Viruses, Pups, and the Blue Screen of Death

Recently my computer was attacked by some lovely person in China. (No, really, my son traced the intrusion back to its source!) Their virus gobbled up my extensive address book and started spamming everyone in it with ungrammatical come-ons to visit a site. I guess it could have been worse. I just sent emails to my contacts telling them to block my emails from that address. By the mailer daemon messages concerning undeliverable mail...some of them already had.

It is the humiliation of having to confess that, um, my computer got this, er, communicable disease! It is like the virtual version of STDs. No one is comfortable making that kind of announcement!

McAffee has a site that lists the most recent PUP (potentially unwanted program) with descriptions of its type and threat level. Not every PUP is a virus. A quick overview of viruses, worms and Trojans can help to understand the nature of the beast.

A virus attaches itself to a program or file. This allows it to spread from one computer to another. The thing about a virus is that it is dependent on a human to use that program or file. This is what separates a virus from a worm (a subset of a virus) which has gotten around the need for human interaction to cause havoc. A Trojan Horse is malware that appears to be something it is not...a useful program. It fools the user into activating it. Like other malware, Trojans can vary in severity, anything from mildly irritating practical jokes to dangerous intrusions into your private accounts.

There is a joke program that began circulating this year, Generic Joke!dd091a1c

The Joke Program makes the pointer move in random directions without the user's input. This application does not create any files or registry entries for loading at startup and this program can be terminated through the option in Task Manager to end the process, or by rebooting.

There are, however, less benign programs. The ones that insinuate themselves into your system and registry, and make sure that they are rebooted at each startup. A new program called "Dead Eye" tricks users into downloading their code by promising to speed up their computer's processing. It drops files into the registry and creates a shared folder and sets attributes which allows remote users to access the system. Some of its symptoms:

- It disables firewall notifications
- It changes ICMP settings.
- This malware kills all McAfee running processes in the system
- It connects to the following site: ftp.[Removed]domain.com
- Presence of above mentioned registry and file entries

Malware can range from practical jokes which probably only the hacker considers amusing, to real critical attacks on your programs and even your identity and bank account. Make sure you have the best defenses possible. Firewalls are a no brainer. In addition, make sure that you have top grade anti-virus software on patrol. Lastly, don't let down your guard. Most software manufacturers regularly send updates to address current security threats. Make sure you update as soon as they are available. They cannot protect your system unless you install them.