[Security] Fighting Malware
Thursday, June 17th, 2010 - General
This is a continuation of our Security Guide see the previous post.
Lately the most prevalent method of hacking a website is not based on outdated scripts or even server-side related. It is a client-side issue, meaning your local computer, the computer you are using right now to read this.
Hackers are using viruses, trojans, spyware, adware, keyloggers and general malware to hack your personal computer and steal your account information (among other things). They can then use this information to access your hosting account and hack your website to include malicious code.
It used to be that the term virus was a straightforward term. Viruses were written and each virus would have a certain signature that virus scanner companies would identify and would write a definition for it. While traditional viruses still remain a threat on your personal computer, the field has actually been expanded to include trojans, spyware, adware, keyloggers (all of which I will refer to as malware from here on out) and just general malicious code. Identifying a threat on your computer is no longer as simple as identifying a virus with a virus scanner, malware detection software must also be used and even then some threats are undoubtedly going to slip through the cracks.
For the purposes of this article I am going to focus on malware on the Windows operating system. This isn’t to say that Linux, Macs, and other operating systems do not have their fair share of viruses and malware, it just seems that Windows malware is more prominent.
If you do not already have anti-malware software installed on your computer, I recommend installing Microsoft’s Security Essentials suite. Microsoft Security Essentials acts as both an anti-virus solution and an anti-malware solution. I have read plenty of good reviews about the software and it seems to be the best around.
What to do if you already have malware or suspect that you have malware installed on your computer?
You may have received a message from us where perhaps someone uploaded malicious content to your hosting account and we suspect that your computer is infected with malware. Or if you just suspect that your account information has leaked out. How do you find what is responsible? How do you resolve it?
Well, the issue is multiplied if you have used multiple computers to access your account. If you have only accessed your account from an administrative perspective (i.e accessed FTP or your cPanel, etc.) from your one computer at home then this would be your target machine. However, if you’ve accessed the administrative aspect of your hosting account from multiple computers (say your home computer, your work computer, your laptop, and a public computer at a library) then identifying which computer is infected is increasingly difficult. You really can’t know which computer is infected and thus you have to scan all of these computers for viruses and malware (except for the public computer at the library, they may not take kindly to you running extensive scans).
The process of scanning for viruses and trojans is long and exhaustive. You may have heard the saying An ounce of prevention is worth a pound of cure. This is true in this regard as well. The more securely you can operate, the less likely you are to become infected, and not be in this predicament.
Scanning for Viruses
You should scan the suspected computer (or computers) for viruses using an up-to-date virus scanner. Generally any anti-virus program will work, but two free ones are AVG and Avast! Just make sure that you have updated to the most recent definitions database for the anti-virus program. In general scanning with multiple anti-virus programs is better, because one program might identify something that another program missed. However you cannot keep two anti-virus programs installed at the same time. So you would have to uninstall or remove an anti-virus program before installing a new one. Scanning with multiple anti-virus programs is not required, I just mention it in case you are increasingly vigilant in your endeavor to find the culprit software.
As stated before, virus scanners won’t necessarily catch everything because today’s threats aren’t necessarily viruses but more malware or malicious code/applications.
Scanning for Malware
If you do not already have any anti-malware software installed on your computer, again I recommend installing Microsoft Security Essentials. But if you suspect that you already have malware installed on your computer and you do not have Microsoft Security Essentials installed, then do not install it right now. Instead I recommend following the steps below.
As with virus scanning, using more than one malware scanner is best. However, unlike virus scanning, using multiple malware scanners is much more effective. Results from different malware scanners is more likely to vary versus results from different virus scanners. This is because virus scanning is fairly straightforward and most virus scanners will search for the same thing. This is not true with malware and malware scanners. Different malware scanners will use different methods to find and detect malware or potential malware. For this reason, I believe it is more important to use multiple malware scanners than it is to use multiple virus scanners.
Note, the anti-malware programs listed below may detect cookies or Tracking cookies, these generally aren’t good but they aren’t really malware in the sense that they could do any real damage to your computer. Removing these Tracking cookies is probably a good thing, but they aren’t considered malware for our purposes.
If you suspect that your computer (or computers) has malware and you do not have any current anti-malware detection software installed, I would follow these steps:
1. Install and scan with MalwareBytes
Install MalwareBytes onto your computer and run it to detect malware. MalwareBytes is an anti-malware solution that comes highly recommended within the anti-malware community.
Once you have installed MalwareBytes, run it, and be sure to update the definitions to the latest version. Then search for malware on your computer. If it finds anything, resolve the issue accordingly. The scope of this article isn’t able to tell you specifically how to deal with it, because the infected or affected files may have more importance to you. You just need to be able to decide for yourself how to deal with it.
After you have resolved the issues that Malwarebytes has found and/or after a clean run you will want to remove MalwareBytes from your computer. Use Windows’ Add/Remove system to remove the program from your computer.
2. Install and scan with Adaware
Install Adaware on your computer and run it to detect spyware/adware/malware. Adaware is another program that has won some awards for being the best malware detector.
Once you have installed Adaware, run it and update the Adaware definitions to the latest version. Then use the program to scan your computer for malware. If it finds anything, you will need to resolve those issues accordingly. Again, the scope of this article is not able to tell you specifically how to deal with Adaware’s findings, you will have to decide for yourself how to proceed with its results.
After you have resolved the issues that Adaware has found and/or after a clean Adaware scan, then you will want to remove Adaware from your computer. Again, use Windows’ Add/Remove system to remove the program from your computer.
3. Install and scan with Spybot Search & Destroy
Install Spybot Search & Destroy on your computer and run it to detect malware. Spybot Search and Destory is recommended by anti-malware experts as a solid malware detection program.
Spybot Search & Destroy Website
When you install Spybot Search & Destroy one of the questions will be to enable Tea Timer in the install. You do not have to install this. Tea Timer is Spybot’s real time scanner. It runs in the background constantly looking for malware on your computer. This won’t be necessary because we are going to remove the program after we have scanned with it. When you run Spybot Search & Destroy make sure that you update its definitions so that you are using the latest version. Scan your computer for malware with Spybot Search & Destroy and resolve any issues that it may identify.
After you have resolved any issues that Spybot Search & Destroy found and/or after a clean scan, then you will want to remove Spybot Search & Destroy from your computer using Windows’ Add/Remove system to remove the program from your computer.
4. Install and scan with Microsoft Security Essentials.
Install Microsoft Security Essentials on your computer and run it to detect any malware on your computer.
Microsoft Security Essentials Website
After you install Microsoft Security Essentials make sure that you update it to include the latest malware definitions. Then scan your computer for malware and resolve any issues that it discovers.
I left Microsoft Security Essentials last because if you do not already have any anti-malware software installed on your computer, then you should consider leaving it on your computer. If you already have anti-malware software on your computer or if you feel comfortable with another product, then you can remove Microsoft Security Essentials and leave or reinstall the anti-malware program of your choice.
If none of these scans detected any malware on your computer (or computers) and you still believe that malware is on your computer, the best thing to do is to discuss this at the Badwarebusters.org online community. Describe your symptoms and someone there may be able to help you identify or resolve the malware problem you are experiencing.
Steven
Next Post Password Security