

Page 8 of 8