- Who creates malware and why?
- Origin of Malware
- How malware penetrates systems
- What malware needs to thrive
Rogue security programs are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. They typically use bogus warning messages and alerts to indicate that your computer is infected with spyware or has critical errors as a scare tactic to goad you into downloading a malicious security application to fix it. The alerts can mimic system messages so they appear as if they are generated by the Windows Operating System. It is not unusual for malware writers to use the names of popular and legitimate security programs as part of the name for a fake anti-virus software in order to trick people into using them. There are at least two rogue security programs that use part of or all of the Malwarebytes name. There are also rogues for SmitfraudFixTool, VundoFixTool, Spybot Search and Destroy, Avira AntiVir and many more. Even Microsoft has been targeted by attackers using such names as Microsoft Security Essentials, MS Anti-virus for their programs and incorporating the names Defender, XP, and Vista into naming schemes for other rogue applications.
Rogue antispyware programs are responsible for launching unwanted pop ups, browser redirects and downloading other malicious files so the extent of the infection can vary to include backdoor Trojans, Botnets, IRCBots and rootkits which compromise the computer and make the infection more difficult to remove. For more specific information on how these types of rogue programs and infections install themselves, read:
- Anatomy of a malware scam
- How does rogue security software get on my computer?
- How to Tell If That Pop-Up Window Is Offering You a Rogue Anti-Malware Product
- Social engineering in action: how web ads can lead to malware
- Time to Update Your Adobe Reader
- Malware exploits Windows Media Player vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Eight out of every 10 Web browsers are vulnerable to attack by exploits
Unpatched Adobe Vulnerability Is Still Being Exploited in the Wild
Another PDF sample that exploits an unpatched vulnerability in Adobe Reader and Acrobat has been spotted in the wild...
Hole in Patch Process
...your machine may still be vulnerable to attacks if you never bother to uninstall or remove older versions of the software...a malicious site could simply render Java content under older, vulnerable versions of Sun's software if the user has not removed them....
Ghosts of Java Haunt Users
BlackHole toolkit enables attackers to exploit security holes in order to install malicious software
If a website has been hacked or displays malicious ads, they can exploit the vulnerable software on your computer. To help prevent this, install and use Secunia Personal Software Inspector (PSI), a FREE security tool designed to detect vulnerable and out-dated programs/plug-ins which expose your computer to malware infection.
A large number of infections are contracted and spread by visiting gaming sites, porn sites, using pirated software (warez), cracking tools and keygens where visitors may encounter drive-by downloads through exploitation of a web browser or an operating system vulnerability. Security researchers looking at World of Warcraft and other online games have found vulnerabilities that exploit the system using online bots and rootkit-like techniques to evade detection in order to collect gamer's authentication information so they can steal their accounts.
Dangers of Gaming Sites:
MMO Security: Are Players Getting Played?
The design of online game architecture creates an open door for hackers...hackers and malware hoodlums go where the pickings are easy -- where the crowds gather. Thus, Internet security experts warn game players that they face a greater risk of attack playing games online because few protections exist....traditional firewall and antimalware software applications can't see any intrusions. Game players have no defenses...Online gaming sites are a major distribution vehicle for malware....
Malware Makers Target Online Games to Spread Worms
Microsoft warns game developers of cyber thieves
online game + online trade = Trojan Spy
Real Flaws in Virtual Worlds: Exploiting Online Games
Dangers of Cracking & Keygen Sites:
Keygen and Crack Sites Distribute VIRUX and FakeAV
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...
Dangers of Warez Sites:
University of Washington spyware study
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.
Dangers of Porn Sites:
Porn Sites Lead to MBR Rootkit
Infections spread by using torrent, peer-to-peer (P2P) and file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware.
Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Hackers are also known to exploit Flash vulnerabilities which can lead to malware infection. When visiting a website that hosts an HTML page which requires a Flash script, users may encounter a malicious Flash redirector or malicious script specifically written to exploit a vulnerability in the Flash Interpreter which causes it to execute automatically in order to infect a computer.
- Analyzing and Detecting Malicious Flash Advertisements
- Malvertising: The Use of Malicious Ads to Install Malware - Example: Malicious Flash Banner Ad
- Macromedia Flash Player Lets Malicious Flash Media Files Execute Scripts
- Attackers exploit latest Flash bug
Mainstream Websites More Likely to Harbor Malware
...Internet users are 21 times more likely to become infected by visiting a legitimate online shopping site than by visiting a site used for illegal file-sharing...The problem isn't in the sites themselves; it's in the ads...
Clicking Online Ads More Likely To Deliver Malware Than Surfing Porn Sites
...According to Ciscos annual 2013 Security Report internet users are 182 times more likely to get malware from clicking on online ads than visiting a porn site...
Cisco Annual Security Report: Threats Step Out of the Shadows
Infection can also spread by visiting popular social sites and through emails containing links to websites that exploit security hole's in your web browser. When you click on an infected email link or spam, Internet Explorer launches a site that stealthy installs a Trojan so that it can run every time you startup Windows and download more malicious files. Email attachments ending with a .exe, .com, .bat, or .pif from unknown sources can be malicious and deliver dangerous Trojan downloaders, worms and viruses which can utilize your address book to perpetuate its spread to others.
One in 10 web pages laced with malware
At least one in 10 web pages are booby-trapped with malware...The tricks include hacking into a web server to plant malware, or planting it within third-party widgets or advertising...
About eight out of every 10 Web browsers are vulnerable to attack by exploits...Even worse, about 30% of browser plug-ins are perpetually unpatched...
Bulk of browsers found to be at risk of attack
Researchers at the CA Security Advisor Research Blog have reported finding MySpace user pages carrying the dangerous Virut url. The Koobface Worm has beem found to attack both Facebook and MySpace users. YouTube users have been exploited by the Storm Worm. MSN Messenger, AIM and other Instant Messaging programs are also prone to malware attacks.
- Conficker worm's copycat Neeris spreading over IM
- IM attacks get nastier
- MSN Most Dangerous IM Client in 2007
- IM attacks up nearly 80%
- When is AUTORUN.INF really an AUTORUN.INF?
- Nick Brown's blog: Memory stick worms
- USB-Based Malware Attacks
- Microsoft Security Advisory (967940): Update for Windows Autorun
- Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows
- Taxonomy of Online Security and Privacy Threats
- Malicious website evolution
- Malicious HTML Tags Embedded in Client Web Requests
- IFrame Hack (PHP Exploit)
- Vulnerabilities Allow Attacker to Impersonate Any Website
One webpage gets infected by virus every 5 secondsPhishing is an Internet scam that uses spoofed email and fraudulent Web sites which appear to come from or masquerade as legitimate sources. The fake emails and web sites are designed to fool respondents into disclosing sensitive personal or financial data which can then be used by criminals for financial or identity theft. The email directs the user to visit a web site where they are asked to update personal information such as passwords, user names, and provide credit card, social security, and bank account numbers, that the legitimate organization already has. Spear Phishing is a highly targeted and coordinated phishing attack using spoofed email messages directed against employees or members within a certain company, government agency, organization, or group. These fraudulent emails and web sites, however, may also contain malicious code which can spread infection.
...More than 90 percent of these webpages belong to legitimate sites that have been compromised through hacking techniques such as SQL Injection...Hackers are apparently planting viruses into websites instead of attaching them to email. Users without proper security in place get infected by simply clicking on these webpages.
Pharming is a technique used to redirect as many users as possible from the legitimate commercial websites they intended to visit and lead them to fraudulent ones. The bogus sites, to which victims are redirected without their knowledge, will likely look the same as a genuine site. However, when users enter their login name and password, the information is captured by criminals. Pharming involves Trojans, worms, or other technology that attack the browser and can spread infection. When users type in a legitimate URL address, they are redirected to the criminal's web site. Another way to accomplish these scam is to attack or "poison the DNS" (domain name system) rather than individual machines. In this case, everyone who enters a valid URL will instead automatically be taken to the scammer's site.
Finally, backing up infected files, is a common source of reinfection if they are restored to your computer. Generally, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions.
Now that you know How malware spreads, you may want to read Best Practices for Safe Computing - Prevention which includes tips to protect yourself against malware infection.