A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Malware

Programs that are designed to harm your computer

Malware (short for “malicious software”) is any software designed to harm your computer, such as viruses, worms, Trojan horses, and rootkits.

  • A computer virus is a program that attaches itself to an application or "host file" and then spreads by making copies of itself. Some type of human action (e.g. opening an attachment) is always required for a virus to take effect. Once a virus gets onto your computer it might modify, delete, or steal your files, make your system crash, or take over your machine.

  • A computer worm is like a virus, but it infects other computers all by itself, without human action and without a host file. It usually infects other computers by sending emails to all the names in your email address book.

  • A Trojan horse is a program that tricks you into running it by appearing useful or harmless. However, once it is run it damages your computer, usually by providing "back door" access to the computer. This allows hackers to control or use your computer, destroy or steal files, install viruses or spyware, or run arbitrary programs.

  • A rootkit is a program that allows an intruder to gain access to your system without your knowledge by hiding what it is doing on the system. The intruder can then install difficult-to-detect back doors into your system to seize control.

Published content (e.g. Web sites, pictures stored in online services, and blogs) typically resides on special computers called servers. These servers can be attacked by malware, just like your personal computer. Malware can infect the server through the Web server’s network connection or by being installed on the server by someone who has physical access to it.

If your Web site uses forms (e.g. for registration, comments, suggestions, email), malware can also get into the server through the form fields. These forms let an attacker send information directly to your Web server and form-handling software. This information could contain malware capable of attacking your system.

Along with causing technical problems for your Web site or server, these attacks can drive users away from your site. Users avoid Web sites that seem insecure or prone to being attacked.

One of the biggest advantages of hiring a Web hosting service is that it is usually the company's responsibility to keep its servers malware-free. Check with your provider about its policies for protecting its equipment from malware.

Protective Measures

Practices

  • Update your virus definitions: Your anti-virus software relies on current virus definitions to do its job. If you don’t keep your definitions up to date, you may unknowingly spread a virus to your own Web server.

  • Select a responsible Web service: When publishing on the Web, do your research before selecting a Web hosting company. Watch out for companies that charge a low monthly rate but provide poor security and maintenance.

  • Perform frequent backups of your site’s content: If malware infects your machine, your site’s content may be modified or destroyed. You should perform regular backups of the files you have on your site so that you can recover from such infections. Use external storage media such as CD-ROMs, tape or zip drives, or remote machines to backup your data. You can perform these backups manually or use backup software to do them automatically.

  • Research personal Web server defense: If you are operating your own server instead of using one that belongs to a Web hosting company, learn how to protect it from malware. Typically you will need an antivirus application specially designed for servers. First make sure that your system is configured securely, and then focus on securing your Web server software with antivirus and firewalls.

  • Don't upload potentially harmful files to your site: Before uploading a file to your site for users to download, make sure that you can legally do so and that the file does not contain malware that could be harmful to users.

Settings

  • Set your anti-virus package for "Real-time Protection": Anti-virus software should provide the option of real-time protection, which means that it actively checks files that come into your system while you work. Although this might not be necessary for mobile devices, it does lower your chances of contracting a computer virus, so check if your brand supports this configuration. If it does, activate it.

  • Set your anti-virus package for the types of files you want it to check: To set the types of files the anti-virus software will check, click on Start, then Programs, and start your anti-virus package. Usually, the program gives you the option of choosing between a few scanning methods. Symantec, for example, offers:

    • Scanning all files: All files on the computer will be checked regardless of the extension or file type.
    • Scanning by file type: The package will check all files of the chosen type, regardless of the potentially deceptive file extension. This is especially important in catching files with a double ending such as ".gif.doc".
    • Scanning by file extension: This scan is the fastest, since only files with the chosen extension will be checked.

    If you have a different brand of antivirus software, consult the manual for instructions on how to configure the settings for real-time scanning and scanning method.

  • Configure your Web server to enable additional logging: All Web server software packages provide a way to enable additional logging to monitor the connections to your Web server. Good items to log are remote IP addresses, date and time of connections, and the requested URLs. It is particularly important to log this information for any external program that is executed by the Web server.

    • IIS: You can set Microsoft’s Internet Information Server to log additional properties through the Microsoft Management Console. Go to the Web Site tab and select the Properties button in the Logging Format section. We recommend logging Date, Time, Client IP Address, User Name, Service Name, Server IP, URI Query, Time Taken, User Agent, Cookie, and Referrer. Other properties may be useful depending on the content you serve.
    • Apache: The default logging by Apache is quite good but there are options which allow you to change the format or add information to each log entry. You can use the main Apache configuration file (http.conf) to enable more detailed logging. Apache provides ErrorLog and AccessLog directives that allow you to specify the location of each log. See Apache HTTP Server - Log Files  or Apache HTTP Server Version 2.0 - Log Files  (depending on which version of Apache you are using) for more detailed information.

Tools

  • Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

    Two popular anti-virus packages are Symantec’s Norton AntiVirus  and McAfee AntiVirus . AVG , AntiVir  and ClamWin  are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.

    PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless  and Symantec AntiVirus for Windows Mobile .

  • Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

  • Backup software: Having a backup of your data helps you recover from a system infection. While you can backup data manually, software that performs automated backups is preferred because these backups can be scheduled for times when the system is less busy. Windows can be configured to automatically perform backups, but you may want to buy other software if you have special needs. Backup software reviews  is a Web site providing good reviews of current software.

  • Rootkit detection software: Rootkits cannot be detected by ordinary anti-virus programs because they are very good at hiding themselves. You need special software to detect rootkits, such as RootkitRevealer  by SysInternals and F-Secure Blacklight .

  • URL Authentication: This authentication allows only certain users from a selected list to be able to access the site or parts of it. Find more information from the Windows Server Tech Center .

Connect Safely from Different Places

Office

Your employer may make server space available that you can use to publish a Web site. If they do, contact your system administrator to find out what limitations or restrictions there may be on your use of this server space and what site hijacking protections may already be in place. Usually, such Web sites are meant for information about your role within your company or workplace, rather than for personal use. Be especially careful about posting content on such a Web site that someone could find objectionable, because your company’s reputation could be at stake.

On the road

Public computers are particularly vulnerable to malware since they can be used anybody and you cannot secure them as you would your home computer. You should be careful when using public computers to update your site, because malware on the computer could attach itself to files that you upload to your Web site or information that you enter through forms.

Ethical Issues

The intentional distribution of malware is clearly unethical, since it disrupts and sometimes disables computers and can cause financial and productivity losses. Accessing hacker sites and trying out their tools is at best unwise, and using these tools against computers other than your own without permission is likely to be unethical or illegal, depending on the nature of the tools.

Legal Issues

Intentional distribution of malware is considered illegal worldwide. Famous malware programs like Code Red and the Melissa virus caused several million dollars in losses, and each started in a simple malware application. The creator of the Melissa virus was prosecuted under Title 18, United States Code, Section 1030  and sentenced to 20 months in prison and a $5,000 fine.

Privacy Issues

If you collect information in Web forms, be careful of how much information you store and how long you store it for. If malware is able to access that data, you may not be able to recover it or stop the malware from sharing that information.

Related case studies

Links

References

Filing a complaint

If you have a problem related to publishing content on the Web, contact your Internet service provider (ISP) for assistance.

My home page