Advertisement
 
To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------
Beat malware with Firefox, others

By Mark Kaelin, TechRepublic
August 04, 2004
URL: http://www.zdnet.com.au/insight/security/soa/Beat-malware-with-Firefox-others/0,139023764,139155372,00.htm


TechRepublic
The term "malware" has become somewhat synonymous with Internet security.

According to Webopedia, malware is defined as:

A noun, short for malicious software; software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.

According to Wikipedia, malware (a contraction of "malicious software") is software developed for the purpose of doing harm.

The key words in those definitions are damage, disrupt, and harm. Malware is an example of the worst the Internet can offer. Detecting, destroying, and removing spyware has been the subject of many TechRepublic articles, including Spyware Detection and Removal, but the plague remains.

Now, it's personal
Once upon a time, I blew off any concerns about malware as a problem for the novice users of the world who didn't follow the most basic rules of security -- don't open attachments and don't agree to install unsolicited software from Web sites. My blissful ignorance was shattered on July 20, 2004, when I became a victim of a malware hijacking.

The fact that I could be hijacked by merely clicking a link on a Google search page seems, even now, to be the surreal reality of someone else. How could such a thing be allowed to happen?

The whole concept of malware is lost on me. Are we supposed to believe that hijacking someone's system to install unasked for and unwanted software is somehow going to induce that victim to become enamoured with the products that are featured in the subsequent force-fed advertising? Does that ever really happen? I don't believe it.

It is much more likely that the person violated in this unwelcome scenario will have a reaction much more like mine, in which one is motivated to stop this from happening to anyone else ever again. I defy any malware purveyor to jump in the article discussion and justify malware as a good business practice. And I don't mean the usual rationalisation that it makes them money. I'm talking about justifying it ethically. I say there is no justification -- prove me wrong!

Removal
Fortunately for all of us, the combination of malware, spam, and spyware has raised the cockles of more than just a few inspired and talented individuals and application developers. Over the past few years, TechRepublic has written several articles describing how to remove spyware and malware from infected systems. Many of those articles have mentioned the remarkable cleansing power you can bring to bear with the combination of Spybot Search & Destroy and Ad-aware. In my case, those two were extremely effective in removing the infestation.

For those TechRepublic members looking for a refresher on the general implementation of these applications, here is how the combination worked for me.

Firefox to the rescue
First, I borrowed a utility CD-ROM from a colleague. The utility CD had a copy of the latest version of Mozilla Firefox, which I quickly installed. Because most of the malware was tuned to the start of Microsoft Internet Explorer, I was able to access Download.com using Firefox -- a normally simple thing made nearly impossible by the vindictive software I was trying to remove.

I then acquired the latest versions of Spybot Search & Destroy and Ad-aware 6.0, which I quickly installed on the infected system. The initial Spybot routine found 79 questionable objects. After removing those offensive tidbits, I updated the reference file for Spybot and ran it again. This updated cleansing operation found another 25 objects to remove.

Figure A

Spybot Search & Destroy

So far so good -- but I still had problems with pop-up advertisements and frustratingly slow Web browsing, so I knew that I had not eliminated the entire infection. Like heeding your doctor's warning about taking the entire series of an antibiotic treatment, I needed to continue to fight the infection by running Ad-aware 6.0 with an up-to-date reference file, which netted an additional 171 objects. While most were innocuous advertising trackers, several were nasty bits of code and registry key combinations that begged to be destroyed.

Figure B

Ad-aware 6.0

Running the latest versions of Spybot and Ad-aware, including the latest reference files available, completely removed the offending malware and gave control of my computer back to me. The key to this success was the use of a Web browser other than Internet Explorer. That's when I began to ponder the larger meaning of this unpleasant experience.

Recovery kit
Trying to find a silver lining in this incident, I decided I should create a recovery kit and burn it on a CD-ROM. On this CD are the installation files for Firefox, Spybot Search & Destroy, Ad-aware 6.0, and a copy of the AVG Anti-Virus software. These applications would have been good enough to fix my problems, but I'm wondering if there should be more applications saved to this disk. For example, I'm thinking perhaps I should make the CD bootable for those occasions when I need to at least get to a command prompt.

In the past, many of us tech-types have created recovery disks -- first it was 5.25-inch floppies with DOS and command-line utilities, then 3.5-inch diskettes with perhaps an antivirus application, and now it is CD-ROMs or thumb drives with the capacity for all kinds of applications.

Additional resources

Concern grows over browser security
The Internet Fraud Complaint Center
Stop Scum
Symantec Security Response
The World Wide Web Security FAQ

Legislation and regulation
When I started to research how I came to have this little misadventure, I came across the Web site of US Representative Jay Inslee and noted his efforts to pass the Computer Software Privacy and Control Act, H.R. 4255. My immediate response is to support any legislation that will criminalise the hijacking of computer systems and the unapproved installation of unsolicited software. However, the cynical part of me also wants to make sure the legislation is properly written and does not place an extraordinary burden on Web sites.

That may seem paranoid to some, but when Orrin Hatch is trying to ramrod legislation through the US Congress that would make it illegal to participate in a P2P network, I think some paranoia is justified.

Another excellent source of information is the United States Computer Emergency Readiness Team (US-CERT), which contains a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported. To underscore the seriousness of the problems caused by malware, it is interesting to note that the US-CERT is governed by the Department of Homeland Security's National Cyber Security Division (NCSD) and the National Strategy to Secure Cyberspace.

If you or your users suffer the misfortune of a malware hijacking, I encourage you to notify the US-CERT about the offending Web site. However, the unfortunate reality of the current situation is that the offending Web site itself is probably a victim of a hijacking, and the Webmasters are likely unaware of the infection they are spreading. This trickery means that most malware pushers are escaping the long-arm of the law -- at least for now.

Page II: Malware is a malicious and destructive form of Web browser hijacking. Combating such an attack requires patience and a set of specific tools, references, and resources. Prepare yourself with this guide.


The prevalence of malware is a problem that we must address. And by "we," I mean IT professionals. The current situation, where a user's system can be compromised simply by visiting a Web site, is intolerable. Network administrators, Webmasters, system designers, application developers, and the numerous other IT professionals responsible for Internet security and infrastructure should tackle this malware problem head on and now.

Perhaps it is time to make Spybot and Ad-aware, or similar applications, an integral part of normal network security. Of course, that would mean that we would have to pay for these tools, which are now generally free to use. But I think that small bit of investment is well worth the cost, especially when you consider the time spent trying to remove malware.

Malware is more than a nuisance; it is an epidemic that costs us all time and resources. While criminalising the hijacking of PCs and browsers will prevent some of this activity, we cannot count on that legislation to actually become law. Instead, it will ultimately be technology itself that will find a way to prevent this insidious behaviour. But until the technology of prevention catches up to the technology of infliction, we will have to pay a price for access to the World Wide Web. It's a shame that that price is constantly being raised by the darker side of human nature and the scourge of malware.

TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.

©2004 TechRepublic, Inc.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.