During this last weekend I got the honor of seeing first hand the affects of a handful of PCs infected with a worm, a Trojan horse virus.
A handful of 20 to 30 computers would connect to one spot waiting for commands from an owner. Of course, the owner was not found nor the password available to do anything with these drones. So myself and a friend or two watched. We watched what these robots did and to our amazement, we saw many details Â– enough details to actually track a few down and send them an email warning them of their infection. This is not a secluded incident. There are reports of over 1,000,000 Â“droneÂ” computers on the Internet. Are you one?
Data I’ve Seen…
I’ve seen the following: user names, passwords, email addresses, personal addresses, full names, credit card numbers, logins to private websites including a military sites, banks, companies and more… Have I got your attention?
Was sending them an email a ‘bad’ thing? Historically there has never been any good come from the good guy notifying the ignorant of their bugs, so there is a bit of unease as to what might actually result from the information given. So far, of the five notified, their infections still run rampant. They did not care, nor even bother to look into it. If you were told by a complete stranger that your car had a flat tire would you at least look? What’s so different about someone telling you your computer is infected? It’s simple. Remember that little punk ass who cried wolf one too many times? Spammers, Media, Bad advertising has worn out the old Â“you’ve got a virus!Â” so bad that the majority of users will say Â“pfft! Whatever.Â”
None the less, some details of this so called Â“infection.Â” The infection was from a worm called Â“SpyBotÂ” originally, a worm now over three years old, transported itself via KaZaa, it mutated into a worm that goes through many other Windows security holes. There are over 1000 variants of this worm and tracking them is more of a challenge than killing them. Once infected a users machine will connect to specified locations on the Internet (this is where the variants come in) and start sending key logs to that place and await commands from that place. Unfortunately as I said, we couldn’t get commands to execute. If we could, we would’ve easily notified every infected drone. Ok, fine, no big deal, it goes through holes. Lets patch them.
Once patched, the systems can’t be reinfected, right? Well, wrong. If the infection still exists on the system it can do some trickery and maintain it’s own infection and still try to spread to new systems. I noticed a few of these drones were in fact using Mozilla Firefox, which is awesome. It means to me they are aware to some extent the dangers. Ironically, I’ve also seen a few using Â“AOL Security EditionÂ” and other versions of AOL that claim Â“Full system security.Â” AOL is clearly not doing what they claim to be doing.
This is where the importance of being Â“cleanÂ” comes into play. Once you’ve plugged the holes, you have to clean up the mess.
::PAGE:2:Clean Up On Aisle 4::
Cleaning your system can be a big challenge. There are many tools out there, free ones too. For those who are cheap (I know most people are), you never really have to pay a cent to clean up. It only takes time. But the learning curve to do so can be quite steep. You can get yourself a free anti-virus scan at Trend Microsystem’s Housecall or a free scan at Panda Software’s website. Use one, use both, use others like Symantec’s or McAfees’. It won’t hurt. If they find something they may be able to remove it as it goes or it may not. If it notifies you of having an infection of some type, look it up. Symantec (http://www.sarc.com/), Sophos (http://www.sophos.com/) and McAfee (http://vil.nai.com/vil/default.asp) all have very in depth virus databases that you can search. Most of them will have removal tools provided for free as well.
Free On line Virus Scans
After you’ve got the potential virus infection under control, there’s still the malware, adware, spyware, issue. These are all wonderful industry catch-phrases. A brief definition of each: Malware is software that does something destructive, or causes harm to your computer or others. It’s software that does what you don’t intend it to do. Ad-Ware is software that is ad-supported; not necessarily evil but beware of it if you use it. An example of Â“goodÂ” ad-ware is Opera’s web browser. An example of Â“badÂ” ad-ware is anything from twistedhumor.com. The difference being Â“goodÂ” only shows ads when you are using the program you installed, Â“badÂ” shows ads whenever it can, regardless of what you’re doing. Spy-ware is software that watches what you do, websites you visit, programs you use, etc. and reports it back to a central location. There are combinations of spy/mal/adware and it’s best practice to avoid any of it (Sorry Opera).
The majority of Spyware comes from Â“freeÂ” windows software. Free software who’s soul intention is to usually give you something you really want. It is usually installed with things like peer to peer programs, Â“Internet optimizersÂ”, Â“free iconsÂ”, Â“free themesÂ”, Â“free jokesÂ” etc.; beware when you download. Research is your best defense. When in doubt, use google and see what others have to say about the program or website you want to download Â“freeÂ” software from.
How do you know if you have any of this bad software installed? It’s usually hard to tell Â– but there’s some dead giveaways. First, if you use Internet Explorer and you have a tool bar that you didn’t install Â– but it’s there Â– such as Â“MySearchÂ” or Â“StarSearchÂ” or Â“MyWebSearchÂ” something else that has to do with search, you have Ad/Spyware. These toolbars are notorious for collecting your searches, and usually hijacking them to their own sites showing you paid-for answers rather than good answers that you’ll find from Google or Yahoo! If you’ve ever visted a corporate site, like Microsoft or Google and received a pop up ad notifying you that you’ve won! or you’re infected! (They’re not kidding! Just don’t use the product they’re selling!) You’ve got ad-ware.
The best recommendation to rid of Ad/Spy/Malware is to run a program called Ad-Aware. It too is Â“freeÂ” so you don’t have to worry about dishing out some coin. You can if you like, and they won’t object to your support. But, it is free for personal use. You can get it at their website (http://www.lavasoft.de) and give it a go. Chances are it will find something on your system regardless of how clean you think it is. Small things such as cookies from advertising agencies, which really aren’t that bad, or big things such as this SpyBot. When you run it, and it finds stuff, you can do your own bit of research right from Ad-Aware and learn what these things are, and what Ad-Aware says they do. The rule of thumb, at least my thumb, is to run it a few times until it finds nothing.
Protecting your newly found clean system is a conscious effort. Running, and updating Ad-Aware on a regular basis Â– once a week if you use Internet Explorer, or once a month if you don’t is usually a wise thing to do. Running and maintaining your Anti-Virus program is highly effective too. There’s a free one called http://www.free-av.com/ and it supports on line updates and real time scanning, for the wonderful price of zero dollars. It also supports Linux and BSD which is good if you’re like me and have a share setup that Windows systems can save files on. After all, a lot of worms like to travel across networks even if they can’t infect the system of which they copy themselves to. You are always allowed to pay for anti-virus software if you really want to.
Regular system updates are always a good idea too. It’s well known that Microsoft has and will screw up system updates in the past, but it’s almost bearable to think that your system may not function right for a couple of days Â– rather than have your system infected and sending out your data to who-knows-where. It’s a small sacrifice for security, I guess.
Normally, I don’t go saying Â“Yes! FirewallÂ” but really, if you don’t understand computer networking and how connections to the Internet work; I Do recommend you use a software firewall. If you happen to become infected, such as these systems I have been observing, your system won’t be controllable from the outside. It won’t stop the virus from sending data out, but it will prevent the owner of the virus to connect and control you. I say, prevent, not stop. Nothing is guaranteed in this crazy world. Windows XP with service pack 2 has a firewall built in, and chances are if you’ve never really messed with your computer Â– it’s enabled. If you don’t have one, where do you get one? Well, if you have a connection sharing device known as a router for multiple computers Â– you have a firewall for the most part. The same rules apply, though, your system will be free to send data out Â– but nobody can connect to you directly. Even if you have only one computer, I will recommend a hardware based solution over software. One of these connection sharing router/firewalls can be had for as little money as most software firewalls. They also don’t slow your computer down.
It’s really hard to get people to understand this type of situation, and I really don’t expect everybody who reads this to understand it one hundred percent. All I can say is that research and information Â– which is free Â– are your best weapons. Don’t sit back as your computer throws advertisements at you that you didn’t initiate. Don’t wonder why your new-fangled computer is slower than a dog on Sunday. Ask Â“what?Â” Â“why?Â” Â“where?Â” and try to figure out what’s going on. There are tools, free, that I’ve now told you about. You have what you need to keep your computers safe and secure.