Learn more about the different types of malware that threaten your PC, plus discover how to protect yourself against them.
Once upon a time, protecting your computer from viruses was a relatively simple affair. All you needed was an antivirus program and a firewall, and you could consider yourself fully protected. How
times change – these days there are so many different types and varieties of malicious programs (known as malware) that your PC doesn’t know whether it’s coming or going. But what exactly is
ransomware? How at risk are you from phishing? How do you protect yourself from rootkits, and what steps should you take to remove a spyware infection?
times change – these days there are so many different types and varieties of malicious programs (known as malware) that your PC doesn’t know whether it’s coming or going. But what exactly is
ransomware? How at risk are you from phishing? How do you protect yourself from rootkits, and what steps should you take to remove a spyware infection?
In this feature we’ll run through 10 common types of threat to your PC’s security. We’ll reveal what they are and how they work, and show you how to spot tell-tale signs that one of these pieces of malware might be lurking in the recesses of your PC’s hard drive. We’ll provide advice on removing infections from your PC, and how to protect yourself against them in future.
We’ll also reveal some useful tools – many of which you’ll find on this issue’s free disc – that you can use to both remove stubborn infections and clean up your PC after they’re gone so you’re no longer locked out of Safe mode, unable to browse the internet or refused access to the Registry.
Multi-layered security
What you’ll realise over the course of this guide is that no single program can provide blanket protection for your PC. To stay safe, what you need is a good, strong antivirus and anti-spyware program, together with a third-party firewall. If you’re strapped for cash, consider Comodo Internet Security, which combines both in a single program for no cost, and is included on this month’s free disc. We also recommend installing several scanand- remove tools like Malwarebytes Anti-Malware Free. These don’t offer real-time protection, but regular scans should help keep your system secure.
Other layers of security can also help keep your PC and your data safe online, from protecting yourself from dangerous websites using the Web of Trust browser plug-in to blocking attacks on the programs you use every day with Malwarebytes Anti-Exploit Free. Of course, there’s also a critical layer of security that requires no software at all, and that’s modifying how you behave online to reduce your exposure to risk and react appropriately. Armed with these tools and our tips, you’ll sleep a lot more soundly (and securely) at night…
Viruses, worms and trojans
These are particularly insidious, so discover how to keep them at bay
The most common and well-known threat to your PC is the virus. This has become a catch-all term for a wide range of threats, but on its own a virus is a piece of code that attempts to copy itself so it can be distributed widely. It’s become interchangeable with the threat known as a worm, but while
they share many characteristics, there is one critical difference: viruses work by inserting themselves into host programs such as Microsoft Word. The most obvious example here are viruses written in Visual Basic that are hidden away inside macros that are stored in Word documents. The macro is triggered as soon as the document is opened unless your Word security settings are designed to block it. The first thing a macro virus usually does is add itself to the main template (normal. dot) file, which means it’ll run every time you launch Word. These days, Office security settings prevent macros from running by default.
they share many characteristics, there is one critical difference: viruses work by inserting themselves into host programs such as Microsoft Word. The most obvious example here are viruses written in Visual Basic that are hidden away inside macros that are stored in Word documents. The macro is triggered as soon as the document is opened unless your Word security settings are designed to block it. The first thing a macro virus usually does is add itself to the main template (normal. dot) file, which means it’ll run every time you launch Word. These days, Office security settings prevent macros from running by default.
Worms and trojans
Worms are standalone programs that behave in a similar manner to viruses, but in a self-contained fashion. Traditionally they were distributed via the internet – inserted as file attachments into emails, lurking as downloads on dubious websites, or spread via social media and peer-to-peer networks like BitTorrent.
Because they’re standalone, worms don’t rely on any other software to run; once the file is opened, they’re able to replicate themselves and cause whatever havoc they have been programmed to perform. Some worms also deliver additional payloads such as backdoors and spyware.
Trojans are programs that appear legitimate, but are anything but – hence their name, which is inspired by the Trojan Horse of legend. Having tricked their way into your system, the trojan can then deliver its malicious payload. Spyware and backdoor infections are common, but standalone trojans include destructive trojans, which delete files. Another variant – time-bomb trojans – wait for a specific date before delivering their payload.
Symptoms
If your PC is affected by a worm or trojan, you’ll notice sluggish performance and will be unable to run Windows Update or access certain websites. You may also find that your security software can’t update itself to protect against the latest threats, or even run at all. If you’ve accidentally installed a trojan, you may find other software you don’t recognise suddenly appearing on your computer too.
Notable example
everyone how devastating even ‘simple’ worms can be, and the fact that it used a vulnerability in Windows that had been patched by Microsoft months before showed the importance of installing the latest Windows security patches.
Removal
Your security software should be able to deal with trojans and worms, even after they get on to your system. Try using a standalone scanner like ClamWin Free Antivirus or Malwarebytes Anti-Malware
Free (both on your free disc) in Safe mode if you’re struggling to remove a threat.
Free (both on your free disc) in Safe mode if you’re struggling to remove a threat.
Protection
Aside from keeping your security software up to date and running regular scans, you can minimise the risk of these types of malware from getting on to your PC by making sure you keep Windows and your key programs up to date. Also use caution when opening files, particularly those downloaded from unknown sources.
Spyware
This malware is designed to watch what you’re doing and steal your personal information
Whereas traditional viruses aim to replicate and spread themselves far and wide, spyware tends to focus its efforts on the computer on which it’s installed. Its primary aim is to collect information about the computer user by spying on their activity. It then uses this information to target the user with ads and other material for financial gain. Spyware can also be used to steal financial data and passwords through the use of a keylogger, which monitors what you type.
Like other forms of malware, spyware attempts to change computer settings – particularly those related to the internet. It does this to prevent its removal, and to make use of the information it’s gathered to bombard the infected computer with ads and other unwanted material.
Symptoms
The signs of a spyware infection are similar to those of worms and trojans, and although you may realise that your information has been compromised, it might take weeks to become apparent.
Notable example
CoolWebSearch is the name given to a family of constantly evolving spyware infections that target web browsers changing homepages and default search engines, bombarding users with ads and collecting personal information.
Removal
Try running your usual security software in Safe mode first. If this fails, follow the step-by-step guide below, focusing on using Spybot Search & Destroy and Malwarebytes Anti-Malware.
Protection
Keep all your software updated and be suspicious of any program that originates from the internet. Your firewall may help you detect spyware by alerting you to processes that try to send information from your PC without your knowledge.
Ransomware
This kind of malware attempts to extort money from the infected PC’s owner
ou can probably guess how ransomware works – it takes control of your PC and demands that a ransom is paid before it is released. It can be delivered in a number of ways – via an infection, in a file that the user is tricked into downloading and running, or via network vulnerabilities such as backdoors. Once the ransomware is installed, it will restrict access to critical parts of your PC – either by locking down certain parts of the system to prevent you from performing key tasks, or by encrypting files – typically documents and photos that are potentially irreplaceable. The ransomware will then display messages demanding the user pay the malware creator – perhaps via online payment or by sending a premium-rate text message from their phone. In return for this payment, the user is given an unlock code that should (in theory) remove the restrictions and restore control. Some demands may even be time-limited, trying to force the user into responding quickly rather than sitting
on the problem or seeking external help. Of course, like all ransoms, there’s no guarantee that control will be returned even if the end user follows the demands.
on the problem or seeking external help. Of course, like all ransoms, there’s no guarantee that control will be returned even if the end user follows the demands.
Symptoms
Ransomware has no need to hide – its aim is to let the user know it’s been installed and extort payment in return for releasing control of the computer and its key files.
Notable example
CryptoLocker has extorted tens of millions of pounds from affected users by encrypting files and demanding payment for the unlock code.
Removal
The ransomware infection itself should be removed by most security software, but any encrypted files or system locks will remain. Users can avoid paying the ransom for minimum data loss if they have secure offline backups of their files.
Protection
HitmanPro.Alert (on the cover disc) offers a CryptoGuard tool that prevents your personal data from being encrypted should ransomware get on to your PC.
Zero-day attacks
These threats exploit recently-discovered vulnerabilities
Security updates for programs are designed to close recently discovered holes. Left unrepaired,
these could be exploited by malware developers, allowing them to sneak on to people’s systems as part of a ‘zero-day attack’. These can take the form of worms, trojans and other types of malware, but their reliance on a specific vulnerability makes them easier to block.
these could be exploited by malware developers, allowing them to sneak on to people’s systems as part of a ‘zero-day attack’. These can take the form of worms, trojans and other types of malware, but their reliance on a specific vulnerability makes them easier to block.
Symptoms
The same as most other malware attacks.
Notable example
The Conficker worm in 2009 preyed on a security hole in Windows XP that had been closed months before, but because users were so lax about keeping Windows up to date, many fell foul
of an easily preventable attack.
of an easily preventable attack.
Removal
If possible, install the latest security patch or update. Use your security software to remove the infection.
Protection
Keep your software and OS fully up to date. If you’re still using Windows XP, consider upgrading.
If you’re stuck using an older browser and your security suite doesn’t offer protection against zero-day attacks, install Malwarebytes Anti-Exploit from this month’s free disc.
If you’re stuck using an older browser and your security suite doesn’t offer protection against zero-day attacks, install Malwarebytes Anti-Exploit from this month’s free disc.
Browser hijackers
This term refers to software that modifies your web browser settings – typically the home page, default search engine and even error pages. The aim is to push you towards websites containing advertising.
Symptoms
Your browser’s home page and search engine are changed, and any attempts to change them back fail. Some hijackers block access to security sites and install browser toolbars.
Notable example
CoolWebSearch was one of the first browser hijackers in 2004, and was so pervasive most security products couldn’t remove it properly.
Removal
Try Malwarebytes Anti-Malware Free (on your free disc) to remove the infection. You’ll need to reset the search and home pages yourself.
No comments: