Transcript Malicious Software Learn More - University of California

Malicious software, also known as “malware,” is often only a nuisance,
but increasingly, malicious software can damage data, computers, and
computer networks. Examples include Trojan horses, vandalware,
spyware, hoaxes, some viruses—including macro viruses—and worms. All
of these terms are explained in the first topic of this guide.
Topics in this guide include:
•
•
•
•
Types of Malicious Software
Learn to Identify Malicious Software
Protect Yourself Against Malicious Software
Clean Malicious Software from Your Computer
Types of Malicious Software
Trojan horses are programs that appear harmless at first (they often
arrive as an e-mail joke or amusing program), but contain a hidden function
that creates damage. Unlike viruses, Trojan horses do not attach
themselves to files, they simply carry out their malicious instructions. Trojan
horses are stand-alone programs that cannot be cleaned and should be
deleted when found.
Vandalware is software that steals information for monetary gain. Often
hidden inside spyware, vandalware includes backdoor Trojan horses (Trojan
horses that open a secret door to your computer or network), hacker tools
(password crackers, network sniffers, keystroke loggers, and more), remote
administration tools (RATs), robots (BOTs), dialers, and tools used to initiate
distributed denial of service (DDoS) attacks.
Spyware/Adware is any software that secretly gathers user information
through a user’s Internet connection, usually for advertising purposes. Once
installed, spyware monitors a user’s activity on the Internet and transmits
the information secretly to another party.
Hoaxes, sometimes called hoax viruses, are fake reports of true viruses.
Hoaxes are not real, but they trick people into responding as if a real virus
attack were imminent. Hoaxes are damaging because they cause
slowdowns in business operations, lost productivity through wasted time,
and take up valuable network bandwidth.
Computer viruses are software that behave like biological viruses—they
attach themselves to a host and replicate, spreading the infection. Some
computer viruses are relatively harmless, while others cause serious
problems. For a computer program to be classified as a virus, it simply must
replicate itself.
Macro viruses are viruses that take advantage of the language built into
Microsoft Visual Basic (VB) that allows a sequence of commands (macros) to
be inserted into a document or products. Visual Basic macros are commonly
used in the Microsoft Office suite to automate various tasks.
Worms are similar to computer viruses in that they replicate and infect
other computers, but they differ from viruses in that they typically replicate
without user involvement. Worms are often used to carry other types of
malicious software, especially vandalware. Worms prey on system and
software vulnerabilities.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
© 2007 Microsoft Corporation. All rights reserved.
1 of 4
Learn to Identify Malicious Software
Protect Yourself Against Malicious Software
Malicious software can create symptoms that alert you to its presence.
You might be infected if you notice the following behavior:
The best way to guard against virus infections and other malicious software
is through education, antivirus software, and caution when downloading.
• Your computer runs slowly, or uses more resources than normal.
Educate yourself
• You hear noises—often a churning drive—or see features you didn’t
install.
• E-mail messages are sent without your knowledge.
• Duplicate services or unknown services run on the system.
• New directories or files appear, or old ones appear changed.
Stay current on the latest virus information—especially about hoax viruses—
by visiting the IT Web virus site at http://antivirus. Remember, if your
computer is acting strangely, it doesn’t necessarily mean that you have a
virus.
• Your pointer moves unexpectedly, or windows open by themselves.
Run antivirus software
• Your antivirus software, firewall, or other security product shuts down.
Download the latest virus update for your software. Once you have installed
the latest updates, you will need to run a full-system scan to check for
viruses.
If spyware has been installed on your computer, you may experience one or
more of these symptoms:
• When you start your computer, or when your computer has been idle for
many minutes, your browser opens and displays Web site ads.
• When you view Web sites, other browser windows open and display Web
site ads.
• Your Internet home page unexpectedly changes.
• Web pages are unexpectedly added to your Favorites folder.
• New toolbars are unexpectedly added to your Web browser.
Be careful when you download
Read all dialog boxes carefully and close anything that looks suspicious.
When closing dialog boxes or pop-up advertisements, click
to close the
window. If you're not sure how to safely close a window that has opened in
your browser, right-click the browser window icon in your Windows taskbar
(usually at the bottom of your screen), and then click Close. The Web is full
of ads that feature fake “X” or “Close” or “OK” buttons, and if you click
them, you actually open the ad.
Here is an example of a fake user interface:
• You cannot start a program.
• When you click a link in a program, the link doesn’t work.
• Your browser suddenly closes or stops responding.
• It takes a long time to start your computer or to resume using your
computer.
• Program components no longer work.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
© 2007 Microsoft Corporation. All rights reserved.
2 of 4
Set security levels in Office 2003
One way to protect against macro viruses is to require proof that a macro is
from a trusted source. Office 2003 can be set up to require digital
signatures for macros and to control what action takes place when it
encounters a macro.
To set the security level in most Office 2003 applications:
1
On the Tools menu, click Options.
2
On the Security tab, click Macro Security.
3
On the Security Level tab, click a security level.
Note ITWeb recommends the High security level.
4
Click OK, and then click OK again.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
© 2007 Microsoft Corporation. All rights reserved.
3 of 4
Prevent secret downloads
For more information on tightening security in Microsoft applications, see:
Some spyware can leave your system susceptible to unwanted downloads
(sometimes called “drive-by” downloads). Help prevent this by customizing
your browser security settings.
1
In Windows, click Start, click Control Panel, and then double-click
Internet Options.
2
On the Security tab, click Internet, and then click Custom Level.
Click the following settings:
• Download signed ActiveX
scripts: Prompt
• Download unsigned ActiveX
scripts: Disable
• Initialize and script ActiveX
not marked as safe: Disable
• Installation of Desktop
items: Prompt
• Launching programs and files
in a IFRAME: Prompt
3
Click OK, and then click OK again.
Note Internet Explorer alerts you when it attempts to download and install
content.
• Working with Internet Explorer 6 Security Settings:
http://www.microsoft.com/windows/ie/using/howto/security
/settings.mspx
• Security at Home—Protect Your PC:
http://www.microsoft.com/athome/security/protect/windows
xpsp2/Default.mspx
Clean Malicious Software from Your Computer
If your system isn’t already running a virus scan, you should begin a scan.
1
Update your antivirus software.
2
Complete a full-system scan.
3
Download and install a spyware scanner.
Visit http://www.microsoft.com/spyware for more information on
spyware, and links to some of the many spyware scanners that are
available for download.
Note If you learn that your computer has been infected by malicious
software that compromises your computer, immediately disconnect it from
the Internet. It isn’t enough to close your browser—you must unplug your
network interface connector, modem, or dial-up phone line.
Also, if you identify any malicious software such as a backdoor Trojan,
keyboard logger, password stealer, remote access tools (RAT), robots
(BOTs), vandalware or spyware, contact your Information Technology (IT)
department immediately so the problem can be addressed according your
company’s security policies.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
© 2007 Microsoft Corporation. All rights reserved.
4 of 4