Spam

Other Malware

There are other types of criminal malware which are less widely-known than phishing or banking Trojans, but which are nevertheless used as tools by cyber-crooks. These include:

Botnets

Bot is a contraction of the word ‘robot’. These are small programs that are inserted on computers by attackers to allow them to control the system remotely without the user’s consent or knowledge.

Botnets are groups of computers infected by bots and controlled remotely by the owner of the bots – known as the bot herder. This person can then send commands which include updating the bot, downloading a new threat, displaying advertising, sending spam or launching denial of service attacks.

The compromised computer is known as a zombie. Some botnets can have tens of thousands of zombies under their control.

The following image illustrates how botnets operate:

Here, you can also see a video describing how the botnets work:



Email Scams

Email scams are designed to defraud users, often using the lure of large windfalls or lottery wins but which require a sum of money to be paid in advance. They are really a type of hoax used maliciously for financial gain.

Perhaps one of the best-known email scams is the Nigerian letter scam and its many variants. The initial email tries to convince recipients that there are several million dollars which cannot legally leave Nigeria (or wherever) unless transferred to a foreign account. The fraudsters offer a commission to the recipient of the email for helping them get the money out of the country, but ask for an advanced fee from the intended victim (under a myriad pretexts depending on the particular variation of the scam). However, the whole operation is a fraud.

Many users have fallen victim to another type of scam which uses catastrophes as a bait, like the Katrina, which devastated New Orleans in 2005, or the tsunami that devastated South-East Asia in 2004. This involves emails asking users to donate money to help the victims of the catatrophes. Needless to say, the victims will not see a penny of any money sent by recipients of the email.

Spyware

Spyware programs are applications that compile information about a person or organization without their consent or knowledge. These programs normally steal data about users which could be used for advertising or for other financial gain. The type of information stolen by these programs varies considerably: email login details, IP and DNS addresses of the computer, or users’ Internet habits, among others.

Spy programs are created by cyber-crooks, who sell them on the black market to be used in online fraud and other cyber-crime.

Spyware is installed on computers without the user’s knowledge. It can be installed when downloading certain content from the Web or from P2P networks, when installing freeware, or simply when visiting dubious websites. Generally, these spy programs are installed when the user agrees to install other applications, which unbeknown to users, include a caveat in the legal agreement whereby users agree to install the spyware.

There is some controversy surrounding what is actually spyware, as some people consider adware or even some toolbars to be variations of spyware. While this may be true to a certain extent, adware programs, as such, are not used with criminal intent, but to advertise products and services.

How can you protect yourself?

It is very important to have an antivirus program that includes a spam filter installed and up-to-date. Any of Panda Security’s solutions will protect you against these kind of threats. Aditionally, Below you will find a series of tips on how to reduce the risk of falling victim to phishing attacks:

  • Check the source of information received. Don't reply to any email message that asks for your personal or financial information.
  • If you don’t have an antivirus, you can install any of Panda Security’s programs to give you full protection against these and other threats.
  • Analyze you computer for free and check out if you computer is Botnets free.

Download Panda Security