Results 1 to 5 of 5

Thread: Newbie malware question

  1. #1
    Junior Member
    Join Date
    Jul 2012
    Posts
    1

    Newbie malware question

    Hi all,

    I have a question about malware, and how to detect it.

    What's to stop a program from masquerading as something useful (say a download manager, or something similar, to convince a user to allow it outbound through their firewall) but actually embedding some malware into their code?

    For example, what would stop something from running the same kind of code that teamviewer or join.me runs on a person's system without actually telling them that it's running? How would you detect if something like that were happening?

    I was just wondering about that, and I thought this might be a good place to ask. If this information is available somewhere, please point me in the right direction, and I'll be happy to read it.

    Thanks.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi there and welcome to AO

    What's to stop a program from masquerading as something useful (say a download manager, or something similar, to convince a user to allow it outbound through their firewall) but actually embedding some malware into their code?
    Well the trite, text-book answer is something like "user intelligence" or "user awareness". However, let's look a bit more closely at the chain of events that would be required.

    The behaviour you are describing is that of what is usually called a "Trojan" or "Trojan Horse". The application appears to be benign and useful, and may well actually do what it is supposed to...........it's what else it is doing in the background that is malicious.

    I would suggest that a far better example of what you are asking about would be where an application pops up wanting to go online to "check for updates", when it really wants to go to its control and command centre and upload your CC, e-mail, passwords and gaming account details.

    So, the first thing is you would have to have downloaded the malware and allowed it to install?

    Then you have to let it run..................it might do that bit automatically.

    Then you have to give it the green light to access the internet. I would hope that you wouldn't, if you didn't know what it was, and hadn't deliberately launched it yourself?

    If you are in doubt about an application, make a note of what it is, find it on your system and submit the executable to Virus Total and/or Jotti. They will scan it with the latest versions of 20 or more anti-malware products and let you know within a few minutes.

    Search for the application on Google or other search engine. There are lots of sites that list files and executables and tell you what they belong to, what they do, and if they are potentially malicious.

    Get a "sandboxing" application like Sandboxie or Fortres Grand and run your internet downloading in them. Run the application in them as well and see what it wants to do to your system before you let it do it.

    You haven't nominated an operating system, so I will assume that it is Windows XP or later?

    Malwarebytes *1
    Spywareblaster *2
    Spybot Search & Destroy *3
    A-Squared *1
    SuperAntiSpyware *1
    WinPatrol *4
    RootKitRevealer *1


    FOR UNPAID/PRIVATE USE:

    *1 = manual scan only
    *2 = Interactive protection only
    *3 = Manual scan + some interactive protection + investigation tools
    *4 = Interactive protection and investigation tools

    There are more but I would prefer to wait until you give me an OS to work on

    Also, Windows has some pretty decent internal security from Vista onwards.

    So, I guess that the answer to your question as to what's to stop it?............... the answer has to be "YOU"

    Please let me know if you want to know more about free tools that are available.......just tell me the operating system.
    Last edited by nihil; July 20th, 2012 at 07:51 PM. Reason: typos

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yes, but not asking the user to let it through the firewall?

    That's what the OP specified, so I assume that he was referring to the mundane flavour spyware/scareware that we see?

    Maybe I read too much into the first post?

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yeah, as they have already been allowed, the user won't be asked?

  5. #5
    Junior Member
    Join Date
    Sep 2012
    Posts
    1
    hellol, ook the winsock and use other programs' connections to communicate

Similar Threads

  1. Where Do I Start (Different Newbie Question)
    By Outer_Heaven in forum Newbie Security Questions
    Replies: 30
    Last Post: January 5th, 2005, 03:13 AM
  2. Asking smart questions
    By pwaring in forum Other Tutorials Forum
    Replies: 60
    Last Post: October 22nd, 2004, 09:15 PM
  3. Windows XP SP2 newbie question!
    By Owmen in forum Microsoft Security Discussions
    Replies: 14
    Last Post: September 26th, 2004, 05:53 PM
  4. Really dumb newbie question
    By neutral in forum Newbie Security Questions
    Replies: 9
    Last Post: August 29th, 2002, 05:25 PM
  5. Newbie Firewall Question DLL
    By suzkaw in forum Newbie Security Questions
    Replies: 4
    Last Post: February 4th, 2002, 03:37 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •