Malware - Explained 09-25-2012, 03:37 AM
#1
![[Image: logo.gif]](http://www.anarchyforums.net/images/e-blu/logo.gif){kind=logo}
![[Image: flamingtext_com_1334736562_1056502073.png]](http://blog.flamingtext.com/blog/2012/04/18/flamingtext_com_1334736562_1056502073.png)
![[Image: flamingtext_com_1334736638_1056502074.png]](http://blog.flamingtext.com/blog/2012/04/18/flamingtext_com_1334736638_1056502074.png)
Malware are malicious software coded and designed into its very being to disrupt, destroy or gather sensitive and private information stored in a victim’s computer. Malware can be disguised in many different forms. On a Windows-based computer a large percentage of malware are disguised as executable (.EXE), because malware needs to be executed by the unsuspecting victim for the malware to do its dirty work. But even so there are many steps before the execution, including the disguise or trickery (social engineering/human manipulation) to encourage victims to open files that are much something else than what they think. Many of these methods will be discussed further on in this article. It can be said that the word ‘malware’ is an extremely broad subject, and there are many different types of malware software that perform different tasks. Some of these include Trojans, backdoors, adware, and more.
![[Image: flamingtext_com_1334923077_750583223.png]](http://blog.flamingtext.com/blog/2012/04/20/flamingtext_com_1334923077_750583223.png)
There are 12 different malware categories. Each that can perform different tasks to a victim's computer.
The "Dirty Dozen":
- Viruses
- Worms
- Wabbits
- Trojans
- Spyware
- Exploits
- Rootkits
- Keyloggers
- Dialers
- URL Injectors
- Adware
![[Image: flamingtext_com_1334923143_750583224.png]](http://blog.flamingtext.com/blog/2012/04/20/flamingtext_com_1334923143_750583224.png)
Viruses:
The original meaning of a "Virus" is a computer program that can replicate and multipy or copy itself to different spots over a victim's computer. After replicating they may shift over and spread to other LAN computers, through USB Spread, P2P spread, and more.
Worms:
Worms are specifically designed to spread itself through many different methods. Normally, they are a function in crypters which bind to the server of a RAT and then FUDDing it at the same time. Worms may also be coded to corrupt and modify files that the coder has specified, which can become a great bad deal for infected users. Below the spoiler is a small diagram:
Spoiler:
![[Image: Conficker.svg]](http://upload.wikimedia.org/wikipedia/commons/5/53/Conficker.svg)
It shows that one infected computer can compromise much other computers through the same LAN network and thus penetrating defences because of weak passwords and firewalls. Prevention and removal will be discussed later on.
Wabbits:
Wabbits are very rare to be seen and are more destruction malware executables. Instead of spreading itself over networks like worms or infect programs and documents like a virus, it replicates itself countless times until the computer is overloaded and cannot run with the files running. Not only this, but the Harddrive can overload preventing space for the computer to store temporary memory.
Trojans:
Now. We are down to business. Yes I'm sure you have met this particular piece of malware before. DA Trojan. It's full name is Trojan Horse. This is because long ago a raiding army attempted to trick their enemies by leaving the battle mysteriously only to find a large block of wood the shape of a horse. So, the enemies thought it was a sign of surrender and a gift, so they brought it into the city and during the night hidden soldiers inside the horse came out and obliterated the unaware citizens and soldiers. Trojan means penetration through disguise. Normally, the user does not realise it to be a virus until very late in the process. Trojans nowadays are mostly Remote Administration Tools also known as RAT. They open a remote port on the victim's computer to the hacker's computer where commands can be sent through this port. Such programs are BlackShades, DarkComet, CyberGate and more. Trojans can steal saved passwords and log keystrokes or even upload and download files to the victim.
Spyware:
Spyware is exactly as its name displays. It spies and is a ware meaning program. These programs collect data, normally sensitive, and sent to the hacker without the user knowing. Such data may include passwords, screenshots, and keystrokes. Spyware normally drops themselves into AppData or Temp, which are difficult to reach for computer-idiots, but not so for a decent AntiVirus.
Exploits:
Exploits are very rare, because even though such a Operating System such as Windows is extremely flawed in its own unique way :whistle: firewall exploits can be found or "loopholes". Basically, the exploit is a open hole in a castle wall, allowing knowing hackers to penetrate through the hole and gain unlimited access to the victim's computer.
Rootkits:
Rootkits are normally designed to keep viruses from being found and are the hardest form of malware to remove or know about in the first place. The best way known for removal is to wipe the whole harddrive and install everything back. These Rootkits are devastating and good ones cannot be detected by AVs.
Keyloggers:
Keyloggers are key log your keystrokes and send them via SMTP to a certified email or it can be sent to a FTP hosting. They capture almost everything, but such things can be easily prevented by using keystroke encrypters which keyloggers are fulled and keep logs full of gibberish.
Dialers:
Dialers are small pieces of malware that uses a victim's router to call very expensive phones. They are the best for prankers to cover their trails and "troll" Police stations and even the WhiteHouse.
URL Injectors:
This type of malware injects a certain URL when you visit an entirely different url this is normally an affiliate URL. Where the hacker can receive money from advertisement unknown to the victim.
URL Adware:
This form of malware is the least dangerous but the most annoying one that a victim may experience. But they can become extremely deadly and become spyware material and spy on the victim while advertising at the same time.
![[Image: flamingtext_com_1335004992_750583534.png]](http://blog.flamingtext.com/blog/2012/04/21/flamingtext_com_1335004992_750583534.png)
Now, after a little explanation of those malware examples I will now move onto how to remove these nasty materials from your computer. There are various very good antiviruses, because they want to compete with other AV comapanies, which is exactly ideal for us.
Malware Bytes
![[Image: B8ytK.png]](http://i.imgur.com/B8ytK.png)
Malware bytes is one of the most well-known malware battler on the internet. It has a definite five star rating and a superb detection and real-time detection rate. If you have any problems about weird symptoms like slow loading on start-up (worse than usual) or getting frequent BSODS (normally this occurs because of corrupted files). If you have any problems regarding infection or unsure about the well-being of your computer, do not hesitate to download this program. It is free to do scans and remove malware, but will be a small cost to get real-time and flash scanning (basically rootkit scan).
Spybot Search & Destroy
![[Image: Spybot2.0Beta5_StartCenter.png]](http://www.safer-networking.org/images/Spybot2.0Beta5_StartCenter.png)
Spybot Search and Destroy is yet still to become a renown AV company. It specialises in spyware and is very good at like its title Search and Destroy. Its detection rate is none to bad and here are some of its boastful new features:
- Start Center: New views have been added and links have been revised.
- Refreshed the GUI: The navigation bar has been shortened.
- The dialogs have been edited.
- Files and Folder Scan detects even more malware (by extending the heuristic scope).
- Files on any network resource can now be scanned (viz. UNC support).
- The Rootkit scanner has been updated.
- Memory consumption has been reduced.
- Event logging has been updated.
- The installer now prompts to uninstall a previously installed version of Spybot-S&D 2.0.
- The uninstall procedure has been optimized.
- Issues with Windows Security Center and Action Center integration have been fixed.
- The "Jump to registry" mechanism has been optimized. The content of any detected item in your registry can now be easily checked.
- Grouping has been added to SDUpdate.
- Support for blind users has been improved.
- Support for big fonts has been added.
- Increased interoperability with 3rd party scanners.
KeyScrambler
![[Image: Windows_logon_homepage.jpg]](http://www.qfxsoftware.com/uploads/images/Windows_logon_homepage.jpg)
KeyScrambler is probably the only “KeyScrambler” that actually works. It is not completely perfect and sometimes the encrypted keystrokes appear on-screen if you type too fast, but some proof below.
As you can see above there are random stuff typed in to the notepad, which means it is being encrypted by KeyScrambler. Some stuff is blocked out because of my email windows which was open ^.^.
In conclusion, any of those solutions above would suffice, but there are also many different other methods, which include checking startup through "MSCONFIG". If you see any random startup item with generated name and description, and suspicious location, I would suggest to untick the startup box and go to the designation of the file. I can give you a 80% chance it will be in AppData or Temp.
Hope this Guide Helped!
Hope this Guide Helped!
(This post was last modified: 09-25-2012, 03:39 AM by Ultimatum.)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: V8OSA.gif]](http://i.imgur.com/V8OSA.gif)
![[Image: bW7eyh8.png]](http://i.imgur.com/bW7eyh8.png)
![[Image: bAMEI93.jpg]](http://i.imgur.com/bAMEI93.jpg)
