Digital Security and Privacy for Human Rights Defenders

2.9 Malicious software and Spam

Abstract
  1. There are many types of malware, transmitted from computer to computer in a multitude of different ways, causing untold damage to information.
  2. Install and regularly update your anti-virus, anti-spyware software. Run a firewall and be extremely cautious when opening email or inserting media into your computer.
  3. Spam is unsolicited junk email which today constitutes an enormous part of all Internet traffic and has become a huge problem for people and networks.
  4. Be careful with distributing your email address and never reply to or even open spam messages.

Malware is a term used to describe software that damages your computer and compromises your security and the confidentiality of your information. It can be broken up into several categories, including viruses and spyware. Millions of computers around the world have been infected by a virus or spyware, causing huge problems in the industry. The Internet has become the most widely used medium for spreading malware, and we are always battling to protect ourselves from myriads of old and newly written malicious infections. The word ‘spam’ is used to describe undesired and unsolicited email messages, sent in bulk around the Internet and to our email accounts. This chapter will explain the differences between various types of malware, the history of famous infections and will provide assistance as well as a guide to how to protect against them.

Viruses

Similar to a human virus, computer viruses infect computers and other technical devices with the intent of changing their stability, operation or integrity. They are usually small pieces of software code that are executed on your computer following a specific action you take. They also have a tendency to re-create and multiply. You can receive a virus in an email, on a inserted floppy disk or other removable media, by browsing to specific websites and sometimes just by being connected to the Internet.

History

The first recognised instance of a spreadable computer virus was the Elk Cloner. It was written around 1982 by a 15-year-old high school student Rich Skrenta and was aimed at Apple II systems. Elk Cloner spread by infecting the Apple II’s operating system and was transmitted on floppy disks. When the computer was booted from an infected floppy, a copy of the virus would automatically start. Whenever a new floppy disk was inserted into an infected computer, the virus copied itself to it, thereby allowing itself to spread. It did not cause specific harm to the computer, but was merely an annoyance. On every 50th booting, the virus would display a short ‘poem’:

Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes it’s Cloner!
It will stick to you like glue
It will modify ram too
Send in the Cloner!65

The first virus to infect a PC was called (c)Brain and was written by Basit and Amjad Farooq Alvi, two Pakistani software developers. They wanted to stop the piracy of the medical software they had written and claimed that the virus only existed to prevent breach of copyright.

Originally, viruses were spread by floppy disks inserted into various computer systems. The Internet has provided a new means of spreading viruses around with the greatest of ease. The first well-known case was the Morris Worm, written by Robert Tappan Morris in 1998. It was estimated to have infected around 6,000 computers worldwide66 and caused between 10 and 100 million USD of damage. Morris received 3 years of probation and had to pay 10,000 USD in fines. The devastating effect the virus had on the Internet led to the creation of a new industry for countering similar attacks and resulted in the formation of CERT (Computer Emergency Response Team), a US federal-funded research institute and development centre (http://www.cert.org).

The month of August 2003 was the worst ever for damages from viruses - the result of a simultaneous attack from the Blaster and Sobig worms. Causing untold damage around the world, it severely crippled Internet speeds. The writer of the Blaster virus, 18 year-old Jeffrey Lee Parson from Minnesota, was eventually caught and jailed for 18 months. The MyDoom virus of 2004 accounted for 1 in 12 of every email sent on the Internet and was able to co-ordinate the biggest denial of service attack67, involving more then 1 million computers from all over the globe.

Malware variations

There are numerous types of malware, and each has a specific method of operation and distribution.
  • A virus is a piece of computer code that damages the software (and increasingly the hardware) of your PC, with possible effects of data loss or computer malfunction. Viruses must be executed (run or opened) by the user and can replicate themselves to infect other computers.
    Infection: viruses come as email attachments, files loaded from floppy disks or other removable media. Files that could contain viruses usually (but not always) have the following extensions: .exe .com .bat .vbs .php .class .jbs .scr .pif
    Solution: Use anti-virus software and update it frequently. Install a firewall and never open unknown attachments to email. Always perform a full scan of any removable media you insert into the computer. If your organisation has a computer network, it is advisable that you remove the computers, connected to the Internet, from it: upon infection, the important documents on your network will not be damaged then.
  • A worm – is similar to a virus but the former does not try to delete or corrupt information on your computer. Worms usually come embedded in an email message. They exploit security vulnerabilities in operating systems and spread themselves to other computers via the network or the Internet.
    Infection: worms infect your computer as soon as you open the email message in which they are hiding. Your computer could also be sending and receiving worms by simply being connected to the Internet.
    Solution: use anti-virus software and a firewall. Install all necessary operating system updates (see Windows chapter). Be extremely vigilant when opening email and disable the preview screen in your email program68. Do not open email from unknown, untrusted sources. In reality, it is quite difficult to prevent the spread of newly written worms.
  • A macro virus (or a macro) – takes advantage of the Microsoft Office products, which allow the user to create a small program within a document to automate a specific function (e.g. to perform a calculation in Excel). If you open a file that contains a macro virus, it will infect the program and all documents you open with this program later.
    Infection: macros are hidden in MS Office documents, such as .doc .xls .ppt .mdb. They become operational when you open such a file.
    Solution: You can disable macros in your MS Office applications. This option is presented to you every time you open a document that contains macros.
warning

A warning of a macro inside an Adobe PDF document

Always choose to ‘Disable Macros’ in your document. In your organisation, introduce a policy of saving all Word files in Rich Text Format (.rtf) and all Excel files as .csv. These file types do not carry macros.

  • Trojans (Trojan horses, backdoor Trojans) are programs posing as legitimate software but actually containing malicious code. They do not replicate themselves but can force your computer to download a virus. Backdoor Trojans can give full access to your computer to an outsider. They could give an attacker access to all your programs and documents. Some Trojans record all your keystrokes and send this information to a pre-determined address. This is a common method of obtaining passwords.
    Infection: Trojans pose as legitimate programs and become active when you execute them. Sometimes viruses install Trojans on your computer.
    Solution: use anti-virus software and a firewall. Install all necessary operating system updates (see Windows chapter).
  • Spyware are malicious programs that track your movements on the computer and the Internet and send this information to an outsider. The main aims of spyware are to undermine the computer’s security and to reveal information about its user for reasons of profit or gain.
    Infection: Spyware can appear in emails and come embedded in programs you install. You can receive spyware by visiting web pages (especially relevant to Internet Explorer) or using file-sharing software. They can come in email attachments or get installed with a virus.
    Solution: There exist numerous anti-spyware programs and some of them come automatically when you install a virus cleaner. It is advisable to have several spyware detection programs. Programs like Spybot will detect if the spyware is trying to dial an unauthorised number or make changes to the computer registry. Don’t install unnecessary programs or those the reputation of which you cannot verify.

Viruses are known to be spreading to mobile phones and personal organisers. Technically, any electronic medium with a processing unit can be infected by a virus. Virus hoaxes have also gained notoriety because of their crippling effects on companies and users. They are usually spread by email and warn you of an impeding new virus attack. They may also try to persuade you to click a link in the email, which will ‘help you to secure your computer system’. Albeit not terribly damaging, virus hoaxes slow down the Internet connection and fill email boxes with unnecessary email.

An organisational policy that pro-actively prevents downloading and executing of viruses is required. Some of it can be done at the program level, by setting specific settings to make your programs more robust against viruses and by obtaining and running anti-virus, anti-spyware and firewall software. All software, including fixes for Windows, must be actively sought and updated. This will increase your protection against newly written malware. The main approach to tackling malware is at the policy level.

You need to:
  • keep a backup of your important documents on removable media
  • block all malicious email attachments at your server or program level
  • never open any email attachments that you are not expecting and those originating from unknown sources
  • run a full scan of your system at least once a week
  • do not download unnecessary programs onto your computer. MSN and Yahoo Chat programs are popular targets for spreading viruses. Try to refrain from using these programs and file-sharing software on your work computer.
  • stay informed about the latest threats
If your computer is infected with a virus:
  • Disconnect it from the Internet and from any networks immediately.
  • Close all programs and run a full anti-virus scan. Some programs allow you to schedule a boot scan which will check your entire computer upon restart. This is useful as some viruses hide in files that Windows cannot check when it is running. Delete any viruses found and write down their names. Then run the scan again, until you have no more warnings.
  • Connect to the Internet and obtain the latest information on the particular virus you have received. You can check www.symantec.com or www.sophos.com or www.f-secure.com for the latest information about viruses, the damage they can cause and methods of their detection, prevention and deletion. Update your Windows operating system with any necessary patches.
  • If a virus is found on a computer that resides in a network, disconnect all computers from the Internet and then from the network. All users should stop working, and the steps listed above must be taken for every computer. This may sound like an exhausting process, but it is an absolute necessity.
circle

The most important rule is to be aware and vigilant. Take the required precautions but do not let the existence of anti-virus or anti-spyware programs give you a false sense of security. As you might have guessed from the above, it is a never-ending battle. Viruses spread not because of their clever programming, but because of the carelessness and nonchalance of the user.

Spam

Spam is the process of sending bulk and unsolicited emails. They normally take the form of advertising or nonsense messages that often fill up our email boxes. Spam is an activity aimed at increasing the profits of companies, and increasingly of spam gangs. It is a lucrative method, for the costs of mass distribution are minimal - far cheaper then postal junk mail and other means of mass advertising. Spam now accounts for 50% of all Internet activity and is an enormous problem to individuals and to businesses. This section will tell you how to reduce the amount of spam in your email box.

Many on-line companies provide lists of their customers’ email addresses to organisations specialising in sending unsolicited commercial email (spam). Other companies mine email addresses from messages posted on mailing lists, newsgroups, or domain name registration data. In a test by the US Federal Trade Commission, an email address, posted in a chat room, began receiving spam within eight minutes of submitting a post69.

History

The term spam is derived from the British comedy series ‘Monty Python’. One of the episodes, ‘SPAM Sketch’, is set in a café where everything on the menu includes SPAM luncheon meat. As the waiter recites the SPAM-filled menu, a chorus of Viking patrons drowns out all conversation with a “SPAM, SPAM, SPAM, SPAM” refrain thus ‘SPAMming’ all other noises. The obsession with SPAM goes back to food rationing in Britain during and after World War II. SPAM (a ham substitute made from processed meat) was one of the few foods that was not restricted and was widely available, so by the end of the rationing period the British had been rather fed up with ‘luncheon meat’.70

The concept of spamming as an advertising technique was first introduced in 1994 by two New York immigration lawyers wishing to promote their services through mass emailing. They argued it was a viable and justified new method of marketing and labelled their critics as “anti-commercial radicals”. Since then, the popularity of ‘spamming’ grew very quickly.

Preventing spam

There are several methods of reducing the amount of spam you receive, although you may never be able to get rid of it completely. If you are using a webmail account (like Hotmail or Yahoo), the provider should have automatic spam filtering software installed. Some email programs (like Mozilla Thunderbird) have a built-in spam filter that learns what email you would classify as spam, and stops similar emails from cluttering up your inbox. Be aware that spam keeps being downloaded, but is automatically moved to the Junk folder.

The main method of spam prevention is not to reply or to click on any links in the spam message. Even if you are upset by the amount of spam and wish to reply to the message with a complaint or a request to stop the spamming, you are simply confirming the existence of your email address and labelling yourself as someone who reads spam and reacts to it. Never purchase anything advertised in spam messages. Even if it is legitimate, you’ll end up further funding the spammer market.
Do not list your email address on any websites or list servers. If this is not possible, disguise it by putting # or ‘at’ instead of using the normal @ symbol. This will prevent web-spiders from capturing your email addressing

user#frontlinedefenders#org -> user AT frontlinedenfeders DOT org

If you are sending a large group email, insert the contacts into the ‘Bcc’ field. This will hide the existence of the mass email and prevent spammers from using the list for their purposes. Also, switch off the email preview option in your email program. When an email is previewed, it may alert the spammers that your address exists and you have read the message.
Try to use several email addresses. One will be your private email which you will give out only to trusted contacts. You can use other addresses for registration and authentication when on the Internet. Thus you will be able to separate private email accounts from those that get spammed.

If your account is already facing massive spamming and the filters are simply not working any more, you have no other option but open a new email account and be more vigilant.

spam circle


65
Wikipedia http://en.wikipedia.org/wiki/Elk_Cloner

66
Government Accountability Office – www.goa.gov

67
see Glossary

68
If you can see the content of the email in your main program screen, you have the preview pane switched on. To disable it in Microsoft Outlook: go to the menu bar and de-select View > Preview Pane. In Outlook Express: go to the menu bar View > Layout. In the Layout window de-select the option ‘Show Preview Pane’.
In Mozilla Thunderbird go to the menu bar View > Layout and de-select ‘Message Pane’ or simply press F8.

69
Privacy International – Privacy and Human Rights Report 2004 Threats to Privacy

70
Wikipedia http://en.wikipedia.org/wiki/Spam_%28electronic%29