Unseen attacks on your PC, what you should know and how your firewall can help!

When it comes to internet security many people have little knowledge of the difference between different terms and their meaning (i.e. Virus, Spy ware, Ad ware, Dialer etc.). All these terms can be given one collective term: ‘malware’. Below is what each of these terms actually mean:

Virus
A virus is a piece of software that attempts to replicate itself and spread by attaching itself to files. Its severity ranges from displaying messages, deleting files, changing files or (rarely) corrupting your hard drive. A virus cannot spread without user interaction.

Viruses often attach to executable files (.exe files) so that when the file is opened so is the virus which can do whatever it was designed to do.

Spy ware / Ad ware

Spy ware may come in different forms, but is any program that monitors what a user does such as logging all their keystrokes, what websites they go on and often reporting this back to the person who wrote the program.

Ad ware on the other hand displays a number of pop up ads. It may work similar to spy ware by watching what a user views on the web then displaying pop-ups based on this.

Dialer

A dialer is a program that only affects those on a dial up connection. It is a piece of software that redirects to premium online numbers and causing the users’ phone bill to increase dramatically. They are often downloaded from certain illicit sites.
Anyone, on a broadband connection would no be affected as these do not connect to a telephone line to connect to the internet, but have their own dedicated line.

Keyloggers

These often come under the term spy ware. They monitor every key stroke a user makes and then reports it back to the person who wrote the software. This can then be used to identify websites a user may have visited and find out the users password and username. This often used for online banking sites.

Trojan Horse

A Trojan horse is a program that attempts to pass itself off as a legitimate program. Unlike a virus it cannot replicate itself. In some cases a Trojan may attempt to pass itself off as a virus checker, but actually introduces viruses onto the system.

Bot / Botnet

A bot is a computer that has software running on it that allows a remote computer to control it, often installed by someone hacking the computer or by the user installing it themselves via other software.

Bots are often used to send spam and hack other computers which makes it appear that the attack comes from this computer rather than the remote computer that is controlling it making it more difficult to trace.

If there is a large collection of compromised computers linked together this is reffered to as a botnet.

Rootkit

A rootkit is a program that buries itself deep into the system, and is often extremely hard to remove. It starts up every time your system does and is usually loaded as a base part of the operating system, before the user interface making it more difficult to detect. A rootkit may install other software, new processes and perform other tasks anonymously.

Logic bomb / Time bomb

Often used against a business. These may be a piece of software set to activate at a certain time or when something happens. It may trigger if an employer was to be fired, when this was added onto the computer system the software detects this then activates itself to do whatever it was programmed to do.

Worms

A worm is a program that attempts to replicate over a computer network. This may be through emails or internet etc. It may perform malicious tasks such as crashing a computer, etc.

How would Comodo Personal Firewall (CPF) protect me?

In all of these instances CPF would detect and display an alert indicating any programs attempting to connect to the internet and display an alert. As a user you would then be able to see that an unknown program was attempting to perform the action and could then block it and then follow any necessary removal procedures, etc.

Also, CPF can detect any changes so if a virus decided to attach itself to the file iexplore.exe CPF would detect the change when you launched internet explorer and display an alert. It is the advanced methods CPF uses like this that would alert a user to any infection such as this.

---

Thanks for reading the article, I hope you found it useful. Please feel free to come and join the forums and comment or join in with other discussions here. The more the merrier. ;)

Hi
I am a bit concerned as while looking on my computer a box came up claiming that i had over 600 pornagraphic and sensitive files on my system that will harm it and it said that i could clean them up by using DriveCleaner free…what should i do? ??? ???

Was that just a pop up window in your browser?

I suspect this is just a pop-up trying to get you to download DriveCleaner. You most likely do not have the files stated on your PC. The best free cleaner I have found is CCleaner - you can find it by doing a google search. This will clean up temporary files etc. I would also download and install Spybot which is great for finding and removing adware and spyware and also has features that can protect your pc. As well as these two programs if you use the latest Comodo Firewall version and a good antivirus (such as the latest CAVS 2 beta) you should be well protected without requiring a lot of knowledge about security.
As well as the above advice I would recommend you check your internet browser to ensure it is blocking pop-ups (I think Firefox is the best browser though IE7 is not bad).

Above all, don’t be tempted by pop ups such as the one you got trying to sell you something. Unless you asked for your computer to be scanned in some way or request something on a website you should not get pop-ups like this - they are best ignored and your security checked or improved as above.
:SMLR

Just to follow up about Drive Cleaner - the following is a description of Drive Cleaner from Symantec (Norton):

“DriveCleaner is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks.”

I suggest you ignore prompts to download Drive Cleaner and remove the software if you have installed it.

:SMLR

You should also scan you system with the antispyware software.

DriveCleaner (as stated by others here) tries to scam you into downloading and paying for the full version of the product. It sounds like you may have downloaded it on your computer.

Check if DriveCleaner is installed under add/remove and attempt to remove it via this, and then run full scans from antispyware and antivirus programs, as mentioned earlier.

Mike

If that box that came up was a gray box in the middle of the screen, that is a common result of having “garbage” on your computer; various forms of malware, that are using Windows messaging services to give those popups. Using a good antispyware program can help clean out that junk and keep it off. I’d also recommend you do a full virus scan (you can even use online scanners, such as TrendMicro’s Housecall, Panda, or VirusTotal) just to make sure you don’t have any backdoor programs (which are a common cause of those annoying popups).

LM

I would NOT give Panda my REAL email address, the last time i did that their marketing scheme says that you get customers in any way possible. I ended up with lots of spam from them. Be CAREFUL…

Lucky i got rid of that email address.

Make a hotmail/gmail/yahoo accounts and dictate it as a “spam” account to sign up to dodgy services such as the Panda scan and others.

Panda had my email address for a few years before deciding to spam everyone because their sales dropped, hence they took a level of action that their marketing scheme dictates.

:)Hi ya everyone

Thankyou to Rotty,Little Mac,mike6688,Bubu74,Anderow and user4 who replied to me regarding the drivecleaner…i will be erasing it. And yes user4 it was a pop up i think maybe because i had just installed a program so i could include smileys in my emails!! (:KWL)Oh dear!
Thanks again for taking the time to respond…it is very much appreciated. xxxxx

Hi,

Often downloading smileys, screensavers, etc can be risky as they often contain spyware / adware. Some types of malware you may be wiling to put up with; such as a few popups advertising something, but others can be a nightmare. Before downloading from anywhere, try testing the site with something like McAfee SiteAdvisor This tests sites for spyware, etc. You may also do a search using Scandoo which scans sites in real time for viruses, scams, etc.

Mike

Hi Mike

Thankyou for taking the time to respond.Yes i will be doing what you have suggested.it all started when i downloaded this program i think i should delete it as i dont want my computer crashing! As you might have guessed i am very new to computers and not had this one long. Luckily a friend can advise me (but he is very busy) and of course you lovely people. Thanks again x

Chrissey

Hi Chrissey,

You are more than welcome. I and others here are always more than happy to help you in any way we can - just ask.
And don’t worry, we were all new to computers and the internet at one point.

Mike

I never see all those scam-pop-ups and I don’t get spy-ware on my system.
3 simple steps :
1: Disable the “windows messenger” service ( no, it hasn’t got anything to
do with MSN, that will still work)
2: use FireFox with “No-script” and “AdBlockPlus” extensions instead of Internet Exploiter .
3: NEVER ever say “yes” to a pop-up from a website that wants to install anything .
You don’t need it and those pop-ups are virtually always some kind of scam.
Trustworthy sites do not pop up “warnings” or try to install software on your system
by using scare-tactics .