If malware could speak, what a tale his thoughts could tell.
If you could have a conversation with one, or more, of the scourges that infest the Internet, you might be surprised at what could be learned from such an imaginary conversation. It might go something like this:
I might be malware, but in most cases I’m pretty polite; I won’t infect your computer unless you invite me in. But I can count on lots of you doing just that.
Take my good buddy LOP, for example, he’s been away for awhile, but he recently came back from vacation and he’s now infecting unsuspecting computer users’ machines with renewed vigor. Since LOP is a shift changer, and is often incompletely recognized by many tools – particularly newer forms of the infection, he’s having a hell of a good time.
The people he works for (some might call them cybercrooks – well, actually everyone calls them cybercrooks), are experts at convincing you to install malicious code like LOP.
LOP is a pretty neat piece of malware (his employers are pretty smart fellows), since he’s been designed, amongst other things, to display ads from a range of advertisers through pop-up windows, banner ads and so on.
Oh, and he’ll automatically switch your Internet Explorer home page to his own search engine. One he particularly likes is http://www.mp3search.com. When searches are made with this engine, the results that you see will be advertising pages that LOP chooses to display.
(Sample misdirected search)
Here’s what WOT has to say about mp3search.com. Click on the graphic to expand the image.
Just in case you decide that LOP is no longer welcome on your computer (that happens all the time), he will connect, every so often, to a web page from which new malware files will be downloaded – making it much more difficult to delete all of the active malicious files on your system.
I should tell you that LOP is extremely hard to get rid of, and just in case you try, you’ll have to deal with over 200+ changes to your Registry Keys. And in case that’s not enough bad news, you should know that LOP will invite lots of his malware friends over, so that they can party on your system.
But LOP has even more tricks up his sleeve. He can monitor your system’s processes, and can even play with your security applications making them ineffective.
Since he’s a sporty fellow, once he’s done that, he’ll launch a Keylogger to capture your key strokes and just for fun, he’ll go on to scan your email contact list so that he can bug your friends. Hmm, maybe they’ll soon to be your ex friends.
LOP is definitely a hard worker (which is why his employers like him so much), so in his spare time he’s going to look around your operating system for vulnerabilities. You see, he knows that most people, haven’t installed the latest operating system updates, nor have they updated their security applications, like their supposed to.
Even if they have taken care of updating their operating system, it’s almost certain that they haven’t updated installed productivity applications, and LOP knows just how vulnerable these applications can be.
So, think carefully before you offer LOP, or any of his malware friends, that invitation. Once invited in, LOP will settle in for a long, long visit.
Thanks for the chat, but I have to get going. There are lots of unaware Internet users’ waiting to invite me into their computers. I know that many Internet users’ are kind of “click crazy”; so why should LOP be the only one to have some fun!
Oh, by the way, unless you paid attention to what I said, I’ll probably drop by your machine soon. You have a good day now.
This is an edited and revised copy of an article originally posted here July 14, 2009.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 