Facebook pixel Security Tips | Pepperdine University | Pepperdine Community

Security Tips

Malware Information

As time goes by and virus writers get smarter and braver, the types of different malware continue to increase. Generally defined, "malware," which is short for "malicious software," is software that takes advantage of people who want "free stuff" and/or weak computer components to infect computers and networks and cause as much grief as possibly.

We could have just as easily called it "unsolicited software" because some of it is more of a nuisance than malicious. Here are some types of malware, their basic definitions, and how you can prevent or deal with them.

ADWARE

Adware is advertising components that collect and transmit personal information from your computer. These "adbots" are placed on your computer when you install a software program. The software program can be free, nearly free (also known as shareware), or sometimes even purchased commercially.

The name "adware" is a shortened form of "advertising software"; and, unlike spyware, which works more silently in the background, adware is more obvious through the use of pop-up windows on your screen.

To reduce the chance of adware inhabiting your computer, don't "surf the Web" or run programs such as "Kazaa"; and if you must go to Web sites on the Internet, don't download any software or click on any "options" without knowing the consequences of doing so. Need help? Call HELP (4357).

Back to top ^

BACKDOOR SANTAS

This is a name given to any free or nearly free programs (also known as shareware) available on the Internet that pretend to be, and in many cases are, useful to the person who downloads and installs them on his or her computer, but then transmits personal information or exposes the person's computer to attack in one way or another.

Be careful which "free" software you install on your computer. Make sure you know where it comes from, what its purpose is, and what the consequences of installing it are. Very few things these days are truly "free" from some burden or effect.

Back to top ^

BOT

Known as bot software, the remote attack tools can seek out and place themselves on vulnerable computers, then run silently in the background, letting an attacker send commands to the system while its owner works away, oblivious. The latest versions of the software created by the security underground let attackers control compromised computers through chat servers and peer-to-peer networks, command the software to attack other computers and steal information from infected systems.

Recently (c. April 2004), Internet security watchers warned that the most common kind of bot software, Agobot, had been upgraded. A new variant incorporates publicly available code for breaching a computer's security through a vulnerability in a security component installed on almost every Microsoft Windows computer system sold in the past five years. That component is called the Local Security Authority Subsystem Service, or LSASS.

Bot software is much harder to detect than worm programs because it tends to be more stealthy. Worms, which spread automatically and randomly, create a lot of data traffic as they attempt to infect new hosts; such "noisy" activity puts the software in the spotlight for network monitoring devices. But bots are generally commanded to search smaller networks for new systems to infect, reducing the amount of bandwidth that compromised servers produce and making the programs less obvious.

Bot software has also become more versatile. It can, for instance, be teamed with worms and viruses to create especially daunting hybrids. Symantec's security response team believes that the Witty worm, which attacked computers running security software from Internet Security Systems, was launched by 4,200 "bots"--systems infected with bot software--connected together in a "bot net." Symantec found that the worm spread from those computers even though they weren't running the vulnerable ISS software. So bot software was likely the culprit.

Spammers have also started using bot nets to send bulk e-mail solicitations to net users while hiding the spammers' location. Several viruses, including Sobig and MyDoom, have infected computers with simple bots that aim to ease the spammer's job.

The versatility of bot software also lets online miscreants use bot nets to attack Web sites with massive data floods, or denial-of-service attacks. Some attackers have even used the computation power of the combined computers in a bot net to create their own distributed supercomputer for breaking encryption, especially on passwords.

It's possible to add new features to the bot software because the creator of Agobot released the source code to the Internet. Agobot uses Internet relay chat as the communications channel to control infected machines. The program has spawned hundreds of variants, including Phatbot, which creates an encrypted peer-to-peer network to relay commands to the compromised systems.

Code that takes advantage of software flaws tends to evolve from a simple program, or script, into a fully automated virus. Inclusion of such code in bot software is generally the last step before the code evolves into a virus or worm.

(The above information was taken from an April 30, 2004 Robert Lemos article on the ZDNet Web site.)

The best way to prevent bot software from taking over your computer is to set up your computer to automatically accept and install vendor patches to your computer's operating system. Need help? Call HELP (4357).

Back to top ^

FOISTWARE

These are unwanted application programs that come along, trojan-style, and get installed with completely unrelated software. Usually because someone has been paid to foist it on to your computer whether you want it or not. Since these programs tag along with so many different pieces of third-party software, it is not uncommon for your computer system to get re-infected with these "foistware" products over and over again.

There is little you can do to prevent against this situation other than being extra careful about which software you install on your computer system.

Back to top ^

HOMEPAGE HIJACKERS

When one of these nasty ad-trojans (see, you can put these terms together to make new terms!) worms its way onto your computer system, it constantly resets your Internet browser's homepage (and maybe search engine) to whatever Internet Web page they want you to go. And you cannot change it back without uninstalling and reinstalling your Internet browser (Internet Explorer, Netscape, etc.) program.

Preventing this "infection" is similar to most. Do not install anything other than reputable software on your computer system.

Back to top ^

ROOTKIT

A rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. A computer with a rootkit on it is called a rooted computer.

The word "rootkit" came to public awareness in the 2005 Sony CD copy protection controversy, in which Sony BMG music CDs placed a rootkit on Microsoft Windows PCs.

(The above information was taken from the rootkit Wikipedia Web site.)

Back to top ^

SPYWARE

Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.

Spyware can get in a computer as a software virus or as the result of installing a new program. Data collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. However, spyware is often installed without the user's consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window.

The cookie is a well-known mechanism for storing information about an Internet user on their own computer. However, the existence of cookies and their use is generally not concealed from users, who can also disallow access to cookie information. Nevertheless, to the extent that a Web site stores information about you in a cookie that you don't know about, the cookie mechanism could be considered a form of spyware.

Spyware is part of an overall public concern about privacy on the Internet.

(The above information was taken from the www.whatis.com Web site.)

To reduce the chance of spyware inhabiting your computer, don't "surf the Web" or run programs such as "Kazaa"; and if you must go to Web sites on the Internet, don't download any software or click on any "options" without knowing the consequences of doing so. Need help? Call HELP (4357).

Back to top ^

TROJAN HORSE

In computers, a Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan horse was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.

The term comes from Homer's Iliad. In the Trojan War, the Greeks presented the citizens of Troy with a large wooden horse in which they had secretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city.

(The above information was taken from the www.whatis.com Web site.)

To guard against harm from a Trojan horse situation, always know the source and purpose of programs you install or allow to be installed on your computer system. Need help? Call HELP (4357).

Back to top ^

VIRUS

In computers, a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer <TERM>boot sector</TERM> or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD. The immediate source of the e-mail note, downloaded file, or diskette you've received is usually unaware that it contains a virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect ("Happy Birthday, Ludwig!") and some can be quite harmful, erasing data or causing your hard disk to require reformatting. A virus that replicates itself by resending itself as an e-mail attachment or as part of a network message is known as a worm.

(The above information was taken from the www.whatis.com Web site.)

The best protection against a virus is to know the origin of each program or file you load into your computer or open from your e-mail program. Since it is not always easy to know the origin, you should be using anti-virus software that screens e-mail attachments and also checks all of your files periodically and removes any viruses that are found. From time to time, you may get an e-mail message warning of a new virus. Unless the warning is from a source you recognize, chances are good that the warning is a virus "hoax".

Need help? Call HELP (4357).

Back to top ^

WORM

In a computer, a worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

(The above information was taken from the www.whatis.com Web site.)

Prevent worms from infecting your computer by using secure passwords and setting up your computer to automatically accept and install vendor patches to your computer's operating system. Need help? Call HELP (4357).

Back to top ^