According to the Webopedia, malware is defined as:
A noun, short for
malicious software; software designed specifically to damage or disrupt a
system, such as a virus or a Trojan horse.
According to Wikipedia, malware (a contraction of “malicious
software”) is software developed for the purpose of doing harm.
The key words in those definitions are damage, disrupt, and
harm. Malware is an example of the worst the Internet and World Wide Web can
offer. Detecting, destroying, and removing spyware has been the subject of many
TechRepublic articles, including Spyware
Detection and Removal, but the plague remains.
Now, it’s personal
Once upon a time, I blew off any concerns about malware as a
problem for the novice users of the world who didn’t follow the most basic
rules of security—don’t open attachments and don’t agree to install unsolicited
software from Web sites. My blissful ignorance was shattered on July 20, 2004,
when I became a victim of a malware hijacking.
The fact that I could be hijacked by merely clicking a link
on a Google search page seems, even now, to be the surreal reality of someone
else. How could such a thing be allowed to happen?
The whole concept of malware is lost on me. Are we supposed
to believe that hijacking someone’s system to install unasked for and unwanted
software is somehow going to induce that victim to become enamored with the
products that are featured in the subsequent force-fed advertising? Does that
ever really happen? I don’t believe it.
It is much more likely that the person violated in this unwelcome
scenario will have a reaction much more like mine, in which one is motivated to
stop this from happening to anyone else ever again. I defy any malware purveyor
to jump in the article discussion and justify malware as a good business
practice. And I don’t mean the usual rationalization that it makes them money.
I’m talking about justifying it ethically. I say there is no justification—prove
Fortunately for all of us, the combination of malware, spam,
and spyware has raised the cockles of more than just a few inspired and
talented individuals and application developers. Over the past few years,
TechRepublic has written several articles describing how to remove spyware and malware from
infected systems. Many of those articles have mentioned the remarkable
cleansing power you can bring to bear with the combination of Spybot Search & Destroy and Ad-aware. In my case, those two were extremely effective in
removing the infestation.
For those TechRepublic members looking for a refresher on
the general implementation of these applications, here is how the combination
worked for me.
Firefox to the rescue
First, I borrowed a utility CD-ROM from a colleague. The
utility CD had a copy of the latest version of Mozilla Firefox, which I quickly installed. Because most of the
malware was tuned to the start of Microsoft Internet Explorer, I was able to access Download.com using Firefox—a
normally simple thing made nearly impossible by the vindictive software I was
trying to remove.
From Download.com, I acquired the latest versions of Spybot Search & Destroy and Ad-aware 6.0, which I quickly installed on the infected system.
The initial Spybot routine found 79 questionable objects. After removing those
offensive tidbits, I updated the reference file for Spybot and ran it again.
This updated cleansing operation found another 25 objects to remove.
|Spybot Search & Destroy|
So far so good—but I still had problems with pop-up
advertisements and frustratingly slow Web browsing, so I knew that I had not
eliminated the entire infection. Like heeding your doctor’s warning about
taking the entire series of an antibiotic treatment, I needed to continue to
fight the infection by running Ad-aware 6.0 with an up-to-date reference file,
which netted an additional 171 objects. While most were innocuous advertising
trackers, several were nasty bits of code and registry key combinations that
begged to be destroyed.
Running the latest versions of Spybot and Ad-aware,
including the latest reference files available, completely removed the
offending malware and gave control of my computer back to me. The key to this
success was the use of a Web browser other than Internet Explorer. That’s when I began to ponder the
larger meaning of this unpleasant experience.
Trying to find a silver lining in this incident, I decided I
should create a recovery kit and burn it on a CD-ROM. On this CD are the
installation files for Firefox, Spybot Search
& Destroy, Ad-aware 6.0, and a copy of the AVG Anti-Virus
software. These applications would have been good enough to fix my problems,
but I’m wondering if there should be more applications saved to this disk. For
example, I’m thinking perhaps I should make the CD bootable for those occasions
when I need to at least get to a command prompt.
In the past, many of us tech-types have created recovery
disks—first it was 5.25-inch floppies with DOS and command-line utilities, then
3.5-inch diskettes with perhaps an antivirus application, and now it is CD-ROMs or thumb
drives with the capacity for all kinds of applications.
This is where TechRepublic members can help: What should be
on the modern recovery/utility disk? Because of the size of the media these
days, we should be able to get a multitude of applications on a single disk. I
started a discussion to get your feedback on this question. Once we get a
consensus, I’ll post the list of applications so everyone can have it as a
Additional links to informative Web sites
Legislation and regulation
When I started to research how I came to have this little
misadventure, I came across the Web site of U.S. Representative Jay Inslee and
noted his efforts to pass the Computer Software Privacy and Control Act, H.R. 4255. My immediate response is to support any legislation
that will criminalize the hijacking of computer systems and the unapproved
installation of unsolicited software. However, the cynical part of me also
wants to make sure the legislation is properly written and does not place an
extraordinary burden on Web sites.
That may seem paranoid to some, but when Orrin Hatch is
trying to ramrod legislation through the U.S. Congress that would make it illegal
to participate in a P2P network, I think some paranoia is justified.
Another excellent source of information is the United States Computer Emergency
Readiness Team (US-CERT), which contains a regularly updated summary of the
most frequent, high-impact types of security incidents currently being
reported. To underscore the seriousness of the problems caused by malware, it
is interesting to note that the US-CERT is governed by the Department of
Homeland Security’s National Cyber Security Division (NCSD) and the National
Strategy to Secure Cyberspace.
If you or your users suffer the misfortune of a malware
hijacking, I encourage you to notify the US-CERT about the offending Web site.
However, the unfortunate reality of the current situation is that the offending
Web site itself is probably a victim of a hijacking, and the Webmasters are
likely unaware of the infection they are spreading. This trickery means that
most malware pushers are escaping the long-arm of the law—at least for now.
The future is now
The prevalence of malware is a problem that we must address.
And by “we,” I mean IT professionals. The current situation, where a
user’s system can be compromised simply by visiting a Web site, is intolerable.
Network administrators, Webmasters, system designers, application developers,
and the numerous other IT professionals responsible for Internet security and
infrastructure should tackle this malware problem head on and now.
Perhaps it is time to make Spybot and Ad-aware, or
similar applications, an integral part of normal network security. Of course,
that would mean that we would have to pay for these tools, which are now
generally free to use. But I think that small bit of investment is well worth
the cost, especially when you consider the time spent trying to remove malware.
Perhaps your company has already adopted a network policy on
those applications. Help your colleagues here at TechRepublic establish their
own policy by explaining how your policy regarding malware-prevention software
is working. What problems have you had to overcome, and what benefits have you
derived from this policy?
Technology is key
Malware is more than a nuisance; it is an epidemic that
costs us all time and resources. While criminalizing the hijacking of PCs and
browsers will prevent some of this activity, we cannot count on that
legislation to actually become law. Instead, it will ultimately be technology
itself that will find a way to prevent this insidious behavior. But until the
technology of prevention catches up to the technology of infliction, we will
have to pay a price for access to the World Wide Web. It’s a shame that that
price is constantly being raised by the darker side of human nature and the
scourge of malware.