Understanding Trojans and Malware

The latest semi-annual Security Information Report (SIR) from Microsoft has been released, and its 232 pages carry reminders of some important facts about computer viruses, other malware and overall PC security.

Infections happen

According to the report, of all the computers that visited the Microsoft Malicious Software Removal Tool (MSRT) in the first half of 2009, 8.7 out of 1,000 (that is, not quite one percent) had some kind of malware infection identifiable by the tool.

Hotspots for malware sources of origin include:

• Serbia and Montenegro – 97.2 per thousand
• Turkey – 32.3 per thousand
• Brazil – 25.4 per thousand
• Spain – 21.6 per thousand
• South Korea – 21.3 per thousand
• Saudi Arabia – 20.8 per thousand
• Taiwan – 20.4 per thousand

The U.S. rate of 8.6 was nearly the same as the global average.

The Malware Ecosystem

There are viruses that replicate themselves and spread to other computers, sometimes just for the sake of duplication. These are called worms if they do it through e-mail or instant messaging. Malware is any software you didn’t ask for, especially software that has malicious intent.  Malware includes:

• Trojans – follow the metaphor of Homer’s Trojan Horse, whose occupants emerged in the night to open Troy’s gates to a devastating attack.
• Spyware – watch your actions for marketing purposes.
• Adware – produces annoying popup ads.

You can get an infection by visiting a malicious Web site, or by clicking a file attached to spam e-mail, through a p2p file-sharing network, by downloading what you thought was free software, or by using an infected removable device like a USB memory stick. Intrusion attacks can come in over the Internet.

Many trojans will download other malware that take root in your computer and start doing bad things. These include password stealers and keyloggers that work to swipe your account information so that someone else can steal your money. Or they may turn your computer in to a botnet node under the remote control of a bot herder who will then use your computer to spew spam.

Trojans Rule (in the U.S.)

In the U.S. the majority of viruses come through some kind of Trojan. According to the SIR, 42% of the infections that the MSRT discovered were Trojans. Adware was also big at 16.3%. Nasty password stealers amounted to 4.1%. Elsewhere, infections are a toss-up. In Brazil, for instance, password stealers aimed at on-line banking predominate. Spain and South Korea have little in common, but both are afflicted by worms that target on-line gamers.

Patching and Updating Works

Hackers have a reputation of being ahead of the software vendors, but in reality they often use vulnerabilities for which patches has already been issued. Even when the hackers get the upper hand, it may not be for long. Microsoft likes to use the example of the “Reno” Trojan that was attacking Vista, causing Windows Explorer to generate trackable error reports. After Microsoft issued a patch, the reports fell from 1.2 million error reports daily to less than 100,000—in three days. Within a month reports fell off the chart.

The rate of infection of 64-bit versions of software is a third lower than the rate of infection of the 32-bit version. The lesson to learn should be evident – update all of your software on a regular basis.

Watch out for Phishing

The big news is the rise in phishing—e-mail that tries to trick you into revealing information that could be used for ID theft or other fraud. The phishers have been going after denizens of social networking sites and even large corporations.

Software can’t protect you against the phishing plague—only common sense can do that. If some random e-mail asks for your personal information because somehow otherwise your bank account, or your game subscription, or your corporate computer privileges will be suspended, delete it.