News about Viruses, Spyware & More

Worms
Browser Hijackers
Adware
Keyloggers
Trojans
Viruses
Dialers
Spyware
Backdoors

Worms

What is a Worm?

A worm is a malicious self-replicating computer program designed to infect multiple remote computers in attempt to deliver a destructive payload. A typical worm spreads by e-mail, in file sharing networks or through unprotected network shares. Widely spread complex threats usually propagate themselves by exploiting certain security vulnerabilities in the targeted remote system. Most worms can infect and corrupt files, degrade overall system performance and security, steal user sensitive information or install other dangerous threats such as backdoors or trojans. Worms are very similar to regular computer viruses and therefore can have different malicious functionality.

Ways of Infection by a Worm

Worms replicate themselves and infect a computer without user knowledge and consent. There are three major ways these unsolicited threats can get into the system.

Some threats called mass-mailing worms propagate through e-mail. They arrive in files attached to e-mail messages or come embedded into letters. Once the user opens such a letter or file the worm silently installs itself to the system. The user cannot notice anything suspicious, as a threat does not display any setup wizards,dialogs or warnings.
Widely spread worms infect vulnerable computer on the Internet by exploiting known operating system and installed software security vulnerabilities. Such threats spread on their own and therefore do not require any user interference.
Many worms distribute themselves in infected files that arrive attached to instant messages or can be downloaded from file sharing networks or unprotected network shares. Such worms spread the infection in files with meaningful names in order to trick the user into executing them. Once the user opens a file, the worm silently infects a computer.

Note: Worms affect mostly computers running Microsoft Windows operating system.

What does a Worm do?

Uses a compromised system to spread through e-mail, file sharing networks, instant messenger, online chats or unprotected network shares.
Infects files, corrupts installed applications and damages the entire system.
Steals or discloses sensitive personal information, valuable documents, passwords, login names, identity details and user contacts.
Installs a backdoor or drops other dangerous threat.
Modifies essential system settings in order to decrease overall system security and make it more vulnerable.
Severely degrades Internet connection speed and overall system performance, causes software instability. Some threats are badly programmed, they waste too much computer resources and conflict with installed applications.
Provides no uninstall feature, hides processes, files and other objects in order to complicate its removal as much as possible.

Here are some examples of Worms

There are thousands of different computer worms. The following examples illustrate how treacherous and harmful worms can be.

Melissa is an infamous mass-mailing worm that was first found in the early 1999. It comes attached to e-mail messages and looks like a text document. However, when a user opens such an attachment, the worm silently installs itself to the system and starts to spread. It modifies Microsoft Word settings and infects lots of text documents. Then it sends out infected documents attached to e-mails to all the contacts from the address book. These actions disclose user’s personal information and other confidential data. The worm sends out huge amount of infected letters and can overload mail servers. Some Melissa variants delete critical system files and therefore damage the entire system.

Remember the ILoveYou Worm, also known as LoveLetter and Love Bug, is perhaps the most widely-known worm in all history of worms. It struck the computer world in 2000, and infected a big number of systems all over the world. ILoveYou spreads through email as an attachment to the letters. But the text of the letters seems so nice and sweet that users open attachments without even thinking that there could be a virus. The text of e-mail may contain words like “I love you” and everything that is similar to that. ILoveYou spreads very fast, because when it gets to the system, it immediately sends its copies to all the addresses from the Microsoft Outlook Express address book. It also harms the system, by overwriting essential system files, user personal documents, multimedia files and other critical data. Some ILoveYou variants are responsible for a Denial of Service attack on the official White House web site.

Sobig is an Internet worm, which spreads by e-mail in letters with infected attachments. Once such attachment is executed, the worm installs itself to the system and distributes itself to e-mail addresses found in files of several types. It also infects vulnerable computers with shared resources in a local network. Sobig contains a backdoor, which can be used to update it or install additional plugins. Although this worm can cause a high overload of mail servers, it is outdated and doesn’t spread now. However, its backdoor can still be active and may be used by attackers. Sobig is responsible for millions of infections around the world in 2003.

MyDoom, also known as Novarg, Shimgapi and Mimail, is the fastest spreading worm ever. The threat propagates by e-mail and through file sharing networks. It comes in infected files attached to e-mail messages that trick the user into believing that they were sent by regular mail servers as delivery error notifications. Once the user executes such a file, MyDoom silently installs itself to the system and runs its payload. The worm sets up a backdoor that gives the remote attacker full unauthorized access to a compromised computer and performs a Denial of Service attack against SCO and Microsoft companies web sites. It also blocks access to several reputable domains. MyDoom is responsible for significant worldwide Internet performance slowdown that took place in the beginning of 2004. One in ten of all e-mail messages at that time contained a copy of the threat.

The Sasser worm is an infamous Internet threat that infects vulnerable computers running systems with unfixed security breaches. It doesn’t distribute itself by e-mail or some networks, but infects computers directly and doesn’t depend on the user’s actions. Sasser installs itself to the system and searches for other vulnerable hosts. The worm can hang the infected computer or reboot it frequently. It also severely compromises the security of infected systems, so the attackers are able to connect and control them remotely.

Consequences of a Worm Infection

Most Internet worms spread through e-mail, file sharing networks or unprotected network shares. This distribution method noticeably decreases overall computer performance and degrades Internet connection speed. The user, which computer is infected with a worm, usually have multiple web surfing problems, system instability and software unreliability issues. Moreover, his computer becomes the source of infection and poses serious threat to other hosts over the Internet or in a local network.

Many worms attempt to decrease system security by modifying security-related application settings, turning off antivirus or anti-spyware protection. Some threats drop even more dangerous security and privacy threats such as various backdoors or trojans. The remote attacker can use these pests to gain full unauthorized access to a compromised computer, steal user sensitive information or totally destroy the entire system and all user data.

A worm by itself is a great privacy risk. Lots of these threats are designed specially to collect valuable user information like passwords, bank account details, credit card numbers or identity data and silently transfer it to the attacker. Some worms are made for criminal purposes. They are created to infect computers of corporate users and steal or disclose to public secret documents and other confidential information.

How to Remove a Worm?

Worms work in the same manner as the regular computer viruses and therefore can be found and removed with the help of effective antivirus products. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive threat signature databases can also detect and remove certain worms and related malicious components.

[ back to top ]

Browser Hijackers

What is a Browser Hijacker?

A browser hijacker is a malicious program, usually a web browser plug-in that modifies web browser settings in order to change default home, search or error page and redirect a user to undesirable Internet sites. A browser hijacker also can record all web pages the user visits and send gathered information out through a background Internet connection. Practically all browser hijackers are created for commercial, advertising or marketing purposes. Most threats are very similar to spyware or adware threats and often have some of their functions.

They are installed without explicit user consent and often attempt to obstruct their removal. All browser hijackers are harmful and therefore are always classified as security and privacy risks.

Ways of Infection by a Browser Hijacker

Browser Hijackers differ from regular viruses. They do not spread by themselves and usually must be installed as any other software with or without user content. There are three major ways unsolicited threats can get into the system.

Usually browser hijackers are installed by unsafe freeware, shareware or advertising-supported programs such as various browser add-ons or toolbars. Even reputable AOL products like AOL Instant Messenger can change default web browser settings. Uninstalling the host application in most cases doesn’t remove bundled threat.
Lots of spyware and adware threats have integrated browser hijackers that get silently installed during the host threat’s installation process. Removing a particular spyware or adware doesn’t affect a browser hijacker.
Some widely spread browser hijackers get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their authors run insecure web sites (mostly with pornographic or illegal advertising content) filled with malicious code or distribute unsafe advertising pop-ups. Whenever a user visits such a site or clicks on such a pop-up, harmful scripts instantly install a threat. A user cannot notice anything suspicious, as browser hijackers do not display any setup wizards, dialogs or warnings.

It is known that some browser hijackers are dropped by specific viruses, worms or trojans. threats affect mostly Microsoft Internet Explorer web browser. Some less prevalent threats are designed to compromise other popular browsers.

What a Browser Hijacker does

Changes web browser’s default home page to a particular web site without asking for user permission.
Changes web browser’s default search page to a predetermined web site without user consent.
Sets own error page instead of web browser’s default one, which is displayed when the entered web site address is not valid.
Redirects a web browser to a predefined site whenever the user enters invalid address or performs an Internet search.
Modifies essential web browser settings, decreases default security level and adds undesirable or insecure resources to the Trusted sites list.
Creates numerous links to advertising pages, places desktop shortcuts to marketing sites, adds multiple bookmarks to the web browser’s Favourites list.
Tracks user’s web browsing habits, records addresses of visited sites and sends collected data to a remote server.
Complicates usual web surfing, blocks some reputable Internet resources, opens different web sites instead of requested ones.
Degrades overall web browser stability and performance. Some threats are badly programmed; they waste too much computer resources and conflict with installed applications.
Provides no uninstall feature and hides from the user in order to obstruct its removal as much as possible.

Examples of Browser Hijackers

There are plenty of different browser hijacker threats.

SafeSearch, the widely spread pest, redirects Internet Explorer to predetermined web sites and displays undesirable advertisements from a pornographic web site. It also blocks access to popular Internet resources like MSN or VeriSign. Most browser hijackers are quite similar to SafeSearch and therefore are not very dangerous.

IBIS WebSearch is a way more functional and harmful browser hijacker. It is a third-party toolbar for Internet Explorer that provides a web search service, pop-up blocker and browser skins. However, it also changes default home and search pages and modifies essential Internet Explorer settings. IBIS WebSearch creates links to various resources, silently updates itself, downloads and installs unsolicited and potentially insecure arbitrary software without user knowledge and permission. Moreover, the threat collects information about the user, logs keywords from searches and sends gathered data to a predetermined web server.

CoolWebSearch is an even more dangerous and traitorous threat. It is the entire family of browser hijackers that all attempt to redirect a web browser to the CoolWebSearch.com domain. Most of them display large amount of undesirable commercial advertisements, change web browser’s default start and search pages and modify browser’s essential security settings. Some CoolWebSearch variants are able to steal user passwords, bank account details and other user identity data. These threats are virtually impossible to get rid of.

Consequences of a Browser Hijack

Most browser hijackers turn user’s usual web surfing into a real nightmare. Popular and often visited sites are blocked; web browser’s security is on the minimum level. Internet searches do not go through powerful search engines, required information cannot be accessed. All these problems are common consequences of a browser hijack. A typical threat severely complicates user’s work and decreases his productivity. Browser hijackers also affect the system and installed software. Threats cause web browser instability issues, frequent errors and overall performance problems. Some reputable applications and browser plug-ins may be also affected by browser hijacker activity. Some threats violate user privacy. They disclose user’s personal information to advertisers and even hackers. Malicious persons use browser hijackers to track user activity in the Internet, find out their victim’s name, contact information and even steal priceless identity data, which then can be used for unclear purposes.

Browser hijackers that are associated with pornographic resources set adult web sites as home or search pages. Such behaviour not only shocks a user, but also may cause some serious troubles. There are real examples of people who have lost their jobs because of explicit content found on their computers at work.

How to remove a Browser Hijacker?

As it was said above most browser hijackers are quite similar to spyware and adware threats and therefore cannot be removed with the help of popular antivirus products. To remove them special anti-spyware tools (spyware removers) should be used. These programs scan the system in similar way as antivirus software does. However, they have special threat signature databases, which allow them to detect and eliminate most privacy risks. Powerful spyware removers include real-time monitors that prevent the installation of known risks and unauthorized system modification.

[ back to top ]

Adware

What is Adware?

Adware is any computer program that displays advertisements while the application is running. Advertisements appear in a web browser, pop-up windows, special toolbars or within the host program. Adware also can gather information about user’s habits and interests and send it out through a background Internet connection. Such behaviour allows adware vendors to deliver targeted advertisements to the end user and collect general statistics.

Adware is divided into parasitical and legitimate applications. Illegal advertising programs are very similar to spyware threats and often have some of their functions. They can be installed without explicit user consent and work all the time a computer is on. However, they are less dangerous, because most of such threats are primarily intended to collect user’s personal information for marketing and advertising, but not for criminal purposes.

Legitimate adware applications are harmless. They do not track user activity or record any vital information about the user and use an Internet connection only to receive advertisements. Lots of reputable advertising-supported products, such as Opera web browser or Eudora mail client, fall into this category. Vendors of these products use advertising as a legal revenue model that allows to distribute high-quality commercial software for free.

Ways of Inflection by Adware

Adware threats differ from regular viruses. They do not spread by themselves and usually must be installed as any other software with or without user content. There are three major ways unsolicited adware program can get into the system.

1. Some adware vendors deceive the user by presenting a particular adware as a useful tool, for example, a powerful web search service or fast download manager. Users download and install such programs. However, practically all of them appear to be either completely useless or ineffective. Although in most cases users can uninstall these products, main adware components may stay in the system and remain fully functional.

2. Lots of free, advertising-supported or shareware products such as Kazaa or Exeem are bundled with small add-ons needed by the host program to work properly. These add-ons actually are third-party spyware threats or adware components. Uninstalling the host application not always removes bundled adware. This distribution method is most common for widely spread threats.

3. Some illegal advertising applications can get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their vendors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a threat. The user cannot notice anything suspicious, as a threat does not display any setup wizards, dialogs or warnings. It is known some dangerous adware threats often can be dropped by specific spyware, worms or trojans. Adware affects mostly computers running Microsoft Windows operating system. However, reputable advertising-supported software can be also found on other popular platforms.

What Adware does

Continuously serves commercial advertisements and displays pop-ups.
Installs advertising toolbars, additional adware programs or undesirable third-party software.
Creates numerous links to advertising resources, places desktop shortcuts to marketing sites, adds bookmarks to the web browser’s Favorites list.
Tracks user’s web browsing habits, gathers information about user’s interests, records addresses of visited web sites, logs taken actions and sends some or all collected data to a remote server.
Degrades overall system performance. Some adware threats are badly programmed, they waste too much computer resources and cause software instability.
Updates itself via the Internet and often does not provide the complete uninstall feature.

Adware Examples

There are plenty of different adware threats. The following examples illustrate typical adware behavior.

BargainBuddy is an example of a typical adware threat. Few years ago this threat and its variants were installed on thousands of computers around the world. BargainBuddy isn’t very dangerous, as it is initially designed to display advertisements and pop-ups. However, it also doesn’t hesitate to log addresses of visited web sites or record keywords the user enters into various online search fields. BargainBuddy adware silently updates itself through a background Internet connection. Such function may cause serious security issues. Furthermore, the threat attempts to obstruct its removal. Its uninstaller leaves main adware components in the system, so that the threat can be automatically reinstalled later without user knowledge.

Prevalent GAIN adware by its functionality is very similar to BargainBuddy. It displays advertisements, collects information about the user and sends it to home servers. GAIN is also known for background downloads of unsolicited arbitrary programs and system instability issues caused by some of them. Users who have GAIN installed on their computers often complain about decreasing system performance and constantly appearing new processes.

nCase is yet another infamous adware threat. It displays large amount of undesirable advertisements and pop-ups and collects information about a computer and user’s browsing habits. However, these are the most harmless nCase functions. The threat also captures user’s e-mail messages, steals identity data, downloads and runs arbitrary code and causes multiple system stability problems. nCase uninstaller leaves main adware components in the system, so the threat can be fully reinstalled without user consent.

A completely different type of adware is WeatherBug. It is a legal advertising-supported program that provides weather forecasts and other similar information. It displays built-in advertisements only while the program itself is running. This adware doesn’t violate user privacy, doesn’t affect system performance or overall security level. WeatherBug can be easily uninstalled. No suspicious components stay in the system.

How to remove Adware?

As it was said above adware threats are quite similar to spyware threats and therefore cannot be removed with the help of popular antivirus products. To remove them special anti-spyware tools (spyware removers) should be used. These programs scan the system in similar way as antivirus software. However, they have special threat signature databases, which allow them to detect and eliminate most spyware and adware threats.

[ back to top ]

Keyloggers

What is a Keylogger?

A keylogger is a computer program that logs each keystroke a user types on a keyboard and saves this data into a file or transfers it via the Internet to a predetermined remote host. It also can capture screenshots of user activity, log passwords, record online chat conversations or take different actions in order to find out what a user is doing. A keylogger poses the most dangerous threat to user privacy.

A keylogger can be also a small physical device that usually is placed between the keyboard’s plug and the computer’s keyboard port. A hardware keylogger records all keystrokes and saves them into own memory. Such a device doesn’t rely on a particular software or driver and therefore works under different environments. However, it doesn’t take screenshots and can be easily found during a thorough computer inspection.

Software keyloggers are divided into parasitical and legitimate applications. Malicious keyloggers are very similar to viruses and trojans. They are used by hackers to violate user privacy. Legitimate keyloggers, also known as computer surveillance tools, are commercial products targeted mostly to parents, employers and teachers. They allow programs to find out what children or employees are doing online. However, even legal programs work without the monitored user’s knowledge and consent. They can be also used by malicious persons and therefore are not classified as less harmful threats than the actual threats.

Ways of Infection by Keyloggers

Keyloggers differ from regular computer viruses. They do not spread by themselves and usually must be installed as any other software with or without user content. There are two major ways unsolicited keystroke logging program can get into the system.

A legitimate keylogger can be manually installed by system administrator or any other user who has sufficient privileges for the software installation. A hacker can break into the system and setup own keylogger. In both cases a privacy threat gets installed without the monitored user’s knowledge and consent.
Malicious keyloggers often are installed by other threats like viruses, trojans, backdoors or even spyware. They get into the system without user knowledge and affect everybody who uses a compromised computer. Such keyloggers do not have any uninstall functions and can be controlled only by their authors or attackers.

Keyloggers affect mostly computers running Microsoft Windows operating system. However, some less prevalent threats can be also found on other popular platforms.

What a Keylogger does

Logs each keystroke a user types on a computer’s keyboard.
Takes screenshots of user activity at predetermined time intervals or when a user types a character or clicks a mouse button.
Tracks user activity by logging window titles, names of launched applications, exact time of certain event occurrence and other specific information.
Monitors online activity by recording addresses of visited web sites, taken actions, entered keywords and other similar data.
Records login names, details of various accounts, credit card numbers and passwords including those hidden by asterisks or blank space.
Captures online chat conversations made in popular chat programs or instant messengers.
Makes unauthorized copies of outgoing and incoming e-mail messages.
Saves all collected information into a file on a hard disk, then silently sends this file to a configurable e-mail address, uploads it to a predefined FTP server or transfers it through a background Internet connection to a remote host. Gathered data can be encrypted.
Complicates its detection and removal by hiding active processes and concealing installed files. The uninstaller, if it exists, usually refuses to work if a user cannot specify a password.

Examples of Keyloggers

There are lots of different keystroke logging applications, both commercial and parasitical. The following examples illustrate typical keylogger behavior.

Family Key Logger is a relatively simple commercial keylogger targeted to parents who need to know what kids are doing online while they are not at home and to users who want to spy on their spouses. Family Key Logger is designed to record all user keystrokes. It doesn’t have additional functionality and must be manually installed. Most legitimate keyloggers are quite similar to Family Key Logger and therefore are not extremely dangerous.

Delf is the entire family of harmful trojans with keystroke logging functions. These threats not only record every user keystroke, but also give the remote attacker full unauthorized access to a compromised computer, download and execute arbitrary code, steal user’s vital information such as passwords, e-mail messages or bank account details. Delf threats send all gathered data to the attacker through a background Internet connection. Moreover, they can cause general system instability and even corrupt files or installed applications.

Perfect Keylogger is a complex computer surveillance tool with rich functionality. It records all user keystrokes and passwords, takes screenshots, tracks user activity in the Internet; captures chat conversations and e-mail messages. Perfect Keylogger can be remotely controlled. It can send gathered data to a configurable e-mail address or upload it on a predefined FTP server. Although it is a commercial product, it’s even more dangerous than most parasitical keyloggers.

Consequences of a Keylogger Infection

Practically all keyloggers are very difficult to detect. They can violate user privacy for months and even years until the user will notice them. During all this time a regular keylogger is able to find out everything about the user. Someone who controls a keylogger gets priceless information including the monitored user’s passwords, login names, credit card numbers, exact bank account details, contacts, interests, web browsing habits and much more. All this information can be used to steal victim’s valuable personal documents, money, use his name, address and other identity data for criminal offences.

How to remove a Keylogger

Most keyloggers work in the same manner as the computer viruses and therefore can be found and removed with the help of an effective AntiVirus product. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive threat signature databases can also detect and remove keyloggers and related components.
Note: not all keyloggers (even if they track your personal information) are illegitimate and needed to remove immediately.

[ back to top ]

Trojans

What is a Trojan?

A trojan (or trojan horse) is a malicious computer program that is disguised as a harmless application or is secretly integrated into legitimate software. It usually carries a destructive payload. A trojan gets silently installed and hides from the user. These threats are very similar to the regular viruses and therefore are quite difficult to detect and completely disable. Originally trojans were not intended to replicate by themselves. However, some recent threats have additional components, which enable their propagation. The trojan’s payload varies depending on its author’s intentions. It usually provides the attacker with unauthorized remote access to a compromised computer, infects files and damages the system, drops other dangerous threats or steals user sensitive information.

Ways of Infection by a Trojan

Several trojans are able to propagate themselves and infect the system without user knowledge. Others must be manually installed as any other software with or without user explicit consent. There are five major ways unsolicited threats can get into the system.

Many trojans are distributed by e-mail, through file sharing networks and online chats (such as ICQ, AIM or IRC). They arrive in files attached to e-mail and instant messages, come embedded into letters or get downloaded using peer-to-peer applications. These trojans have unsuspicious names and therefore trick a user into opening or executing them. Once the user opens such a letter, message or file the trojan silently installs itself to the system.
Some trojans can get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their authors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a threat. The user cannot notice anything suspicious, as a threat does not display any setup wizards, dialogs or warnings.
Trojans sometimes get installed by other threats like viruses, worms, backdoors or even spyware. They get into the system without user knowledge and consent and affect everybody who uses a compromised computer. Some threats can be manually installed by malicious computer users who have sufficient privileges for the software installation. Very few trojans are able to spread by exploiting remote systems with certain security vulnerabilities.
Some trojans are already integrated into particular applications. Even legitimate programs may have undocumented functions like remote access feature. The attacker needs to contact a computer with such software installed in order to instantly get full unauthorized access to the system or take over control over certain program.
Lots of trojans infect particular system and software files. The user may receive such files from trusted sources. Once such a file is executed, a trojan quietly installs itself to the system. Widely spread trojans affect mostly computers running Microsoft Windows operating system. Less prevalent threats are created to work on other popular platforms.

What a Trojan does

Infects, corrupts, overwrites or deletes files, essential system components and installed applications, destroys the entire system by erasing all critical files or formatting hard disks.
Steals bank account details, credit card numbers, login names, passwords, valuable personal documents, identity data and other user sensitive information.
Tracks user activity by logging names of launched applications, exact time of certain event occurrence and other specific information.
Logs each keystroke a user types on a computer’s keyboard and takes screenshots of user activity.
Sends all gathered data to a predefined e-mail address, uploads it to a predetermined FTP server or transfers it through a background Internet connection to a remote host.
Silently installs a backdoor or activates its own component with the same functionality, which allows the remote attacker to take over a control over a compromised computer.
Drops other dangerous threats.
Performs Denial of Service (DoS) or other network attacks against certain remote hosts or sends out excessive amount of e-mail messages in order to flood predefined computers.
Installs hidden FTP server that can be used by malicious persons for various illegal purposes.
Rapidly terminates active antivirus, anti-spyware and security-related software processes, disables essential system services and prevents standard system tools from running.
Blocks access to some reputable web sites and security-related resources.
Serves undesirable commercial advertisements and displays pop-ups.
Degrades Internet connection speed and overall system performance, decreases system security and causes software instability. Some threats are badly programmed, they waste too much computer resources and conflict with installed applications.
Provides no uninstall feature, hides processes, files and other objects in order to complicate its removal as much as possible.

Examples of Trojans

There are thousands of different trojans. The following examples illustrate how functional and harmful trojans can be. The Secup trojan displays fake security related messages. When the user clicks on such a message the trojan opens malicious web site that quietly installs potentially harmful software. Secup also serves undesirable commercial advertisements.

Dmsys is a dangerous trojan that specializes in infecting various instant messengers and stealing user confidential information. By using its keystroke logging technique, Dmsys easily steals user passwords and captures private conversations. This information is written into a log file, which is then sent to the hacker.

The Viruscan trojan is disguised as an effective antivirus application, that’s why a lot of inexperienced users may mistakenly run it on their computers. Once executed, the threat starts damaging critical systems components, instead of searching for viruses.

ExeBug is a trojan that infects and corrupts executable files by changing their headers and contents. These actions may lead to improper working of many applications and he system instability in whole. ExeBug usually sneaks into the system from various Internet resources such as insecure web pages or peer-to-peer networks.

Pandora is a very dangerous and extremely destructive threat, which usually gets into the system from insecure Internet resources, file sharing networks or online chats. It silently works in background waiting for the specified date to run its payload. On the specified date, Pandora attempts to destroy the entire system by formatting the main hard disk or deleting several critical system folders such as Windows or Program Files.

AceBot is a tremendous backdoor trojan, which was designed for performing a lot of different destructive actions. The threat detects, terminates and totally disables running antivirus software installed on the target computer. AceBot also connects to the IRC network and uses it for giving the hacker a remote control over the compromised system. Moreover, the trojan is able to connect to various malicious servers and download other harmful threats from there.

How to remove a Trojan

Trojans work in the same manner as the regular computer viruses and therefore can be found and removed with the help of effective antivirus products. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive threat signature databases can also detect and remove certain trojans and related malicious components.

[ back to top ]

Viruses

What is a Virus?

A virus is a malicious computer program or programming code that replicates by infecting files, installed software or removable media. A virus usually carries a destructive payload, which varies depending on the virus author’s intentions. A typical virus infects, corrupts or deletes files and folders, damages the system, drops other dangerous threats, steals or discloses user sensitive information. Extremely dangerous viruses can also wipe out all the data from hard disks and even severely damage certain computer hardware devices.

By replication approaches viruses are divided into three main categories:

threats called file infectors are designed to propagate by infecting or corrupting various files;
threats known as boot record infectors spread through removable media containing infected executable code and insert themselves into the master boot record (MBR) on hard disks;
widely spread macro viruses affect certain applications such as Microsoft Word or Microsoft Excel and infect documents that can contain macros.

Some viruses do not belong to any of these categories, as they combine features and functions specific to more than one virus type. Such threats, sometimes called hybrid viruses, can infect both files and master boot record and replicate by attaching malicious code to user documents. These threats are very difficult to completely get rid of, as they usually consist of several components, which automatically reinstall each other after the user have found and removed few of them.

Many viruses have extra features, which allow them to escape detection by antivirus software. Such threats use several approaches to stay hidden. Some of them, known as stealth viruses, monitor antivirus software activity and intercept its requests to the operating system. When the antivirus attempts to check an infected file, the virus immediately passes the original clean variant of that file, so the antivirus is unable to find any malicious code in it. Other threats, called polymorphic viruses, are able to mutate continuously modifying their code, so that two files infected by the same pest have no common parts. Polymorphic viruses are extremely difficult to detect.

Ways of Infection by a Virus

Viruses infect a computer without user knowledge and consent. There are six major ways these unsolicited threats can get into the system.

Viruses infect particular documents, executables and other files. The user may receive them from trusted sources. Once such a document is opened or a file is executed, a virus quietly installs itself to the system.
Lots of viruses are distributed by e-mail, through file sharing networks and online chats (such as ICQ, AIM or IRC). They arrive in files attached to e-mail and instant messages, come embedded into letters or get downloaded using peer-to-peer applications. These viruses have unsuspicious names and therefore trick a user into opening or executing them. Once the user opens such a letter, message or file the virus silently infects a computer.
Outdated viruses as well as modern boot record infectors are distributed on a removable media containing malicious code that gets automatically executed after the user inserts and opens a floppy disk or CD-ROM or attempts to boot a computer from it.
Pirated software and counterfeit computer games often are already infected with various viruses. Once the user starts the installation of such game or program, the threat silently infects the system.
Viruses sometimes get installed by other pests such as trojans, worms or backdoors. They get into the system without user knowledge and consent and affect everybody who uses a compromised computer.
Some viruses can get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their authors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a threat. The user cannot notice anything suspicious, as a threat does not display any setup wizards, dialogs or warnings.

Widely spread viruses infect mostly computers running Microsoft Windows operating system. Less prevalent threats are created to work on other popular platforms.

What a Virus does

Infects, corrupts, overwrites or deletes files, personal documents, essential system components and installed applications, destroys the entire system by erasing all critical files and folders or formatting hard disks.
Inserts a malicious code into the master boot record (MBR) of a hard disk in order to run a destructive payload before the operating system gets loaded.
Adds harmful components to reputable programs or modifies their settings in order to infect documents opened or created with these programs. This is a typical behaviour of most macro viruses, which affect popular products such as Microsoft Word.
Severely damages a computer by changing essential hardware device settings, clearing the CMOS memory or corrupting the BIOS. This may lead to critical data losses, computer malfunction and complete inability to boot a PC. In some cases essential hardware devices such as the BIOS chip, mainboard or even the entire computer need to be replaced.
Creates thousands of random files and folders in order to consume system resources and fill up a hard disk with useless trash.
Displays numerous unexpected messages, regularly changes various system settings, plays pranks and continuously performs other annoying actions in order to complicate the user’s regular tasks and distract him from his work.
Drops trojans, backdoors, keyloggers and other dangerous threats.
Uses a compromised system to spread the infection through e-mail, file sharing networks, instant messenger, online chats or unprotected network shares.
Steals and discloses sensitive personal information, valuable documents, passwords, login names, identity details or user contacts.
Avoids detection and complete removal by constantly modifying itself, encrypting infected files, intercepting requests from antivirus software and altering normal system behavior.
Degrades Internet connection speed and overall system performance, decreases system security and causes software instability.
Provides no uninstall feature, hides processes, files and other objects in order to complicate its removal as much as possible.

Examples of Viruses

There are thousands of different viruses. The following examples illustrate how treacherous and extremely dangerous viruses can be.

Arcam, also known as Banof, is a virus designed to infect executable files. It affects executables with the following extensions: .exe, .cpl, .scr. Arcam uses Microsoft Outlook mail program to spread itself to all the contacts in the address book by e-mail. It can also distribute infected files through IRC networks using mIRC chat client. This virus can damage the entire system and installed applications.

Nometz is a macro virus that infects all opened Microsoft Word documents. The threat modifies essential macro security settings of Microsoft Word, hides certain menu options and disables some program components. Nometz copies infected documents to the system directory, changes their extension to .jpg and silently uploads these files to a predetermined FTP server. Such virus behavior causes a disclosure of user sensitive information. After documents were successfully uploaded, the threat deletes them and temporarily restores default Microsoft Word security settings.

CIH, also known as Chernobyl or Spacefiller, is one of the most devastating computer viruses ever, because it carries an extremely dangerous payload posing threat both for user sensitive information and computer hardware. CIH replicates by infecting executable files. Once per year, usually on April 26, June 26 or August 2, the virus unrecoverably erases all the data stored on a computer by overwriting the hard disk with random data and then crashes the system. Most CIH variants also attempt to damage the infected computer’s hardware by corrupting the Flash BIOS. This results in complete computer inability to boot and operate.

One_Half is a quite outdated, but still very dangerous virus that infects executable files with .com and .exe extensions and inserts a malicious code into the Master Boot Record of the main hard disk, so that the threat runs before the operating system is loaded. On each computer startup One_Half encrypts a part of an affected hard disk. The user cannot notice anything suspicious as the encrypted disk portion remains fully functional for certain period of time. However, when about the half of the disk has been encrypted, the virus displays a message and reveals itself. After the user removes One_Half from the system, the encrypted data gets lost. Only few powerful antivirus products are able to partially recover it.

How to remove a Virus

Viruses can be found and removed with the help of effective antivirus products. In some cases even the most popular and effective antivirus can fail to get rid of a particular virus – which makes it all the more important to stay in touch with the latest in online security news.

[ back to top ]

Dialers

What is a Dialer?

A dialer is a program that uses a computer’s modem to establish a dialup connection to the Internet. A connection is made by dialing a predetermined phone number. Malicious dialers are designed to use international or premium rate local phone numbers to make a connection bypassing the local Internet service provider. Their activity usually results in receiving high phone bills, as per-minute charges of most phone numbers used exceed 5 or 10 dollars.

Most dialers are parasitical programs. They work in the same manner as regular computer viruses and therefore change system’s essential dialup and networking settings without user knowledge and consent. A typical dialer runs on every computer startup and attempts to hide its presence in the system. Its activity cannot be easily noticed, as a threat usually doesn’t affect computer performance and doesn’t leave any clues like unexpected advertisements or third-party toolbars. Some dialers are legitimate applications developed by Internet service providers to ease the process of setting up an Internet connection or made by certain companies for various marketing purposes. They have the license agreement and inform the user about what they are doing. Nevertheless, such programs are quite rare. Dialers are targeted to users of dialup Internet services. Users of broadband lines such as DSL, LAN or similar are not affected, because their computers usually have no modems installed.

Ways of Infection by a Dialer

Although most dialers are very similar to regular viruses, their distribution methods are different. They do not spread by themselves and usually have to be installed as any other software with or without user content. There are three major ways unsolicited dialer threat can get into the system.

Pornographic, software and illegal music download web sites offer paid access to their extensive collections. The user is asked to download and manually install a particular dialer in order to receive an access to these collections. The installation is made with user consent. However, such a dialer usually doesn’t have the uninstaller or the uninstaller doesn’t completely remove a threat, so all further Internet connections are made through high-cost phone numbers.
Most widely spread malicious dialers get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their vendors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a dialer. The user cannot notice anything suspicious, as threats do not display any setup wizards, dialogs or warnings.
Some dialers are secretly installed by visiting links in spam e-mail messages. Several threats arrive in executable e-mail attachments. Their installation is made without explicit user consent. It is known that dialers can also be dropped by specific viruses, trojans or worms. threats affect mostly computers that run Microsoft Windows operating system and have modems installed.

What a Dialer does

Connects a compromised computer to the Internet through high-cost phone numbers.
Opens potentially unsafe web sites with pornographic, advertising or other similar content.
Modifies system’s essential dialup and networking settings in order to register itself as a default Internet connection service, which is always used to connect a compromised computer to the Internet.
Changes web browser’s default home and search pages and prevents a user from restoring initial settings.
Creates numerous links to potentially insecure web resources, places desktop shortcuts to suspicious sites, adds multiple bookmarks to the web browser’s Favorites list.
Provides no uninstall feature, hides processes, files and other objects in order to complicate its detection and removal.

Examples of Dialers

There are lots of different dialer threats. The following examples illustrate typical dialer behavior.

Uyelik offers access to the Internet via high-cost telephone numbers. It redirects a web browser to certain Internet resources and changes default home page without asking for user permission. Uyelik can be secretly installed while visiting some unsafe web sites. The threat alters the registry, so the threat runs on every Windows startup and creates a desktop shortcut named Click Me!. Most dialers are quite similar to Uyelik and do not pose any threat to the system, but severely violate user privacy.

Webcont connects its victim’s computer to the Internet through expensive phone number. It accesses a predefined Internet resource on the webcont.net domain without asking for user permission. Webcont silently erases the web browser’s cache and history. The threat gets into the system from some insecure web sites. The dialer complicates its detection and removal and doesn’t have the functional uninstaller.

Antispy is a way more harmful dialer that not only connects a compromised computer to the Internet using a premium rate phone number, but also terminates some running applications and steals system information. Once executed, it modifies the Windows registry to register itself as a primary Internet connection service. This means that all further Internet connections will be made through expensive phone number instead of local lnternet service provider’s default one. Such activity results in receiving enormous phone bills.

Consequences of a Dialer Infection

Practically all dialers are designed for commercial purposes. Their vendors strive to make money out of credulous and unaware users. Threats deliberately do not offer fast and reliable Internet connection, as every minute that a user spends being online brings them quite a tangible income. A typical dialer’s victim loses hundreds of dollars every day and doesn’t even know about it until he receives an enormous phone bill from a local phone company.

Dialers complicate usual web surfing. Due to very low connection speed and throughput some web sites cannot be accessed or do not work as intended. Downloading software or music, watching online video or animation, browsing complex multimedia sites are almost impossible tasks for users whose computers are infected with dialers. Moreover, some dialers provide access only to several predetermined web resources, and other sites and servers cannot be accessed at all.

How to Remove a Dialer

As it was said above, most dialers work in the same manner as the computer viruses and therefore can be found and removed with the help of effective antivirus products. Powerful anti-spyware solutions also are well-known for perfect dialer detection and removal capabilities.

[ back to top ]

Spyware

What is Spyware?

Spyware is any software designed to collect user personal information and send it out through a background Internet connection without the user’s knowledge and consent. Spyware silently tracks user’s web browsing habits, records visited web sites and logs taken actions. This activity allows spyware vendors to gather data for marketing and advertising purposes.

Spyware form and functionality may vary depending on vendor intentions. However, a particular program that uses an Internet connection to transfer data, which can be used to identify the user, is always classified as spyware. Some programs mistakenly called spyware actually do not collect any vital information about the user and use a background Internet channel to transfer general statistics. They do not steal your name, contacts or any other details and therefore do not violate your privacy. Lots of legal advertising applications or ad-supported products such as a legitimate web browser Opera fall into this category. Although legal adware programs potentially are able to spy on a user, they shouldn’t be accused of privacy violation, as proper use of adware is a legal revenue model for many software companies that allows to distribute complex commercial products for free.

Ways of Infection by Spyware

Spyware threats differ from regular viruses. They do not spread by themselves and usually must be installed as any other software with or without the user’s consent. Some rare pests are able to exploit system security vulnerabilities and act similarly to worms. There are three major ways undesirable spyware program can get into the system.

Many spyware vendors deceive the user by presenting a particular spyware program as a useful tool, for example, a powerful web search service, fast download manager or reliable Internet accelerator. Users download and install such programs. However, practically all of them appear to be either completely useless or ineffective. Although in most cases users can uninstall such programs, spyware components stay in the system and remain fully functional.
Lots of free, ad-supported or shareware products are bundled with small add-ons needed by the host program to work properly. These add-ons actually are third-party spyware threats. Uninstalling the host application not always removes bundled spyware.
Most widely spread spyware programs get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their vendors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install spyware. The user cannot notice anything suspicious, as threats do not display any setup wizards, dialogs or warnings. It is known that some spyware can also be dropped by specific viruses, trojans or worms.

Spyware affects mostly computers running Microsoft Windows operating system.

What Spyware does

Steals sensitive personal information, identity details, monitors everything the user does online, tracks web browsing habits and sends all collected data to a remote server.
Serves undesirable advertisements, displays large amount of annoying pop-ups. Such activity is specific to most illegal adware threats.
Redirects a web browser to advertising sites or commercial Internet search services whenever the user enters an incorrect site address or even without any obvious reasons.
Changes web browser’s default start and search pages to advertising sites and prevents the user from restoring initial settings. Such activity is common for all browser hijackers.
Creates numerous links to advertising resources, places desktop shortcuts to third-party spyware sites, adds multiple bookmarks to the web browser’s Favorites list.
Modifies essential settings of a web browser, decreases overall system security level by enabling certain web browser’s features that allow to quietly run any web scripts or install any software from the Internet.
Connects a compromised computer to the Internet through high-cost phone number without user knowledge. This activity is specific to so called dialers. The system can be affected only if a modem is installed.
Degrades overall system performance and causes software instability. Some threats are badly programmed, they waste too much computer resources and conflict with installed applications.
Provides no uninstall feature, hides processes, files and other objects in order to obstruct its removal as much as possible.

Spyware Examples

There are thousands of different spyware threats. The following examples illustrate how treacherous and harmful spyware can be.

CoolWebSearch is the entire family of browser hijackers that all attempt to redirect a web browser to the coolwebsearch.com domain. Most of these threats display advertisements, change web browser’s default start and search pages and modify security settings. From the first sight, CoolWebSearch threats are relatively harmless. However, some variants are able to steal user passwords, bank account details and other identity data. These pests are virtually impossible to remove.

Infamous Gator spyware made the headlines because of its enormous prevalence. Various Gator variants are still bundled with ad-supported software and can get into the system from insecure web sites. threats display numerous advertisements and install additional spyware components without user consent. Most of their victims noticed increased frequency of web browser crashes and overall system instability. Practically all Gator variants include parts that stay active even after a user uninstalls the pest.

BonziBuddy spyware is targeted at children. Its description says that the program displays an animated on-screen ape that helps kids to surf the web and use e-mail. However, BonziBuddy also silently installs several additional spyware threats that not only violate user privacy, but also affect computer’s performance and security.

Consequences of Spyware Infection

Spyware is not as dangerous as most computer viruses are. It doesn’t infect files or destroy the system. But instead it discloses user’s priceless personal information to advertisers and even real thieves. Malicious persons use spyware to collect passwords, bank account details or credit card numbers. This information allows them to steal victim’s money, use his name, address and other contact data for criminal offences.

Spyware activity gets on user’s nerves and even costs money. Not all computer users can easily identify a spyware infection and take required actions immediately. A threat may stay undetected for months. All this time it will obstruct user’s usual work, download and install third-party risks. Eventually a computer’s performance and stability will be greatly reduced and the user will have to take it to professional repairers. There are real examples of depressed users buying new computers, as old ones are totally inoperatable because of numerous spyware threats installed.

How to remove Spyware

As we mentioned previously, spyware threats are not viruses and therefore cannot be removed with the help of regular antivirus products. These programs scan the system in similar way as antivirus software. The main difference is that they have special threat signature databases, which allow them to detect and eliminate most spyware and adware threats. Powerful spyware removers include real-time monitors that prevent the installation of known risks and unauthorized system modification.

[ back to top ]

Backdoors

What is a Backdoor?

A backdoor is a malicious computer program or particular means that provide the attacker with unauthorized remote access to a compromised system exploiting vulnerabilities of installed software and bypassing normal authentication. A backdoor works in background and hides from the user. It is very similar to a virus and therefore is quite difficult to detect and completely disable. A backdoor is one of the most dangerous threat types, as it allows a malicious person to perform any possible actions on a compromised computer. The attacker can use a backdoor to spy on a user, manage files, install additional software or dangerous threats, control the entire system including any present applications or hardware devices, shutdown or reboot a computer or attack other hosts. Often a backdoor has additional harmful capabilities like keystroke logging, screenshot capture, file infection, even total system destruction or other payload. Such threat is a combination of different privacy and security threats, which works on its own and doesn’t require to be controlled at all.

Most backdoors are autonomic malicious programs that must be somehow installed to a computer. Some threats do not require the installation, as their parts are already integrated into particular software running on a remote host. Programmers sometimes left such backdoors in their software for diagnostics and troubleshooting purposes. Hackers often discover these undocumented features and use them to break into the system. Generally speaking, backdoors are specific trojans, viruses, keyloggers, spyware and remote administration tools. They work in the same manner as mentioned viral applications do. However, their functions and payload are much more complex and dangerous, so they are grouped into one special category.

Ways of Infection by a Backdoor

Only few backdoors are able to propagate themselves and infect the system without user knowledge. Most threats must be manually installed as any other software with or without user consent. There are four major ways unsolicited threats can get into the system.

Typical backdoors can be accidentally installed by incautious and unaware users. Some backdoors come attached to e-mail messages or are downloaded from the Internet using file sharing programs. Their authors give them unsuspicious names and trick users into opening or executing such files.
Backdoors often are installed by other threats like viruses, trojans or even spyware. They get into the system without user knowledge and consent and affect everybody who uses a compromised computer. Some threats can be manually installed by malicious local users who have sufficient privileges for the software installation. Few backdoors are able to spread by exploiting remote systems with certain security vulnerabilities.
Several backdoors are already integrated into particular applications. Even legitimate programs may have undocumented remote access features. The attacker needs to contact a computer with such software installed in order to instantly get full unauthorized access to the system or take over control over certain software.
Some backdoors infect a computer by exploiting certain software vulnerabilities. They work similarly to worms and automatically spread without user knowledge. The user cannot notice anything suspicious, as such threats do not display any setup wizards, dialogs or warnings.

Widely spread backdoors affect mostly computers running Microsoft Windows operating system. However, lots of less prevalent threats are designed to work under different environments.

What a Backdoor does

Allows the intruder to create, delete, rename, copy or edit any file, execute various commands, change any system settings, alter the Windows registry, run, control and terminate applications, install arbitrary software and threats.
Allows the attacker to control computer hardware devices, modify related settings, shutdown or restart a computer without asking for user permission.
Steals sensitive personal information, valuable documents, passwords, login names, identity details, logs user activity and tracks web browsing habits.
Records keystrokes a user types on a computer’s keyboard and captures screenshots.
Sends all gathered data to a predefined e-mail address, uploads it to a predetermined FTP server or transfers it through a background Internet connection to a remote host.
Infects files, corrupts installed applications and damages the entire system.
Distributes infected files to remote computers with certain security vulnerabilities, performs attacks against hacker defined remote hosts.
Installs hidden FTP server that can be used by malicious persons for various illegal purposes.
Degrades Internet connection speed and overall system performance, decreases system security and causes software instability. Some threats are badly programmed, they waste too much computer resources and conflict with installed applications.
Provides no uninstall feature, hides processes, files and other objects in order to complicate its removal as much as possible.

Examples of Backdoors

There are lots of different backdoors. The following examples illustrate how functional and extremely dangerous these threats can be.

Litebot is a backdoor that allows the remote attacker to download and execute arbitrary files from the Internet. The threat decreases overall system security by changing default Windows firewall settings. Litebot main files have random names, so it is quite difficult to detect and get rid of. The backdoor automatically runs on every Windows startup.

Remote Connection, also known as RedNeck, is a dangerous backdoor that gives the intruder full access to a compromised system. The threat can shutdown or restart a computer, manage files, record user keystrokes, install and run various programs, take screenshots and perform other malicious actions.

Tixanbot is an extremely dangerous backdoor that gives the remote attacker full unauthorized access to a compromised computer. The intruder can manage the entire system and files, download and install arbitrary applications, update the backdoor, change Internet Explorer default home page, attack remote hosts and obtain system information. Tixanbot terminates running essential system services and security-related processes, closes active spyware removers and deletes registry entries related with firewalls, antivirus and anti-spyware software in order to prevent them from running on Windows startup. The threat also blocks access to reputable security-related web resources. Tixanbot can spread. It sends messages with certain links to all MSN contacts. Clicking on such a link downloads and installs the backdoor.

Resoil FTP is a backdoor that gives the hacker remote unauthorized access to an infected computer. This threat runs a hidden FTP server, which can be used to download, upload and run malicious software. Resoil FTP activity may result in noticeable computer performance loss and user privacy violation.

Consequences of a Backdoor Infection

A backdoor allows the attacker to work with an infected computer as with its own PC and use it for various malicious purposes or even criminal offences. The responsibility for such activity is usually assumed by guiltless users on which systems backdoors were installed, as in most cases it is really hard to find out who was controlling a threat. Practically all backdoors are very difficult to detect. They can violate user privacy for months and even years until the user will notice them. The malicious person can use a backdoor to find out everything about the user, obtain and disclose priceless information like user’s passwords, login names, credit card numbers, exact bank account details, valuable personal documents, contacts, interests, web browsing habits and much more.

Backdoors can be used for destructive purposes. If the hacker was unable to obtain any valuable and useful information from an infected computer or have already stole it, he eventually may destroy the entire system in order to wipe out his tracks. This means that all hard disks would be formatted and all the files on them would be unrecoverably erased.

How to remove a Backdoor

Backdoors work in the same manner as the computer viruses and therefore can be found and removed with the help of effective antivirus products. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive threat signature databases can also detect and remove certain backdoors and related components.

[ back to top ]