Malicious Mischief

Lurking `malware' programs are frightful nuisances

October 30, 2003|By Erika D. Smith | Erika D. Smith,KNIGHT RIDDER/TRIBUNE

The Blaster worm? SoBig? Blasted.

But what about Computer Spy, Xupiter, ClientMan, Cydoor, IamBigBrother and Stop Popup Ads Now?

If you've never heard of these programs, but they're on your office or home computer, chances are the war to reclaim your PC is just beginning.

You've got "malware" -- and it's not easy to avoid, detect or get rid of.

Most experts define malware, short for malicious software, as an unwanted program that's designed to disrupt a computer's operations.

Viruses, adware and spyware all fall into this category, and the effects of each can range from merely annoying to downright invasive.

Malware often latches onto a computer when users agree to download it with a free program, like Kazaa. Some fall victim to "drive-by downloads," in which merely surfing to a certain Web page can trigger an installation. A blizzard of pop-up ads and poor system performance are usually the only outward signs of the infection.

"More [programs] are literally popping up every day," said Wayne Porter, spokesman for Xblock.com, an anti-malware firm that runs spywareguide.com. "It's really the wild, wild West."

Richard M. Smith, a computer security expert from Brookline, Mass., said about one out of every two computers running Microsoft's Windows operating system has unsolicited software.

Several services -- some free and some for a fee -- are on the market to help tame the malware problem. But none promises to remove every malicious program. Lavasoft's Ad-Aware and PepiMK Software's Spybot Search & Destroy are two of the top, free debugging programs on the Web. But both are generally marketed to home and small business users.

To remove malware from computers on a large network, it's best to use commercial-class software, like Medina, Ohio-based Central Command's Vexira Antivirus software.

Which is which?

"A lot of anti-virus programs don't detect malware," said Steven Sundermeier of Central Command, "because it's not necessarily a virus."

Adware programs such as Gator, Bonzi Buddy and Cydoor monitor a user's surfing and shopping habits to build a profile for targeted, pop-up advertising.

The software can trigger pop-up windows, create desktop shortcuts to pornographic or gambling sites, hijack a browser's homepage and redirect an Internet search to an ad-supported engine.

"Adware is usually nothing more than an annoyance," Porter said from his office in Kirtland, Ohio.

Spyware, on the other hand, has more insidious qualities. These programs can communicate personal information, such as credit card numbers, to private servers over the Web; take and send screenshots of a user's activity; and let other people remotely connect to your computer. Still others can secretly change a computer's dial-up connection so that instead of calling an Internet service provider, it calls expensive 900 numbers to connect.

The most dangerous type of spyware is the "commercial keylogger," said Jan Hertsens of Xblock. com.

Keylogger software can record everything a user does, from the Web pages he surfs to what he says in e-mail to the passwords he types. Newer programs can even record conversations over a phone line when a modem is attached, he said.

"[These] programs are being sold as fully legit. Notices are put up to `use only for legal purposes.' At the same time they tout full stealth, undetectability," he said. "Some can be remotely installed [by sending an infected e-mail to the victim] or even by sending an e-card."

Sometimes spyware, adware and worms team up to create a particularly toxic blended attack. The combination could be debilitating.

Such a multifaceted attack could spread via e-mail like spam, sneak onto a computer like a Trojan horse spyware program, and add links to gambling Web sites like adware.

"What we're experiencing now is more of a blended threat. It used to be clearly divided," Sundermeier said.

Most malware programs are difficult to delete.

Many don't come with uninstall files for proper removal and those that do may leave components littered throughout the system. Plus, spyware and adware can be almost impossible to detect in the first place, said Michael A. Wood, a spokesman the Swedish company Lavasoft, which makes Ad-Aware.

An ounce of prevention

RegBlock is one of the few programs on the market that promise to stop malware before it sets up shop on a computer.

Developed by Belgium-based Xblock.com, RegBlock is like an inoculation against malware. PC users can select programs to block from a list that's constantly updated, Porter said.

RegBlock is sold online at www.regblock.com, and costs between $9.95 and $19.95. The price varies based on how many licenses you buy.

Central Command takes a similar database approach with its Vexira Antivirus software.

Like RegBlock, Vexira's price is based on the number of licenses. It starts around $400 for one computer and tops out at $1,900 for 10.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.