Please note: Every link on this page opens in a new window. If your "Pop-up killer" is too efficient it can also stop new windows. When this happens, please press "Ctrl" and click on the link you want.

Definitions

Virus

.

A computer virus is a file infecting other files. Those I have received have been 150-250 KB, but that includes what else is included in the message. The viruses mostly come to you by e-mail.

Worm

.

A worm is a program. It does not infect any files but makes copies of itself and can overwrite some of your program files, thus making them non-operational. The one I received was itself only about 6 KB while the file in which it was embedded was about 570 KB.

Smart Worm

.

A smart worm is a targeted worm. Usually it seeks itself vulnerable networks within a certain sector, for instance municipal schools, hospitals etc - or some specific professional network like lawyers, doctors, etc.

Rootkit

.

A rootkit is a program designed to hide processes, files, or registry entries. In "modern" worms it's used to hide the worm from the computer user.

What is Virus Vulnerability ?

Virus vulnerability means a weakness, i.e. a "hole" in a certain program through which a virus or worm can enter your computer.

I would divide those vulnerabilities (weaknesses) into two very different groups. There are what can be called critical vulnerabilities. These are "holes" or "bugs" or "faults" in some program that lets current viruses and worms get access to your computer. If you don't have any antivirus software at all then your computer is at a high risk.

Then there are vulnerabilities for potential viruses and worms. These are openings or possibilities for viruses or worms to enter but haven't been explored yet. In other words, there isn't any virus or worm written for these weaknesses yet.

Very many virus "alerts" concerns the second kind of vulnerability. It doesn't, however, mean you can disregard them. If there is a possibility, one day - may be next week - somebody will use it to exploit your computer.

Once you have antivirus software installed and you are careful, may be you wont catch any viruses for a long time. That's no reason to stop being careful. Carefulness is how and why your computer survives in the Internet jungle.

In September 2007 some vulnerabilities were reported even in Wordpress. These can be used to insert scripts and for SQL injection attacks. Users are urged to up-date to new Wordpress versions.

Panda security report December 03, 2007, stated 28% of protected computers and 41% of unprotected computers were infected by one or several viruses or malware.

More info on vulnerabilities with tips on how to increase your computer security in report from SANS (Win, Linux, Mac).

Viruses

There are e-mail viruses and email borne ( carried ) viruses. "File" viruses infect executable files by inserting their code into some part of the original file so that it ( the virus ) can be executed when the file is accessed or then they overwrite the file entirely ( Mac, UNIX, Linux, DOS, Windows ). Overwriting viruses causes irreversible damage to that file and the program file has to be re-installed again.

email viruses.
Usually the virus gets into your computer via somebody's email address book. Once there it starts multiplying itself and sends the copies (clones) to every address in your address book. The normal behaviour for viruses is they attack and destroy other files in your computer, sometimes the virus will read certain files and send copies of them back to whomever sent it to you.

When embedded in an attachment you have to open the attachment first before your computer gets infected. If an attachment is not awaited or expected, be suspicious. Ask the sender first if he/she has sent you an attachment. Do it before you open it. It happens the sender's name and/or address is faked. Just knowing the name or the address of the sender is not enough.

email borne viruses.
These will activate when you open an email without any attachment.

The best way to avoid viruses, in addition to having a virus detection program, is not to open any file or mail coming from an unknown person. Even if the senders name is familiar, it's better to open the file - if you are curious - on a public computer. Public computers are usually better protected than private ones - for them it's a business and therefore they can afford higher priced protection.

When including the different virus strains, worms, and unwanted programs the estimated number was already in Feb. 2006 up to 258.954 and increasing.

Some email messages can come with an invisible picture embedded in the message. When you open the message, the code in the hidden picture will automatically open the attachment and activate the virus or worm. To avoid this you need to change to plain text email. Get advice on how to secure your email.

Postmaster's Messages.
When you send an email and make a typing error in the receiver's address, the message is returned to your email box as undeliverable by "Postmaster". Of course it's good to know when one's messages hasn't been delivered, isn't it?

This works also in a negative way. The Postmaster can also bee "fooled" into sending a virus to you by faking your email address as sender and then sending the virus message to a non-existing address. Never open a "Postmaster's" message on your own computer, it can be an email borne virus.

It's easy to use a "spamming spider" to collect email addresses and then use these addresses to fake a sender address for the worm. Therefore you should always hide your email address from all spider programs.

Mobile Phones
Once when I opened my email on my friends computer I noticed a message from "Postmaster" returning a text message to a local mobile phone number (in the Philippines) - for me an unknown number. May be the text message had been sent from my email box. This was before I emptied all my email address books. Later my friend's wife told me she had got a virus in her email. Whether it was that one that sent the message or not, I don't know. She didn't remember the name of the virus.

As soon as somebody figures out how to make money out of mobile phones it is expected the real worms for mobile phones will start spreading. What still restricts the virus writers is that the mobile phone programs are very secret and nobody has so far managed to get any economic gain out of these.

Download F-Secure or Avira Mobile Antivirus software

Boot sector viruses.
The boot sector is a list of contents on a hard disk telling where each file can be found. These viruses spread mainly through infected floppy disks. Especially when a diskette (floppy) is left in the drive, then when the PC is started again the virus can get over on the hard disk. A boot sector virus can put the entire operation of that computer at risk.

What above is said about floppy disks applies as much to "flash drives" ( removable computer memory ). If you are using such one instead, treat it same as you would a floppy disk - do a virus scan before using it - and don't forget to include program disks too ( especially games ).

Instead of spreading by email, many viruses nowadays (2007) enter the computer directly based on the connection IP number.

Most common viruses.
See virus headlines at the bottom of this page. Common virus file extensions: .bat, .exe, .pif, .src, .vbs. See list of extensions to be suspicious about. For detailed info on individual viruses go to the Virus Encyclopaedia or Kaspersky's Virus Encyclopedia. There is also a world-wide list of current active viruses. The most common viruses last month are in the Virus News list at the bottom of this page.

Xp-Shield is an adware ( advert-displaying program ) which tries to pass as antivirus software. Once your computer is infected it simulates a virus scan, falsely warning users that the system is infected. Then it tells the user to register and pay for the software to clean up the computer. This one was reported by Panda Software.

Before you decide to buy an anti virus program you can do a free online virus scan of your computer. You can get another virus scan at Panda Labs. Never try to delete a virus by yourself - always use anti virus software.

List of virus information sources:

Antivirus Computer Associates F-secure (English, Swedish) McAfee Panda Virus Encyclopaedia Secunia Sophos Stiller Research Symantec Virus Bulletin Free Personal Anti Virus Software: AVG free, Win, Linux. Free personal virus protection, in English or German (Win, Linux). Avast (Win), (20.7 MB) free personal anti virus for home use, removes some spy- and adware. Avast for Linux

After you have installed anti virus software you can check the installation was properly done by downloading The "Eicar" File. You can copy the text string and paste it into Notepad. Save the file as eicar.com and as "All files".

If your antivirus software is working properly you should get an alert as if it would be a virus with suggestion not to allow or to delete straight away. If not, then you have to run a virus scan. If the virus scan doesn't report anything, either you have saved the file in the wrong way or your anti virus isn't working properly. In the latter case get new software immediately.

Download free 15 tips on staying virus free from Panda Soft Ware.

Browser Vulnerabilities

All browsers have weaknesses that can be used for attacking a computer and especially the antivirus programs you have. In most cases this concerns the use of JavaScript, either in e-mail systems or on malicious websites. ( both Windows and Linux )

A malicious website / webpage causes the automatic installation of software without the user's knowledge or consent.

At Secunia you can test your computer for some of these vulnerabilities. If your browser is affected you either have to up-date it or try to find a better one. See Don Pedro's Browsers. Nowadays (2007) most browsers are affected so the best you can do is to be very careful when surfing the Internet.

Starting Oct. 2006 Security patches are supplied only for Explorer 6 when on XP SP2, service pack 1 isn't supported any more. Internet Explorer 7 was released on Oct. 18, 2006. It still had some vulnerabilities reported already earlier in Explorer 6. Very end of Oct. 2006 Secunia found a 2 year old vulnerability still in Explorer 7 even with full security patches for SP2.

Recommended additional action: disable active scripting for trusted sites. Go to "Tools" --> "Internet Options" --> "Security". Click on "Trusted Sites" icon, then you remove all trusted sites, if there are any. In addition you can go to "Advanced" and click off the two instances of "Enable install ...", then click "Apply" and "OK".

When you fill in a form online or go to a password protected webpage, the browser offers to either save your personal data ( "Autocomplete" ) or just the password ("Remember me"). This is information you should not keep in your computer. Trojans can and will copy these and forward them to their master. Get tips on how to disable the function: Explorer (IE), Firefox, and Netscape Navigator.

In March 2007 Panda Labs discovered a Virus - "Therat.B" - that can steal passwords stored in auto-complete function of Internet browsers used to complete user names and passwords when filling in forms (Panda Labs newsletter, March 30, 2007).

In June 2008 Secunia reported on virus vulnerabilities in Firefox 2.0.x and 3.0. Recommendation is to up-date to Firefox 3.1.

Special for Windows Users

Windows comes with several programs everybody doesn't need. You cannot delete them but you can disable those you don't need. If you are using Internet Explorer or some other browser you can disable MSN Explorer, which is built in to all Windows systems. When you are at it disable Outlook Express as well. You will then close a few ways viruses and worms can get into your computer.

To disable any of the Windows components (in XP) Go to "Start" --> "Settings" --> "Control Panel" --> "Add or Remove Programs" --> (at the left side) "Add/Remove Windows Components". Click on that and you get a list of those you can disable. Those you don't need you click off.

Instant messaging.
If you are using instant messaging you should treat every message as an email, may be you should be even more suspicious about these messages. On home computers the "Instant Messenger" is completely unnecessary but at the same time it offers inroads for viruses and worms. You can therefore disable the Messenger.

In August 2007 Panda Labs discovered a Trojan password stealing worm creating tool, which is distributed for free on some Internet forums. The tool is very easy to use and that of course means a possible multiplication of the number of password stealing worms attacking your computer. These are spreading by using Instant Messenger. Once this Trojan has invaded your computer it will display a screen, "a control panel" to it's creator, who then can modify and/or give new commands or specifications on what personal data to steal. The tool is called "Shark 2".

Yahoo informed as well in August 2007 also Yahoo Messenger have some vulnerabilities.

Don't click on any link in any message before you are sure your friend really sent it.

Macros.
Macros are pieces of code attached to Word, Excel, and PowerPoint documents and files. For instance to instruct the computer to add all amounts in a column and then print out the total below (Excel spreadsheets). These can be used by a skilled programmer to hide his code and when you open the document or file the "Macro" Virus or Worm can take over your computer. When you get a world document by email and really want to check it out, what to do?

You can save the document or file as Rich Text Format (.rtf) instead of opening it. When you do this and the document have Macros hidden you will get an alert: "Macros will be deleted", click on "Continue", and both Macros and viruses disappears.

Flash runs on "Active-X", which can open a back door for Trojan Worms. Active-X was switched on by default before but not anymore in IE 7. The "Wine Var" worm is one that exploits the "hole" in Active-X, it has been around since 2002.

In April 2008 Secunia reported on new vulnerabilities in Adobe Flash Player - I myself don't use Flash at all, neither on any one of my webpages nor on my own computer either.

Active-X was originally intended for intranet use only ( i.e. a company internal network ) and should never be used on the Internet. Also Yahoo! Messenger relies on Active-X. Still in September 2007 Secunia reported on new vulnerabilities found in ActiveX.

Viruses with JPG-Format Pictures.
In September 2004 Microsoft released patches for a vulnerability in JPG files. It can be exploited from malicious websites or via email. The problem lies with processing malformed ( purposefully corrupted ) .jpg picture files. It allows the attacker to operate the computer system with same rights and access as the currently logged in user. The system's file concerned is called "GDIPPlus.dll".

A new development of the same kind of image handling weakness was discovered in Dec. 2005, utilizing Windows Meta File. Microsoft has released a security patch (excluding Win 98). The first versions of this "model" were in connection with spyware and adware. The Win Meta Files' vulnerabilities are still being exploited in 2007.

Automatic Up-dates.
When you download a new program, never accept "automatic update". If you download something from the Net it's always on your own risk.

After you have downloaded a new program do check for possible viruses or other "malware" before you install the program. Don't download programs that will start automatically, only those for which you have to close down and restart your computer or those you can download ( for instance on your back-up disk ) and scan separately before installation.

Especially Windows XP users should be aware "Automatic up-date" is a default option when installing this Operations System. To turn it off you:
- Right-click on "My Computer" icon on your screen,
- Go --> "Properties" -->  "Automatic up-date",
- TURN it OFF, then Click "Apply" and Click "OK".

Felgall has reported a fault in Windows XP (SP2). The firewall included in the package stores information on which programs are allowed to access Internet in the registry. It means Trojan worms can write their own permission into the registry and then have free access out from your computer without you being aware of it. Independent firewalls store their information in a special folder, which is encrypted.

Haxdoor.NJ is such a backdoor Trojan collecting passwords. Among other things it registers itself in Windows firewall settings as an authorized application (program). (source: Panda Software, newsletter, Oct. 13, 2006)
See about firewalls below.

Normally Microsoft releases "safety patches" once per month, i.e. every second Tuesday each month. Other antivirus and spyware vendors give updates at least every week.

On Tuesday Aug. 8, 2006, Microsoft released a security patch MS06-040. Within one week a new worm exploiting this vulnerability was found by Panda Software. If you haven't got that patch yet, do download it, and avoid "Automatic Updates".

The worm is called OskarBot.KD. It searches for computers still having this vulnerability unfixed. When finding one it causes a buffer overflow on the system and executes it's code. The worm then downloads itself (a copy) in a file called wgareg.exe. The worm can also use AOL instant messaging system as well as spread via shared drives.

OskarBot allows a remote controller to run all types of software on the "hijacked" computer or launch attacks on other computers with the same vulnerability (see "Zombie PC"). Further it disables Windows firewall (Source: Panda Software, Newsletter Aug. 2006).
The security patch MS06-042 in fact introduced a new vulnerability.

In 2007 Microsoft was still patching their office programs from 2000 and 2002. The vulnerabilities have been found in Word, Excel, and Power Point [.doc, .xls, and .pps]. Even if you get such an document from a trusted friend, do save the document without opening it on your hard disk. Then you scan it both for viruses and spyware before opening.

Subscribe to "Window's Secrets" and get tips on how to keep your programs up-to-date.

Both Windows and Linux users.
On June 10, 2008, Secunia reported a vulnerability in Open Office, versions 2.0-2.4. Solution is to up-date the program to 2.4.1. Go to Open Office "Writer", --> Tools --> Update --> Update All.

Special for Linux users

Computer viruses do indeed attack also Unix or Linux users. Even if the majority of viruses targets Windows also Unix / Linux users need protection. As the number of Linux users increases the possibilities to exploit also those computers turns economically viable.

In September 2007 two vulnerabilities were reported in Linux Kernel. Both can be used to disclose sensitive information in users' computers. Patches exist for both vulnerabilities.

Especially if you have the "wine-program" to run some special windows based programs with your Linux system, the computer is vulnerable to both Windows and Linux viruses.

Linux Slapper worm, explicitly exploits weblog and website traffic software programs ("Visitor statistics"). The worm opens a backdoor on the server. Search for file "/tmp/lupii". If found, delete the file.

There are some vulnerabilities in Mozilla products, which can be exploited only on Unix or Linux based computers.

The Opera browser, versions 7.x and 8.x have some vulnerabilities, which can be exploited only in Unix or Linux based computers. Recommendation is to up-date to version 8.51.

Computer Worms

The definitions above are not universally adopted. Generally worms are included in lists and descriptions of viruses. To make a difference regular viruses are often called "file virus" compared with worms, which are programs. Of course, programs are also "files" in a strict sense.

Except for English there are also German and Spanish language messages containing worms, and the "Zafi" worm comes in several other languages. Regardless of what language you use they will still attack your system (even if you are using or ).

Trojan worms.
Sometimes also called just "Trojans", the name coming from the "Trojan horse" in Greek mythology. Usually these create a "back door" entrance either for new up-loads / up-dates or for hackers to enter a certain network. The latter are also called "Rats" ( Remote Access Trojan ). Some capture passwords and user ID's found in the computer and sends them back to their "master".

There are some worms that stay inactive in your computer until you access the website of a bank listed in their program. The worm then copies down your user ID and password as you type them and sends them back to its "Master". The only way to avoid this is to use a bank whose name isn't included in the URL and that uses "one-time-pads" for the passwords. This is a list of random passwords delivered to you by "snail mail". Each password is used only once and in the sequence given.

Trojan "Agent AD" copies your keystrokes ( user ID and passwords ) and takes screen shots. These are then forwarded by e-mail to the Trojan's "Master".

Some South American banks are using a "keyboard" on the screen. You then "type" your ID and password by clicking on the letters and/or numbers on that "screen keyboard". Then some Trojans take a "screen shot video", which they send to whoever made the worm. And the Trojan's owner proceeds and empties the bank account.

Some European banks have developed a small electronic wireless device, about same size as a wireless "car key". Once you are on the bank's login page you punch in your access code, point the device to the screen and push a button. The small screen on your device will show a control number when everything is OK. As you don't use the keyboard to put in your access code, and no code is shown on the screen, there is nothing for the worm to copy and send anywhere.

Most Trojans are developed with one objective only in mind: to steal confidential information.

Downloader Trojan is a self-updating code (program) that will download new files and change itself ("mutate") so it's more difficult to find. Since end of 2006 the number of worms spreading by e-mail has declined, they tend now to come into your computer either directly or from a malicious website you are trigged to visit.

More and more often, instead of the virus-worm appearing as an attachment to an email, it comes as a link to a malicious website. The message can look like spam email. When you click on the link to delete your address from the mailing list, you will download a virus-worm instead.

Worms, Spyware, and other Malware

Malware is a constriction of the words Malicious Software. With today's "definitions" it can be a virus, worm, spy ware, or anything intended to cause harm either to your computer or yourself. Personally I would include only those files and programs that cause nuisance or problems to me and not those causing damage to my computer.

Spyware are programs, which install themselves on computers without user's permission. The foremost reason for spyware is financial gain. The most common ways for malware to spread nowadays (2007) is via downloads especially of games and music or by visiting malicious websites. See McAfee Report June 2007.

Since year 2006 most spyware ( malware ) have had one purpose only: to copy and forward credit card numbers, online banking user IDs and passwords, or other confidential information. These are then forwarded to somebody who will use them for his personal economic gain. When people keep these numbers and data details on their internet connected computers it's very easy to steal the information.

Antivirus software is not designed to deal with regular "Spy ware". Some new versions ( from 2006 and later ) of anti virus software do detect also spyware. You can get tips on how to remove spy ware.

Beginning Sept. 2006 Panda Labs detected a spam message that's using subliminal advertising. At first it looks like an advertisement to buy stocks online but it includes images displayed extremely rapidly. Four different images show the word "Buy" for a maximum of 40 milliseconds each. This influences the recipient on a subconscious level and is illegal in most countries. The spamming techniques are developing all the time.

Of course, some of these can cause harm to a sensitive person, like "mental stress" ("nervous breakdown") as well as economic "pain". Especially after you have closed and restarted your computer and the same pop-up, which you can't close, is there again. May be you start feeling like throwing the computer out of the window. And may be that's what's intended. A direct economic loss = new computer and new window!

Advice:

1. To close that non-closable pop-up press "Alt" + "F4".
   
2. Get a pop-up stopper killer.
   
3. With a booby-trapped website you can't get away from, close and restart your computer. Open internet from "Start" --> "Programs" --> "Browser", click on " "Stay Offline". Then you go to "Tools" --> "Internet Options" --> and click on "Clear History". This clears the cache, where that annoying site was stored. Never go back to that site again.

Google is co-operating with Badware Organization and should give a warning when somebody by mistake wants to go to a "bad" or malicious website. Get advise from the organization on how to check and secure both your server and your website.

Malware and spyware writers are developing new techniques, for instance the worm Zcodec installs a rootkit on the computer so the users cannot see what's going on. It can change the settings in the browser so that when you click on a link in a search engine's result page you will be taken to a different page. The creator profits via pay-per-click payments or alternatively you are taken to a page designed to steal confidential data.

The same worm can in addition download other malicious programs to perform more theft. This way of combining several different techniques in the same worm is getting more common.

TelnetOn.A worm creates an Administrator account, stops antivirus and firewall software as well as other malware programs [Panda Software Newsletter, Nov. 17, 2006]. The competition between different password and ID numbers stealing spyware is getting fierce, new ones appear daily.

Conycspa.AJ, a Trojan, downloads 9 (nine) malicious codes including a file sending out spam about medicine from your computer. This Trojan will also redirect your browser to websites about medicine (for instance, Viagra).

In July 2007 Panda Labs (Report July 20, 2007) discovered a new kind of worm, ransomware. It was a Trojan, Sinowal.FY, which encrypts user's files so they cannot be opened and then demands a USD 300 ransom to send a tool to decrypt the files!

The same report described a virus / worm / Trojan, Pahooka.A, which shows itself to the computer user by putting a multi coloured star on a blue background on the desktop. This one is a really bad one. First it copies itself to all drives. It eliminates the content of folders in certain anti-virus programs plus changes the registry to hide Search and Run options in the Start menu.

After that Pahooka.A. hides Folder options, Control Panel options, Network connections, Printers and Faxes options. It also prevents the users from using System Restore settings and disables the registry editor and the Task Manager. After all this it periodically connects to certain webpages to download more malware. In fact it controls the computer more than the legitimate user can do.

Before it could take a week or two of surfing on the net before I got some spy ware into my computer. After August 2005, however, the spy ware and malware distributors have got more aggressive, in 2006 half hour was enough to get at least five of them. I'm using DSL-Broadband connection. During September 2006 only, over 4.000 new malware were discovered.

Because of the strong increase of new spy- and malware many removal software has turned commercial. This means you can scan your computer for free, but when you want to remove what was found you have to pay first. According to Secunia in March 2008 there are found about 200 new viruses / worms every week.

In March 2008 I got myself a very bad virus / worm, it showed up under different names in my scanning:

• W32 / Autorun.lk.worm and also as,
  
• XMSS.exe ,
  
• Funny UST Scandal.a..

My computer hard disk is partitioned into "C" and "D", with only programs on C and only data files and installers on D disk. I got it first on the D disk from where it migrated to the C disk by itself. It was enough I opened my computer and tried to up-date my antivirus software and suddenly this worm was all over. In the end it stopped my computer from running, couldn't access control panel or settings. Neither was it possible to access Itnetnet either. I ended up with re-installing XP and re-formatting my D-disk.

List of Free Spyware removing Software

Spyware Begone, 3.8 MB

Spybot, Free spyware and malware detection and protection software, 14.3 MB.

Panda Antivirus 2008 Beta, free for home use, removes also malware [ Win, Mac, Linux ]

About 90% of all email messages sent are either error messages or containing malware-spyware. Less than 10% of all email is normal and legitimate. Most of the spam or junk came before from USA but starting 2006 from P.R. China, South Korea, and Spain, which are fast catching up. Most of the malware and spyware is targeting messaging services and network portals (Kaspersky, July 2006 newsletter).

A searchable and indexed archive of scams received by email. You can check every email you are suspicious about against the archive. You can also include the scam search in the Google toolbar - if you have the toolbar.

What is a Zombie PC ?
During the last week in July 2005 I helped my friend to install protection into his computer. He had a modem dial-up connection so his computer was not so vulnerable to attacks as if he were using broadband. He had no protection at all before.

First we installed Spybot (it was still free at that time), closed down and restarted. Spybot immediately reported "Your computer is being hijacked". That worm was destroyed and while next downloading a firewall Spybot reported again "Hijacking attempt discovered and destroyed". Once he got some more protection installed no more hijackings have been reported.

When somebody "hijacks" your computer it means somebody plants a worm that can for instance start sending out copies of the same worm to other unprotected computers from your computer without you knowing about it. Of course your connection is legitimate so the hijacking Trojan worm could be traceable to your computer. It's same as if the computer would be "living dead" because somebody else have control over it. That's why it's called a zombie PC.

What if website gets hijacked ?
This is getting more and more common all the time. The best you can do is to prevent it from the beginning by being extremely careful when choosing your website hosting company. You can get some tips on that on my page How to Change Domain Without Loss.

The most common hijackers are those selling Viagra or something similar. If someone can insert hidden redirecting content and hidden links into your server code, they theoretically ( and practically ) have full control over that website. You ( or the server tech support team ) have to stop the hackers before they get in to the server. Once your website has been hijacked once, it can happen again and again until you close down your website forever.

Usually the bad links and/or content is inserted into or through ".htaccess". If you have a webhost with an active and friendly tech support team, then it's very much possible those nice guys are keeping the server secure also. Or you can be compelled to change webhost and experience all those extra and new problems, which arise from such a move.

To check if it has happened to your website you can download a Firefox extension and switch user agents. That way you can see exactly what "Googlebot" ( Google's spider / robot ) or any of the other search engine spiders will see when they download your webpages. There is a list of user agents you can use in combination with the Firefox extension. Once you find something bad, copy it and send it complete to your server's tech support team and require them to fix the security. Or change webhost.

Malware Example

To avoid by mistake getting in on a "bad" site you can download Netcraft's toolbar for free (2.9 MB). It will block your browser from accessing web sites characterized as malicious so you won't get there by mistake. The toolbar also shows in what country a server is located and who owns the server. It needs IE on Windows 2000/XP or Firefox 1.0+.

On the other hand, imagine you add a link from your webpage to an innocent looking webpage with relevant and reasonably good content. Netcraft's toolbar doesn't report any risk because there isn't anything bad on that website.

On the webpage where your link points there could be a short simple HTML string, which gets your visitor's browser to download another piece of code from a third unrelated webpage. Now, may be, that string refers further to a JavaScript, which in its turn downloads a Trojan Downloader on your visitor's computer.

There is an example of something similar explained in connection with "Spy Bye", which is a program, that tries to detect such bad linking chains. To use the "Spy Bye" tool you need your own server. Even if you don't have that, it's worthwhile to read the explanation. Because:

"Today's malware (and spyware) can and will render your computer useless and at the same time empty your bank account."

In the beginning of 2007 most common worms (like Spamta.VK) attacked by sending e-mail containing a Trojan (Spamtaload.DT) downloader that downloads the Spamta.VK worm. And the process starts again in a new computer. (Panda software, April 6, 2007). Most worms work in steps and arrive in different ways. As they are split up and contain many different functions they are more difficult to spot.

In April/May 2007 Google researchers studied about 4.5 million websites picked out from search engine results pages ( SERPs ). They found about 10% of those websites capable of installing malicious code on visitors' computers and a further about 15% had some suspicious code. In many instances the webmasters are not themselves aware of these pieces of code as they can be included in banners, counters, or other scripts from other websites.

The original "Google report" states that in the past a popular way to gain control over a user's computer / system was to find vulnerable network services and remotely exploit them, for instance via worms. After 2006/2007 this strategy became less successful ( and less profitable ), mainly because of firewalls and other protection made it difficult to exploit services on users' computers.

Later attackers, after 2007, try to attract users to connect to malicious servers by using, for instance, JavaScript ( ActiveX ), Visual Basic, or Flash. The report indicates the majority of malware is no longer spread via remote exploitation but rather through web-based infection, i.e. by the user visiting malicious websites / webpages.

Test your Website for Malware

In May 2008, Google announced, the launch of "Safe Browsing Diagnostic", an online tool that is meant to provide information about Google's automatic detections and investigations of suspicious websites. This service is now fully functional and free. It is showing near accurate data according to Google.

All you have to do is, you type in your browsers address ( location ) or search bar:

"google.com/safebrowsing/diagnostic?site=example.com" (without quotation marks)
For the site you check you use neither "www" nor end slash (/). You'll be presented with detailed results about the malware detection on that particular website. You can alternately use google toolbar for direct access. Of course, it's not restricted only to your own website. You can test any website, for instance before giving a link to a website. Especially if you are feeling little bit suspicious about that site.

Below is the report for this website (on May 29):

What is the current listing status for donpedrowebdesign.netfirms.com/?
This site is not listed as suspicious.

What happened when Google visited this site?
Google has not visited this site within the past 90 days.

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, donpedrowebdesign.netfirms.com/ did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

You can compare the result with a more simplified version.

Report Spam and Phishing

"Phishing" is a scam (fraud) in which the "attacker" sends an email simulating to be from a legal and valid business enterprise. Password stealing worms, ID theft, or money "phishing" (fraud), could be included in both malware and hoaxes. See articles on "spam". Many of these appear at first glance to be quite legitimate.

You can report any "phishing", spam, identity theft (fraud) to anyone of the following sources:

• Phishing: Forward complete email message to: reportphishing@antiphishing.com
  
• In USA you forward the email to FTC: spam@uce.gov
  
• Or you can file a complaint to Internet Crime Complaint Center, especially if you have lost something - even a small amount only. Don't be shy or ashamed, you are definitely not the only one.

In 2006 the total global fraud activity doubled regardless how one counts. Whether number of malicious websites, number of spam e-mail, or amount money lost.

Using Public Computers

I estimate more than 50% of people using public computers (Internet Cafés, Public Libraries, etc.) use them for checking their email or playing games. As up to 15-20 different people can be using the same computer every day, the possibility of finding a virus on a public computer is much greater than finding it on your own. Even if those places can afford better virus protection it is statistically impossible to get 100% protection with such massive uncontrollable use.

More and more people are playing on-line games on public computers. According to reports, games and other "technical toys" are most dangerous and containing worms.

This means that when you open your email on a public computer the risk for you to get a virus into your email box is really great. The very first thing you should do before opening your email on a public computer is to empty your address book completely. You can keep your friends' last message in your in-box and then just click on "Reply" when you want to send him/her a message. Even after you have done this you should use an email system with built-in virus protection.

Because of the great risk for viruses on public computers I would suggest you use these only to open your email. Then you send your messages and answers from your own virus free computer. If you transfer files or email with a floppy disk (diskette) or a "flash drive" scan it for viruses first before you open it on your own computer.

Firewalls

A firewall is a program that checks everything coming into and going out of your computer with the intent of stopping attempts to damage your computer files and programs. Together with a virus protection program it should make your computer almost safe to connect to the Net.

Once you have your firewall installed and running you can test the efficiency on-line for free.

Be very careful if you download free software or "shareware". Many of those sites are ripe with viruses, use only free sites recommended by an trusted authority. According to a report from May 2006, the most unsafe sites are "Digital Music" and "Tech Toys" (games).

Multi-user Systems

When you use a computer with a multi-user account system (i.e. several users with limited accounts) there are some additional risks to be aware of. When (not if!) you get a worm while surfing the Net and you are using the computer as Administrator it is very much possible this worm goes in on an other persons account, folder, or files with administrator's rights.

Then when the other user opens his/her account before you have scanned the computer for viruses, that worm can activate. It will now be active with administrator's rights and, in other words, can very well start deleting or overwriting some files.

Only way to reduce this possibility is to avoid using the Internet as an administrator. Better open a new limited account for yourself in an other name and with a different password. Then when you get a worm yourself it will be limited to your own files only, hopefully there are no important files in that "surfing account".

Changing Virus Threats

Before and still during 2004 it was common many viruses targeted the computer system. It could be, for instance, a "frustrated teenager" spreading his virus just because he could do it". Sometimes it was may be simple jealousy of Bill Gates and Microsoft. Now those early virus writers (1990s) have grown older (not grown up?) and are professionals writing viruses and worms for economic gain.

The target is not so often the computer system any more but is turning to your wallet. Especially if you keep your banking passwords and ID document numbers on your computer you are at a great risk. Only protection is to be vigilant. Stop being "lazy" - instead sacrifice some convenience in exchange for better security.

The trend in 2005-2006 was more and more towards viruses / worms attacking anti-virus and firewall products instead of computer operating systems. This risk increases when the computer user installs several different "protective" programs. You cannot know whether your combination has been tested for vulnerabilities or not. The chances are it has not.

According to Kaspersky newsletter May 2006, a total of 565 people were arrested around the world since March 01, 2005, in "Operation Global Con" targeted at individuals carrying out mass marketing fraud on the Internet. US Department of Justice co-operated with authorities in Central America, Europe, Africa, and Australasia.

Total number of known victims was close to 3 million people with average monetary losses of about 300 USD per person.

In Oct./Nov. 2006 four spyware distributors in USA were sentenced to fines and ordered to cease their operations (Kaspersky, Newsletter Nov. 23, 2006).