Viruses and other infections
 

Overview of Malicious Software

Malware, or malicious software, is any type of programming intended to cause harm. Viruses, worms, spyware, and Trojan horses are the most common examples of malware. Among other things, a malware infection can: corrupt files, alter or delete data, distribute confidential data, disable hardware, deny legitimate user access, and cause a hard drive to crash. Frequently, malware is also designed to send itself from your e-mail account to all the friends and colleagues in your address book. The results of malware infection include wasted resources, compromised systems, lack of regulatory compliance, lost or stolen data, and the loss of user and client confidence.

 

Common types of malware:

  • Viruses self-replicate within computers and across networks and alter files or data. They usually require some action on the user's part to start, most often just clicking an executable file attachment on an e-mail (although embedded programming in an e-mail message can execute a virus program). Typically, people think that the file came to them from a trusted source or is something they want to see.

  • Worms are a virus variant that can infect a computer without any user interaction. A worm doesn't alter files, but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

  • Trojans are malicious coding hidden in within innocuous programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. A Trojan horse may be widely redistributed along with a virus.

  • Spyware is programming that is put into your computer to secretly gather information and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program. Although not malicious in intent, spyware is often installed without your consent and even without your knowledge, as a drive-by download or as the result of clicking some option in a deceptive pop-up window. By the same token, adware, which usually includes spyware components, can also be considered malware.

  • Adware, are files made by publishers that allow them to snoop on your browsing activity, see what you purchase and send you 'pop-up' ads.  They can slow down your PC, cause it to crash, record your credit card numbers and worse.  If you're like most Internet users, chances are you're probably infected with these files.  Simply surfing the Internet, reading email, downloading music or other files can infect your PC without you knowing it.

  • Browser hijackers are programs that alter your computer's browser settings so that you are redirected to Web sites you had no intention of visiting. Most browser hijackers alter default home pages and search pages to those of their customers, who pay for that service because of the traffic it generates. More virulent versions often: add bookmarks for pornographic Web sites to the users own bookmark collection; generate pornographic pop-up windows faster than the user can click them shut; and redirect users to pornographic sites when they inadvertently mistype a URL or enter a URL without the www. preface. Poorly coded browser hijackers -  which, unsurprisingly, are common - may also slow your computer down and cause browser crashes.

Although each type of malware has defining characteristics, the distinctions between them are becoming blurred because blended threats are becoming increasingly common. Blended threats combine characteristics of more than one type of malware to maximize the damage they cause and the speed of contagion

How malware is distributed?
 Typically, malware is distributed in one of three methods: by e-mail, either through a virus-laden attachment or code embedded in the message body; in an infected application; or through infected code on a Web site. Originally, removable media - typically a floppy diskette - was the vehicle most malware took to get to your computer, but now the vast majority of malware is distributed electronically. According to various reports, the percentage of viruses currently transmitted by e-mail is from 87-93%. Some frightening Statistics.

A new worrying trend in malware attacks comes in the form of Backdoor Trojan horses on instant messaging packages that allow sharing and access of files etc for example AOL messenger, Msn messenger and Yahoo messenger. People using these facilities are advised to be aware of the need for an extensive firewall, and not to allow access to anything they are requested for through the messenger service.

   

ECCP resources to protect against Malicious Attacks

 

We have put in place several security measures to protect ourselves against malicious attacks and Software. As follows,

 

  • Voluntary code of Practice This is a set of rules defining the rules of the ECCP network, including the rules governing the download of programs, and the sharing of files.

  • Protocol restrictions. The systems are setup so that file and printer sharing is not available on the TCP/IP protocol, only on NETBEUI, which is not routable. Additionally, the local TCP/IP network is the restricted network address 192.168.0.x, which is not available for direct addressing on the web. The router, which does have a real address, runs its own firewall to prevent many attacks.

  • Virus scanner. All machines have Norton Anti virus protection installed. This protection consists of an online Guard which will check any file you open for known Viruses, whether it be on local transportable media such as Diskette or CD, or on a website. Additionally, an email guard will check any email and attachments you receive. Any problems found you will be warned and the file will be quarantined if required. The list of virus's are automatically updated each time you logon. Virus scanners only check files and emails for viruses. They do not prevent other attacks. Additionally, many files, such as text files, and macros in documents may slit through the net as there is no direct executable to indicate a virus. Similarly, it will not prevent you downloading a piece of malicious software that is not a virus. You make that choice.

  • Ad-aware. This software is available on all machines to check for Adware and spyware attacks. Many of these attacks will be direct to the registry or in the form of *.cls or cookie files. We do not have the full version of Adware so we have no automatic guard running. Our copy of this software can only be used to remove attacks that have already taken place.

  • Firewall.  Each machine runs a firewall called Zonealarm. This will inform you of any non-HTTP access you attempt either from your machine or to your machine. You will then be given an option to allow or deny the access attempt.