This page attempts to summarize what the various threats are and what you can do avoid them.

• Malware (viruses, worms, Trojan horses)
• Spam
• Spy-ware
• Adware
• Key-loggers
• Phishing (spoofing)

If you are not careful when downloading files from the Internet, don't have anti-virus software installed and updated, and stay current with Windows critical software updates, you will be victimized by "malware".

Why is it malicious?

It is designed to do harm to your system, data, or network and does not serve any legitimate purpose. It is software designed to compromise your system's performance.

The decision tree below (Table 1) will maybe help in bringing some clarity to jargon used in the industry, or Microsoft's definitions as below:

1. Virus: A virus attempts to spread from computer to computer by attaching itself to a host program. It may damage hardware, software, or data. When the host is executed, the virus code also runs, infecting new hosts and sometimes delivering an additional payload.
2. Worm: A worm uses self-propagating malicious code that can automatically distribute itself from one computer to another through network connections. A worm can take harmful action, such as consuming network or local system resources, possibly causing a denial of service attack. Some worms can execute and spread without user intervention, while others require users to execute the worm code directly in order to spread. Worms may also deliver a payload in addition to replicating.
3. Trojan horse: A program that appears to be useful or harmless but that contains hidden code designed to exploit or damage the system on which it is run. Trojan horse programs are most commonly delivered to users through e-mail messages that misrepresent the program's purpose and function. Also called Trojan code. A Trojan horse does this by delivering a malicious payload or task when it is run.

Symptoms:

Generally, there is no single symptom that that would allow one to conclude a system has a virus. However, if you do not have a anti-virus software system installed and keep it updated, and your system behaves erratically, or even stops functioning, these symptoms could indicate the presence of a virus. One recent worm, Sasser, has the tell-tale markers of shutting down your computer and giving you a 60-second advance warning.

How do I get rid of it?

Installing the anti-virus software may clean your system; in more serious cases, special tools are needed. In any case, NetRunners® Site Engineers are trained to assist you.

How do I prevent an infection?

• Ensure you have anti-virus software installed, enabled and updated on your systems; Good anti-virus software will protect against worms and Trojan horses too.
• Ensure that you enable Windows updates; Windows can be configured to automatically look for critical security patches to prevent malware infections.
• Enable a firewall.
• Don't download e-mails with attachments if you don't know what you will receive. Even if the e-mail is from a person you know: they might not even be aware of malware has hacked their address book!

What is Spam and how do I get it?

Spam is a nuisance because of its sheer volume and meaningless purpose; but it is not malicious. Spam is unsolicited e-mail, often selling products or services and yes, it could carry malware.

Spammers use a variety of automated tools of obtaining e-mail addresses in bulk, directly from the internet. Many times these messages contain 'links', allowing you to 'unsubscribe'. Don't even think about clicking those links: they will just confirm to the spammer that your e-mail is a working one allowing the spammer to charge more for a confirmed e-mail address.

Symptom:

You receive lots of e-mail you don't want, from people you don't know, offering services you don't need.

How do I get rid of it?

If you have an e-mail address, you will get spam, and simply deleting it is, so far, the only think that can be done. The US Congress is attempting to legislate spam away but the early attempts are not very effective.

There is software with varying degrees of effectiveness that analyzes incoming e-mails, and uses special algorithms to determine the likelihood that an e-mail is in fact spam. If so, it will be send to a special folder where it can be deleted after review. Microsoft's Outlook 2000 and higher has spam filtering, but there is other good software available from other vendors that work with your e-mail client. NetRunners® can advise you on available anti-spam software and configure it for your systems or servers.

How do I prevent it?

You really cannot "prevent" spam. You can hope to reduce it by not sharing your e-mail address carelessly and by declining to "receive e-mail offers from marketing partners" when you are offered such an opportunity.

What is Spy-ware and how do I get it?

Spy-ware (also referred to as trackware or spybot) is software that is able to "track" personal information and/or your on-line activities without your knowledge or consent. You are not aware that a program you download or install (often for free) is also installing spy-ware. That information is then used to collect personal information that may be stored on your computer and use that to send you pop-ups, or to direct you to certain websites, prevent you from visiting certain websites, all without your knowledge! Music file-sharing systems such as KaZaa are notorious spy-ware sources.

Symptom:

Spy-ware needs to communicate back to its source about what it found on your system so it consumes both your computer processor and your internet bandwidth. Your computer may be getting slow and you may have difficulty visiting certain websites. Also, new "toolbars" may appear you did not ask for, and certain websites may not be accessible after the spy-ware has hijacked your browser. Spy-ware may also alter (and damage) key system files which often leads to your system becoming completely inoperable!

Yet perhaps the worst problem is that personally identifiable information may be divulged without your consent or knowledge.

How do I get rid of it?

NetRunners® Site Engineers use a variety of special software tools to remove spy-ware. It is not uncommon for our Site Engineers to find hundreds of instances of spy-ware on a single system. Besides the software tools, our Site Engineers rely on their experience of having cleaned hundreds of systems!

How do I prevent it?

There is commercial software available for about $40 that will help prevent future infections, but none of it is completely fool-proof. Our advice: get software such as Ad-Aware or Spybot Destroyer, configure it properly and keep it up to date, and be suspicious of "free downloads" from websites you are not familiar with.

What is Adware and how do I get it?

Adware is closely related to spy-ware but features an important distinction: the source of adware often reveals that certain information may be collected from you and used to send you ...eh...."targeted information" (i.e. advertising) in order to provide a free or low-cost service. In exchange, you will receive pop-ups, pop-unders etc. which, much like spy-ware, slow down computers or even cripple them.

Since Adware and spy-ware are so closely related, please read the spy-ware section on symptoms, remedies and prevention.

Key-Loggers

Perhaps one of the more serious threats to your privacy and safety online are key-loggers. Key-logger software records key strokes on a key board and either stores this info for future use, or sends these keystrokes via the internet to a third party. With this information, a third party can see exactly what you typed and use that information. Of course, the whole idea of a key logger is that you don't know that your key strokes are being recorded, possibly as you type! Imagine logging in to your bank account, not knowing that, while you are typing your username & password , your keystrokes are being sent to a Russia. Scary?

There is also more benign use, such as monitoring the online activities of children, but the technology can easily be abused.

Symptom:

There is no unique computer symptom that can confidently identify a key logger in operation because they are designed to be stealthy. Compromised user names & passwords could be a symptom of course.

How do I get rid of it?

Once you know you have one, removal is easier. Detecting it without a suspicion is not. There are a few commercially available key loggers on the market and their signatures are known and can be detected if you are specifically looking for them. If you suspect a key logger is operational on your system call NetRunners®.

How do I prevent it?

Your biggest worry should be receiving one while on line. Preventing key loggers is therefore no different than preventing viruses and spy-ware (i.e. install a firewall, install anti-virus software, patch the Windows operating system, and don't download files from the Internet willy-nilly).

Phishing

Another serious threat to your privacy and safety online is a concept called "phishing" (pronounced "fishing") or "spoofing". While the technology behind it is too complicated for this article, the concept is simple: trick a user in believing he is visiting the web page of his on-line bank and get him to reveal his user name and password. Once that is data is entered, the next page develops a "technical problem". The user responds with reloading the page or typing the address in the Internet browser again and eventually the user arrives at the real website of his on line bank and never realizes he has been "phished". But at that point the damage is already done and the user name and password may already be in Hong Kong.....

Phishing is not nearly as common as other on line threats discussed here, but the damage may be much more substantial as we rely more on more on secure web sites to transact business.

Symptom:

Familiar web sites look and feel "different" than in the past, even though they have the exact same logos, names, and page lay-out as before. They may be more slow to load and respond. You may also have received an e-mail message with an invitation to come visit the website to arrange for something, as opposed to typing the known, valid address yourself (although even that can be compromised!). A keen observer may see an unfamiliar web address, or a rather long one, but more sophisticated phishers can defeat these markers.

How do I avoid it?

A determined and sophisticated phishing operation may be hard to avoid or detect. Our best advice is the same as before: be on guard when you surf the Internet, be aware that these scams exist and when in doubt, try to find and call the contact numbers on the website. Avoiding phishing sites is therefore no different than preventing viruses and spy-ware (i.e. install a firewall, install anti-virus software, patch the Windows operating system, and don't download files from the Internet willy-nilly).

Sophisticated and determined phishers are able to foil and defeat many common indicators people rely on to be comfortable with a website before they provide private information. These indicators include the key-lock on the bottom of the Internet browser and the "https://" preface of web addresses of encrypted web site communications.