I made a mistake the other day, a horrible mistake. I let my kid use my computer.
My once perfect computer now has a life of its own, a malware bot that nests firmly in a place that I not only can’t see, but never even suspected until it took up with a malware handler that taught it some very bad habits.
I do not know what my kid did – she denies everything (of course). The malware infection may have come from one of those awful emails she insists on opening or the gossip website she favors. It doesn’t matter – the damage is done.
How bad can it be, you ask? The simple answer is, very bad – grossly anti-social bad, illegal bad, even national-security bad. This isn’t a soft-burp-at-the-dinner-table bad; this is walked-in-handcuffs-out-of-church bad.
Before you smirk condescendingly, let me assure you that many of you harbor a malware bot in your home. Unlike me, you just don’t realize how poorly your own PC is acting – yet.
Forewarned is forearmed, though, so here are five of the worst PC bad habits in play these days. As far as I can tell, my computer managed to pick up three of the five below.
Your own experience may be different, but I guarantee it won’t be pretty.
1. Spam – Internet users are receiving billions of spam emails every day worldwide. They must be working, or cybercriminals would give up on them. But where do these spam messages come from? Surprise: They come from our PCs and those malware bots. My personal malware handler (maybe in Ukraine; I can’t quite figure out the digital accent) feeds a malware bot the addresses and content for the spam, then as soon as the computer is idle, off it goes.
2. Denial of Service (DoS) Attacks – A DDoS attack depends on hundreds, if not thousands, of computers that typically flood a target (often a web server) with traffic to a point where it overwhelms the server and it becomes unresponsive. DoS attacks come in many different forms these days, from massive-scale packet flooding (DDoS) attacks to “low and slow” DoS attacks. “Low and slow attacks can be activated from a single attacking computer, without additional bots and with limited amount of traffic, which looks legitimate in both terms of the protocol rules and rates, to exhaust the resources of the victim without effecting neighboring services,” Avi Chesla explains in a recent SecurityWeek column.
If your home computer was one of the ones chosen to help launch the DDoS attack on the CIA website a few months back, then you unwittingly became a folk hero. When you sit down with the kids for dinner tonight, you might want to casually mention that your very own family may have been part of that epic event.
4. Procreation – The good news is that malware bots are not really having relations inside your PC. The bad news is they are far better at procreating than even the rabbits in the backyard. Just when you were hoping that safe surfing and email discretion would keep you safe, you may have picked up your personal malware bot from your kids or coworkers. The only thing more important to a malware bot than taking down the CIA is placing a friend in a foster home. To a malware bot, a network connection is just another chance to look for a weak spot in other computers on the network – and replicate itself.
5. Keylogging – The next time you sit down for a latte and WiFi at Starbucks, look around. If that creeper behind you seems just a bit too attentive to your notebook screen, move to a spot with your back to the wall.
The real creeper, though, is the unseen malware bot taking notes on your every keystroke and web accounts info. Everything you do, everywhere you go, is recorded and sent back to your malware handler. This includes your email passwords (remember when your Yahoo account was hacked?), bank account numbers, private email messages you would prefer your spouse didn’t see, and all those ‘who could it hurt’ websites you’ve visited.
In other words, your computer life served up on a platter.
6. Redirecting Web Activity – Perhaps you remember the DNS Changer malware scare earlier this year. Media hype predicted that on July 9, 2012, hundreds of thousands of home computers would lose their Internet connection. While I think the DNS Changer malware took down only a few old PCs in Cleveland, it should have opened up more than a few eyes on the subtlety of a malware infection.
For many years, cybercriminals in Estonia ran a host of ‘fake’ DNS servers. Every malware-infected computer they controlled (more than a half million) had its Internet service routed through these ‘fake’ servers – sometimes to ‘good’ websites, sometimes to malicious sites.
The unsuspecting owners of these infected computers never knew their Internet journey was carefully scripted to maximize profits to the Estonian cyber-crime entrepreneurs.
These guys were really smart, but they did get caught.
The Sun will Shine Tomorrow
Malware is a worldwide epidemic. You’ve probably already heard the mantra on how to avoid being a causality:
1. Purchase and install an industry-recognized virus/malware prevention product. A few of the vendors you might consider are AVG, Kaspersky, McAfee, Symantec, Bitdefender, F-Secure, Trend Micro, and ESET, just to name a few. A good resource for looking into AV vendors is AV-TEST.Org, an independent testing organization that continuously reviews products and detection rates for AV vendors.
2. Make sure to keep the anti-virus product you install current. An outdated anti-virus product is as good as no product at all.
3. Keep your computer’s operating systems and Web browsers current. Microsoft, Apple and Google frequently issue updates to protect against newly discovered security attacks. Take the time to install patches when they are released.
4. Disable Java – With Java zero-day vulnerabilities emerging often, and being actively exploited by attackers and integrated into crimekits such as the Black Hole Exploit Kit, disabling Java in your Web Browser is being suggested by security experts now more than ever.
As Steve Ragan notes in a recent SecurityWeek article, for the typical home user, Java isn’t a requirement for day-to-day browsing, but it is often installed and left unpatched, making it the easiest way for an attacker to compromise a given system. Sophos’ Chet Wisniewski provides instructions on how to disable Java on the most popular browsers here. If keeping Java enabled is a must, at least ensure you patch often and pay attention to security alerts.
5. Use common sense – don’t open unknown emails, avoid ‘risky’ websites and think before you respond to a pop-up that says it will protect you.
Microsoft also offers Microsoft Safety Scanner, a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It’s important to note that Microsoft Safety Scanner should not be used as a replacement for using an anti-virus software program. It discovered and removed several malware infections from my friends’ and relatives’ computers (as well as a mean one from my home machine).
Stay safe, trust no one and constantly check your own computer for bad habits.
