Protection For Your PC - Part 3

 Almost 2 years ago I wrote the first article called Protection For Your PC.  and the second  Protection For Your PC - Part 2  almost 6 months ago.  All of that information, though 6 months and 2 years old respectively, applies today. However, in the past 2 years since I wrote the first article, the nasties have become nastier, the ID theft more rampant, and the scumware writers more adept at creating Spyware, Malware and other Scumware that is harder to detect and more invasive into your private life.

Though gains have been made against this evil that has entered our lives with the computer age, there are still plenty of scumware writers out there producing junk to make your life miserable. The scumware writers took a hit when Microsoft introduced Vista last year, but they are rapidly trying to get back their hold on the Internet and more needs to be done to stop them. 

An evil that was in its infancy a little over 2 years ago, has now been perfected by the scumware writers to be a large part of the Malware on the internet.  Rootkits are what I am talking about here, as well as RATs (I know everyone uses acronyms these days but I will explain what they mean.):

 
A Rootkit is computer code designed to hide other computer code (usually malicious) inside it. If you have a rootkit on your system, it will load before Windows loads in the boot-up sequence, preventing Windows from ‘seeing’ it so that it will not appear in the File Manager or be under the control of your Windows OS.  The rootkit then can operate independently of Windows even taking control of Windows.   Rootkits have been used for non-malicious purposes for quite some time, but in this day and age they are used almost exclusively by the scumware writers to make your life miserable. 

As I said above,inside a Rootkit  is malicious computer code which could be anything: adware, spyware, or a program designed to irritate you with pop-ups, and though it is not good for you, they are less malicious than the inner code that is so destructive these days: RATs (Remote Access Trojans).  

RATs (Remote Access Trojans), are also called ‘backdoor trojans’ because they  open a 'backdoor' on your system. Once open, all of your private information flows through this backdoor out to the internet without leaving a trace on your PC.  The author of the RAT receives your personal identifying information, usually including financial details, credit cards number(s), bank account(s), passwords, and all other sensitive information on your hard drive. When they get this, they then have the ability to impersonate you, use your credit card(s), empty your bank account(s) and even commit future crimes IN YOUR NAME while using your identity.  This is a very lucrative business for them because they can also sell your personal information on the Black Market getting large sums of money for the information.

You ask “How does a Rootkit or RAT get into my computer?”.  The answer is “easily”.  They can be downloaded as part of a software package or in an email, they can be a result of an attack by a trojan, or by you clicking on a link or an innocuous banner or advertisement on an infected web page and lastly by a Drive-By download.  A drive-by download occurs when you innocently visit an infected website and the website automatically downloads some computer code to your PC. This is all done silently, without you knowing any of it has occurred.  You find out only when you receive the bills from your credit card company or check your bank account to find nothing there.

By now you are either afraid of  Rootkits and RATs, or you are doubting that this will happen to you.  You should take the high road and be afraid rather than taking the position that it won’t happen to you. Many people who doubted their vulnerability to this form of Malware, are now trying to put their lives back together after losing everything. Yes EVERYTHING!  A criminal who dropped a RAT on their PC through one form or another, has maxed-out their credit cards, emptied their bank accounts, cashed in their retirement funds, sold their house, car(s) and other assets, as well as impersonated them anywhere the criminal could possibly get money in the victim’(s) name, leaving the innocent victim penniless and living a NIGHTMARE.

Now that I have your attention, there are some easy ways for you to practice safe computing.  These methods are never 100% effective, but they definitely lower your risk of infection, significantly. You are the only person who can prevent this happening, because you are the one who can take the necessary precautions. The first line of defense is the easy part. 

 
For your computer:

1.     Keep all of your software up-to-date including Windows, Office and all your         third party programs.

·        Download and install all the patches as soon as you are notified of them.

·        If there is a new version of a software program that you have on your PC,         download and install it, immediately.

·        If you hear of a work-around for a vulnerability that has not been patched         yet from a reputable source, use it.

2.     set your Antivirus software to update automatically either continuously or daily.     If you do that, you will find that when there is an update you will get it when it     is released.

3.     obtain an AntiSpyware program that you can run at least once a week to             check for any malware on your system.

·         Keep the AntiSpyware program up-to-date as often as your AV program.

4.    Make sure you have a Firewall

·         if possible have a bi-directional Firewall so that it will notify you if there is a file or program on your PC attempting to contact the internet. Many programs like web browsers and email have to contact the internet to function, but it is the other programs that you need to watch.

·          set the updates for your Firewall the same as your AV software, so if  an update is released you can download and install it immediately.

5.     If you use XP, make sure it is SP2.

·         Upgrade to Sp2 as necessary and keep it up-to-date.

6.     Upgrade IE 6.0 to IE 7 for better security.

·         Download and install all updates for IE 7

7.     In both Windows XP and Vista you can use a  hosts file to protect your computer. The hosts file prevents your computer from connecting to any of the bad sites that are listed in it. Please see the instructions for both  XP and Vista here  

For Email:

1.     Use the most updated copy of your Email program.

2.     If a new version of your email program is released, download and install it as soon as you hear about it.

3.     Use a spam filter in your email program but **make sure you check the spam folder for email that you want that has been marked spam in error.**

4.     Hover your mouse over the links in any email and check the URL in the status bar of your email client. You will often be able to determine if the link is legit in this way.

5.     Don’t click links in the emails you receive, even if the email is from someone you know they will often redirect you to a bad site. Phishing emails are often sent from someone in your address book because they have been previously infected with the scumware.

6.     Watch for phishing emails from places that you deal with such as eBay or PayPal. If you check in your account messages at that particular website eg My Summary/Messages at eBay you will find a copy of the email, if it is legit.

For Safe Surfing:

1.     Do not click on banners, advertisements or links on a webpage unless you know where the link is going to.

2.     Hover your mouse over any link, banner or advertisement and look at the URL that will appear in the status bar of your browser to make sure the link is taking you to a safe website.

3.     Even if a website is supposed to be safe, it may have been infected with scumware and links to the bad sites embedded in the pages. Be aware of this so that you will notice anything that is abnormal.

4.     Surf with caution, anything that seems odd probably is. Avoid ignoring your ‘gut feelings’ about something on the internet, if you think it might be bad, then don’t go there.

5.  There are many more things you can do to keep yourself safe while surfing but they are for another article.

Not every infection is a Rootkit or RAT, and not all will require a format, there are many out there that don’t.  If you think your PC is infected, the first thing you need to do is get help!  There are a number of forums staffed with trained volunteers that are there to help you identify what has caused your infection and help you clean your computer.  Unfortunately, these forums can be very busy and often are backed up with other victims.  It sometimes takes time before you receive the help you need, but bear in mind, the staff are volunteers and you will get their undivided attention, when they get to your problem.  A list of these forums is located here. 

Please follow the instructions you find at each forum, as not all are the same.  Then post what the forum has asked for, your problem, and any helpful information you can think of. Then sit back and wait for a staff member to help you.  In my experience, those that tried to clean their own PC without help, ended up spending far more time than they would have if they had waited for help. Their PC ends up in a far bigger mess than if they had waited at the beginning and it takes much longer to clean their computer than it would have, had they waited.  Often the victim has complicated things by running every available tool they could find, which has removed  vital information that would have led the helper to the correct information on the original infector shortening the cleaning process significantly. A helper will be able to tell you if your computer requires a format, or if it can be cleaned simply with specific tools the helper knows.

After your computer is cleaned or you have formatted, we would appreciate hearing all about it at Malware Complaints.  We are a forum that helps you fight back against the scumware writers that have made your life he**.  We help you write letters to the media and your government asking for legislation to prevent the criminals from taking over the Internet, allowing all innocent people to surf safely without fear of infection.  Please StandUp and Be Counted To Fight Back against  this scourge of the Internet

I will be following with articles about Identity Theft, Rootkits and RATs. Please stay tuned…