10 Things You Must Know About Malware Infections

Attention: open in a new window. PDFPrintE-mail

No1

Infections happen

According to the report, of all the computers that visited the Microsoft Malicious Software Removal Tool (MSRT) in the first half of 2009, 8.7 out of 1,000 (that is, not quite one percent) had some kind of malware infection identifiable by the tool.

The hot spots were Serbia and Montenegro, where the rate was 97.2 per thousand, Turkey with 32.3, Brazil with 25.4, Spain with 21.6, South Korea with 21.3, Saudi Arabia with 20.8, and Taiwan with 20.4.

The cleanest were computers in Finland with a rate of 1.9. The U.S. rate of 8.6 was nearly the same as the global average. (Other sources--typically malware protection vendors who see no reason to be coy--quote much higher infection rates.) Not mentioned by the Microsoft report is that Apple Macintosh infections remain rare.

 

No2

Malware amounts to an ecosystem

There's viruses that replicate themselves and spread to other computers, sometimes just for its own sake.

They're called worms if they do it through e-mail or instant messaging. Trojans follow the metaphor of Homer's Trojan Horse, whose occupants emerged in the night to open the Troy's gates to a devastating attack. Spyware watches your actions for marketing purposes. Adware produces annoying popup ads. Malware, incidentally, is any software you didn't ask for, especially software that has malicious intent. A bug, meanwhile, is any software that doesn't work right--and may be preferable to malware.

 

No3

Malware has many sources

You can get an infection by visiting a malicious Web site, or by clicking a file attached to spam e-mail, through a p2p file-sharing network, by downloading what you thought was free software, or by using an infected removable device like a USB memory stick. Intrusion attacks can come in over the Internet.

 

No4

Malware can bite

Many trojans will download other malware that take root in our computer and start doing nasty things. These include password stealers and keyloggers that will try to swipe your account information so that someone else can swipe your money. Or they may turn your computer in to botnet node, under the remote control of a bot herder, who will typically use it to spew spam.

 

No5

Malware can bite

Many trojans will download other malware that take root in our computer and start doing nasty things. These include password stealers and keyloggers that will try to swipe your account information so that someone else can swipe your money. Or they may turn your computer in to botnet node, under the remote control of a bot herder, who will typically use it to spew spam.

 

No6

Vulnerabilities vary

Not all operating systems are equally vulnerable. Microsoft's figures show that unpatched Windows XP has an infection rate of about 32.5 per thousand--about four times the global average. The rate falls to a sub-average 8 for thousand for Windows XP with Service Pack 3 (i.e., fully updated.) The rate for updated Vista machines was 3.1 per thousand for the 32-bit version, and 2 per thousand for the 64-bit version.

 

No7

Patching works

Hackers have a reputation of being ahead of the software vendors, but in reality they often use vulnerabilities for which patches has already been issued. Even when the bad guys get the upper hand, it may not be for long. Microsoft likes to use the example of the "Reno" Trojan that was attacking Vista, causing Windows Explorer to generate trackable error reports. After Microsoft issued a patch, the reports fell from 1.2 million error reports daily to less than 100,000--in three days. Within a month it was off the chart.

 

No8

Patching works

Hackers have a reputation of being ahead of the software vendors, but in reality they often use vulnerabilities for which patches has already been issued. Even when the bad guys get the upper hand, it may not be for long. Microsoft likes to use the example of the "Reno" Trojan that was attacking Vista, causing Windows Explorer to generate trackable error reports. After Microsoft issued a patch, the reports fell from 1.2 million error reports daily to less than 100,000--in three days. Within a month it was off the chart.

 

No9

Malware is not the only danger

The big news is the rise in phishing--e-mail that tries to trick you into revealing information that could be used for ID theft or other fraud. The phishers have been going after denizens of social networking sites and even large corporations.

 

No10

Malware is not the only danger

The big news is the rise in phishing--e-mail that tries to trick you into revealing information that could be used for ID theft or other fraud. The phishers have been going after denizens of social networking sites and even large corporations.