Malware Part 2

As mentioned in part 1, there are a great number of people out there who want your information…its not personal, its just business.  The only way to protect yourself is to keep your anti-virus software, anti-spyware, and anti-malware up-to-date.  And unfortunately that is not always enough!

We each must take greater control of the reins, so-to-say.  There are a plethora of sites out there with information on all of the latest viruses, spyware, and malware out there.

At the command prompt you can run a “netstat -an”: the a option displays all connections and listening ports; the n option displays IP addresses and port numbers in numerical order for easier readability.

You will see something similar to Figure 1 [refer to Malware Figures:Figure1] which will yield the status of your network with relation to your computer.  NetBIOS networking ports (135, 137, 138, 139, & 445) and an HTTP connection (port 80), telnet port (23), and FTP session port (20 and 21).  Hackers and malware can use common ports to infiltrate your network and computer(s).  I found an interesting ports list which is quite extensive.  It gives you a good amount of information and what specific malware or virus may use that port.  Use of the “netstat -at” allows you to view active network connections. [refer to Malware Figures:Figure2]

And there is the “net use” command at the command prompt which shows you what drives are mapped to an external system. [refer to Malware Figures:Figure3]

You can also find a variety of free tools via McAfee to aid in detection, removal, or personal training and knowledge.  One that is tauted as being very useful is Vision which is a port mapping utility.  Just perform a search on the internet, but I would be careful as to which you download to use.  The best thing to do is to check on various sites such as PC World, C|Net, and other reputable informative sites.

Your Task Manager is a wealth of information (CNTL + ALT + DEL) which shows you what processes are taking place and their memory consumption. [refer to Malware Figures:Figure4]

And the performance tab will show how it is performing with all of the extras running in the background. [refer to Malware Figures:Figure5]

There is quite a bit at your disposal to determine what is going on.  The internet, blogs, and many of the how to sites contain a wealth of information and everything you ever wanted to know about either your computer problem or how to understand what is happening and how to fix it.  YouTube.com is also another great tool for how to’s and Wikipedia is a good source of info – PROVIDED THAT YOU RESEARCH THE FOOTNOTES AND SOURCES! Take nothing for granted on that site, as it can change with the wind.

Malware Figures

Malware Part 1

Malware (or Malicious Software), in all of its forms, seems to be the greatest threat to everyone’s computer and every network.  Malware shows up in a variety of forms: Trojan Horses, Viruses, Worms, Rootkits, Logic Bombs, and Spyware.  Generally speaking, malware attacks exploit vulnerabilities that could be prevented if we would just automatically our computers and anti-virus software.  It is also a great idea to use both anti-virus software and anti-malware software.

Trojan Horses is a malware that is a reference to the Greek horse perceived to be a gift to the city of Troy, but was used to infiltrate the city defenses.  Same idea applies, this malware is generally sent via email and is executed when you open the email, or execute the program.

Viruses are usually self-replicating programs which are attached to executable files and essentially chew up all your useable memory.

Worms are self-propagating programs which load up into memory, exploit known specific software vulnerability and often are a main cause of computer crashes.

Rootkits are applications that are used to control a computer, where the grand prize is the crashing of your machine or the theft of personal information.  Rootkits can do a number of things all of which are destructive to the machine and the information which it possesses.

Logic Bombs more often than not are programs left behind by disgruntled employees to go off at a future time, event, or a specific person logs in to their account.

Spyware generally spy on your computer and retrieve data by sending it via email in the form of a screen shot, or as a keylogger – sending all keystrokes to an email or saving it to a device.  Adware is quite similar but not as intrusive as it places an advertisement on your computer.  Programming interfaces that can be maliciously manipulated are:  Java applets, Microsoft .NET applications, ActiveX controls, and VBScripts, Windows Script Host, and JavaScript programs.

There are a number of things to be done in order to protect yourself and your computer, as well as your network.  Keep an eye on what is happening in the IT World through internet based subscriptions (most are free), such as Information Technology, Emerging Threats, Dark Reading, Slahdot, and the list goes on and on.  Just complete a search on lists for Trojan Horses, Viruses, Worms, Rootkits, Logic Bombs, or Spyware and you will find a plethora of information as to what exactly is out there.  Regardless if it was created for a good reason, there is always someone who will use it for ill purposes.  Unfortunately it is inherent in man to do so!  Consider hacking, for instance…there are ethical hackers (White Hat Hackers – the proverbial good guys) and there are those with unethical intentions (the Black Hat Hackers – the bad guys always wore black hats in the old westerns.)

The internet is a great tool, just like a computer, a Smartphone, a tablet, or even a virus for that matter.  They are tools in an arsenal to allow you to accomplish specific tasks.  This shows the beauty of the Smartphone as a tool, you can set up all of your subscriptions on the device and many of which have applications available.  A virus can be a tool to see if your anti-virus software is working properly; your security software is either working properly and you are safe, or IT ISN’T!

Perhaps some countermeasures will be next, we shall see.  Until the next time…

Resources:  http://www.ethicalhacker.net/, https://www.eff.org/, http://slashdot.org/, http://www.bitpipe.com/, http://it.toolbox.com/topics/, http://www.cnet.com/, http://www.infotoday.com/, http://www.darkreading.com/, http://www.secureidnews.com/, http://www.cybersecurityhome.com/

Bibliography

Beaver, K. (2004). Hacking For Dummies. Hoboken, NJ: Wiley Publishing, Inc.

Ciampa, M. (2009). Security+ Guide to Network Security Fundamentals. Boston, MA: Course Technology.