July 20th, 2012, 11:46 AM
Newbie malware question
I have a question about malware, and how to detect it.
What's to stop a program from masquerading as something useful (say a download manager, or something similar, to convince a user to allow it outbound through their firewall) but actually embedding some malware into their code?
For example, what would stop something from running the same kind of code that teamviewer or join.me runs on a person's system without actually telling them that it's running? How would you detect if something like that were happening?
I was just wondering about that, and I thought this might be a good place to ask. If this information is available somewhere, please point me in the right direction, and I'll be happy to read it.
July 20th, 2012, 08:44 PM
Hi there and welcome to AO
Well the trite, text-book answer is something like "user intelligence" or "user awareness". However, let's look a bit more closely at the chain of events that would be required.
What's to stop a program from masquerading as something useful (say a download manager, or something similar, to convince a user to allow it outbound
through their firewall) but actually embedding some malware into their code?
The behaviour you are describing is that of what is usually called a "Trojan" or "Trojan Horse". The application appears to be benign and useful, and may well actually do what it is supposed to...........it's what else it is doing in the background that is malicious.
I would suggest that a far better example of what you are asking about would be where an application pops up wanting to go online to "check for updates", when it really wants to go to its control and command centre and upload your CC, e-mail, passwords and gaming account details.
So, the first thing is you would have to have downloaded the malware and allowed it to install?
Then you have to let it run..................it might do that bit automatically.
Then you have to give it the green light to access the internet. I would hope that you wouldn't, if you didn't know what it was, and hadn't deliberately launched it yourself?
If you are in doubt about an application, make a note of what it is, find it on your system and submit the executable to Virus Total and/or Jotti. They will scan it with the latest versions of 20 or more anti-malware products and let you know within a few minutes.
Search for the application on Google or other search engine. There are lots of sites that list files and executables and tell you what they belong to, what they do, and if they are potentially malicious.
Get a "sandboxing" application like Sandboxie or Fortres Grand and run your internet downloading in them. Run the application in them as well and see what it wants to do to your system before you let it do it.
You haven't nominated an operating system, so I will assume that it is Windows XP or later?
Spybot Search & Destroy *3
FOR UNPAID/PRIVATE USE:
*1 = manual scan only
*2 = Interactive protection only
*3 = Manual scan + some interactive protection + investigation tools
*4 = Interactive protection and investigation tools
There are more but I would prefer to wait until you give me an OS to work on
Also, Windows has some pretty decent internal security from Vista onwards.
So, I guess that the answer to your question as to what's to stop it?............... the answer has to be "YOU"
Please let me know if you want to know more about free tools that are available.......just tell me the operating system.
Last edited by nihil; July 20th, 2012 at 08:51 PM.
July 21st, 2012, 07:49 PM
Yes, but not asking the user to let it through the firewall?
That's what the OP specified, so I assume that he was referring to the mundane flavour spyware/scareware that we see?
Maybe I read too much into the first post?
July 21st, 2012, 08:25 PM
Yeah, as they have already been allowed, the user won't be asked?
September 18th, 2012, 08:58 PM
hellol, ook the winsock and use other programs' connections to communicate
By Outer_Heaven in forum Newbie Security Questions
Last Post: January 5th, 2005, 03:13 AM
By pwaring in forum Other Tutorials Forum
Last Post: October 22nd, 2004, 10:15 PM
By Owmen in forum Microsoft Security Discussions
Last Post: September 26th, 2004, 06:53 PM
By neutral in forum Newbie Security Questions
Last Post: August 29th, 2002, 06:25 PM
By suzkaw in forum Newbie Security Questions
Last Post: February 4th, 2002, 03:37 AM
Tags for this Thread