Monday, April 30, 2012

How Does Spyware, Malware or Crapware Get on My Computer?

Have you ever wondered how malware, spyware, scareware, crapware, or other undesirable software might get on a computer? First we’ll illustrate how easily your system can be infected, and then we’ll show you how to clean it up.
Our example system, running Windows 7, was set up from a worst case scenario point of view: Someone who was only interested in quickly getting to all the “fun stuff” on the internet with absolutely no concern for personal or computer security.
Freshly Installed – Pre Malware
Here you can see the number of processes (and type) that were running on our freshly installed Windows 7 system. The install was so fresh that the only protection that this system had was the Windows Firewall and Windows Defender to keep the malware and virus hordes at bay.
infested-01
How Some Malware Gets On Your Computer
Malware, spyware, and other junk software makes it onto your computer for a number of reasons:
  • You installed something you really shouldn’t have, from an untrustworthy source. Often these include screensavers, toolbars, or torrents that you didn’t scan for viruses.
  • You didn’t pay attention when installing a “reputable” application that bundles “optional” crapware.
  • You’ve already managed to get yourself infected, and the malware installs even more malware.
  • You aren’t using a quality Anti-Virus or Anti-Spyware application.
Watch Out for Insidious Bundled Crapware
Editor’s Note: One of the biggest problems recently is that the makers of popular software keep selling out, and including “optional” crapware that nobody needs or wants. This way they profit off the unsuspecting users that aren’t tech-savvy enough to know any better. They should be ashamed.
On our example system we installed Digsby Messenger, a very popular “reputable” application. This was the regular install version and as you can see in the following screenshots, there are attempts to get you to install undesirable software or make “not so good” changes on your computer. If a person is not careful, then their system becomes infected.
Here you can see the attempt to add the “My.Freeze.com Toolbar” to your browser(s)…definitely not good! Notice that while it does state that the software may be removed later, some people may 1.) Not notice it (lack of attention), 2.) Be in too much of a hurry to install the software to notice, or 3.) Not be familiar or comfortable with removing the software after it is already installed on their system.
The real trick with Digsby (and other software that is set up with the same installation style) is that clicking on “Decline” still allows the installation of Digsby itself to proceed. But can you imagine how things can end up for those people who may think or believe that the only way to get Digsby or similar software installed is to click on “Accept”? It has a really deceptive style!
Note: For more, read our article on avoiding crapware when installing Digsby.

A very obvious attempt to make “My.Freeze.com” the new homepage for your browser(s). Once again the “Decline” versus “Accept” dilemma combined with a checkmark selection choice…

If you have many programs that attempt to install “value-added” software like this on your system, you will quickly find that the majority (or all) of your operating system’s resources are being used up by malware (i.e. background processes). You are also likely to find that you will have unstable or very sluggish browser response, and are likely to have your personal and computer’s security compromised.
Just How Quickly Can a System Become Infected?
It only took 2.5 hours to reach the level described in our article…simply surfing wherever for “whatever looked interesting or different”, downloading things like screensavers, file-sharing applications, and installing questionable software from advertisements.
The possibilities for becoming infected with viruses or malware were rather high with little to no protection or forethought given concerning what was installed or for the websites visited. Searches for various “less than desirable” pictures, screensavers, clicking on ads, etc. made it very easy to find trouble…perhaps the better way to phrase that is that it was very easy for trouble to find our example system.
Here you can see a screenshot of the desktop of our example system. Notice that there are icons for file sharing programs, fake anti-malware programs, icons for various screensavers, less than nice websites (possible additional infection vectors), and a virtual dancing woman. Nothing good here!

Here is a look at the Start Menu…notice that some of the malware has obvious shortcuts in the Startup Folder, but there were plenty on our example system that were not shown in this folder.

A quick look at an over abundance of toolbars plaguing Internet Explorer 8…by this point the browser was already having some problems starting properly (very slow), some episodes of crashing, and some browser hijacking had occurred.

Taking a peek at the Program Uninstall Window shows a variety of malware and undesirable software types that were on our example system.
Note: These are the ones that actually bothered with listing an entry in the Uninstall Registry.

A Good Look at Scareware
What is scareware? It is software that once installed on your system will try to trick you into believing that you have a highly infected system with some very high “numbers of infections” found. These programs will constantly bother you to register and purchase the software in order to clean up your computer system.
Here you can see two examples of well known scareware. SpywareStop and AntiSpyware 2009. Do not be surprised if you notice that these two “separate” softwares seem to be extremely alike in looks, style, and operation. They are exactly alike…the same wolf just different sheep skins. This is a common practice to stay ahead of legitimate anti-malware and anti-virus software and not be deleted before hopefully being purchased by unsuspecting computer users.
A good look at the two screens that appeared every time we started our example system…absolutely no hesitation to “remind us” how infected our computer was and that we should register the software now. Disgusting!!
Note: The SpywareStop website was presented to us courtesy of a browser hijacking…and of course we were encouraged to install it.

The main window for SpywareStop…oh so quick to try and encourage you to remove the infections.

The System Tray pop up window for SpywareStop…

What do things look like if someone went to register the software and purchase it? The registration starts with a request for basic information including an e-mail address. Chances are the addresses harvested in this manner will be sold to spammers…the potential for a little extra income will definitely have an appeal.

Notice that additional services and software are readily available! Nothing like an opportunity to make even more easy money once they have someone this far in…and of course you can use your credit card. How convenient for them…

The ever wonderful cousin to SpywareStop…the infamous AntiSpyware 2009 (also very well known with the 2008 designation).

And the wonderful System Tray pop up window for AntiSpyware 2009…the fun never stops!

What about registration for this one? Take a good look at these two screenshots and compare them with the two shown above. There is so little difference…yet another sign that these are identical scareware programs with altered user interfaces and alternate websites.

How nice! More additional software available for you to buy and the ability to use that credit card and PayPal!

Some Other Things That Come with Malware
Here is another irritating feature of some malware. Nice pop up windows harassing you to take surveys or do other things. This was an additional “gift” from one of the programs installed on our example system.

A Look at the Processes Running After Infection
Compare the screenshot of running processes shown at the beginning of the article and then the running processes shown here. You can already see a significant increase. Not good for you or your computer!

Conclusion
While nothing super horrible got onto our example system within those 2.5 hours, it is still easy to see just how quickly a system can start to become a mess. Imagine a system that has been exposed for a much longer period of time and is heavily infected! The best approach is to avoid trouble from the beginning. But if you find yourself or someone you know with an infected system then take a look at our upcoming series on removing malware from an infected computer.
Note: By the time the short “infestation period” was finished on our example system, the Windows Firewall, Windows Defender, and the Security Settings for Internet Explorer had all been either 1.) Turned off or 2.) Set to the lowest possible settings. In addition, no legitimate anti-virus or anti-malware software was installed. This system was totally unprotected in exchange for so-called “speed and convenience”.
Next Up: Removing the Spyware
Stay tuned, as tomorrow we will show you how we cleaned up the crapware-filled computer with Spybot Search & Destroy. And then later this week, we’ll show how well Ad-Aware and MalwareBytes performed against the same set of spyware.

No comments:

Post a Comment