Skip to content Accesskey=4Skip to sub-navigation Accesskey=3View our Accessibility Options MIT Information Services and Technology Home About IS&T Contact IS&T Site Map Search Advanced Search
Getting StartedGetting Services by Topic or Alphabetically Getting Help

Announcements


Dealing with Spyware and Other Malware

On this page: Introduction | Malware Types | How Malware is Installed | Symptoms of Malware | Malware Culprits | Removing Malware | Preventive Measures | EULA Examples

Introduction

"Malware" is a term for any software that gets installed on your machine and performs unwanted tasks, often for some third party's benefit. Some categories of malware are:

  • adware
  • spyware
  • browser hijacking software

Malware programs can range from being simple annoyances (pop-up advertising) to causing serious computer invasion and damage (e.g., stealing passwords or introducing worms and viruses). Additionally, some malware programs are designed to transmit information about your Web-browsing habits to advertisers or third party interests, unbeknownst to you.

VirusScan 8.5 for Windows contains integrated anti-spyware functionality. However, there's still the possibility that your computer will be susceptible to malware, as no one product is designed or capable of catching all malware.

As of August 2004, only Windows machines are susceptible to most adware or spyware products. This page provides an overview of malware and how to deal with it.

[Back to top]

Malware Types: Adware, Spyware and Browser Hijacking Software

Adware: Software that is financially supported (or financially supports another program) by displaying ads when you're connected to the Internet.

Spyware: Software that surreptitiously gathers information and transmits it to interested parties. Types of information that is gathered includes the Web sites visited, browser and system information, and your computer IP address. .

Browser hijacking software: Advertising software that modifies your browser settings (e.g., default home page, search bars, toolbars), creates desktop shortcuts, and displays intermittent advertising pop-ups. Once a browser is hijacked, the software may also redirect links to other sites that advertise, or sites that collect Web usage information.

[Back to top]

How Malware is Installed

There are several ways that these programs can end up on your computer:

Software with "other software" bundled. For example, AOL Instant Messenger currently bundles in WildTangent, a known spyware offender. Peer-to-peer file sharing software, such as Kaaza, LimeWire, and eMule, bundle various types of malware that are categorized as spyware or adware. Software that promises to speed up the Internet connection or assist with downloads (e.g., My Web Search) will often contains adware.

aol iinstant messenger install components
Example of AOL installer with WildTangent and Weatherbug bundled with it.

Some malware programs exploit Internet Explorer's ActiveX (e.g., Microsoft technology that links desktop applications to the Internet) installation option. If you click a link to an ActiveX program, a dialog box prompts you about executing it. If you click Yes (or if your IE security settings are set lower than normal so you aren't prompted) the software runs and can perform any tasks on your computer, including installing malware.

Sometimes web sites state that software is needed to view the site, in an attempt to trick users into clicking Yes thus installing software onto their machines. Another trick is if you click No, many error windows display. Other sites will tell you that using a certificate makes their site "safe" which is not the case. Certificate verification means only that the company that wrote the software is the same as the company whose name appears on the download prompt.

Malware can exploit security holes in Internet Explorer as a way of invading your machine.

On top of this, some malware provides no uninstall option, and installs code in unexpected and hidden places (e.g., the Windows registry) or modifies the operating system, thus making it more difficult to remove.

Worst-case Scenario
In the worst-case scenario, malware can be a stepping stone to a trojan (e.g., a program that appears safe, but contains a worm or virus). The result is that the fundamental underpinnings of your operating system (the OS binaries) are corrupted. The only solution to this is to reformat and reinstall your operating system and possibly lose your all of your data.

[Back to top]

Symptoms of Malware

Some of the symptoms users experience that are caused by the existence of malware programs are:

  • Poor system performance, especially while connected to the Internet.
  • Computer stops responding more frequently.
  • Computer takes longer to start up.
  • Browser closes unexpectedly or stops responding.
  • Performing a search from a search page provides results on a different site.
  • Clicking a link does nothing or goes to a unrelated Web site.
  • Browser home page changes to a different site and may not be able to be reset.
  • Pop-up advertising windows appear when the browser is not open or over Web pages that do not normally have pop-ups.
  • Additional toolbars are added to the browser.
  • Web pages are automatically added to list of favorites.
  • Desktop icons are automatically added to the desktop.
  • When you start your computer, or when your computer has been idle for many minutes, your Internet browser opens to display Web site advertisements.
  • When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements.
  • You cannot start a program.
  • When you click a link in a program, the link does not work.
  • Components of Windows or other programs no longer work.

[Back to top]

Malware Culprits

Some of the more well-known malware programs are (last updated, 4/05):

  • GAIN
  • Hotbar
  • GameSpy Arcade
  • Ezula
  • WeatherCast
  • BonziBuddy
  • Cydoor
  • TOPicks
  • BargainBuddy
  • CasinoOnNet
  • WebSearch

There are spyware databases to research newer pieces of malware at:

[Back to top]

Removing Malware

Use Add/Remove Control Panel in Windows
You may be able to get rid of malware by using Add/Remove Programs in the Control Panel:

  1. Go to Start>Control Panel>Add or Remove Programs.

  2. Scan through the list to find any that you don't recognize or any on the list above.

  3. Select any suspect programs. (Click on Click here for more information to find out more about it.) then click Add/Remove.

Use Malware Removal Programs

Note: These programs are not supported by IS&T. Be aware that running these programs may cause minor or serious malfunction of your operating system. Before using them, be sure to back up your data using TSM or copying to an external drive or CD.

There are programs designed to inspect your computer's software and registry and remove malware. Some of the free removal tools are:

Make sure you have the latest, up-to-date version of these programs. Try running several of them in sequence to make sure all malware has been removed.

Additional Help
If you're not comfortable running malware removal programs, the Computing Help Desk, Hardware and Software Service will do this work for you at the rate of $60/hr.

[Back to top]

Preventive Measures

There are some steps you can take to reduce the risk of installing malware:

Use VirusScan 8.0
This version of VirusScan contains malware removal functionality. To view or modify the settings:

  1. Go to Start>Programs>VirusScan Console.

  2. Right-click on Unwanted Programs Policy and choose Properties.

  3. Under Detection, click check boxes to add or remove items; click User-defined Detection to add or remove your own items.

Modify your IE Security Level Setting
The default IE setting can be set to be higher.

  1. Start up IE then go to Tools>Internet Options>Security.

  2. Set the "Security level for the Internet Zone" to High. (If no slider is visible, click Default Level.)

  3. Click the Trusted Sites icon.

  4. Set the "Security level for the this Zone" to Medium. (If no slider is visible, click Default Level.)

  5. Click OK.

Note: Poorly-designed sites may not work in high-security mode in which case, you'll need to lower the settings temporarily when visiting such sites.

Reduce Pop-Up Advertisements in IE
To reduce pop-up ads, you can disable active scripting for web sites that typically present pop-up ads. To do this, you add that site to the Restricted Sites zone, and then disable Active Scripting and other content for the Restricted Sites zone which prevents scripted links from working.

  1. Start Internet Explorer.

  2. Go to Tools>Options.

  3. Click the Security tab.

  4. Click Restricted Sites, and then click Sites.

  5. In the Add this Web site to the zone box, type the Web address for the site that you want to restrict, and then click Add. Repeat this step if you want to add other sites to the zone.

  6. Click OK.

  7. Click Default Level to set the Restricted Sites zone to the recommended level, which disables Active Scripting.

  8. Click OK.

Obtain Security Patches Regularly
Make sure you have the latest security patches from Microsoft by using the Windows Automatic Update Service.

Know What You're Installing
To prevent malware from being installed on your system, avoid using software that relies on advertising as their means of support, i.e., sponsored mode. When possible, purchase the full version of software rather than using it in sponsored mode. Also, avoid installing software that promises to speed up the Internet connection or assist with downloads (e.g. My Web Search).

When downloading and installing free software, read the terms in license agreement and click Cancel if it seems that malware will be installed. Typically, malware is installed when you click Yes to a end-user license agreement (EULA) that appears when downloading software:


kazaa media desktop installer
Example of an EULA

By clicking Yes, a script or control can be integrated into the browsing system or windows registry. The script or control changes the behavior of your Web browser or operating system to suit the needs of the aggressive advertiser.

Install software from sites you know and trust
Install software distributed only by web sites/organizations that you know and trust. Be cautious about "free" or peer-to-peer software since they usually recoup their costs by being paid to bundle malware into their applications that track users web-browsing habits and send the information to marketers or other third parties.

[Back to top]

End-User License Agreement (EULA) Examples

Below are some examples of other EULAs that indicate the presence of third-party software:

aol instant messenger software license agreement
Example of "third party" software mentioned in the agreement.

terms of service
Example of mention of WildTangent in the EULA.

[Back to top]
MIT Home | Getting Started | Getting Services | Getting Help | About IS&T | Accessibility
Ask a technology question or send a comment about this web page.