Cyber Security: Software Threats

Software threats are malicious pieces of computer code and applications that can damage your computer, as well as steal your personal or financial information. For this reason, these dangerous programs are often called malware (short for “malicious software.”)

Fortunately, many antivirus programs, as well as comprehensive security software, exist to prevent the effects of software threats. A comprehensive security suite will have specific anti-spyware and dedicated adware removal software and provides general protection from viruses. Most vendors also issue patches that close down vulnerabilities exploited by email viruses. If you use and update good security software, stick to reputable websites and open only files sent to you by senders you know and marked as “safe” by your email provider, you should be able to avoid most threats. (Keep in mind, though, that email accounts are sometimes hacked and used to send spam, so treat even email from people you know with caution.)

Mobile Software Threats

With an increasing reliance on mobile devices it is important to be aware of new and emerging software threats that target them specifically. Mobile viruses, for example, can infect one cellular phone and then spread to other devices via the mobile phone network. Bluejacking is the sending of unwanted or unsolicited messages to strangers via Bluetooth technology. It can be a serious problem if obscene or threatening messages and images are sent. Bluesnarfing is the actual theft of data from Bluetooth enabled devices (including both mobile phones and laptops): contact lists, phonebooks, images and other data may be stolen in this way. [1]

Mobile Viruses

Mobile devices can be infected by viruses that spread themselves via the mobile phone network. These have been a limited threat to date due to the fact that mobile phones use many different operating systems, but as a small number of systems (such as Android and iOS) become dominant, these viruses will be able to spread more widely. In all other respects these are identical to other computer viruses. [2]

Bluejacking

Bluejacking uses a feature originally intended to exchange contact information to send anonymous, unwanted messages to other users with Bluetooth-enabled mobile phones or laptops. In some cases this is used to send obscene or threatening messages or images, and it could be used to spread malware as well. [3]

Bluesnarfing

Bluesnarfing is the actual theft of data from Bluetooth enabled devices (especially phones). Like bluejacking it depends on a connection to a Bluetooth phone being available. A Bluetooth user running the right software from a laptop can discover a nearby phone and steal the contact list, phonebook and images etc. Furthermore, your phone’s serial number can be downloaded and used to close the phone. Again, the only current defense is to turn your Bluetooth off by setting it to “undiscoverable”. [4]   

Security Tips

  • In order to protect yourself from mobile viruses it is important to regularly update your operating system. Security software is also available for a variety of mobile operating systems, including Android and iOS (iPhone and iPad). Many of these are produced by the same publishers as popular security suites for desktop computers such as Norton and McAfee.
  • The only way to avoid Bluejacking is to turn off your Bluetooth device or set it to “undiscoverable”. To limit the risk of Bluesnarfing, only use Bluetooth devices in private. [5]

Understanding Malware

Email viruses

Most email viruses rely on the user double clicking on an attachment. This runs a malicious code that mails itself to other users from that computer. Any attachment that you open on your computer could contain a virus and infect your computer even if the extension appears to be safe (such as .txt, .doc and .jpg). Some viruses can infect users as soon as they open the email. These viruses may compromise your computer’s security or steal data, but more often they create excessive email traffic and crash servers. [6] Viruses can also be spread by clicking on links in emails that lead to malware sites.

Macro viruses

This type of virus, also known as a document virus, takes advantage of macros (commands embedded in word processing and spreadsheet software that run automatically) to infect your computer. A macro virus can copy itself and spread from one file to another. If you open a file that contains a macro virus it copies itself into the application’s start up files and infects the computer. The next file you open using the same program, and every file thereafter, will become infected; the infection can therefore spread rapidly across a network. [7]

Boot sector viruses

Boot-sector viruses are mostly spread through infected storage devices such as USB drives. When your computer is turned on the hardware seeks out the boot-sector program, which is the program the computer runs when it starts up. (This is generally located on the hard drive but can also be on a storage device such as a DVD or USB drive.) A boot-sector virus replaces the original boot-sector with its own, modified version. Upon your next start up the infected boot sector is used and the virus becomes active. It can then read or modify any files or programs on your computer. [8]

Adware

This type of intrusive software displays advertisements on your computer. These usually come in the form of banners and pop-ups when an application is in use. Adware can become a serious problem if it installs itself onto your machine: it can hijack your browser (Internet Explorer, Firefox, Chrome or Safari for example) to display more ads, gather data from your Web browsing without your consent and prevent you from uninstalling it. The most common issues with adware is that it can slow down your Internet connection or render you computer unstable as well as distract you and waste your time. [9]

Spyware

While technically a form of adware, spyware has as its primary function the collection of small pieces of information without users’ knowledge. One form of spyware, called a keylogger, actually monitors everything you input into your computer. In addition to monitoring your input and Internet surfing habits, spyware can interfere with your control over your computer by installing additional software, redirecting your browser, changing computer settings, and slowing or cutting off your Internet connection. [10]

Security Tips

  • To avoid viruses you should run anti-virus software (Norton, MacAfee, and Avast are examples of reputable programs) and avoid clicking on unexpected attachments. Installing patches (a software “fix” designed to address holes and vulnerabilities in software) issued by software vendors can also protect you as they can close down vulnerabilities exploited by viruses. In particular, it is important to keep your browser (the program you use for accessing the Web, such as Internet Explorer, Firefox, Chrome or Safari) up-to-date, as browsers are one of the main targets of viruses.
  • To avoid email viruses in particular, be careful about downloading attachments. You should only download an attachment from an email if you know the sender and are certain that his/her account has not been compromised. (Signs that an e-mail account has been compromised include a subject line that makes no sense and mass-mailings to all of the account’s contacts.)
  • Avoid opening any documents that are not from a sender you know and trust. If any of your programs begin behaving oddly, run a scan using your anti-virus software immediately.
  • To avoid viruses and other malware carried on storage devices, use only storage devices that you have bought new. Before using any storage device, run anti-virus software on it, and do so again every time you plug a storage device into a different computer.
  • Most antivirus software detects adware and labels it as “potentially unwanted applications”. You can then authorize the adware or choose to remove it. There are also dedicated adware removal programs such as Ad-Aware by Lavasoft. A freeware version exists online, though it has fewer features than the commercial version.
  • Similarly, most anti-spyware software will be included with a comprehensive antivirus program or you can opt for dedicated software.

General Tips - Most computers come with embedded security features including a firewall. This prevents unknown programs and processes from accessing the system but is not a replacement for anti-virus software. Your firewall can be located and activated from your computer’s control panel. Some websites maintained by antivirus vendors offer free online scanning of your entire computer system, but be sure to verify the source: some sites which claim to scan for viruses actually plant malware on your computer.

Cookies

A cookie is a small text file which is saved on your computer by a website, mainly used as a means for session management, personalization and tracking while surfing the Web. Some cookies can be beneficial, making for a smoother browsing experience: for instance, they can save small pieces of information into memory, such as your name, so that you don’t constantly have to re-enter it on your most frequently visited websites. Cookies are essential to common features of websites such as “shopping carts” (which store your purchasing decisions while you browse an online commerce site such as Amazon). These cookies are usually deleted after you leave the website or within a few days of not visiting it.

Other cookies, however, can be far more of a nuisance. These cookies will recreate themselves after the user has deleted them. A script will then keep this information in some other location on the computer, unbeknownst to the user. Other kinds are able to closely track your online habits and can last up to a year on a given server. [11]

Understanding Cookies

There are several different types of cookies. Each has different properties:

Session Cookies

This type of cookie only lasts for the duration of your stay on a particular website and is deleted when you close your browser.

Persistent Cookies

This type of cookie is also known as a “tracking” or “in memory” cookie. These cookies can last up to a year from each time a user revisits the server.

Secure Cookies

These cookies are used when you are visiting a secure site (one where the Web address begins with “https” rather than “http”). These cookies are encrypted when being sent to and from your computer and the server, which means that they are more secure if someone intercepts or copies them.

Unauthorized Installation and Replication Cookies

This type of cookie, sometimes referred to as a “zombie” or “super” cookie, automatically recreates itself in some other location on the computer after a user has deleted it.

Security Tips
  • Most browsers (Internet Explorer, Firefox, Chrome or Safari) are set to accept cookies by default. If you do not wish to use cookies, all browsers allow you to disable them. Some browsers also allow you to see which cookies you currently have on your computer and to delete those you do not want. There are also software tools, such as CCleaner, WinBrush and QuickWiper, that get rid of standard cookies and files as well as unwanted persistent and self replicating cookies that refuse to go away.
  • Most browsers also have an option to browse without storing cookies (called inPrivate Browsing in Internet Explorer, Incognito Mode in Chrome and Private Browsing in Firefox and Safari). However, while this does prevent cookies from being saved to your computer it does not mean that there will be no records of your browsing saved on your computer or on the servers of the websites you visit.
  • Secure sites (where the Web address begins with “https” rather than “http”) encrypt any cookies you send to them. This makes it more difficult for the information in the cookies to be intercepted and misused. You should always use secure sites for anything that involves financial information (bank or credit card data, etc.)
  • Because logins and passwords are often saved using cookies, you should periodically change your passwords on any sites you visit.

Browser Hijacking

Browser hijacking is a malicious online activity where hijackers change the default settings in your Internet browser. Links may appear that point to websites you would usually avoid, new toolbars and favorites that you do not want may be added and your computer may slow down overall. Users will also often find themselves unable to return to their original settings once this is done. The purpose of this threat is to force you to visit a website. This increases the traffic and number of “hits” a website receives which allows it to boost its advertising revenue. (These websites may also contain malicious scripts or viruses.) Browser hijackers can be extremely persistent and if they can’t be removed you may find yourself having to reinstall your browser or restore your entire system to its original settings. [12]

Security Tips
  • As is the case with most other software threats, keeping your browser updated and using reliable security software and updates is your first defense. If you do become a victim of hijacking, you can reset your browser settings. How this is done depends on your browser:
    • In Internet Explorer, close your browser and then go to Control Panel. Select Network and Internet and then Internet Options. Click on the Advanced tab and then click on the Reset button under Reset Internet Explorer Settings.
    • In Firefox, open the Start menu and select Run. Enter “firefox-safe-mode” (without quotation marks) then select “Reset all user preferences to Firefox defaults.”
    • In Chrome, delete the First run file. If you are using Windows XP, that file is at C:\Documents and Settings\UserName\Local Settings\Application Data\Google\Chrome\Application (where “UserName” is your name); if you are using Windows Vista or later, it is at C:\Users\UserName\AppData\Local\Google\Chrom\Application.
    • In Safari, begin by opening your browser and clicking on “Safari” in your Safari menu. Select Reset Safari and click the Reset dialogue button that appears.
  • You can also disable your add-ons (a piece of software that enhances another software program, such as plug-ins for Internet Explorer) as a secondary line of defense. If all else fails you may have to restore your computer’s state to an earlier point in time using a backup hard drive or the recovery discs that came with it.

Scripts

A script is a piece of code that is loaded and run by your browser. The most common type is JavaScript, but HTML, Java or Flash based plug-ins have similar effects. While scripts may enhance and enrich online experiences (and are often necessary to use the full functionality of a website) they can also be malicious. A malicious script can compromise your computer’s performance and overall functionality by redirecting you to another site or loading malware onto your computer.

Security Tips

While you are generally safe from malicious scripts if you stick to trusted sites, there have been cases in which hackers installed malicious scripts onto legitimate sites. The only sure way of preventing script attacks is to control which scripts run when you visit a site.

  • In Firefox, you may use a free add-on called NoScript (http://noscript.net/) which lets you select which scripts to run when you visit a site: you can select the minimum necessary to get the functionality you need.
  • There are similar add-ons available for Chrome, which also allows you to block scripts by default by selecting Options, then Under the Hood, then Content settings and click Manage JavaScript blocking.
  • In Internet Explorer, click Tools, then Internet Options, then Security and then Internet. Click Custom Level and set levels to “Prompt” wherever possible. Some antivirus software such as Norton AntiVirus also let you select which scripts to run.    

 


[1] Tupas, M. (2010). 21 Types of Computer Security Threats. Retrieved from http://www.whatsthelatest.net/news/types-computer-security-threats-cybercrime/
[2] Ibid.
[3] Ibid.
[4] Ibid.
[5] Ibid.
[6] Ibid.
[7] Ibid.
[8] Ibid.
[9] Ibid.
[10] Ibid.
[11] Beal, V. (2010). What are Cookies and What do Cookies Do?. Retrieved from http://www.webopedia.com/DidYouKnow/Internet/2007/all_about_cookies.asp
[12] Tupas, M. (2010).