Viruses, Hackers, and Spyware - Bandits on the Internet!

  • February 19, 2013
  • David Brusegard

Table of Contents

  1. Introduction
  2. Viruses and Worms
    1. How Do I Know I Have Been Infected by a Virus or a Worm?
    2. Protecting Against Viruses and Worms
    3. If a Virus is Already on Your Computer
  3. Hackers
    1. Protecting Against Hackers and Unwanted Intrusion
    2. What Should You Do to Protect Yourself and Your Business?
    3. Hardware Firewalls
    4. Software Firewalls
  4. Spyware
    1. Detecting Spyware and Protecting Yourself
  5. Summary
  6. The Top Ten List of Personal Habits You Should Adopt to Protect Your Digital Integrity

1. Introduction

Whether at the office or working from home, lawyers benefit from the advantages of fast speed cable or high-speed telephone lines that are "always on" and connected to the Internet. While this has made research, email, and document transfer faster and easier, it has brought with it some accompanying risks to personal and corporate privacy.

Professional rules of conduct for lawyers require that firms secure their client's information. That information can take the form of digital versions of discovery documents, email contents, case supporting documents, images, financial statements, motions, or strategy discussions carried out online. Not only must the firm secure the client's data—it must move it to and from the client and deal with the client in a similarly secure fashion. Whether a small or large firm, the risks are very real. 

If you are not part of a corporate network and sitting behind a protecting firewall, you may be at the mercy of hackers, viruses, and those who would benefit from seeing what is on your computer. Small law firms with a few office computers and lawyers who work from home or both home and business may find themselves prey to mischief or malice. Larger firms risk losing more than credibility—they can lose cases, clients, their reputation and therefore their business.

What are the Threats and the Consequences of Ignoring Them?

The threats that face an Internet user today fall into three main camps. There are viruses and worms, hackers, and spyware (data collection and advertising software). In this article we will look at defining these threats, how you can prevent being victimized, how you can determine that you have encountered one of these threats and what you can do if you find yourself in the unfortunate position of having to deal with the aftermath.

The real consequences of being of being victimized by one of these threats stem from lost or stolen information and the time required having computers cleaned and put back on line. This impact quickly cascades into business delays and lost credibility with clients. At worst, it creates a sense of insecurity among clients and staff, loses client confidence, and sullies the reputation of the firm.

Despite a reasonable paranoia with respect to viruses, hackers, and spyware, the author in a single lapsed moment lost all his data and programs from a network of three computers and required over 80 hours of work to restore and rebuild the full network and data complement, along with many lost hours of dealing with clients who had been forwarded the virus by an email worm. Rebuilding client confidence and restructuring deliverables took longer than the computer cleaning process. Without backup of key files and client information, the loss of credibility and service response to the client can inflict irreparable damage on the business.

The consequences of being attacked by a virus or a hacker depend upon how ready you were for the intrusion. The most devastating situation is one in which your personal and client information and software are totally destroyed. This can be compounded by the time-consuming process of reloading all of your software and whatever files you have backed up, only to find that the virus is still lurking. You may then find yourself in a vicious circle unless you can clean the offending software from the hard drive. In the case of a hacker, once your information is compromised, the consequences may be very different in that others are now aware of your confidential information. The impact of this has to do with your business, not your computer.

Back to Table of Contents

2. Viruses and Worms

In a recent CBA National Technology Survey, two-thirds of the responding CBA membership reported having to deal with a virus. A variety of Internet sources indicate that there are 10,000 viruses active at any one time. The McAffee and Norton AntiVirus protection software and other similar programs scan for about 50,000 viruses. Chances are you and your firm will meet up with a nasty virus sooner or later.

A virus is a computer program. Its first function is usually to replicate itself on your computer and potentially engage in a variety of activities such as changing your icons, erasing data, filling up your hard drive, or writing obscene messages to the screen. Viruses can be merely annoying or they can shut down your business depending upon what they do and how widespread they become in the office and at home. A worm is a virus that spreads itself through networks, usually by emailing itself to everyone in your address book or attaching itself to programs that are moved across your network.

A virus attaches itself to another program like Word, WordPerfect, or Spreadsheet software and is often its own executable (an '.exe' file). Once on your hard drive it will either run itself or wait until a specific event triggers it to run. The event could be as simple as opening a Word document or an email attachment, or the computer's clock reaching a certain hour on a specified date.

You can't get a virus from reading your email. You may "contract" a virus by opening an email attachment that contains one, by downloading a file from the Internet that contains a virus, or by transferring a file from another computer over your network or loading the file from a disk, CD, pen drive, or other portable information medium.

The greatest impact of viruses and worms is the damage they do to your files and data. Even if you have excellent habits, and back up data and files on a regular basis, the time cost of getting rid of a virus, reloading software, and restoring backed up files can be devastating to a business and a client relationship.

Back to Table of Contents

a. How Do I Know I Have Been Infected by a Virus or a Worm?

There are some common things to watch for. They do not guarantee that you have a virus, but if you experience them you should take appropriate action (i.e., run your virus checker or ask your systems support group to check your machine).

  • Your computer runs substantially slower than usual
  • The computer will not boot when you start it up
  • Programs behave in erratic ways
  • You lose documents and files
  • You receive onscreen messages from your computer indicating it cannot read one or more of your hard drives, or it cannot find one of your regular peripherals such as a printer, DVD drive, or PCMCIA card (i.e., the credit card sized modem or network card that goes in a slot on the side of your laptop)
  • You cannot find your virus checker file, or nothing happens when you double-click on your virus checker icon or executable (the first thing some viruses do is disable a virus checker that is not running at the time)
  • Your friends or clients report receiving emails from you with attachments that you did not intentionally send them. Worse yet, your client tells you that you have emailed him or her a virus
  • And, obviously, when your virus checker tells you that you have a virus

Back to Table of Contents

b. Protecting Against Viruses and Worms

There are inexpensive virus protection software packages to assist you and there are some very good habits that you should adopt and carry out with a religious fervour.

Three obvious examples of software vendors with good automated updating services are:

  1. Mcaffee AntiVirus
  2. PC-Cillin Trend
  3. Norton AntiVirus

These programs can be purchased for about $50 Cdn per machine and are well worth the cost.

Virus protection software packages only work, however, if you follow the rules. Keep them running in the background, and keep them updated. Most virus checkers are capable of scanning email attachments before they are opened and scanning files on external media such as disks and CDs. To do this they need to be running in the background. Don't shut them off if they take a few moments when you start your computer to check your boot system.

In addition, virus checkers need to be updated with the latest information on new and dangerous viruses and worms. Make sure you get a virus protection package that checks automatically for updates when you are connected to the Internet and make sure you enable this capability within the software. If you have a firewall installed you may have to allow your virus checker to access the Internet on a regular basis and set this option within the firewall software or hardware. If you have a systems support group, discuss this with them. In larger firms, virus protection is often held on one of the firm's servers and the server executes the software and checks your machine on a regular basis. Take the time to find out from the systems group if you can check diskettes, CDs and downloads sent to you by your clients from your local machine.

Back to Table of Contents

c. If a Virus is Already on Your Computer

Don't email everyone to tell them you have one — this could spread the virus

Don't carry on and hope it will go away — it won't

Don't ignore it. You could lose more data and your clients and associates may become infected.

Call for help if it is available. If not, then it's do it yourself time.

If the virus is in the early stages or has just been recognized by your protection software, running its scan and clean utility will usually remove or kill the virus. This assumes your antiviral software is up-to-date and can recognize this virus. If, however, the virus has executed and is carrying out its despicable tasks, you will need more drastic measures.

Cleaning an unleashed virus from your hard drive is best done by having a rescue disk that is created when you originally install your virus protection software. Alternatively, a rescue disk from another similar machine might be usable if it has the same operating system. It goes without saying that the virus should never have been allowed to get that far — more about that later. A rescue disk is created when you load a virus scanner for the first time. It contains the virus scanner and is itself a bootable disk. Thus, it boots from your A: drive or from your CD drive and does not let your operating system (i.e., Windows) get started. Such a rescue disk can clean the virus from your hard drive if it can find it and if it has the virus signatures for that particular virus. You may need assistance with this procedure from your systems support personnel. If you are a small or home office, then you should ensure that you have a rescue disk at the ready or know how to create one independent of any machine that becomes infected.

Usually you create a rescue disk by following these steps:

First you need to format a disk so that it can be used to boot your computer. Insert a floppy diskette in your floppy drive A: (or whatever drive your floppy disk happens to be.) You format a clean diskette from Windows 95, 98, 2000, or XP by clicking on the DOS prompt or the Command Prompt under the "Programs" or "All Programs" option found within the START menu. This will bring up a black background window on your regular Windows screen.

Once you have the window open, type the following command at the C:\ prompt in the window:

FORMAT A:/S (assuming A: is the name of the floppy drive)

Then hit Enter/Return. (Note: the /S after the drive name will result in the formatted disk being bootable from the diskette drive. This is important if you are infected with a virus because viruses often attack your main boot system and you will need to be able to boot from a diskette and run a scanning program or virus cleaner from that diskette without allowing the virus to be active.)

Hitting ENTER will result in the system asking you to confirm that you want to format a diskette, which you do. This step only provides a usable diskette. The next step is to run your Virus Protection program and find where it provides the option for creating a rescue disk. All virus programs have some form of rescue disk protection methodology. Once you click on the rescue disk option from your Virus Protection software, you can easily follow the instructions on the screen to produce a rescue disk. Some virus protection programs will format the diskette for you, so check your program to see if you can skip the formatting step.

In a few cases it is possible to use an Internet scanner from a virus protection company to scan your drive and destroy the virus. Many modern viruses are capable of disabling your anti-virus software and blocking access to known virus scanning Web sites. Check the Web sites of the virus providers listed earlier for specific instructions on what to do if you encounter a virus that commences by disabling your protection software. Usually, if this happens, you have not ensured that your virus software is up to date, or you are not receiving regular and automated Internet-based updates from your protection provider.

If all fails, the only thing to do is to reformat the hard drive entirely and start to rebuild your environment with a cleaned, pristine hard drive. You are going to lose all your files and installed software and all your email when you do this. It may be too late to back up your files at this point since you may be backing up infected files. Reinstalling them after you have reformatted the drive(s) just recreates the original problem. You should, however, never get to this point in the process! If you know the name or type of the virus that has infected your machine then check with your virus software manufacturer to determine what this virus infects. You may be able to recover your word processing documents, spreadsheets, contact databases, or data files with impunity. In some cases you may not — for example if the virus is a Microsoft Word Macro virus that is linked to or imbedded with many of your Word documents. Again, you may want to seek assistance from your systems folks.

If you are not fortunate enough to have "systems folks", you may be on your own. If this is the case, you must learn from the experience. Try to save your key documents and data on diskettes, or CDs if you know how to write CDs (you can scan and clean them later) and then reformat your drive, reinstall your software, get a virus checker and a firewall, and backup religiously. Once you have a virus checker installed, scan your backed up data and documents and only reinstall them on the newly formatted drive if they pass the virus scan.

The secondary lesson here is to ensure that you have copies of your original software if you need to rebuild your system. Back-up correspondence and data files regularly. Larger firms will have backup procedures and regular backup schedules. Smaller firms and home operations should invest in backup software or at a minimum just have a timed routine of copying new files to a CD-writeable drive on a weekly or more frequent basis. A writeable CD now costs less than a dollar. You can even put a scheduled event tickler into programs such as Microsoft Outlook that reminds you on a regular basis to do your backup.

Back to Table of Contents

3. Hackers

The term "hacker" is commonly used in the context of someone forcing entry into another's Web site — meaning that they have taken control of the site and can alter and destroy the site contents and functionality. While this activity is certainly a negative behaviour, we are concerned here with hackers who breach your personal or business network and attempt to secure your confidential information.

Hackers are individuals who attempt to break into your network or computer with the intent of being nosy, causing mischief or stealing information with or without a further purpose in mind. They can enter your environment in many ways. The simplest way for a hacker to get in to your system is to find a way to sign on as the computer operator or another authorized user. This can be accomplished by "guessing" the password and user name (or having a computer try millions of combinations of passwords) and bypassing any security firewall. Fast computers can attempt to break in using as a password the word list from a major English dictionary. Usually you won't know whether you have been "hacked" or not unless you have defensive software that is watching for intrusion and filtering communications with other networks. 

Another technique used by hackers is to find a way to enter your system through unprotected "ports". A computer port is simply a gateway into your device used for connecting to a network. There are over 65,000 ports on the average desktop computer and protecting against hackers starts with the ports.

Back to Table of Contents

a. Protecting Against Hackers and Unwanted Intrusion

Like the subway or the train, you can't get anywhere on the network without a place to jump on and jump off. On computers these are called ports and they are a necessary part of communication. If you can go out through the port, then someone else can come in if it is left open or unguarded. There are a variety of other ports in your system and these too may be open or closed. In short, unless you manage the ports, you are open to the world and whatever it brings to your device.

Back to Table of Contents

b. What Should You Do to Protect Yourself and Your Business?

First, you need to find if other ports are open to the Internet, and second, you need to protect the ports that are supposed to be open. Computers often arrive from the manufacturer or the systems set-up team with certain ports open as a matter of course.

Enter "port scanning"—looking at your computer's ports to see if they are accessible from the outside world. Port scanning can be accomplished from inside or outside your computer, and is often carried out by hackers and cyberspace intruders looking for weaknesses in personal computers. It is not illegal to scan another computer's ports. The important thing is for you to check your own computer to see what ports are open.

There are a variety of Web sites that will allow you to perform a port scan yourself to determine what ports your machine has open and unprotected. Typing the words "port scans" into a browser search engine will bring back a host of articles and Web sites dealing with this topic. There are free and commercial versions of port scanners.

For example:

  1. Gibson Research Corporation 
    Provides free Shields Up port testing software.
  2. Security Space 
    Lets you run a free trial audit of your key ports.
  3. Broadbandreports.com 
    Also has a free port scanner.

These sites allow you to see what ports are open on your own computer. Closing these ports requires some basic knowledge that you can obtain from the Internet as well.

Once you know which ports are open, the Web sites or software packages listed above usually provide directions on how to close open ports and shut down any open services that you might not require. If you are using Microsoft Internet Explorer and a Windows product you can also consult the Microsoft Web site, or Microsoft Product Support Services and search for key words such as "port scan", "closing ports" or "Internet security". If your computer came with a good manual, there may be reference material there. The manuals supplied with port scanning software will provide more detail than you want on which ports are most at risk, and what ports have to be open for communication with the Internet and to use email.

If this is just too much detail for your operation, there are some basic fixes that should render your world a lot more secure.

One simple precaution is to password protect and encrypt folders on your hard disk that are in any way sensitive or confidential. Encryption software is also available on the Internet. You might check out any of the five programs listed below which were highly rated by PCMagazine. All are available for download.

  1. SafeHouse
  2. Webcrypt 2000
  3. SecurityPlus
  4. PrivacyMaker
  5. GuidesXEncryption Package

This is great protection if hackers get in, but if you want to stop them cold before they get in, the best option is to have a firewall. Firewalls can take the form of hardware or software.

Back to Table of Contents

c. Hardware Firewalls

It is important to understand some basics. In a home or single computer office situation, the connection to the Internet is through a dial-up line or cable connection. Cable connections come with a cable modem. DSL or high speed Internet telephone lines also come with a DSL modem. Straight telephone connections lack the modem and plug directly into the computer. In the case of cable or DSL connections, your computer has what is called an "always on" connection — you are connected to the Internet whether you are using it or not. With the simple telephone connection, unlike cable and DSL, you are only on when you dial in. In all these cases, when you are online you are essentially unprotected. If there is more than one computer on a simple home or office network there is likely a "hub" that joins all the computers together. The hub then connects to the DSL or cable modem and out to the Internet. Again, there is nothing to protect anyone on this type of simple network.

Enter the Internet "router". A router is simply a specialized little computer that manages the flow of information in and out of any computer connected to it. Routers come with software that lets you tell the router what you want to allow in and what you want to allow out of your small network — even a network as small as one computer. It's a network because it is connected to another network—the Internet. The router not only manages the data flow between two networks (yours and the Internet), but in so doing becomes a hardware firewall between the Internet and you. Routers ensure that data moves to its proper destination and it prevents "unwanted" incoming data from arriving at your computer. As the name suggests, it is a wall that separates your home network from the Internet and allows you to establish what passes in and what passes out. In short, a firewall should let nothing in to your computer without your express consent.

You can often use accompanying software to establish the level of security you prefer. You could, for example, choose to only permit email to pass through the firewall and not permit any other communication. This is likely too restrictive for most users. However, if you are an Internet user there are a variety of network-to-network data flows that are reasonable to have going on in the background and through the router. For example, you may wish to let e-Bay place cookies on your machine during a bidding session. When in doubt, either consult an experienced network expert, or, failing this, live with the default settings that come with the Internet router. There is one exception to this. Never leave the default password on a hardware firewall. Hackers would have figured this one out long ago.

Thus, in any small business or home support group, a hardware firewall in the form of an Internet router is an absolute essential. Costs for these devices should easily be under $200. The more adventuresome might want to investigate the "combo" hardware devices that include the router and ethernet hub for linking business or home computers together, and firewall protection all in one. This type of device can be found for less that $300 and is usually very simple to set up as long as one stays with the default settings.

Back to Table of Contents

d. Software Firewalls

A software firewall is similar to the hardware version in that it contains a number of "filters" that trap unwanted information and then check if it is to prevent this information from passing through your computer's ports. It plays essentially the same role as the hardware firewall. Again, you can accept the defaults set in the software when it is loaded or you can tailor it to your needs. The software will usually prompt you for decisions on what information you want to let in or out. Some things are very clear and others not so. My Zone Alarm Pro software asked me if I wanted to allow Microsoft Outlook to access the Internet when I checked for my email. Yes, of course. However, when I went to use AOL Canada for my mail on that account I was asked if I wanted to allow a particular .dll file to access the Internet. It also informed me that it had blocked access to my computer from another computer with a specific IP address. For the inexperienced this can be daunting. Thus, without some guidance or knowledge of what programs actually access the Internet, you may again want to accept the default settings or follow the broad-based settings allowed under a general level of security setting. In Zone Alarm these are High, Medium, or Low security levels. These levels are well explained in the manual.

CNET, a quality Web site providing reviews of hardware and software, lists five common software firewalls on its site:

  1. Zone Alarm 2.6
  2. McAfee Firewall
  3. Tiny Personal Firewall
  4. Norton Personal Firewall
  5. BlackIce Defender

The reader might consult these reviews and others if interested in purchasing a software firewall.

Despite these few shortcomings, a hardware or a software firewall is an absolute necessity in today's world of hackers and information thieves.

You may think that a firewall solves your security problems. Well, the bad news is that "spam" and even viruses are going to make it through the firewall now and again just because you are sending and receiving email and using the Internet. Firewalls can be set to keep out absolutely everything but that option is counterproductive since the same objective can be achieved by unplugging the modem or telephone cable. Given this, purchase a virus protection software/scanner and ensure that it has Internet updates with automatic update notification.

Back to Table of Contents

4. Spyware

Spyware is software that sits on your machine and may do one of two things, or both. First, it can report some of your activities, keystrokes, Internet behaviour, etc., to its "master". The master is a computer/Web site somewhere else. The master computer may remain connected to your network, or may connect only now and again. Second, it may provide advertising on your screen when you are using a particular program. Spyware is often attached to freeware or shareware or may even be included with business or home software purchased from a major software company.

Another term for spyware is "adware". There are respectable companies who sell this service and software. For example, if you are using "shareware", one way of paying for it is to provide in return your Internet habits to the software provider who in turn resells them. This is a business proposition between you and the shareware provider. In addition, advertisers will pay the software developer to have their banner ads appear on your screen when you are using the shareware program. All of this is on the up and up.

If a software provider supplies you software at no cost (i.e., a search engine or a music player or a shopping or coupon collecting software), and collects and stores your information without informing you, this is an abuse of your right to privacy. In some instances software providers will try to protect themselves by providing some references to collecting and distributing your information in the license agreement. Read the small print! This may be your only tip off.

Usually, spyware that is attached to freeware or shareware reports your Internet surfing habits and possibly the types of programs you are using back to its master. The spyware, in essence, sets up a small server on your machine and sends information back to its home base. Spyware can arrive on your machine by being attached to downloads from the Internet or by purposely being included in a software package to monitor your activities as part of the business proposition between you and the software supplier.

Spyware becomes more insidious when spyware developers are merely looking for your activities and not doing so in return for any business proposition with which you have agreed or "opted in". Usually these unethical spyware bandits are intent upon selling the behaviour that goes along with your email or IP address. Spyware may be unethical when used without your permission, but there is currently nothing illegal about using it.

At the far end of the scale and hopefully very rare, are those who actually wish to see your correspondence and client files and use them against you. They will monitor your keystrokes and obtain your passwords, credit card numbers, and client digital conversations, recommendations, and advice.

Back to Table of Contents

a. Detecting Spyware and Protecting Yourself

Spyware is very hard to detect on your own and usually requires additional software to detect and remove. One clue to look for is whether, without warning, a new search engine also appears when you boot your Internet browser. This can be a sign that spyware is present and it is using its own search engine to track your Internet behaviour. 

Below is a list of commonly used software that detects and removes spyware:

  • Spychecker
  • Ad-Aware
  • ZoneAlarm
  • Aureate/Radiate DLL Remover
  • PestPatrol

A google search (www.google.ca) (or use your regular search engine) will unearth the home sites of these and other detection and removal packages. Check with your systems staff first to see if there is known and tolerated spyware on your network and whether detection and removal packages already exist.

Back to Table of Contents

5. Summary

It may seem like a nasty world out there, and improving your security may be a pain in the neck to deal with, but take it from those who have been virused, wormed, hacked, and spied on—you don't want to have to work backwards from a system that has been breached or destroyed. Bite the bullet and spend the time and a few dollars now. Use the checklist below to get yourself started if you aren't there already.

Back to Table of Contents

6. The Top Ten List of Personal Habits You Should Adopt to Protect Your Digital Integrity

  1. Passwords

    Do not use any of your family names or combinations of them. Don't use any words in the dictionary. Stay away from licence plate numbers or house numbers or phone numbers. Use a combination of letters, numbers, and punctuation marks, some with uppercase and some with lowercase. While this may be hard to remember, it is much more difficult to crack. Make up 12 of these each year and change them once per month.

  2. Backing Up Files

    If you don't, you'll pay for it sooner or later. Enough said.

  3. Install a Virus Checker and Keep it Updated

    Make sure you have virus protection software and keep it updated through an automated Web connection.

  4. Scan Before You Load

    Don't load software or programs from floppy disks or CDs without scanning them first.

  5. Minimize Your Downloads from the Internet

    If you don't really need it, don't download it. This is especially true of executable files (i.e., those ending in '.exe').

  6. Install Firewall Protection

    Make sure you have a firewall in one form or another and if you are a small firm or home user, read the manual and set the filters appropriately.

  7. Read the Help File for Your Browser

    Internet Explorer, Netscape Navigator, AOL, or whatever Internet browser you use and set your security settings to a higher level than the default.

  8. Use Caution Opening Email Attachments

    Don't open attachments that you are not expecting. If you are unsure, call the sender and confirm what has been sent.

  9. Check for Spyware

    Have your systems group check this or look at the products mentioned earlier under the Spyware section and obtain a copy of detection and removal software.

  10. Understand Your Firm's Procedures to Keep Client Data Secure

    Know what your firm does to secure client information. Have a check sheet and know the procedures and practices

Back to Table of Contents

David Brusegard is President of the OSLO GROUP, a database and analytics consulting firm.