How to Stop E-Mail Spam, Spyware, Malware, Computer Viruses, and Hackers from Ruining Your Computer or Network: The Complete Guide for Your Home and Work

How to stop e-mail spam, spyware, malware, computer viruses, and hackers from ruining your computer or network: the complete guide for your home and work

Copyright © 2011 Atlantic Publishing Group, Inc.

1405 SW 6th Avenue • Ocala, Florida 34471 • Phone 800-814-1132 • Fax 352-622-1875

Web site: www.atlantic-pub.com • E-mail: sales@atlantic-pub.com

SAN Number: 268-1250

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be sent to Atlantic Publishing Group, Inc., 1405 SW 6th Avenue, Ocala, Florida 34471.

Library of Congress Cataloging-in-Publication Data

Brown, Bruce C. (Bruce Cameron), 1965-

How to stop e-mail spam, spyware, malware, computer viruses, and hackers from ruining your computer or network : the complete guide for your home and work / by Bruce C. Brown.

p. cm.

Includes bibliographical references and index.

ISBN-13: 978-1-60138-303-7 (alk. paper)

ISBN-10: 1-60138-303-7 (alk. paper)

1. Computer security. 2. Computer networks--Security measures. 3. Malware (Computer software)--Prevention. I. Title.

QA76.9.A25B7748 2010

005.8--dc22

2010009332

All trademarks, trade names, or logos mentioned or used are the property of their respective owners and are used only to directly describe the products being provided. Every effort has been made to properly capitalize, punctuate, identify, and attribute trademarks and trade names to their respective owners, including the use of ® and ™ wherever possible and practical. Atlantic Publishing Group, Inc. is not a partner, affiliate, or licensee with the holders of said trademarks.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

PROJECT MANAGER: Melissa Peterson • EDITORIAL ASSISTANT: Katy Doll

EDITORIAL ASSISTANT: Brad Goldbach • FREELANCE EDITOR: Rebecca Bentz

PEER REVIEW: Marille Griffin • INTERIOR DESIGN: Rhana Gittens

FRONT & BACK COVER DESIGN: Jackie Miller • Millerjackiej@gmail.com

A few years back we lost our beloved pet dog Bear, who was not only our best and dearest friend but also the Vice President of Sunshine here at Atlantic Publishing. He did not receive a salary but worked tirelessly 24 hours a day to please his parents.

Bear was a rescue dog who turned around and showered myself, my wife, Sherri, his grandparents Jean, Bob, and Nancy, and every person and animal he met (well, maybe not rabbits) with friendship and love. He made a lot of people smile every day.

We wanted you to know a portion of the profits of this book will be donated in Bear’s memory to local animal shelters, parks, conservation organizations, and other individuals and nonprofit organizations in need of assistance.

– Douglas and Sherri Brown

PS: We have since adopted two more rescue dogs: first Scout, and the following year, Ginger. They were both mixed golden retrievers who needed a home.

Want to help animals and the world? Here are a dozen easy suggestions you and your family can implement today:

Adopt and rescue a pet from a local shelter.

Support local and no-kill animal shelters.

Plant a tree to honor someone you love.

Be a developer — put up some birdhouses.

Buy live, potted Christmas trees and replant them.

Make sure you spend time with your animals each day.

Save natural resources by recycling and buying recycled products.

Drink tap water, or filter your own water at home.

Whenever possible, limit your use of or do not use pesticides.

If you eat seafood, make sustainable choices.

Support your local farmers market.

Get outside. Visit a park, volunteer, walk your dog, or ride your bike.

Five years ago, Atlantic Publishing signed the Green Press Initiative. These guidelines promote environmentally friendly practices, such as using recycled stock and vegetable-based inks, avoiding waste, choosing energy-efficient resources, and promoting a no-pulping policy. We now use 100-percent recycled stock on all our books. The results: in one year, switching to post-consumer recycled stock saved 24 mature trees, 5,000 gallons of water, the equivalent of the total energy used for one home in a year, and the equivalent of the greenhouse gases from one car driven for a year.

DEDICATION

I looked back at my ten previous books and discovered that I had dedicated six of them to my wife! Well, who better to dedicate a book to than the person who has stuck with me for more than 25 years; endured countless moves across the country; spent too many nights home alone while I was deployed, underway, or traveling; and put up with all my annoying habits? Thanks for hanging in there — I could not have done any of this without you!

Table of Contents

TABLE OF CONTENTS

FOREWORD

INTRODUCTION

CHAPTER 1: Malware: A Comprehensive Introduction

CHAPTER 2: Computer Viruses: Are You at Risk?

CHAPTER 3: Antivirus Solutions & Defense

CHAPTER 4: Spam, Spoofing, Phishing, & E-Mail Hoaxes: What They Are and How to Block Them

CHAPTER 5: Detecting and Countering Malware & Spyware

CHAPTER 6: Web Browsers, Pop-Up Windows, & How to Surf the Web Safely

CHAPTER 7: Firewalls: A Comprehensive Introduction

CHAPTER 8: Hackers: How to Defend Against Hacks & Other Attacks

CHAPTER 9: Network Security: How to Protect and Secure your Home or Small-business Network

CHAPTER 10: Wireless Network Security: How to Secure Your Wireless Network

CHAPTER 11: Software Products to Protect Your Computers & Networks

CONCLUSION

GLOSSARY

AUTHOR BIOGRAPHY

BIBLIOGRAPHY

FOREWORD

Today, we live in a hyper-connected society fueled in large part by the Internet. As everyday users, we conduct most of our daily tasks online: from work-related research and online banking to e-mailing and social networking.

The Internet may be a limitless playground of information, but despite all the advantages it offers, it also introduces a number of risks that can damage not only our computers, but our daily lives. In fact, an entire industry of cyber criminals is making millions of dollars off innocent Web users. These cyber criminals work day in and day out developing new invasive and silent malware crafted to give them complete control of our computers and all of our most personal data.

Although you might only hear about the highest profile attacks in the media, the reality is that there are much less publicized, yet incredibly dangerous, threats on the Web every day, and you can be just a click away from being affected. One example is BlackHat SEO attacks, which are criminally motivated search engine optimization schemes designed to tie malicious URLs to breaking news content. In a BlackHat SEO attack, simply searching for any breaking news topic in your favorite search engine can land you at the front step of cyber criminals’ doors, leaving your computer infected and your data unprotected.

Personal users and small business owners are those most at risk of falling victims to attacks, often navigating the Web without updated firewalls and antivirus software. Small businesses, which typically have limited in-house resources and IT staffs to dedicate to security, have particularly become attractive cyber criminal targets. In a recent study conducted by PandaLabs, we found that 44 percent of more than 1,400 surveyed small- to medium-sized businesses in the United States admitted to falling victim to cyber crime.

Home users and businesses should be concerned. Malware on the Web continues to grow exponentially as criminals are becoming increasingly financially motivated. In 2009, PandaLabs, the malware analysis and detection laboratory I work for, detected and classified more than 25 million malware samples within its cloud computing database, 66 percent of which were malicious Trojans designed to steal banking data and personal information. In PandaLabs’ most recent study on the rise of rogueware, we concluded that cyber criminals were making up to $34 million dollars per month with their extortion-schemed malware designed to scare users into purchasing fake security software. With millions of computers operating without any protection or outdated security software, and many users unaware of safe Internet browsing practices, cyber criminals have been perpetrating their scams with little difficulty and have been able to make a living off their crimes.

Governments are currently in the infancy stages of drafting cyber security initiatives strong enough to enforce laws on local, state, and international levels, but it is still up to consumers to proactively protect themselves against cyber attacks.

Reading this book is a great first step in getting up to speed on security threats and how to protect yourself, your family, and if you are a business owner, your company. Author Bruce C. Brown lays out each chapter in easy-to-read segments, so that by the end, you will not only understand the terminology and various attack vectors, but will be armed with a wealth of knowledge about which tools you can start using today to ward off cyber criminals.

Sean-Paul Correll is a threat researcher at PandaLabs, the malware analysis and detection laboratory for Panda Security. Correll is credited with discovering the Twitter trending topics attacks, as well as for leading groundbreaking research on social networking cyber crime and BlackHat SEO. Correll serves as a frequent resource for national and security press, including USA Today, PC World, Computerworld, InformationWeek, and many others. He is also the founder of the Malware Database, a repository of malware information that aids fellow researchers in sharing malware samples and threat intelligence. He recently spoke at Security B-Sides Las Vegas and is a frequent contributor to ISSA’s events and publications.

www.pandasecurity.com

http://pandalabs.pandasecurity.com/

Address:

Panda Security

230 N. Maryland Avenue 303

Glendale, CA 91206

Table of Contents

INTRODUCTION

Spam, spyware, malware, phishing, hacking, and other threats to your home and business computers are very real and can be extraordinarily damaging. Millions of dollars and many work days are lost each year dealing with damage and casualty control caused by these active threats. Although attacks on government computer systems make the news on a regular basis, the truth is home and small business computers are the targets of the majority of attempts to break through computers’ defenses on a daily basis. Every computer is a potential target and must be protected against these threats.

What if you lost all the data on your home or business computers? Think of the amount of software, documents, music, photographs, financial records, and more that could be instantly destroyed, stolen, or exploited. Identity theft is a very real threat and securing your personal data is critical to protecting your interests. Personally identifiable information (PII) is information that identifies who you are and might contain home addresses, social security numbers, phone numbers, bank account information, and more. This information, in the hands of a hacker, could wield incredible damage on your personal life and might destroy your business. You must protect your home and business computer systems and networks against current and future threats and use common sense in developing and deploying your lines of defense against these intruders. Something as seemingly harmless as an e-mail with a small attachment has the capability of destroying your computer system or network. Even if you are one the few people who regularly back up data, the loss of a computer to a virus or hacker can have an immense financial toll, not to mention the time and effort it takes to rebuild your systems, reinstall software, and restore data.

Luckily, you can easily defend yourself against most of these threats and successfully protect yourself against would be intruders. This book will help you to ensure that you have protected yourself and your home and business computers and networks, and ensure you have deployed the right tools to secure your data. This book, similar to my previous books, is written for the home user or small business owner who does not have a dedicated technology department or a large information technology budget to procure advanced virus, spyware, and network protection systems. Unbelievably, you can fully protect your computer or network for little money and in many instances for no money at all. We will discuss various options in depth as we break down each topic area by chapter and provide you with detailed plans and various low- or no-cost options to protect you from the thousands of active threats on the Internet. This book is not intended to be technically challenging and the average home computer user should be able to easily understand the concepts in it and protect valuable investments and data.

The goal of a hacker or computer attacker is very simple and primarily based on economics. You have valuable data, secure access to financial records, financial accounts, and personally identifiable information they want. They want this information for their economic gain, to use this information illegally to make money. Other incentives might simply be to inflict damage or harm upon the recipient of the attack, disrupt services or commerce, destroy data, reduce computer or network functionality, and disrupt your personal or business lifestyle. Although there are many other reasons and motivations behind malware and other cyber crimes, remember, it usually comes down to monetary gain.

The following is just a short list of some of the most prolific threats we face today on the Internet, each of which we will discuss further in this book:

• Computer viruses are programs that attack your computer, disrupt your network, and steal or destroy your data files. Typically received by e-mail or transmitted through portable storage devices (such as flash drives), they can attack home computers or large network computer systems.

• Spyware is software that steals information from your computer and sends it somewhere else. Typically stolen information is financial data, personally identifying information, and computer data files, keystrokes, or passwords.

• Spoofing occurs when another computer or network appears to be a trusted source when in fact it is not. As with spyware, spoofing attempts to gain unauthorized access to computers and networks to steal or destroy data.

• Trojans — or Trojan horses — are software programs whose sole purpose is to damage, disrupt, or destroy computer systems and networks. The effect of this can be wide-ranging from lost or destroyed data to the hijacking of your computers and networks by a third party, where you lose control over your own computer system.

• Spam is something we are all familiar with, and though many consider it just a mild nuisance, it is in fact a form of attack on your computer system. Spam is often associated with viruses or offensive or sexually oriented material and can overwhelm Web mail and exchange servers. Spoofed e-mails typically generate hundreds of thousands of spam e-mails that may appear to come from your e-mail account, even though you did not send the e-mails.

• Adware, although similar to spyware is typically not destructive in nature, in that it is not intended to damage your computer system. Instead, adware loads your browser, desktop, and system with junk advertisements. These can be hard to battle, because they might spawn relentlessly as you close out a browser window; several more might spontaneously open, over and over again. Adware is transmitted through e-mail, instant messengers, and illicit Web sites. If you are still in the minority of Internet users who use dial-up modems, dialers can redirect your modem phone numbers from your normal service provider typically overseas, resulting in enormous phone bills.

• Hijacking occurs when a software application takes control of your Web browser, forcing you to navigate to pages you do not want to visit. These sites are typically pornographic in nature or automatically download spyware, adware, and more. Hackers are individuals — with the assistance of software and/or hardware — who attempt to break through your firewall and network security to steal your personal data, financial records, and passwords. Some are more malicious than others and might destroy data, your network, and much more.

• Phishing has become very prevalent and is often hard to detect. These e-mails appear to be from reputable sources, such as PayPal, banks, credit unions, and eBay. Often they are written to compel you to log in, with language such as fraud was detected on your account; please log in immediately to validate your current charges. The embedded URL in these e-mails does not take you to the trusted Web site; instead, it takes you to a fake site in an attempt to get you to log in so phishers can steal your user name and password. They then take your information (such as a PayPal user name and password), log into your PayPal account, change your password so you cannot log in, and then transfer your money out of your account.

• Hoaxes are e-mails you receive from people such as the deposed king of Nigeria, who has $20 million in an offshore account and needs you to help him get it out of the country into your account. For your cooperation, you will get a handsome 10 percent of the total. You give away your account information so they can move the money into your account, and magically, your account is drained of every cent you had in it. This is a hoax and people fall for it every single day, sometimes over and over again. Leave yourself unprotected and you will be the victim of some form of attack — guaranteed.

This book will break down and tackle each of the above threats in depth, arming you with the weapons you need to protect your identity, computer systems, and critical data.

You might wonder why you need this book. There are many other books written about viruses, hackers, and computer security; however, most of them are out of date, incredibly complex, and cover only one subject from the wide array of malware threats we face today. This book does not provide you with useless technical information or the history of viruses. This book does not cover only one form of malware, leaving you wondering about how to deal with the rest. This book is your handy reference to the world of malware