How to spell virus spy. Spyware


Viruses, spyware, trojans and dialers: who, why and how

I think that if today any schoolchild is asked what lavsan, he won't tell you about a "synthetic fiber made by polycondensing ethylene glycol and an aromatic dibasic acid." No, his answer will be like this: “Lovesan, aka msblast - penetrating the operating system of the family Microsoft Windows exploiting a vulnerability in the Microsoft Windows DCOM RPC service." I'm afraid to guess what associations there will be with the word after a while doom. Obviously not only with the game of the same name.

As you could understand from the title and introduction, the conversation will now be about viruses and others like them. Before turning to the answers to the questions posed in the title of the chapter, I would like to go directly to our "guests" today. Here the answer to the question of how all this gets into our computers will be given.

The essence of the program, bearing some destructive consequences. And it doesn’t matter what they are: everything can be here - from the banal replacement of file permissions and damage to its internal content to disruption of the Internet and the collapse of the operating system. Also, a virus is a program that not only carries destructive functions, but is also capable of reproducing. Here is what one smart book says about this: “A mandatory (necessary) property computer virus is the ability to create your own duplicates (not necessarily identical to the original) and implement them in computer networks and/or files, computer system areas, and other executable objects. At the same time, duplicates retain the ability to spread further” (Eugene Kaspersky, “Computer Viruses”) Indeed, in order to survive, viruses need to multiply, and this has been proven by such a science as biology. By the way, it was from those very biological viruses that the name computer came from. And they themselves fully justified their name: all viruses are simple and, nevertheless, despite the efforts of anti-virus companies, the costs of which are calculated in huge amounts, they live and prosper. You don't have to look far for examples: let's take at least such a virus as I-Worm.Mydoom.b. It has been said many times that you should not open attachments and e-mail messages from unknown persons, and messages from known people should be treated with caution, especially if you did not agree on this. In addition, if the text of the letter contains something like the following: “Check out the cool photo of my girlfriend,” then it must be deleted immediately. But if in the above example the text still makes sense, then the content of emails infected with mydoom'oM is rather strange. Judge for yourself: “The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment sendmail daemon reported: Error #804 occured during SMTP session. Partial message has been received. The message contains Unicode characters and has been sent as a binary attachment. The message contains MIME-encoded graphics and has been sent as a binary attachment. Mail transaction failed. Partial message is available".

The letter contains a file with 9 options for the name of the attached file and 5 options for the extension. Two variations came to my box. The first one is a zip archive with supposedly a doc file, and the second one is a simple executable with the icon replaced with a notepad icon. If in the second case, any user can notice a catch by looking at the resolution, then in the first case it is already more difficult to do this. It is to the first case that I tend to attribute the largest number infections. What is he doing this virus, I won’t tell, because this has already been said many times in printed publications and Internet resources. Using the example of Mudoom, we got acquainted with the first way to spread viruses - through e-mail.

Let's look at the next method using Worm.Win32.Lovesan (also known as msblast) as an example. What is remarkable about this virus, and why has it become a massive infection? This individual is remarkable in that, in principle, it does not affect the performance of the system as a whole. A computer infected with it simply cannot surf the Internet normally. After a while, a sign pops up with a message about RPC error, after which the computer restarts.

Another way is through the Internet when you download files (whether you like it or not). Again, let me explain with examples. Desirable example. You download some new joke, or program, or game from the Web, and it is infected with a virus. After downloading, the program / game / joke starts, and - voila - you are the owner of the virus. What can be said here? Be vigilant, regularly update your antivirus databases, check all programs with antivirus and do not forget at least the basics of computer security. Someone may say: “Why should I, for example, check programs that could not be infected with a virus?”. I would like to ask: “What kind of programs are these?” Any programs can be infected, especially if they are downloaded from warezniks or websites of hacker groups.

Now let's move on to unwanted download. I would single out two types of such loading. The first is when the user is unaware that something is being downloaded to his computer. Performed given load through the execution of scripts. The second type of unwanted download is when the wrong thing is downloaded. I'll give you an example. At one time, one site with cracks immediately before downloading a file offered to install “Free XXX bar”, then “100% crack of the Internet”. If the user agreed with this (and I'm sure there were such, because I still remember the question of the month in "Virtual Joys" about "one hundred percent Internet crack"), then a trojan or virus was downloaded. Basically, the difference is small. However, this is not the most interesting thing: if such a tempting offer was rejected, a sign popped up with an inscription approximately as follows: “Site error” and an OK or Continue button, by clicking on which the Trojan was still downloaded, however, already without the knowledge of the user. And he could only save firewall (firewall).

Trojan - is a program that provides unauthorized access to the computer to perform any actions at the destination without warning the owner of the computer, or sends the collected information to a specific address. At the same time, she, as a rule, pretends to be something peaceful and extremely useful.

Some Trojans are limited to sending your passwords by mail to their creator or the person who configured the program ( email trojan). However, for Internet users, the most dangerous programs are programs that allow remote access to their machine from outside ( back door ). Very often, Trojans get on the computer along with useful programs or popular utilities, disguised as them.

A feature of these programs, which makes them classified as harmful, is the absence of warnings about their installation and launch. When launched, the Trojan installs itself into the system and then monitors it, while the user is not given any messages about his actions. Moreover, the link to the Trojan may not be in the list of active applications or merge with them. As a result, the computer user may not be aware of his presence in the system while the computer is open for remote control.

Quite often, the term "trojan" refers to a virus. In fact, this is far from the case. Unlike viruses, Trojans are designed to obtain confidential information and access certain computer resources.

There are various ways in which a Trojan can enter your system. Most often, this happens when you run some useful program that has a Trojan server embedded in it. At the time of the first launch, the server copies itself to some directory, registers itself to be launched in system registry, and even if the carrier program never runs again, your system is already infected with a trojan. You can infect a machine yourself by running an infected program. This usually happens if programs are not downloaded from official servers, but from personal pages. Strangers can also inject a Trojan if they have access to your machine, simply by running it from a floppy disk.

On the this moment Trojans of the following types are most widely used:

1. Hidden (remote) administration utilities(BackDoor - from the English "back door"), Trojan horses of this class are inherently quite powerful utilities remote administration computers on the network. In terms of their functionality, they are in many ways reminiscent of various administration systems developed by well-known manufacturers. software products. Modern hidden administration utilities (BackDoor) are quite easy to use. They usually consist mainly of two main parts: the server (executor) and the client (server authority). Server - this is an executable file that is embedded in your machine in a certain way, loaded into memory at the same time as Windows startup and executes commands received from a remote client. The server is sent to the victim, and in the future, all work is done through the client on the hacker's computer, that is, commands are sent through the client, and the server executes them. Outwardly, his presence is not detected in any way. After the server part of the Trojan is launched, a certain port is reserved on the user's computer, which is responsible for communicating with the Internet.

After these actions, the attacker launches the client part of the program, connects to this computer through an open online port and can perform almost any action on your machine (this is limited only by the capabilities of the program used). After connecting to the server, manage remote computer you can almost like your own: reboot, turn off, open CD-ROM, delete, burn, change files, display messages, etc.

On some Trojans you can change open port during operation and even set an access password for the "owner" of this Trojan. There are also Trojans that allow you to use a "trojaned" machine as a proxy server (HTTP or Socks protocols) to hide the hacker's real IP address.

2. Postal(email trojan).

Trojans that allow you to “pull” passwords and other information from your computer files and send them by e-mail to the owner. These can be logins and Internet passwords of the provider, password from mailbox, ICQ passwords, and IRC, etc. To send a letter to the owner by mail, the trojan contacts the site's mail server via the SMTP protocol (for example, to smtp.mail.ru). After collecting the necessary data, the Trojan will check if the data was sent. If not, the data is sent and stored in the register. If already sent, then the previous letter is retrieved from the register and compared with the current one. If there have been any changes in the information (new data has appeared), then the letter is sent, and fresh data on passwords is recorded in the register. In a word, this type of Trojan is simply collecting information, and the victim may not even realize that someone already knows her passwords.

3. Keyboards(Keyloggers).

These trojans write everything typed on the keyboard (including passwords) to a file, which is then sent to a specific e-mail or viewed via FTP ( File Transfer protocol). Keylogger'bi usually take up little space and can disguise themselves as others useful programs, which makes them difficult to detect. Another reason for the difficulty of detecting such a Trojan is that its files are named as system files. Some Trojans of this type can extract and decrypt passwords found in special password fields.

Such programs require manual setting and disguises. Keylogger'bi can be used not only for hooligan purposes. For example, it is very convenient to put them at your workplace or at home at the time of departure.

4. joke programs(Joke programs).

These programs are harmless in nature. They do not cause any direct harm to the computer, but display messages that such harm has already been caused, can be caused under any conditions, or warn the user about a non-existent danger. Prank programs intimidate the user with messages about hard formatting disk, detect viruses in uninfected files, display strange virus-like messages, etc. - it depends on the sense of humor of the creator of such a program. Of course, there is no reason to worry, if other inexperienced users are not working on this computer, who can be very scared by such messages.

5. "Trojan horses" can also include infected files, the code of which is corrected or changed in a certain way cryptographic method. For example, the file is encrypted special program and/or packaged by an unknown archiver. In the end, even latest versions Anti-viruses cannot determine the presence of a Trojan in the file, since the code carrier is not in their anti-virus database.

The methods of their penetration do not differ from those described above. So let's get straight to the point. Here it is necessary to make a reservation that there are quite peaceful dialers, popularly called "dialers". These programs are used to help dial-up users get through to the provider and, if possible, maintain a stable connection with him, even on old or "upgraded" lines. The ones that we will talk about have a different name - combat dialers. Using gaps in the operating system, and sometimes due to the negligence or naivety of users (see above about "100% Internet crack"), these programs replace the provider's phone with the phone of a telecom operator from some exotic country. Moreover, in most cases, the good old phone number of the provider remains in the dialing window. Dialers also prescribe in the scheduler the task to call given time. And it's good if the user has a habit of turning off the modem or he has an external one and yells so that mom does not grieve. And if the modem is quiet and built-in? That's what I'm talking about. And the poor fellow learns about his grief only upon the arrival of such a ba-a-alyn bill for the phone.

It's time to talk about who writes and launches all this muck on the Web. Here I will try to classify those groups of people who are engaged in this unseemly deed. It will not be said about the so-called "white hat" hackers. I'll explain why. This species does not pose a danger to society and rather benefits it. It is they who most often write anti-virus viruses to neutralize especially harmful individuals. Why viruses? These programs spread by the same mechanism as viruses. Why anti? Because they block or remove a certain type of virus from the computer. Their main difference from viruses is also self-destruction after completing their task and the absence of any destructive functions. An example is a similar virus that appeared on the Web some time after Lovesan's relapse. After downloading the antivirus, Lovesan was removed and the user was prompted to download updates for Windows. White hat hackers also find holes in software and computer systems ah, after which they report the errors found to the companies. Now let's move on to our classification.

Type one: "children of scripts". They call themselves none other than HaCkeR-rr, read the Hacker magazine, do not know a single programming language, and create all “their” Trojans and viruses by downloading ready-made programs from the Web. (To avoid raids, I’ll make a reservation that the Hacker magazine is, in principle, not bad, and the material is presented in it in a rather simple form - in some places, however. But in a simple form for people who already have some kind of knowledge base. And they they give wisely - they don’t tell everything to the end - so as not to attract them anywhere, one must think.) These “hackers” usually, after they send someone a Trojan downloaded from somewhere, and the latter works, they immediately start yelling on the forums about their coolness, etc., etc. For which they immediately quite rightly receive a bunch of impartial statements addressed to them, because this is not the case. Since you messed up, it's better to shut up. These individuals do not pose a particular danger, because they simply do not have enough experience or (in some cases) brains for a more or less large-scale business.

Type two: "beginner". This species is a direct descendant of the first. Some of the representatives of the first type, after some period of time, begin to understand that they are not as cool as they thought, that, it turns out, there are also programming languages, that you can do something and then not yell at the whole world about "what a fine fellow I am." Some of them in the future, perhaps, will turn into a representative of the pro class. These people begin to learn some language, try to write something, creative thought begins to wake up in them. And at the same time, they begin to pose a certain danger to society, because who knows what a terrifying work such a representative of the class of virus writers can compose out of inexperience. After all, when a professional writes code, he, nevertheless, realizes that some things do not need to be done, because they can play against him. A beginner does not have such knowledge, and this is why he is dangerous.

Type three: "pro". Develop from the second type. "Pros" are distinguished by a deep knowledge of programming languages, network security, understand the depths of operating systems and, most importantly, have very serious knowledge and understanding of the mechanism of networks and computer systems. Moreover, the “pros” not only learn about security breaches from company bulletins, but also find them themselves. Often they unite in hacker groups to improve the quality of their "work". These people, mostly secretive and not greedy for fame, do not run to inform the whole world about a successful operation, but prefer to peacefully celebrate success among friends. Of course, they pose a great danger, but since they are all knowledgeable people, they will not take actions that could cause a global collapse of any system - for example, the Internet. Although there are exceptions (not everyone has forgotten about Slammer yet).

Type four: "industrial hackers". The most dangerous representatives of the hacker family for society. They can rightfully be called real criminals. It is on their conscience that most of the dialers are written and the networks of banks, large companies and government agencies are hacked. Why and for what they do it, we will talk below. "Industrialists" do not reckon with anything or anyone, these individuals are able to do anything to achieve their goals.

Now let's summarize what has been said.

"Children of scripts": young, green and inexperienced. I want to show that you are the coolest of all, and only Cool Sam is cooler than you.

"Beginner": there was a craving for writing something independent. Some of them, fortunately, after trying to master the intricacies of Internet protocols and programming languages, give up this business and go to do something more peaceful.

“Pro”: if suddenly the state “realized his guilt, measure, degree, depth” sets in, then a representative of this type becomes a highly qualified computer security specialist. I would like more pros to move to this state.

"Industrialists": nothing is sacred. Folk wisdom speaks well of such people: "The grave will fix the humpbacked one."

This is a rough division into types of representatives of the class of computer intruders. Now let's move on to the question: why do they do it.

But really, why are viruses, trojans, dialers and other evil spirits written? One of the reasons is the desire for self-affirmation. It is typical for representatives of the first and second types. One just needs to show his friends that he is "like a real, cool kid", the second - primarily to raise the level of self-esteem. The second reason is gaining experience. Typical for beginners. After writing your first masterpiece, naturally, you want to test it on someone - not on yourself, in fact. So a certain number of new, not always very dangerous, viruses appear on the Web.

The next reason is the competitive spirit. Have you ever heard of hacker competitions? The last known to me took place in the summer. Brazilian won hacker group(It turns out that not only football is strong in them). The task was the following: who will break the most sites. But I am sure that there are competitions for the most sophisticated virus, and for the best keylogger.

Adrenaline is another reason. Imagine: night, monitor light, fingers running across the keyboard, yesterday a breach was found in the security system, today you need to try to access the system and show the fellow administrator who is the boss in the house. Following this reason comes the next - romance. And what, who likes to watch the sunset, who likes the stars, and who likes to write viruses. So many people, so many tastes.

The reason is the following - a political or social protest. For this reason, most government websites, websites of political parties, print and online publications, as well as large corporations are hacked. You don't have to look far for examples. Immediately after the start of the war in Iraq, attacks were made on American government websites by those dissatisfied with Bush's policy, as well as on the website of the Arab newspaper Al-Jazeera and a number of other Arab resources from the opposite side.

And, perhaps, the last reason is the ubiquitous money. For the sake of them, basically, industrial hackers work, so to speak. By hacking bank networks, they gain access to customer accounts. What follows is not difficult to guess. Collecting information about any user of the Network through spyware, they are further engaged in banal blackmail. The actions taken by the "industrialists" can be listed for a very long time, I just want to say once again that they are full-fledged computer criminals, and they should be treated as criminals.

From the book Magazine `Computerra` No. 726 author Computerra magazine

From the book Computerra Magazine No. 25-26 of July 12, 2005 author Computerra magazine

Spies, learn materiel! It seems that the world is undergoing major changes. In any case, nothing like this has ever happened before. An Italian court has issued an arrest warrant for thirteen US CIA officers on charges of kidnapping. And let this man, the imam of the Milan mosque

From the book Computerra Magazine No. 35 of September 25, 2007 author Computerra magazine

ANALYSIS: Spies in Wikipedia Country By Kiwi Bird

From the book PC failures and errors. We treat the computer ourselves. Started! the author Tashkov Petr

Chapter 4 Viruses, Trojans, and Spyware It's probably not a mistake to say that along with the computer came programs that try to harm it. Various viruses, Trojan horses, spyware, worms and other nasty software pests constantly keep

From the book PC failures and errors. We treat the computer ourselves the author Dontsov Dmitry

We block Trojan horses, worms and spyware Once upon a time, with the advent of the first viruses, the main danger was computer infection and office documents. In principle, this was not a big problem, since the antivirus program was able to cope with

From the book Computerra Digital Magazine No. 97 author Computerra magazine

From the book Internet - easy and simple! author Aleksandrov Egor

Kiwi's Nest: Spies in the Law Kiwi Bird Posted November 29, 2011 The "Arab Spring", a wave of popular uprisings that swept through the Middle East region this year, has one notable by-product. Its essence is that

From the book Computerra PDA N147 (11/26/2011-12/02/2011) author Computerra magazine

Viruses A virus is a harmful computer program, capable of reproducing, creating copies of itself, which, in turn, also retain the ability to reproduce (Fig. 10.1). V last years due to the rapid development network technologies definition of the word "virus"

From the book Fraud on the Internet. Methods of remote money extortion, and how not to become a victim of intruders author Smooth Alexey Anatolevich

Kevin's Nest: Spies in the Law By Kiwi Bird Posted November 29, 2011 The Arab Spring, a wave of popular uprisings that swept through the Middle East region this year, has one notable by-product. Its essence is that the Western European and

From the book Free Internet Conversations author Fruzorov Sergey

Why are keyloggers dangerous? A keylogger is a program or device that constantly monitors all keystrokes on the keyboard (and in many cases, all mouse clicks) in order to obtain information about all

From the book Create a virus and antivirus author Guliev Igor A.

Viruses and Worms Virus is regular program, which performs harmful and sometimes simply destructive actions. What can a virus do, you ask? Yes, almost everything that can be done in your operating system. Let's take a look at this in a little more detail.

From the book Introduction to Cryptography author Philipp Zimmermann

Keyloggers Keyloggers are programs that remember which keys were pressed while you were away, that is, what was happening on your computer while you were away from the office. To do this, everything that is typed on the keyboard is entered by a special program into

From the book Computerra Digital Magazine No. 191 author Computerra magazine

Viruses and Trojans An attack consists of using a specially designed computer virus or worm to infect your PGP program. This hypothetical virus could be designed to intercept the private key and password or content

From the book Computerra Digital Magazine No. 197 author Computerra magazine

Hardware Trojans for Intel processors- the first practical implementation Andrey Vasilkov Published September 19, 2013 Eight years ago, the US Department of Defense publicly expressed concern that with sufficient technical level

From the book Computerra Digital Magazine No. 204 author Computerra magazine

Trojans in Chinese irons: why the customs does not give the go-ahead Andrey Vasilkov Published on October 28, 2013 Over the weekend, the Vesti.ru website published an article about how Russian customs officers found spy stuffing in a batch of irons from China.

From the author's book

Trojans claiming copyright: how not to make hidden bitcoin miners Andrey Vasilkov Published on December 20, 2013 In literary works, criminals are evil geniuses who intellectually challenge justice and the best minds

Actually treat viruses, this is not a very complicated operation to pay specialists a lot of money for this work. You can protect your computer from viruses, or, in case of infection, return the computer to a “healthy” state by removing malware, by choosing a good antivirus program and following some rules. Take at least two of the most important ones: First, regularly update the antivirus databases. The second is to completely scan your computer for viruses once a month.

So, with this, I think it is clear that malware removal is carried out with the help of antiviruses. They are paid and free, I talked about free methods in the following article:

And now about what is a malicious program or in another way a virus?

Computer virus or malware- this is a program whose main purpose is: harming a computer, damaging user data, stealing or deleting personal information, degrading computer performance, and much more.

To date malware can be classified into several types according to their impact on the computer.

  • classic viruses.
  • Trojan programs.
  • Spies.
  • Rootkits.
  • adware.

Let's take a closer look at each type of malware.

Classic viruses are malicious programs that can infect a computer, for example, via the Internet. And the essence of such viruses lies in self-replication. Such viruses copy themselves, copy files and folders that are on the infected computer. They do this in order to infect the data so that in the future their recovery would be impossible. This virus tries to damage all data on the computer by putting its code into all files, from system files to the user's personal data. Most often, salvation, on such an infected computer, is.

Trojan is a serious type of virus. Trojans are written by attackers for a specific purpose, for example, stealing information from computers, or stealing passwords, and so on.

The Trojan is divided into two parts. The first part, called the Server, is stored by the attacker, and the second, the Client part, is distributed to all possible corners of the Internet and in other places. If the client part of the malicious program gets on a computer, then this PC becomes infected and the Trojan begins to send various information to the attacker in disguise on its server.

Also, a Trojan can perform various operations on a computer at the request of a server (an attacker), steal passwords, and infect documents and files with malicious code.

spies are somewhat similar to Trojans. But they have the main difference and it lies in the fact that spies do not harm the system and user files. Spyware quietly settle down on the computer and spy. They can steal passwords or even save absolutely everything that you enter from the keyboard.

Spyware is the most intelligent type of virus and can even send files from an infected computer. The spy knows a lot of information about the infected PC: what system is installed, what antivirus you use, what browser you use on the Internet, what programs are installed on the computer, and so on. Spyware is one of the most dangerous malware.

rootkits They are not viruses in and of themselves. But rootkits are programs whose purpose is to hide the existence of other viruses on the computer. For example, a computer was infected with a spy virus at the same time as a rootkit. And the rootkit will try to hide, from your antivirus and operating system, a spy. Accordingly, the presence of rootkits on a computer is no less dangerous, since they can work quite well and hide a bunch of viruses (spyware, trojans) from the eyes of our antivirus for a long time!

Adware is another type of malware software. This is a less dangerous program, and its essence is to run ads on your computer in all sorts of ways in various places. Adware does not cause any harm and does not infect or corrupt files. But you also need to protect yourself from this type of virus.

These are the types malware exists. To protect your computer from viruses, we need good antivirus. I talked about that in another article, and now we will continue the topic of describing viruses and protection schemes for our computer.

Previously, viruses did not have any specific purpose, they were written for the interest and the developer did not set a specific goal. Now viruses are the most complex algorithms, the essence of which is most often the theft of money and data. Trojans, most often, are designed only to steal passwords and other important data.

By the way, whether your computer was attacked by viruses can be distinguished by some features:

  • Programs do not work properly or stop working altogether.
  • The computer began to slow down, work slowly.
  • Some files get corrupted, refuse to open.

Very often, these symptoms can become a sign of a computer virus infection but fortunately not always.

It should be noted that most often one particular virus can infect different types files. Therefore, even after curing the computer from a strong virus attack, partition formatting will be the most correct.

To protect yourself from viruses, as I said above, they will help you antivirus programs. Today, antivirus programs have features that are enough to reflect almost all malicious programs that are distributed on the Internet. But for maximum virus protection an important role is played by a properly selected and configured anti-virus program for full “combat” performance. I recommend that you read the article about. But if you do not have time, then I will name you the best antivirus programs right here. As of today, these are:

  • Kaspersky
  • Avast
  • Dr. Web
  • NOD32

I think there are plenty to choose from.

Good luck and excellent virus protection to you.

When using the Internet, you should not think that your privacy is protected. Detractors often follow your actions and seek to get your personal information using special malware - spyware. This is one of the oldest and most widespread types of threats on the Internet: these programs enter your computer without permission to initiate various illegal activities. It is very easy to become a victim of such programs, but getting rid of them can be difficult - especially when you do not even know that your computer is infected. But do not despair! We will not leave you alone with threats! You just need to know what spyware is, how it gets into your computer, how it tries to harm you, how to eliminate it, and how you can prevent future spyware attacks.

What is spyware?

History of spyware

The term "spyware" was first mentioned in 1996 in one of the specialized articles. In 1999, this term was used in press releases and already had the meaning that is assigned to it today. He quickly gained popularity in the media. It wasn't long before the first anti-spyware application was released in June 2000.

"The first mention of spyware dates back to 1996."

In October 2004, media company America Online and the National Cyber ​​Security Alliance (NCSA) conducted a study of this phenomenon. The result was incredible and frightening. About 80% of all Internet users have somehow encountered spyware on their computers, approximately 93% of computers had spyware components, while 89% of users did not know about it. And almost all users affected by spyware (about 95%) admitted that they did not give permission to install them.

To date, operating Windows system is a preferred target for spyware attacks due to its widespread use. However, in recent years, spyware developers have also turned their attention to the Apple platform and mobile devices.

Spyware for Mac

Historically, spyware writers have considered their main target Windows platform, as it has a larger user base than the Mac platform. Despite this, the industry experienced a significant spike in malware activity in 2017. Mac computers, and most of the attacks were carried out through spyware. Mac spyware has a similar behavior to Windows spyware, but is dominated by password stealers and general purpose backdoors. Malicious actions of software belonging to the second category include remote execution malicious code, keylogging, screen capture, random file uploads and downloads, password phishing, etc.

“In 2017, the industry experienced a significant spike in Mac malware activity, with most of the attacks carried out through spyware.”

In addition to malicious spyware, so-called "legitimate" spyware is also not uncommon in the Mac environment. These programs are sold by real companies on official websites, and their main goal is to control children or employees. Of course, such programs are a classic "double-edged sword": they allow the possibility of abuse of their functions, since they provide the average user with access to spyware tools without requiring any special knowledge.

Spyware for mobile devices

Spyware does not create a shortcut and can stay in the memory of a mobile device for a long time, stealing important information, such as incoming/outgoing SMS messages, incoming/outgoing call logs, contact lists, email messages, browser history, and photos. In addition, mobile spyware can potentially track keystrokes, record sounds within range of your device's microphone, take photos in the background, and monitor your device's position from using GPS. In some cases, spyware even manages to control the device using commands sent via SMS and/or coming from remote servers. Spyware sends stolen information via email or by exchanging data with remote server.

Keep in mind that consumers are not the only target of spyware hackers. If you are using your smartphone or Tablet PC in the workplace, hackers can attack your employer's organization through vulnerabilities embedded in the mobile device system. Moreover, computer security incident response teams may not be able to detect attacks carried out through mobile devices.

Spyware typically infiltrates smartphones in three ways:

  • An unsecured free Wi-Fi network that is often installed in public places, such as airports and cafes. If you register on such a network and transfer data through an insecure connection, attackers can monitor all the actions that you perform while you remain on the network. Pay attention to warning messages displayed on your device screen, especially if they indicate a failure to authenticate the server identity. Take care of your safety: avoid such insecure connections.
  • Vulnerabilities in the operating system can create the prerequisites for the penetration of malicious objects onto a mobile device. Smartphone manufacturers often release updates to operating systems to protect users. Therefore, we recommend that you install updates as soon as they become available (before hackers try to attack devices running outdated programs).
  • Malicious objects often hide in seemingly ordinary programs - and this is more likely if you download them not through the app store, but from websites or through messages. It is important to pay attention to warning messages when installing applications, especially if they ask permission to access your email or other personal data. Thus, we can formulate the main rule of security: use only proven resources for mobile devices and avoid third-party applications.

Who is attacked by spyware?

Unlike other types of malware, spyware developers do not aim to target any specific group of people with their products. On the contrary, in most attacks, spyware deploys its networks very widely in order to hit as many targets as possible. more devices. Consequently, each user is potentially a target of spyware, because, as attackers rightly believe, even the smallest amount of data will sooner or later find its buyer.

"In most attacks, spyware deploys its networks very widely to hit as many devices as possible."

For example, spammers buy email addresses and passwords in order to send malicious spam or act in the guise of others. As a result of spyware attacks on financial information someone may lose funds in a bank account or become a victim of scammers who use real bank accounts in their machinations.

Information obtained from stolen documents, images, videos and other digital forms of data storage can be used for extortion.

Ultimately, no one is immune from spyware attacks, and hackers don't give much thought to whose computers they infect in pursuit of their goals.

What should I do if my computer is infected?

Spyware that enters the system tends to remain undetected and can only be detected if the user is experienced enough to really know where to look. So many users continue to work, unaware of the threat. But if it seems to you that spyware has penetrated your computer, you must first clean the system of malicious objects so as not to compromise new passwords. Install a reliable antivirus that is capable of providing proper cybersecurity and uses aggressive algorithms for detecting and removing spyware. This is important because only aggressive actions antivirus software is able to completely remove spyware artifacts from the system, as well as restore corrupted files and broken settings.

After clearing the system of threats, contact your bank representatives to warn of a potential malicious activity. Depending on what information was compromised on the infected computer (especially if it is connected to the network of an enterprise or organization), the law may require you to inform law enforcement about the facts of virus penetration or to make a public statement accordingly. If the information is of a sensitive nature or involves the collection and transmission of images, audio and/or video files, you should contact a law enforcement representative and report potential violations of federal or local laws.

One last thing: Many identity theft protection vendors claim that their services can detect fraudulent transactions or temporarily block your credit account to prevent damage from malicious activities unwanted programs. At first glance, blocking credit card is a really sound idea. However, Malwarebytes strongly recommends that you do not purchase identity theft protection.

"Many vendors of identity theft protection claim that their services can detect fraudulent transactions."

How to protect yourself from spyware?

The best protection from spyware, as well as from most types of malware, primarily depends on your actions. Please follow these basic guidelines to ensure your cyber security:

  • Do not open emails from unknown senders.
  • Do not download files from unverified sources.
  • Before you click on a link, hover your mouse over it to check which web page it will take you to.

But as users have gained cybersecurity expertise, hackers have also gotten smarter, creating ever more sophisticated ways to deliver spyware. That is why installing a proven antivirus is essential to counteract the latest spyware.

Look for antiviruses that provide real-time protection. This function allows you to automatically block spyware and other threats before they can harm your computer. Some traditional antivirus and other cybersecurity tools rely heavily on signature-based detection algorithms - and such protection is easy to bypass, especially if we are talking about modern threats.
You should also pay attention to the presence of functions that block the very penetration of spyware into your computer. For example, it can be anti-exploit technology and protection against malicious websites that store spyware. The premium version of Malwarebytes has a proven track record of being a reliable anti-spyware solution.

V digital world dangers are an integral part of the Internet reality and can lie in wait for you at every turn. Fortunately, there are simple and effective ways to protect yourself from them. If you maintain a reasonable balance between using antivirus and taking basic precautions, you will be able to protect every computer you use from spyware attacks and the malicious activities behind them.
You can view all of our spyware reports

Kaspersky Lab experts have detected malware for mobile devices on Android platform, which has a whole spectrum technical capabilities. Employees of the company emphasized that some of the functions of the Trojan virus (malware) were identified for the first time.

“Most Trojans are similar to each other: having made their way onto the device, they steal the payment data of its owner, extract cryptocurrency for attackers, or encrypt data in order to demand a ransom. But sometimes there are instances whose capabilities make one recall Hollywood films about spies, ”Kaspersky Lab said in a message dedicated to the virus.

They said that the detected Skygofree malware has 48 different functions, including unique ones that the company's specialists have not seen before in malware.

For example, the Skygofree Trojan can track the location of an infected device and enable sound recording at the moment when its owner is in a certain location.

“Another interesting technique that Skygofree has mastered is to quietly connect an infected smartphone or tablet to Wi-Fi networks that are under the complete control of attackers. Even if the owner of the device has turned off Wi-Fi on the device altogether,” said Kaspersky Lab.

This allows not only to analyze the traffic of the victim, but also to read the logins, passwords or card numbers entered by the user. The malware can also spy on a range of instant messengers, including Facebook Messenger, WhatsApp, Skype, and Viber, collecting their text messages.

“Finally, Skygofree can covertly enable front camera and take a picture when the user unlocks the device,” the experts added.

  • Reuters
  • Robert Galbraith

The company's specialists discovered Skygofree at the beginning of October 2017, however, during the study of the malware, it turned out that initial versions This program was created at the end of 2014. Since then, the functionality of the Trojan has increased significantly and the program has acquired some unique abilities.

According to Kaspersky Lab, Skygofree was distributed on Internet pages imitating the sites of mobile operators and dedicated to optimizing the speed of mobile Internet.

According to the company, only a few users were attacked by the virus, and only in Italy.

Also, during the investigation of the malware, several spyware tools for Windows were found, but whether the program was used to attack this operating system is still unknown.

"It doesn't attack hundreds of thousands of users"

RT spoke with Kaspersky Lab antivirus expert Viktor Chebyshev, who gave some details about the new virus. According to him, Skygofree managed to stay hidden for a long time, because this Trojan spy uses undocumented features of the system and elevates its privileges in such a way that all its actions "remain behind the scenes."

“It is located almost at the system level, and all the possibilities that it implements are absolutely transparent to the user. That is, the user does not see any activity, does not hear any actions, just remains in the dark, ”Chebyshev explained.

The interlocutor of RT clarified what to create similar program very difficult, so a whole team of professionals most likely worked on it high level versed in all the features of the Android operating system.

According to the antivirus expert, another feature of the virus, which allowed it to operate unnoticed, is its narrow focus, Skygofree's sharpening to attack a specific user.

“This is a spy that is not aimed at the mass segment. It does not attack hundreds of thousands of users, squeezing a little bit out of them. This is a spy app that attacks specific people,” Chebyshev said.

“It is created so that it is invisible to both the victim and everyone else around. Plus, he has trace-clearing mechanisms that destroy him after he has worked, ”the expert added.

  • Victor Chebyshev: this is a spy who is not focused on the mass segment

He specified that the purpose spy virus have become devices on the Android platform, since it is this system that allows you to install applications from third party sources, and not only with official store Google Apps play. However, not only Android devices can become vulnerable to such malware.

“In other operating systems, this is not possible, all applications are installed from one centralized source, which is moderated. And the chance of infection is thus minimal. However, it is not excluded,” the expert explained.

“This is a whole team, one might say, an organized criminal group. The resources are serious," Chebyshev said.

The expert clarified that the main purpose of the discovered Trojan was never to attack the broad masses of people. The program is designed specifically for espionage, spying on a specific person, into whose devices it “sits down”. According to him, the spectrum of application of this program can extend from industrial espionage to surveillance of civil servants.

“The main task of this Trojan is to understand what is happening with the victim, around him, what he is doing, where he is going, with whom he is talking, what documents he is interacting with... It can shoot with a video camera, take photos, record conversations in a specific situation ”, — said the employee of Kaspersky Lab.

  • Victor Chebyshev: this Trojan is spying on specific people

The antivirus expert clarified that immediately after the discovery of the virus, the company provided protection to its customers. Talking about the threat ordinary users around the world, Chebyshev noted that they were never the target of malware, but urged not to relax.

“If we talk about the mass market, about you and me, then the attack, most likely, did not threaten us from the very beginning. They attack specific people. However (massive attack. — RT) should not be written off: what is implemented in this Trojan can be replicated, it can be extended to a huge number of users, ”the interlocutor of RT emphasized.

Speaking about ways to counter the virus threat, the expert urged all users not to install applications from third-party sources in the first place. In addition, he advised consumers to secure their mobile devices by installing a good security solution that will prevent malicious links from being accessed and block the installation of a malicious application.

“Be sure to apply personal hygiene measures to your device. Because not even the hour will attack you, and then everything will be sad. With a defensive decision, everything will be fine, ”summed up Chebyshev.

Prank viruses are simple programs that can be slipped on a friend (or enemy) and they will think that their computer has been hacked, infected with a virus, or seriously damaged. Joking viruses can be written in a regular Notepad: you just need to write commands that slow down the computer, disable the operating system, or simply scare the user into a file, and then force him to run this file. Prank viruses can be anything from an annoying nuisance to a system-breaking nightmare. The "viruses" in this article are only for harmless jokes, the worst thing they can do is turn off the computer. Attention: These prank viruses are designed for Windows computers only, they will not work on Mac OS without special training. Let's start with step 1.

Steps

We write a fake virus that opens "endless" windows

Launch Notepad. Batch (.BAT) files contain commands for the computer in text form. In order to write a BAT file, you do not need a special editor - just Notepad from standard set Windows programs. Notepad can be found in the Start menu or in the Accessories submenu. You can also open Notepad by pressing the Win + R key combination, type “notepad” in the text field of the dialog box that appears and press Enter.

Type "@echo off" and then, with new line, "CLS". By default, BAT files open a command prompt window and output executable commands. The "@echo off" and "CLS" commands prevent commands from appearing in the command prompt window, making the reason for the joke invisible to the "victim".

Write commands to open many (or infinite) windows. Now it's time to write a sequence of commands, executing which, your fake virus will open many windows different programs once or will open these windows indefinitely. It is important to know that if a lot of windows are opened endlessly, the computer may eventually freeze. Read on for how to make both types of "virus":

  • To open certain number of windows, on a new line, type the following command in Notepad: start (program name). Instead of the phrase in brackets, enter the name of the program on the victim's computer or or full name executable file. This command instructs the computer to open a window the specified program. For instance, start iexplore.exe will open an Internet Explorer window. Repeat the "start" command as many times as you want, and your "virus" will open the window as many times as you specify. Here are some programs that can be entered after the "start" command:
    • iexplore.exe - Internet Explorer browser
    • calc.exe - Calculator
    • notepad.exe - Notepad
    • winword.exe - Microsoft Word
  • To open endless the number of windows, first on a new line, type :A, including the colon. On the next line dial start iexplore.exe(or another program). And finally, on the line below, type goto A. This sequence of commands will cause the computer to open an Internet Explorer (or any other program) window, jump back to the location just before the window was opened, and then immediately open a new window until the command prompt window is closed or the computer freezes.

  • Write a message in the "virus". For an intimidating effect, you can add a message to the "virus" that will make the user think that something is wrong with his computer. To display a message, start a new line and type echo Your message. Then on a new line type pause. The "pause" command will stop the execution of the "virus" after the message appears.

    • To make your joke believable, write a message that looks like a real error message, like this: Fatal error. C:// directory is corrupted.

  • Save the text as a batch file. When you're done, from the Notepad menu, select File > Save As..., and then specify the file extension ".bat" (for example, "pinball.bat"). Select "All Files" from the "File Type" drop-down list. Save the file somewhere on the victim's computer.

    Force the user to open the file. For your joke to work, you need to get the “victim” to start it. This can be achieved different ways. One of the most workable is to create a shortcut to your batch file and change its icon to something the user actually uses, then change the name of the shortcut to match the icon. Sit back and watch your results from the comfort of your seat!

    How to write a .VBS with a bug or hack message

    Launch Notepad. As in the previous joke, in this one you need to write in Notepad a few simple commands. However, this time the effect will be different - instead of opening windows, this joke creates several error messages that will make the user think that an error has occurred in the operation of the operating system or that the computer has been hacked.

    Type "x=msgbox("Message Body", 5+16, "Message Title") exactly as shown here, including parentheses and quotation marks, and replace "Message Body" and "Message Title" with your desired text. This command opens the standard dialog window windows errors with the error message and window title you specified. To make your joke believable, use messages and headlines that look like the real thing. For example, try "Terminal Error" as the title, and "A fatal error has been detected in the directory C://Users/Windows/system32" as the message.

    • You may want to develop your joke in the direction of hacking. In this case, use messages like: “I have full access to your system. Get ready to break in." None of this will actually happen, so this will only work with people who aren't good with computers.
    • The expression "5+16" tells the computer to create a dialog box with a critical error icon and two buttons "Retry" and "Cancel". By changing these numbers, one can get different types error windows. Simply substitute any one-digit number for 5 and any two-digit number for 16 from the numbers below:
      • 0 (OK button)
      • 1 (OK and Cancel buttons)
      • 2 (Cancel, Redo and Skip buttons)
      • 3 (Yes, No, and Cancel buttons)
      • 4 (Yes and No buttons)
      • 5 (Redo and Cancel buttons)
      • 16 (Critical error icon)
      • 32 (Help icon)
      • 48 (Warning icon)
      • 64 (Information icon)

  • Repeat the error message as much as you like. Repeat the commands above as many times as you like with any error messages. Messages will appear one after another, that is, as soon as the user closes one message, another one will open. You can use this fact to create long message which will become increasingly urgent.

    Save the document as a file Visual Basic(VBA). When you have entered all the desired messages, save the file. From the Notepad menu, select File > Save As..., give your file a name with a ".vba" extension. Be sure to select "All Files" from the "File Type" drop-down list. Now, in order for the joke to succeed, you need to get the "victim" to run this file, for example, using the trick from method 1.

    Using a pre-written batch file

    Launch Notepad. This joke uses Notepad commands to make the computer open programs randomly until the batch file is disabled or the computer freezes. To make this joke, you just need to copy and paste the commands given in this section. but note that this will not work on all computers.

    Copy and paste the following commands:@echo off cls begin goto %random% :1 start cmd.exe goto begin:2 start mspaint.exe goto begin:3 start pinball.exe goto begin:4 start iexplore.exe goto begin:5 start explorer.exe goto begin: 6 start solitaire.exe goto begin:7 start explorer.exe goto begin:8 start edit.exe goto begin:9 start iexplore.exe goto begin:0 start mspaint.exe goto begin

  • :(number, letter or word) - label. It can be accessed using the "goto" command.
  • Note: In the example above, we have 10 labels. If we skip one number, the program will exit if %random% generates that number.
    • Here is a sample of one of the most annoying programs and its code:

      @echo off
      :a
      start notepad
      goto a


      All it does is open Notepad an infinite number of times until the user closes the command prompt window. Do not run it on your computer unattended - it may end badly.

      This is a simplified version of Method 1 discussed above.

    • Experiment with different commands! If you want to make a joke malicious, use a command that deletes files or wipes data from your hard drive.

    Warnings

    • You may have problems using malicious batch files or corrupting school or public computers. Unintended sending of such files over the Internet or writing them to public systems is prohibited.
    • Don't overdo it. 10 copies of something like Pinball is very annoying. Hundreds of copies can freeze your computer and put someone out of work.
    

    2022 gtavrl.ru.