Common misconceptions with malware

Andy Hamilton
4 min readMay 21, 2013

--

Recently I was fixing a friends computer and he insisted that it was just going slow because he had crammed as much as he possibly could on to it in such a short space of time. “But I have a virus protection, it can’t be a virus!” he said frantically to me as I pointed out that it may be infected. Sadly, viruses aren't so black and white in this day and age. Maybe back in 2002, slapping a copy of McAfee on your brand new windows XP computer would suffice but things are a whole lot different in today’s malware market.

I've experienced this both first and second hand. About 3 years ago I joined a rather large ‘hacking’ community. Not because I had an inherent interest in malware or illegal hacking, but because I saw it as an opportunity to gain knowledge on securing my own sites & systems and to learn more about what goes on behind the curtain.

During this period of time, I've spoken to quite a few members of the public such as relatives and friends and have found some common myths about computer viruses.

It’s fine, I have McAfee!

The first one, is that you are completely safe with virus protection software. The truth however, is a bit more complicated. Think of virus protection as having a single lock on your door. It will deter a few people, but the majority of them will just barge their way in anyway.

The people making the malware are very clued up to the fact that most of the users they are targeting have something like Avast installed. That’s where a tool nicknamed a ‘crypter’ comes in. It takes a virus that would be picked up by one of these programs and then encodes the source code to make it FUD (fully undetectable) to just about every piece of virus protection software out there for the next few weeks. After a that time period companies like Avast begin to see signs of these ‘undetectable’ viruses and add them to the database so that they will be detected in future. By that time, the hackers have stripped everything they need from your computer and vanished into the sunset.

These tools that perform the cryptography on the malware sound ‘complex’ and like something that only the most seasoned hacker would use don’t they? Well they aren't. The cost of encrypting a virus amounts to about $1-5. That’s not a lot of money at all when you factor in potential profits in the $10k+ region.

It’s okay, I’ll just clean my computer

The second myth, is that malware is there to ‘troll’ you and simply mess up your computer. The majority of malware I've seen isn't intended to destroy the computer in anyway shape or form. In fact, it’s (again) quite the opposite. They are made to sit there in silence and observe. In some cases, the hackers will speed up the computers and run tools to make everything smoother so the end user won’t ever suspect anything fishy and take their computer to the repair man.

The tools used in these cases are called ‘RATs’ (‘Remote Administration Tools’) that will sit as a background process on the computer until they receive a command from the server the virus is reporting to. A hacker can take complete control of the infected PC and perform tasks such as controlling your desktop, looking at what you are doing on screen, watching your webcam and snooping through your emails.

As well as gaining control of your computer, they also send constant logs of everything you have typed (read: your passwords) and sell those in bulk on the black market.

They make no money

This is the biggest understatement of them all. The major motivation for creating a computer virus, as with anything else, is money. The servers controlling these computers are called ‘botnets’ and they can often have upwards of 100,000 infected computers silently connecting waiting for commands at any one time.

There are a number of different ways they make money from these networks of ‘zombies.’ As mentioned before, a massive chunk of that is selling lists of farmed passwords on that will then be used in any number of different ways by the buyer. Another way is to send the infected computers popups containing adverts or websites and then make money through PPC or something similar.The scariest way I came across was to just sell the bots themselves onwards to another botnet. Why is that scary? Well it means that Joe Bloggs with ill intentions can go to a public forum and purchase one of these networks containing 100,000 connections for just $50.00.

Conclusion

Does this mean I should just uninstall my virus protection? Well no, not at all in fact. It just means that you shouldn't always rely on it as a safety net. If you browse the web with extensions like noscript and are very wary of what you download and/or view on the internet, you will be safe. Just never assume you are protected because there’s a pretty huge chance that you are not.

--

--