Viruses are spies! How to protect yourself from spyware? Computer spyware - what is it

Wi-Fi setup

Viruses, spies, trojans and dialers: who, why and how

I think that if today any student is asked what is lavsan, he will not tell you about the "synthetic fiber obtained by polycondensation of ethylene glycol and aromatic dibasic acid." No, his answer will be something like this: “Lovesan, aka msblast - penetrating the Microsoft Windows family operating system using a vulnerability in the Microsoft Windows DCOM RPC service.” I'm afraid to suggest what kind of associations will be with the word doom. Explicitly not only with the game of the same name.

As you can understand from the title and introduction, the conversation will now be about viruses and their ilk. Before proceeding to the answers to the questions posed in the title of the chapter, I would like to go directly to our “guests” today. Here, the answer will be given to the question of how all this gets into our computers.

The essence of the program, bearing some destructive consequences. And it doesn’t matter what they are: there can be anything from a banal replacement of file permissions and damage to its internal content to disruption of the Internet and the collapse of the operating system. Also, a virus means a program that not only carries destructive functions, but also can multiply. Here is what is said about this in one clever book: “A mandatory (necessary) property of a computer virus is the ability to create its own duplicates (not necessarily the same as the original) and embed them in computer networks and / or files, computer system areas and other executable objects. At the same time, duplicates retain the ability to spread further ”(Eugene Kaspersky,“ Computer viruses ”). Indeed, in order to survive, viruses need to multiply, and this is proved by a science such as biology. By the way, it was from those very biological viruses that the name computer came from. And they themselves fully justified their name: all viruses are simple and, nevertheless, despite the efforts of antivirus companies, whose costs are estimated in huge amounts, they live and thrive. You don’t have to go far for examples: take at least a virus like I-Worm.Mydoom.b. They have said so many times that it is impossible to open file attachments and e-mail messages from unknown persons, and messages from known ones should be treated with caution, especially if you did not agree on this. In addition, if the text of the letter contains something like the following: “Check out the cool photo of my girlfriend”, then it’s necessary to delete it right away. But if the text still makes sense in the above example, the content of the letters infected with mydoom’oM is rather strange. Judge for yourself: “The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment sendmail daemon reported: Error # 804 occured during SMTP session. Partial message has been received. The message contains Unicode characters and has been sent as a binary attachment. The message contains MIME-encoded graphics and has been sent as a binary attachment. Mail transaction failed. Partial message is available. "

Inside the letter contains a file that has 9 variants of the name of the attached file and 5 extension options. Two variations came to my box. The first is a zip file with an allegedly doc file, and the second is a simple exe’s file with an icon replaced with a notepad icon. If in the second case any user can notice the catch by looking at the resolution, then in the first case it is already more difficult to do. It is to the first case that I am inclined to attribute the greatest number of infections. What this virus does, I will not tell, because it has already been said about this many times in print publications and online resources. Using Mudom as an example, we got acquainted with the first method of spreading viruses - via email.

We will consider the following method using the example of Worm.Win32.Lovesan (also known as msblast). What is remarkable about this virus, and why did it become widespread? This individual is noteworthy in that, in principle, it does not affect the performance of the system as a whole. A computer infected by it simply cannot function normally on the Internet. After a while, the RPC error message pops up, after which the computer restarts.

Another way is through the Internet when you download files (in the desired or undesirable version). Again, I will explain with examples. An example of what is desired. You are downloading some new joke, or a program, or a game from the Web, and it is infected with a virus. After downloading the program / game / joke starts, and - voila - you are the owner of the virus. What can I say? Be vigilant, regularly update your antivirus databases, check all programs with antivirus and do not forget at least the basics of computer security. Someone may say: “Why should I, for example, check programs that could not be infected with a virus?” I would like to ask: “What kind of programs are these?” Any programs can be infected, especially if they are downloaded from stores or sites of hacker groups.

Now let's move on to junk download. I would single out two types of such loading. The first is when the user does not suspect that something is loading on his computer. This download is performed by running scripts. The second type of unwanted download is when it downloads not what you need. I will give an example. At one time, one site with cracking immediately before downloading a file suggested installing either “Free XXX bar” or “100% Internet crack”. If the user agreed to this (and I’m sure there were such, because I still remember the question of the month in “Virtual Joys” about “one hundred percent crack Internet”), then a Trojan or virus was downloaded. The difference, in principle, is small. However, this is still not the most interesting: in the case of rejection of such a tempting offer, a sign popped up with an inscription of approximately the following contents: “Site error” and the OK button or Continue, by clicking on which the Trojan was downloaded, however, without the user's knowledge. And could save from this only firewall (firewall).

Troyan - this is a program that provides unauthorized access to a computer for performing any actions at the destination without warning the owner of the computer or sends information collected to a specific address. However, she, as a rule, poses as something peaceful and extremely useful.

Some trojans are limited to sending your passwords by mail to their creator or to the person who configured this program ( e-mail trojan). However, for Internet users, the most dangerous programs that allow remote access to their machine from ( BackDoor ) Very often trojans get to the computer along with useful programs or popular utilities, disguising themselves as them.

A feature of these programs that force them to be classified as harmful is the absence of a warning about their installation and launch. When launched, the trojan installs itself in the system and then monitors it, while the user does not receive any messages about his actions. Moreover, the link to the Trojan may not be in the list of active applications or merge with them. As a result, the computer user may not be aware of his presence in the system, while the computer is open for remote control.

Quite often, the term “trojan” refers to a virus. In fact, this is far from the case. Unlike viruses, trojans are aimed at obtaining confidential information and access to certain computer resources.

There are various ways that a trojan can penetrate your system. Most often this happens when you start some useful program in which the Trojan server is embedded. At the time of the first launch, the server copies itself to a directory, prescribes itself to be launched in the system registry, and even if the host program never starts again, your system is already infected with a trojan. You can infect a machine by running an infected program. This usually happens if the programs are not downloaded from official servers, but from personal pages. Unauthorized people can also introduce the trojan if they have access to your machine by simply running it from a floppy disk.

At the moment, the following Trojans are most widely used:

1. Hidden (Remote) Administration Utilities(BackDoor - from the English "back door"), Trojan horses of this class are inherently quite powerful utilities for remote administration of computers on a network. In their functionality, they are largely reminiscent of various administration systems developed by well-known software companies. Modern utilities for hidden administration (BackDoor) are quite easy to use. They usually consist mainly of two main parts: the server (executor) and the client (server governing body). Server - it is an executable file that is embedded in your machine in a certain way, loaded into memory at the same time as Windows starts, and executes commands received from the remote client. The server is sent to the victim, and in the future, all work is done through the client on the hacker's computer, that is, commands are sent through the client, and the server executes them. Outwardly, his presence is not detected in any way. After the server part of the trojan is launched, a certain port is reserved on the user's computer, which is responsible for communication with the Internet.

After these actions, the attacker launches the client part of the program, connects to this computer through an open port online and can perform almost any action on your machine (this is limited only by the capabilities of the program used). After connecting to the server, you can manage the remote computer as if it were your own: reboot, shut down, open the CD-ROM, delete, write, change files, display messages, etc.

On some trojans, you can change the open port during operation and even set an access password for the “owner” of this trojan. There are also trojans that allow you to use a “lost” machine as a proxy server (HTTP or Socks protocols) to hide the hacker's real IP address.

2. Postage(e-mail trojan).

Trojans that allow you to “pull out” passwords and other information from your computer’s files and send them by email to the owner. This can be the provider's logins and Internet passwords, mailbox password, ICQ, IRC passwords, and others. To send an email to the owner, the trojan communicates with the site’s mail server via SMTP protocol (for example, on smtp.mail.ru). After collecting the necessary data, the trojan will check whether this data was sent. If not, the data is sent and stored in the register. If you have already sent, then the previous letter is extracted from the register and it is compared with the current one. If any changes have occurred in the information (new data has appeared), then the letter is sent, and the latest password data is recorded in the register. In a word, this type of trojans simply collects information, and the victim may not even realize that her passwords are already known to someone.

3. Keyboard(Keyloggers).

These trojans write everything that was typed on the keyboard (including passwords) to a file that is subsequently sent to a specific e-mail or viewed via FTP (File Transfer Protocol). Keylogger’bi usually take up little space and can disguise themselves as other useful programs, making them difficult to detect. Another reason for the difficulty of detecting such a trojan is that its files are called system files. Some trojans of this type can extract and decrypt passwords found in special fields for entering passwords.

Such programs require manual configuration and masking. Keylogger’bi can be used not only for hooligan purposes. For example, they are very convenient to put at your workplace or at home at the time of departure.

4. Joke programs(Joke programs).

These programs are harmless in nature. They do not cause the computer any direct harm, however, they display messages that such harm has already been done, may be caused under any conditions, or warn the user about a non-existent danger. Joke programs intimidate the user with messages about formatting the hard disk, detect viruses in uninfected files, display strange virus-like messages, etc. - it depends on the humor of the creator of such a program. Of course, there is no reason for excitement if other inexperienced users do not work at this computer, which such messages can greatly scare.

5. “Trojan horses” can also include infected files, the code of which is in a certain way corrected or changed by cryptographic method. For example, a file is encrypted with a special program and / or packed by an unknown archiver. As a result, even the latest versions of antiviruses cannot determine the presence of a trojan in the file, since the code medium is not in their antivirus database.

The methods of their penetration do not differ from the above. Therefore, we immediately proceed to consideration. Here it is necessary to make a reservation that there are quite peaceful dialers, popularly called "dialers". These programs are used to help dial-up’a users reach the provider and, if possible, maintain stable communication with them even on old or “modernized” lines. The ones that we will talk about have a different name - combat dialers. Using gaps in the operating system, and sometimes due to negligence or naivety of users (see above about “100% Internet crack”), these programs replace the provider’s phone with the telephone of a telecom operator from some exotic country. Moreover, in most cases, the old good provider telephone remains in the dialing window. Even the dialers prescribe in the scheduler the task to call at a given time. And it’s good if the user has the habit of turning off the modem or if he has an external one and screams so that his mother does not worry. And if the modem is quiet and built-in? Here I am about that. And the poor fellow learns of his grief only upon the arrival of such a telephone bill.

It's time to talk about who writes and launches all this muck on the Web. Here I will try to classify those groups of people who are engaged in this unseemly matter. It will not be said about the so-called "white" hackers. I will explain why. This variety does not pose a danger to society and rather benefits it. It is they who most often write antivirus viruses to neutralize particularly harmful individuals. Why viruses? These programs spread by the same mechanism as viruses. Why anti? Because they block or remove a certain type of virus from the computer. Their main difference from viruses is also self-destruction after completing their task and the absence of any destructive functions. An example is a similar virus that appeared on the Web some time after the recurrence of Lovesan’a. After downloading the antivirus, Lovesan was deleted, and the user was prompted to download updates for Windows. White hackers also find flaws in software and computer systems, and then report bugs to companies. Now we proceed directly to our classification.

Type one: "children of scripts." They call themselves only HaCkeR-rr, read the Hacker magazine, do not know a single programming language, and create all their “own” Trojans and viruses by downloading ready-made programs from the Web. (To avoid arrivals, I will make a reservation that the Hacker magazine, in principle, is not bad, and the material in it is presented in a rather simple form - sometimes, in truth. But in a simple form for people who already have some kind of knowledge. And they they give it wisely - they don’t tell everything to the end - so as not to get them anywhere, you have to think.) These "hackers" usually, after they send a Trojan downloaded from somewhere else, and the last one works, they immediately start yelling at the forums about their steepness, etc., etc. For which, right there, quite rightly, they receive a bunch of awkwardness at their address riyatnyh statements, because it does not matter. Since I’ve done it, then better shut up. These individuals do not represent a particular danger, because they simply do not have enough experience or (in some cases) brains for a more or less large-scale business.

Type two: "beginner". This species is a direct descendant of the first. Some of the representatives of the first type, after a certain period of time, begin to realize that they are not as cool as it seemed to them that, it turns out, there are also programming languages \u200b\u200bthat you can do something and then do not yell to the whole world about "how good I am." Some of them in the future may turn into a representative of the pro class. These people begin to learn some language, try to write something, a creative thought begins to wake up in them. And at the same time they begin to pose a certain danger to society, for who knows what a terrifying work of inexperience such a representative of the class of virus writers can compose. After all, when a professional writes the code, he nevertheless realizes that some things do not need to be done, since they can play against him. The beginner does not have such knowledge, and this is dangerous.

Type three: "pros." Develop from the second species. “Profi” are distinguished by a deep knowledge of programming languages, network security, they understand the depths of operating systems and, most importantly, they have very serious knowledge and understanding of the mechanism of operation of networks and computer systems. Moreover, “pros” not only learn about security holes from company newsletters, but they themselves find them. Often they join in hacker groups to improve the quality of their “work”. These people, mostly secretive and not greedy for fame, do not run to report this to the whole world during any successful operation, but prefer to peacefully celebrate success with friends. Of course, they represent a great danger, but since they are all knowledgeable people, they will not go for actions that can cause a global collapse of any system - for example, the Internet. Although there are exceptions (not everyone has forgotten about Slammer’a).

Type Four: Industrial Hackers. The most dangerous for society representatives of the hacker family. They can rightly be called real criminals. It is on their conscience to write most of the dialers and hack into the networks of banks, large companies and government agencies. Why and for what they do it, we will talk below. "Industrialists" do not reckon with anything or anyone, these individuals are able to do anything to achieve their goals.

Now summarize what is written.

  "Children of scripts": young, green and inexperienced. I want to show that you are the coolest of all, but only Cool Sam is cooler than you.

"Beginner": there was a craving for writing something independent. Fortunately, some of them, after trying to learn the tricks of Internet protocols and programming languages, abandon this business and go on to do something more peaceful.

  “Pros”: if the state “has realized his guilt, measure, degree, depth” suddenly arises, then a representative of this type becomes a highly qualified specialist in computer security. I would like more pros to switch to this state.

  "Industrialists": nothing sacred. People’s wisdom speaks well of these: “He will correct the hunchbacked grave.”

This is a rough division into types of representatives of the class of computer attackers. Now we turn to the question: why are they doing this.

Indeed, why are viruses, trojans, dialers and other evil spirits written? One reason is the desire for self-affirmation. It is characteristic of representatives of the first and second type. One just needs to show his friends that he is “like that, real, cool kid”, the second - first of all, to raise the level of self-esteem. The second reason is to gain experience. Typical for beginners. After writing my first masterpiece, of course, I want to test it on someone - not on myself, in fact. So a certain number of new, not always very dangerous, viruses appear on the Web.

The next reason is the spirit of competition. Have you ever heard of hacking competitions? The last thing I knew took place in the summer. The Brazilian hacker group won (it turns out that not only their football is strong). The task was as follows: who will break the most sites. But I am sure that there is competition for the most sophisticated virus and the best keylogger.

Adrenaline is another reason. Imagine: night, the light of the monitor, fingers running around the keyboard, a breach in the security system was found yesterday, today you need to try to access the system and show your fellow administrator who the boss is in the house. Following this reason is the next - romance. But what, who likes to watch the sunset, who looks at the stars, and who writes viruses. How many people, so many tastes.

The reason for this is political or social protest. For this reason, most government sites, sites of political parties, print and online publications, as well as large corporations are hacked. You don’t have to go far for examples. Immediately after the outbreak of war in Iraq, attacks were launched on US government sites by dissatisfied with Bush’s policies, as well as on the site of the Arab newspaper Al Jazeera and a number of other Arab resources from the opposite side.

And perhaps the last reason is the ubiquitous money. For their sake, industrial hackers basically work, so to speak. By hacking into bank networks, they gain access to customer accounts. What follows will not be difficult to guess. Gathering information about any Web user through spyware, they further engage in commonplace blackmail. The actions that the “industrialists” are taking can be listed for a very long time. I just want to say once again that they are the full-fledged computer criminals, and you need to treat them like criminals.

     From the book Computerra Magazine No. 726   the author    Computerra Magazine

   From the book Computerra Magazine No. 25-26 of July 12, 2005   the author    Computerra Magazine

Spies, learn the materiel! It seems that serious changes are beginning in the world. In any case, nothing like this had happened before. An Italian court issued an arrest warrant for thirteen US CIA officers on charges of kidnapping. And may this man, the imam of the Milan mosque

   From the book Computerra Magazine No. 35 of September 25, 2007   the author    Computerra Magazine

ANALYSIS: Spies in the country of Wikipedia Author: Kiwi BirdThe impressive milestone of two million articles reached by the English-speaking Wikipedia segment in September of this year is a huge and undoubted success of the global Internet community, combined by the efforts to create

   From the book Crashes and PC Errors. We treat the computer ourselves. Get started!   author Tashkov Peter

Chapter 4 Viruses, trojans, and spyware. It would probably not be a mistake to say that along with the computer, programs appeared that tried to harm it. Various viruses, Trojan horses, spyware, worms and other unpleasant software pests constantly keep

   From the book Crashes and PC Errors. We treat the computer ourselves   author Dontsov Dmitry

Blocking Trojan horses, “worms” and spyware Once upon a time, with the advent of the first viruses, the main danger was the infection of computers and office documents. In principle, this was not a big problem, because the antivirus program could cope with

   From the book Digital Journal "Computerra" No. 97   the author    Computerra Magazine

   From an Internet Book - Easy and Simple!   the author    Alexandrov Egor

Kiwino Nest: Spies in the Law Kiwi Bird Published November 29, 2011 The “Arab Spring,” a wave of popular uprisings that swept this year in the Middle East region, has one noteworthy side effect. Its essence is that

   From the Computerra book PDA N147 (11/26/2011 02/12/2011)   the author    Computerra Magazine

Viruses A virus is a harmful computer program that can multiply by creating its own copies, which, in turn, also retain the ability to reproduce (Fig. 10.1). In recent years, in connection with the rapid development of network technologies, the definition of the word "virus"

   From the book Fraud on the Internet. Methods of remote money laundering, and how to avoid becoming a victim of intruders   the author    Smooth Alexey Anatolyevich

Kivino Nest: Spies in the Law Posted by Kiwi Bird Posted on November 29, 2011An Arab Spring, a wave of popular uprisings that swept this year in the Middle East region, has one noteworthy side effect. Its essence is that Western European and

   From the book Free Online Conversations   the author    Fruzorov Sergey

Why are keyloggers dangerous? Keylogger is a program or device that constantly monitors all keystrokes on the keyboard (and, in many cases, all mouse clicks) to obtain information about all

   From the book Create a virus and antivirus   author Guliev Igor A.

Viruses and worms A virus is a common program that performs harmful, and sometimes simply destructive, actions. You ask what the virus can do? Yes, almost everything that can be done in your operating system. Let's look at it a little more in detail on

   From the book Introduction to Cryptography   the author    Zimmermann Philip

Keyloggers Keyloggers are programs that remember which keys were pressed in your absence, that is, what happened on your computer while you were not in the office. To do this, everything that is typed on the keyboard is entered by a special program in

   From the book Digital Journal "Computerra" No. 191   the author    Computerra Magazine

Viruses and Trojans The attack consists of using a specially designed computer virus or worm to infect your PGP program. This hypothetical virus can be designed to intercept the private key and password or content

   From the book Digital Journal "Computerra" No. 197   the author    Computerra Magazine

Hardware Trojans for Intel processors - the first practical implementation Andrey Vasilkov Published September 19, 2013 Eight years ago, the US Department of Defense publicly expressed concern that at a sufficient technical level

   From the book Digital Journal "Computerra" No. 204   the author    Computerra Magazine

Trojans in Chinese irons: why customs doesn’t give the go-ahead Andrei Vasilkov Published October 28, 2013 Last weekend a message appeared on the Vesti.Ru website about how Russian customs officers discovered a spy stuffing in a shipment of irons from China.

   From the author’s book

Trojans with copyright claims: how to avoid hidden bitcoin miners Andrei Vasilkov Published December 20, 2013 In literary works, criminals are evil geniuses who challenge intellectual justice and better minds

To detect signs of malware espionage, listen to your personal feelings. If it seems to you that the computer began to work much slower or the Internet connection is not as fast as it should be, here are the first symptoms that need further clarification.

By the way, not every antivirus reliably recognizes the danger. You will find an overview of the best systems in the table below. They will have to pay for them from 800 to 1800 rubles, but they will protect you relatively well from attacks. At the same time, you should not be afraid of a drop in performance due to the use of antivirus. Modern versions practically do not affect the speed of the computer.

Cybercriminals spread 100 new viruses per hour. The desktop computer is the main goal of spyware. Pests can only be detected with the right choice of utilities. Only a few programs will protect your computer from spyware. Below are the market leaders.

price, rub. (OK.) Overall rating Recognition False
  anxiety 		Performance
1 Kaspersky Internet Security for all devices 1800 99,9 99,7 100 100
2 BitDefender Internet Security 1600 97,5 100 96,3 93,6
3 Symantec Norton Security Standard 1300 96,9 98,1 96,7 94,7
4 Trend Micro Internet Security 800 94,3 90,8 98 97,5
5 F-Secure SAFE 1800 83,6 84,5 82,5 83

Use multiple scanners in parallel

Spyware is either entrenched in the system under the guise of a service, or in separate programs. Some particularly deeply rooted viruses can hide even from modern protective tools. In recent years, information security experts have constantly discovered vulnerabilities in antivirus systems: only recently has an expert Tavis Ormandiworking in the department Project zero   Google Inc., has opened up deep gaps in Symantec products.

In particular, he took advantage of the fact that Symantec has the right to unpack code inside the Windows kernel. Using the buffer overflow method, the engineer was able to execute malicious code with kernel rights and thereby bypass anti-virus protection - and this is just one example.

Therefore, it is very important to check with several utilities. For additional security, use the program Farbar recovery scan tool   , which saves the logs of running services.

Run the utility and click “Scan”. At the end of the process, in the program folder you will find a magazine called "frst.txt". Open this file and go to the Services section. Look here for names that indicate spyware, such as SpyHunter. If you are not sure about any of them, check out Google search.

If you find intruders, run the program SpyBot Search & Destroy   and scan the system. After that, run again Farbar tool. If as a result you ceased to see a suspicious service - the virus is deleted. In the event that SpyBot does not detect anything, use a scanner from Malwarebytes   or ESET Online Scanner.

Protection Instructions

Scan your PC with Farbar (1). This utility will display all active services in the log. If nothing suspicious was found, go through the system using ESET Online Scanner (2). The most insidious viruses can only be removed with the Rescue Disk solution from Kaspersky Lab (3).

Special programs for emergency care

Even when conducting various checks, it is worth considering that there are especially insidious viruses, for example, rootkits that hide so deep in the system that scanning by Farbar and other programs is not able to detect them.

Therefore, in the end, always check the system with a tool Kaspersky Rescue Disk   . It is a Linux system that runs separately from Windows and scans a PC based on modern virus signatures. Thanks to him, you will expose even the most intricate malware and clean your computer from spyware.

To block sniffing programs in the future, you must use the latest version of the antivirus and install all key system updates. To ensure that offers from third-party developers that are not automatically updated are always in the freshest state, refer to the comprehensive anti-virus package Kaspersky Internet Security   (A license for two devices costs 1800 rubles). He will provide anti-spyware protection.

A photo:   manufacturing companies

Virus classification

Currently, there is no single system for the classification and naming of viruses (although an attempt was made to create a standard at the CARO meeting in 1991). It is customary to share viruses:

· On affected objects (file viruses, boot viruses, scenario viruses, macro viruses, viruses that infect the source code):

· For affected operating systems and platforms (DOS, Windows, Unix, Linux, Android);

· By technologies used by the virus (polymorphic viruses, stealth viruses, rootkits);

· By the language in which the virus is written (assembler, high-level programming language, script language, etc.);

· For additional malicious functionality (backdoors, keyloggers, spies, botnets, etc.).

In most detail we will consider spyware viruses.

Spy Viruses

Spyware (spyware, spyware) - a program that is covertly installed on a computer in order to collect information about the configuration of the computer, user, user activity without the consent of the latter. Other actions can also be performed: changing settings, installing programs without the knowledge of the user, redirecting user actions

Spyware can carry out a wide range of tasks, for example:

· Collect information about Internet usage habits and the most frequently visited sites (tracking program);

· Memorize keystrokes on the keyboard (keyloggers) and record screenshots of the screen (screen scraper) and subsequently send information to the creator of spyware;

· Unauthorized and remote control of a computer (remote control software) - backdoors, botnets, droneware;

· Install additional programs on the user's computer;

· Used for unauthorized analysis of security systems (security analysis software) - port and vulnerability scanners and password crackers;

· Change the parameters of the operating system (system modifying software) - rootkits, control hooks (hijackers), etc. - resulting in a decrease in Internet connection speed or loss of connection as such, opening other home pages or removing certain programs;

· Redirect browser activity, which entails visiting websites blindly with the risk of virus infection.

1.3.1 Types of Spyware Viruses

By   Kind of activity, Spy Viruses can be divided into three groups:

First group

The virus constantly monitors user actions. When making purchases over the Internet, the spy will receive credit card information and pass it on to interested parties. You may not notice this until an unauthorized debit of funds from your account occurs.

Second group

Third group

The virus receives information about your email inboxes. This poses a multitude of problems, the smallest of which is an avalanche of spam, junk and advertising emails that hit you.

There is also a specific mechanism for the spread of the virus.

1.3.2 Propagation mechanism

Viruses   they spread by copying their body and ensuring its subsequent execution: introducing themselves into the executable code of other programs, replacing other programs with themselves, registering in autorun, and more. The virus or its carrier can be not only programs containing machine code, but also any information containing automatically executed commands - for example, batch files and Microsoft Word and Excel documents containing macros. In addition, to infiltrate a computer, a virus can exploit vulnerabilities in popular software (for example, Adobe Flash, Internet Explorer, Outlook), for which distributors embed it in ordinary data (pictures, texts, etc.) along with an exploit that uses vulnerability.

· Floppy disks. The most common infection channel in the 1980-1990s. Now it’s practically absent due to the emergence of more common and effective channels and the lack of floppy drives on many modern computers.

· Flash drives (flash drives). Currently, USB sticks replace floppy disks and repeat their fate - a large number of viruses spread through removable drives, including digital cameras, digital video cameras, portable digital players, and since the 2000s, mobile phones, especially smartphones, have played an increasing role mobile viruses). The use of this channel was previously mainly due to the possibility of creating a special file autorun.inf on the drive, in which you can specify the program that Windows Explorer launches when such a drive is opened. In Windows 7, the ability to autorun files from portable media has been disabled.

· Email. Usually viruses in e-mails are disguised as harmless attachments: pictures, documents, music, links to sites. Some letters can really contain only links, that is, the letters themselves may not contain malicious code, but if you open such a link, you can get to a specially created website containing virus code. Many mail viruses, once on the user's computer, then use the address book from installed mail clients such as Outlook to send themselves further.

· Instant messaging systems. Distribution of links to allegedly photos, music or programs that are actually viruses, via ICQ and other instant messaging programs, is also common here.

· Web pages. It is also possible infection through Internet pages due to the presence on the World Wide Web pages of various "active" content: scripts, ActiveX-component. In this case, vulnerabilities are used in the software installed on the user's computer, or vulnerabilities in the software of the site owner (which is more dangerous, since good sites with a large flow of visitors are infected), and unsuspecting users who visit such a site run the risk of infecting their computer .

· Internet and local area networks (worms). Worms are a type of virus that infect a victim computer without user intervention. Worms use so-called “holes” (vulnerabilities) in operating system software to infiltrate a computer. Vulnerabilities are errors and flaws in the software that allow you to remotely download and execute machine code, as a result of which the worm virus enters the operating system and, as a rule, initiates actions to infect other computers via the local network or the Internet. Attackers use infected computers of users to send spam or for DDoS attacks.

In fact cure viruses, it’s not a very difficult operation to pay specialists a lot of money for this work. You can protect your computer from viruses, or in case of infection, return the computer to a “healthy” state by removing malware, you can do it yourself by choosing a good antivirus program and following some rules. Take at least two of the most important: The first is to regularly update the anti-virus database. The second is to scan the computer once a month for viruses.

So, with this I think it’s clear that the removal of malware is carried out using antiviruses. They are paid and free, about free ways I told in the following article:

And now about what is a malware or a virus in another way?

Computer virus or malware   - This is a program whose main purpose is: harming the computer, damage to user data, theft or deletion of personal information, deterioration of the computer and much more.

To date malware   can be attributed to several types according to their effect on the computer.

  • Classic viruses.
  • Trojan programs.
  • Spies.
  • Rootkits.
  • Adware.

Consider each type of malware in more detail.

Classic viruses   - These are malicious programs that can infect a computer, for example, via the Internet. And the essence of such viruses is self-propagation. Such viruses copy themselves, copy files and folders that are on the infected computer. They do this in order to infect the data, so that in the future their recovery was impossible. This virus tries to damage all the data on the computer, entering its code into all files starting from the system files and ending with the user's personal data. Most often, salvation, on such an infected computer, is.

Trojan Is a serious type of virus. Trojans are written by cybercriminals for a specific purpose, for example, stealing information from computers, or “stealing” passwords and so on.

The trojan is divided into two parts. The first part, called the Server, is stored by the attacker, and the second - the Client part, is distributed across all possible corners of the Internet and in other places. If the client part of the malicious program enters the computer, then this PC becomes infected and the Trojan starts disguised to send various information to the attacker on his server.

Also, a trojan can perform various operations on a computer at the request of a server (an attacker), steal passwords, and infect documents and files with malicious code.

Spies, something similar to trojans. But they have a main difference and it consists in the fact that spies do not harm the files of the system and the user. Spywarequietly settle on the computer and spy. They can steal passwords or even save absolutely everything that you enter from the keyboard.

Spyware is the most intelligent type of virus and can even send files from an infected computer. A spy knows a lot of information about an infected PC: which system is installed, which antivirus you use, which browser you use on the Internet, which programs are installed on your computer, and so on. Spyware is one of the most dangerous malware.

Rootkits   - these are not viruses per se. But rootkits are programs whose purpose is to hide the existence of other viruses on the computer. For example, a computer was infected with a spy virus at the same time as a rootkit. And the rootkit will try to hide the spy from your antivirus and operating system. Accordingly, the presence of rootkits on a computer is no less dangerous, since they can work quite well and for a long time hide from the eyes of our antivirus a bunch of viruses (spies, trojans)!

Adware   - This is another type of malware. This is a less dangerous program, and its essence is to twist the ads on your computer in various ways in various places. Adware does not do any harm and does not infect, does not spoil files. But you also need to protect yourself from this type of virus.

These are the types malware   exist. To protect your computer from viruses, we need a good antivirus. I told about that in another article, and now we continue the topic of describing viruses and protection schemes for my computer.

Previously, viruses did not have a specific goal, they were written for interest, and the developer did not set a specific goal. Now viruses are the most complex algorithms, the essence of which is most often in the theft of money and data. Trojans, most often, are designed only to steal passwords and other important data.

By the way, whether your computer was attacked by viruses can be distinguished by some signs:

  • Programs work incorrectly or completely stop working.
  • The computer began to slow down, to work slowly.
  • Some files go bad, refuse to open.

Very often, such symptoms may become a sign of computer virusesbut fortunately not always.

It should be noted that most often one specific virus can infect various types of files. Therefore, even after curing the computer from a strong attack by viruses, formatting partitions will be most correct.

As I said above, antivirus programs will help you protect yourself from viruses. To date, anti-virus programs have functions that are enough to reflect almost all the malicious programs that are distributed on the Internet. But for maximum virus protection   An important role is played by a properly selected and configured anti-virus program for full “combat” performance. I recommend you read the article on. But if you do not have time, then right here I will name you the best antivirus programs. Today, it is:

  • Kaspersky
  • Avast
  • Dr.Web
  • NOD32

I think there is something to choose from.

Good luck and excellent protection against viruses.

Viruses are spies!

Spyware is the scourge of this century. Many millions of computers in the world are infected with these spyware malware, and many do not notice it.

Spies not only harm the security of your information, but also significantly reduce the speed of your computer. When you download one of the spy software packages, this program is automatically installed on your computer, regardless of your desire. Sometimes, during installation, the spy asks you to install the sponsor software. When installing a spyware program, it seeks to install itself in the system registry of your computer and is located in it until you completely remove it from there.

A spy, devouring the potential of a computer, reduces the efficiency of the central processor and memory. As a result of this, your PC slows down or even completely stops responding. The spy will not disappear on its own, but will only cause an ever greater delay, because Spyware will continue to collect information from your computer. There are three main ways to destroy your system with spyware:

1. There are spies who constantly monitor all your purchases. If you use your credit card, you may end up missing your finances, the spy program will find out the number of your credit card, and will make it possible to use it for purchases by other people. You may not find out about this until you find a shortage of money.

2. Hackers (those behind the scenes) will be able to access your computer and information about it. They will be able to find out which keys you use in real time, penetrate your computer, change browser settings, install their programs without your consent. In addition, spies can also collect information about email addresses, passwords and even credit card numbers. But this problem can be solved, but just look through and carefully study all the available programs for removing spyware, reviews for them, because some of them can do more harm than good.

3. Spyware can find information about your email addresses. If this happens, then you will encounter a lot of problems, one of which, you just fill up with advertising letters.

Even if you are a simple user, there are several ways you can easily do to quickly and reliably increase the speed of your computer. The first and most affordable method you should definitely do is defragment your disks. "Defragmentation wizard" on your computer will help to carry it out. You might want to do this quickly, however, it can take a long time. The process should not be interrupted. With regular work, the next test will take less time.

The second way is to install and use a good program to destroy spyware. For example, Spyware Doctor understands them well.

Then it is possible to programmatically reduce the period of saving visited pages in browsers, if you do not need it from one month, as default, to 1-2 days or to delete them immediately after leaving the page of the site.

When you deactivate your desktop, the load on RAM will become less. And you won’t feel the difference in design and work.

Make sure you have a good antivirus program, use it constantly. If you remove viruses and prevent their spread, then you noticeably speed up your computer.

Once you follow these simple rules, you will be amazed at how much faster your computer started and how much disk space is freed up.

Do you like the article? Share with friends:
You may also be interested.