Trojan Computer

Horses Worms

Computer
Viruses Malware Security
Threats Suites
Spyware
Antivirus
Modules
Bots Quarantined
Virus
Signatures Files
Virus
De�nitions

Security Software
SECTION e
the days when viruses were the greatest threat to
computers are long gone. Today, a virus is just one of many categories
of malicious software, or malware, that can wreak havoc on computer
systems, networks, and even handheld devices. Section E explains
how you can use security software to combat malicious software that
threatens your computer.

seCurity software basiCs

 What is security software? Security software is designed
to protect computers from various forms of destructive software and FIgurE 3-51
unauthorized intrusions. Security software can be classified into vari- This smartphone’s security was
ous types: antivirus, antispyware, anti-spam, and firewalls. Each type breached, letting a hacker surrepti-
focuses on a specific security threat. tiously record conversations.
 What devices are at risk? Windows computers have the
highest risk of contracting a virus or unwanted intrusions, but any
device that receives e-mail, accesses the Web, and runs apps is
potentially vulnerable.
Apple computers and handheld devices are not targeted as often as
Windows and Android devices, but the incidence of attacks is growing
across all platforms. Jailbreaking a phone increases its vulnerability
(Figure 3-51).
 What are malware threats? The terms malicious software
Android is a trademark of Google Inc, © 2011 Google

and malware refer to any computer program designed to surreptitiously

enter a computer, gain unauthorized access to data, or disrupt normal
processing operations. Malware includes viruses, worms, Trojans, bots,
and spyware.
Malware is created and unleashed by individuals referred to as hack-
ers, crackers, black hats, or cybercriminals. Some malware is released
as a prank. Other malware is created to distribute political messages or
to disrupt operations at specific companies.
In an increasing number of cases, malware is unleashed for monetary
gain. Malware designed for identity theft or extortion has become a very
real threat to individuals and corporations.

162
software 163

 What is a virus? A computer virus is a set of program instructions

that attaches itself to a file, reproduces itself, and spreads to other files. A
common misconception is that viruses spread themselves from one com-
puter to another. They don’t. Viruses can replicate themselves only on the
host computer.
A key characteristic of viruses is their ability to lurk in a computer for days
or months, quietly replicating themselves. While this replication takes
place, you might not even know that your computer has contracted a virus;
therefore, it is easy to inadvertently spread infected files to other people’s 3
computers.
In addition to replicating itself, a virus usually delivers a payload, which can
be as harmless as displaying an annoying message or as devastating as
trashing the data on your computer’s hard disk. It can corrupt files, destroy
data, or otherwise disrupt computer operations. A trigger event, such as a
specific date, can unleash some viruses. Viruses that deliver their payloads
on a specific date are sometimes referred to as time bombs. Viruses that
deliver their payloads in response to some other system event are referred
to as logic bombs.
Viruses spread when people exchange infected files on disks and CDs, as
e-mail attachments, and on file sharing networks, social networking sites,
and download sites.
 What is a worm? A computer worm is a self-replicating program
designed to carry out some unauthorized activity on a victim’s computer.
Worms can spread themselves from one computer to another without any
assistance from victims.
Worms can enter a computer through security holes in browsers and oper-
TERMINOLOGY NOTE
ating systems, as e-mail attachments, and by victims clicking on infected
pop-up ads or links contained in e-mails. For example, a mass-mailing A spoofed address is one that
worm called Ackantta is hidden in an attachment to an e-mail message is misleading or incorrect. In
that’s a fake Twitter invitation. Clicking the attachment activates the worm. the case of e-mail, it is not the
actual address of the person or
A mass-mailing worm spreads by sending itself to every address in the computer that sent the e-mail
address book of an infected computer. Your friends receive these mes- message. Spoofed addresses
sages and, thinking that they are from a trusted source, open the infected make it difficult or impossible to
attachment, spreading the worm to their computers and on to their friends. trace mail back to the sender.
Although e-mail is currently the primary vehicle used to spread worms,
hackers have also devised ways to spread worms over file sharing net-
works, instant messaging links, and mobile phones.
 What is a Trojan horse? A Trojan horse (sometimes simply called
a Trojan) is a computer program that seems to perform one function while
actually doing something else. Unlike a worm, a Trojan is not designed to
spread itself to other computers. Also differing from viruses and worms,
Trojans are not typically designed to replicate themselves. Trojans are
standalone programs that masquerade as useful utilities or applications,
which victims download and install unaware of their destructive nature.
Trojans are notorious for stealing passwords using a keylogger that records
keystrokes as you log in to your computer and various online accounts.
Another type of Trojan called a Remote Access Trojan (RAT) has back-
door capabilities that allow remote hackers to transmit files to victims’
computers, search for data, run programs, and use a victim’s computer as a
relay station for breaking into other computers.
164 s e C t I o N e , C H a P ter 3

 What is a bot? Any software that can automate a task or autono-

mously execute a task when commanded to do so is called an intelligent
agent. Because an intelligent agent behaves somewhat like a robot, it is
often called a bot.
Good bots perform a variety of helpful tasks such as scanning the Web
to assemble data for search engines like Google. Some bots offer online
help, while others monitor online discussions for prohibited behavior and
language. Bad bots, on the other hand, are controlled by hackers and
designed for unauthorized or destructive tasks. They can be spread by
worms or Trojans. Most bad bots are able to initiate communications with a
central server on the Internet to receive instructions. A computer under the
control of a bad bot is sometimes referred to as a zombie because it carries
out instructions from a malicious leader.
Like a spider in its web, the person who controls many bot-infested com- TERMINOLOGY NOTE
puters can link them together into a network called a botnet. Experts
have discovered botnets encompassing more than 1 million computers. A denial-of-service attack is
Botmasters who control botnets use the combined computing power of their designed to generate a lot of
zombie legions for many types of nefarious tasks such as breaking into activity on a network by flooding
encrypted data, carrying out denial-of-service attacks against other comput- its servers with useless traffic—
ers, and sending out massive amounts of spam. enough traffic to overwhelm the
server’s processing capability
 What is spyware? Spyware is a type of program that secretly gathers and essentially bring all commu-
personal information without the victim’s knowledge, usually for advertising nications and services to a halt.
and other commercial purposes. Once it is installed, spyware starts moni-
toring Web-surfing and purchasing behavior, and sends a summary back to
one or more third parties. Just like Trojans, spyware can monitor keystrokes
and relay passwords and credit card information to cybercriminals.
Spyware can get into a computer using exploits similar to those of Trojans.
It can piggyback on seemingly legitimate freeware or shareware downloads.
You can also inadvertently allow spyware into your computer by clicking
innocuous but infected pop-up ads or surfing through seemingly valid and
secure Web sites that have been compromised by hackers.
 What does malware do? Once viruses, worms, bots, Trojans, and
spyware enter your computer, they can carry out a variety of unauthorized FIgurE 3-52

activities, such as those listed in Figure 3-52. Malware Activities

◗ Display irritating messages and pop-up ads

◗ Delete or modify your data
◗ Encrypt your data and demand ransom for the encryption key
◗ Upload or download unwanted files
◗ Log your keystrokes to steal your passwords and credit card
numbers
Michael D Brown/[Link]

◗ Propagate malware and spam to everyone in your e-mail

address book or your instant messaging buddy list
◗ Disable your antivirus and firewall software
◗ Block access to specific Web sites and redirect your browser
to infected Web sites
◗ Cause response time on your system to deteriorate
◗ Allow hackers to remotely access data on your computer
◗ Allow hackers to take remote control of your machine and turn it into a zombie
◗ Link your computer to others in a botnet that can send millions of spam e-mails or wage denial-of-
service attacks against Web sites
◗ Cause network traffic jams
software 165

 How do I know if my computer is infected? Watch out for the FIgurE 3-53

symptoms of an infected computer listed in Figure 3-53. Symptoms of Infection

◗ Irritating messages or sounds

◗ Frequent pop-up ads, at times with pornographic content
◗ The sudden appearance of a new Internet toolbar on your
browser’s home page

Michael D Brown /[Link]

◗ An addition to your Internet favorites list that you didn’t put
there
◗ Prolonged system startup
◗ Slower than usual response to mouse clicks and keyboard
strokes
◗ Browser or application crashes
◗ Missing files
◗ Your computer’s security software becomes disabled and cannot be restarted
◗ Periodic network activity when you are not actively browsing or sending e-mail
◗ Your computer reboots itself frequently

Some malware does a good job of cloaking itself, so victims are unaware of
its presence. Cloaking techniques are great defense mechanisms because
when victims aren’t aware of malware, they won’t take steps to eradicate it.
Many victims whose computers were part of massive botnets never knew
their computers were compromised.
Some hackers cloak their work using rootkits. The term rootkit refers to
software tools used to conceal malware and backdoors that have been
installed on a victim’s computer. Rootkits can hide bots, keyloggers, spy-
ware, worms, and viruses. With a rootkit in place, hackers can continue to
exploit a victim’s computer with little risk of discovery. Rootkits are usually
distributed by Trojans.
 How do I avoid security threats? The Orientation section at the
beginning of this book listed some techniques for safe computing. That list FIgurE 3-54

is worth repeating (Figure 3-54). Avoiding Security Threats

◗ Install and activate security software on any digital device that is at risk.
◗ Keep software patches and operating system service packs up to
date.
◗ Do not open suspicious e-mail attachments.
◗ Obtain software only from reliable sources; and before running it,
use security software to scan for malware.
Collina/[Link]

◗ Do not click pop-up ads—to make an ad go away, right-click the

ad’s taskbar button and select the Close option.
◗ Avoid unsavory Web sites.
◗ Disable the option Hide extensions for known file types in
Windows so you can avoid opening files with more than one
extension, such as a file called [Link].
166 s e C t I o N e , C H a P ter 3

 What’s a virus hoax? Some virus threats are very real, but you’re
also likely to get e-mail messages about so-called viruses that don’t really
exist. A virus hoax usually arrives as an e-mail message containing dire
warnings about a supposedly new virus on the loose. When you receive an
e-mail message about a virus or any other type of malware, don’t panic. It
could be a hoax.
You can check one of the many hoaxbuster or antivirus software Web sites
to determine whether you’ve received a hoax or a real threat. The Web
sites also provide security or virus alerts, which list all of the most recent FIgurE 3-55
legitimate malware threats. If the virus is a real threat, the Web site can
The Norton security suite
provide information to determine whether your computer has been infected.
includes modules for scanning
You can also find instructions for eradicating the virus. If the virus threat is a
viruses, detecting spyware,
hoax, by no means should you forward the e-mail message to others.
and activating a firewall against
 What if my computer gets infected? If you suspect that your unauthorized intrusions.
computer might be infected by a virus or other malware, you should imme-  Take a tour of these mod-
diately use security software to scan your computer and eradicate any ules by using your interactive
suspicious program code. eBook.

seCurity suites
 What is a security
suite? A security suite
integrates several security
modules to protect against
the most common types
of malware, unauthorized
access, and spam. Security
suites might include addi-
tional features such as
Wi-Fi detection that warns
of possible intrusions into

Software © 1995–2011 Symantec Corporation

your wireless network,
and parental controls for
monitoring and controlling
children’s Internet usage.
A security suite, like the
one in Figure 3-55, typically
includes antivirus, firewall,
and antispyware modules.
 What are the advantages and disadvantages of a secu-
rity suite? A security suite costs less than purchasing standalone security
modules. In addition, a single interface for accessing all of the security
suite’s features is much less complex than having to learn how to configure
and run several different products.
When installing a security suite, you might be required to uninstall or
disable all other antivirus, antispyware, and firewall software on your com-
puter. Most security suites cannot run concurrently with standalone security
products, and overlapping security coverage from two similar products can
cause glitches. Therefore, one disadvantage of security suites is that you
become dependent on your security package’s vendor, which becomes the
sole protector of your computer from malicious code.
 software 167

 Where can I purchase a security suite? The most popu-

lar security suites include Symantec Norton Internet Security, McAfee
Internet Security Suite, avast!, and Trend Micro Titanium Maximum Internet
Security. They can be purchased in most office, electronics, and computer
stores, or downloaded from the Web.
It is also worth looking into your Internet service provider’s free security
offerings. For example, Comcast provides its customers with Norton secu-
rity products, all accessible through Comcast’s Security Web page.
A security suite is often preinstalled on a new computer. However, it is usu-
3
ally demoware, so you have the option of purchasing it after the trial period,
normally 60 days. Typically, there is also an annual subscription fee for con-
tinued use and regular updates. When you renew your subscription, you
might have an option to upgrade to a newer version for an extra $10–$20.
There are also open source and freeware versions of security software,
which do not require annual subscription fees.

antiVirus moduLes
 What is antivirus software? Antivirus software is a type of util-
ity software that looks for and eradicates viruses, Trojan horses, worms,
and bots. Some antivirus software also scans for spyware, although several
security software publishers offer spyware detection as a separate module.
Antivirus software is included in security suites or available as a standalone
module (Figure 3-56). Antivirus software is available for all types of com-
puters and data storage devices, including handhelds, personal computers,
USB flash drives, and servers.
FIgurE 3-56

Free antivirus software is avail-

able, so computer owners have
no excuse for leaving their com-
puters unprotected.
Software Copyright © 1988–2011 AVAST Software a.s.

 How does antivirus software work? Modern antivirus software

attempts to identify malware by searching your computer’s files and mem-
ory for virus signatures. A virus signature is a section of program code,
such as a unique series of instructions, that can be used to identify a known
malicious program, much as a fingerprint is used to identify an individual.
Antivirus software scans for virus signatures in programs, data files, incom-
ing and outgoing e-mail and attachments, and inbound instant message
attachments. Antivirus software can also watch for unusual activity such as
168 s e C t I o N e , C H a P ter 3

a considerably large number of e-mail messages being sent out from your
computer by a mass-mailing worm or bot.
Most antivirus programs can also scan for virus signatures in zip files, which
is important when downloading zipped software and receiving zipped e-mail
attachments.
 How do I activate and deactivate my antivirus soft-
ware? Installation and activation procedures vary for each virus protection
product. However, once you have installed your antivirus software, the best
and safest practice is to keep it running full time in the background so that
it checks every e-mail message as it arrives and scans all files the moment
you access them. The scanning process requires only a short amount of
time, which creates a slight delay in downloading e-mail and opening files.
When installing some application or utility software, you might be instructed
to deactivate your antivirus software. You can usually right-click the icon
on your computer’s taskbar that corresponds to your antivirus software and
then select the exit or disable option. Do not forget to reactivate your antivi-
rus software as soon as the installation is completed.
 How should I configure my antivirus software? For the
most extensive protection from malware, you should look for and enable the
following features of your antivirus software:

◗ Start scanning when the computer boots. ◗ Scan incoming instant message attachments.
◗ Scan all programs when they are launched ◗ Scan outgoing e-mail for worm activity such
and document files when they are opened. as mass-mailing worms.
◗ Scan other types of files, such as graphics, ◗ Scan zipped (compressed) files.
if you engage in some risky computing ◗ Scan for spyware, sometimes called pups
behaviors and are not concerned with the (potentially unwanted programs).
extra time required to open files as they are
scanned. ◗ Scan all files on the computer’s hard disk at
least once a week.
◗ Scan incoming mail and attachments.

 How do I keep my antivirus software up to date? Two

aspects of your antivirus software periodically need to be updated. First, the
antivirus program itself might need a patch or update to fix bugs or improve
features. Second, the list of virus signatures must be updated to keep up
with the latest malware developments.
Virus signatures and other information that antivirus software uses to iden-
tify and eradicate malware are stored in one or more files usually referred
to as virus definitions (or a virus database). Antivirus program updates
and revised virus definitions are packaged into a file that can be manually
or automatically downloaded. If your antivirus software is part of a secu-
rity suite, the update might also include patches for other security software
modules, such as the spyware module or firewall.
Most antivirus products are preconfigured to regularly check for updates,
download them, and install them without user intervention. If you would
rather control the download and installation process yourself, you can con-
figure your antivirus software to alert you when updates are ready. In any
case, you should manually check for updates periodically just in case the
auto-update function has become disabled.
software 169

 How often should I run a system scan? Most experts recom-

FIgurE 3-57
mend that you configure your antivirus software to periodically scan all the
files on your computer. With the proliferation of malware attacks, it’s best Before installing and running a
to schedule a weekly system scan. Because a full system scan can signifi- downloaded file, you can scan
cantly slow down your computer, schedule the scan for a time when you are it by right-clicking the file name
not usually using your computer, but it is turned on. and selecting the Scan option.
You can also run a manual scan of your entire computer
or of specific files. For example, suppose you download a
program and you want to make sure it is virus-free before 3
you install and run it. You can use Windows Explorer to
locate and right-click the downloaded file, then select the
Scan option from the pop-up menu (Figure 3-57).
 What does quarantine mean? If, during the
scanning process, your virus protection software identifies
a virus, worm, Trojan horse, or bot in a file or an attach-
ment, it can try to remove the infection, put the file into
quarantine, or simply delete the file.
In the context of antivirus software, a quarantined file
contains code that is suspected of being part of a virus.
For your protection, most antivirus software encrypts the
file’s contents and isolates it in a quarantine folder, so it
can’t be inadvertently opened or accessed by a hacker. If
the infected file ends up on a quarantine list, your antivirus
software might give you the option of trying to disinfect the
file or deleting it.
 How dependable is antivirus software?
Today’s antivirus software is quite dependable, but not infallible. A fast-
spreading worm can reach your computer before a virus definition update
arrives, some spyware can slip through the net, and cloaking software can
hide some viral exploits.
Despite occasional misses, however, antivirus software and other security
software modules are constantly weeding out malware that would other-
wise infect your computer. It is essential to use security software, but also
important to take additional precautions, such as making regular backups
of your data.

seCtion e
QuickCheck
1. A computer can lurk in a 4. A virus is a unique section
computer for days or months, quietly replicating of malicious code that can be identified by antivi-
itself. rus software.

2. A mass-mailing spreads 5. A(n) file is suspected of

to other computers by sending itself to all the containing a virus, so your antivirus software
addresses stored in the local e-mail client. usually encrypts the file and stores it in a special

3. A group of zombie computers controlled by a folder.

hacker is called a(n) .  check answers