The term "malware" has become somewhat synonymous with Internet security.
According to Webopedia, malware is defined as:
A noun, short for malicious software; software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.
According to Wikipedia, malware (a contraction of "malicious software") is software developed for the purpose of doing harm.
The key words in those definitions are damage, disrupt, and harm. Malware is an example of the worst the Internet can offer. Detecting, destroying, and removing spyware has been the subject of many TechRepublic articles, including Spyware Detection and Removal, but the plague remains.
Now, it's personalOnce upon a time, I blew off any concerns about malware as a problem for the novice users of the world who didn't follow the most basic rules of security -- don't open attachments and don't agree to install unsolicited software from Web sites. My blissful ignorance was shattered on July 20, 2004, when I became a victim of a malware hijacking.
The fact that I could be hijacked by merely clicking a link on a Google search page seems, even now, to be the surreal reality of someone else. How could such a thing be allowed to happen?
The whole concept of malware is lost on me. Are we supposed to believe that hijacking someone's system to install unasked for and unwanted software is somehow going to induce that victim to become enamoured with the products that are featured in the subsequent force-fed advertising? Does that ever really happen? I don't believe it.
It is much more likely that the person violated in this unwelcome scenario will have a reaction much more like mine, in which one is motivated to stop this from happening to anyone else ever again. I defy any malware purveyor to jump in the article discussion and justify malware as a good business practice. And I don't mean the usual rationalisation that it makes them money. I'm talking about justifying it ethically. I say there is no justification -- prove me wrong!
RemovalFortunately for all of us, the combination of malware, spam, and spyware has raised the cockles of more than just a few inspired and talented individuals and application developers. Over the past few years, TechRepublic has written several articles describing how to remove spyware and malware from infected systems. Many of those articles have mentioned the remarkable cleansing power you can bring to bear with the combination of Spybot Search & Destroy and Ad-aware. In my case, those two were extremely effective in removing the infestation.
For those TechRepublic members looking for a refresher on the general implementation of these applications, here is how the combination worked for me.
Firefox to the rescueFirst, I borrowed a utility CD-ROM from a colleague. The utility CD had a copy of the latest version of Mozilla Firefox, which I quickly installed. Because most of the malware was tuned to the start of Microsoft Internet Explorer, I was able to access Download.com using Firefox -- a normally simple thing made nearly impossible by the vindictive software I was trying to remove.
I then acquired the latest versions of Spybot Search & Destroy and Ad-aware 6.0, which I quickly installed on the infected system. The initial Spybot routine found 79 questionable objects. After removing those offensive tidbits, I updated the reference file for Spybot and ran it again. This updated cleansing operation found another 25 objects to remove.
Figure A |
 |
| Spybot Search & Destroy |
So far so good -- but I still had problems with pop-up advertisements and frustratingly slow Web browsing, so I knew that I had not eliminated the entire infection. Like heeding your doctor's warning about taking the entire series of an antibiotic treatment, I needed to continue to fight the infection by running Ad-aware 6.0 with an up-to-date reference file, which netted an additional 171 objects. While most were innocuous advertising trackers, several were nasty bits of code and registry key combinations that begged to be destroyed.
Figure B |
 |
| Ad-aware 6.0 |
Running the latest versions of Spybot and Ad-aware, including the latest reference files available, completely removed the offending malware and gave control of my computer back to me. The key to this success was the use of a Web browser other than Internet Explorer. That's when I began to ponder the larger meaning of this unpleasant experience.
Recovery kitTrying to find a silver lining in this incident, I decided I should create a recovery kit and burn it on a CD-ROM. On this CD are the installation files for Firefox, Spybot Search & Destroy, Ad-aware 6.0, and a copy of the AVG Anti-Virus software. These applications would have been good enough to fix my problems, but I'm wondering if there should be more applications saved to this disk. For example, I'm thinking perhaps I should make the CD bootable for those occasions when I need to at least get to a command prompt.
In the past, many of us tech-types have created recovery disks -- first it was 5.25-inch floppies with DOS and command-line utilities, then 3.5-inch diskettes with perhaps an antivirus application, and now it is CD-ROMs or thumb drives with the capacity for all kinds of applications.
Additional resources
Concern grows over browser security
The
Internet Fraud Complaint Center
Stop Scum
Symantec
Security Response
The World Wide Web Security FAQ
Legislation and regulation
When I started to research how I came to have this little misadventure, I came across the Web site of US Representative Jay Inslee and noted his efforts to pass the Computer Software Privacy and Control Act, H.R. 4255. My immediate response is to support any legislation that will criminalise the hijacking of computer systems and the unapproved installation of unsolicited software. However, the cynical part of me also wants to make sure the legislation is properly written and does not place an extraordinary burden on Web sites.
That may seem paranoid to some, but when Orrin Hatch is trying to ramrod legislation through the US Congress that would make it illegal to participate in a P2P network, I think some paranoia is justified.
Another excellent source of information is the United States Computer Emergency Readiness Team (US-CERT), which contains a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported. To underscore the seriousness of the problems caused by malware, it is interesting to note that the US-CERT is governed by the Department of Homeland Security's National Cyber Security Division (NCSD) and the National Strategy to Secure Cyberspace.
If you or your users suffer the misfortune of a malware hijacking, I encourage you to notify the US-CERT about the offending Web site. However, the unfortunate reality of the current situation is that the offending Web site itself is probably a victim of a hijacking, and the Webmasters are likely unaware of the infection they are spreading. This trickery means that most malware pushers are escaping the long-arm of the law -- at least for now.
7%
2%
