Virus FAQs
Answers to the questions most frequently asked by our users.

• How do I know if my computer is infected by a virus?

• What can I do to protect myself against viruses?

• If my computer is switched off, can it be infected by a virus?

• If a virus reaches my computer, does this mean I'm infected?

• How do I know if a dialer or spy program is running in my computer?

• What should I do if I find a spy program or dialer in my computer?

• If a program on my computer is affected by a vulnerability, what can happen?

• How can I distinguish a hoax from a real virus?

• What should I do if I receive a hoax?

• What effects can viruses have?

• What effects don't viruses have?

• What are the most dangerous viruses?

• What is the main virus entry point?

• What should I do if I receive a suspicious e-mail?

• Why do more viruses and infections appear every day?

• Who creates viruses?

• What is crimeware?

• Are there different classes of crimeware? What is considered crimeware?

• What differences are there between crimeware and other threats?

• Why should I be worried about crimeware? What are the risks of having crimeware in my computer or company?

• How does crimeware affect me?

• What is the current trend?

• Who is behind crimeware? What is their objective?

• What is the target company profile?

• How can I know if I am under attack from crimeware?

• Are there really documented cases of crimeware?

• How can I protect myself from crimeware? How can I prevent crimeware from affecting me?

---

How do I know if my computer is infected by a virus?

The best way to know this is to use a good, updated antivirus program to scan your system thoroughly.

There are other signs that can be symptomatic of a virus infection in a computer: general slowdown, files and/or information disappear, peripheral devices don't function properly etc.

[Top]

What can I do to protect myself against viruses?

The solution is to install a good antivirus with daily updates and excellent tech support services.

It is also important to be well informed about how viruses infect and spread and to take the precautions necessary. Measures such as not opening suspicious e-mails, or avoiding downloading from unsafe Internet sites, are obvious but practical steps for keeping viruses at bay.

[Top]

If my computer is switched off, can I be infected by a virus?

No. But a virus could still be dormant inside the computer, waiting for certain 'trigger' conditions (such as a specific date) to activate and release its payload.

[Top]

If a virus reaches my computer, does this mean I'm infected?

Not necessarily: just because a virus has entered, doesn't mean that it has activated.

However there are certain viruses that can infect a computer simply when the message carrying it is opened or even when the message is viewed through the Preview Pane.

[Top]

How do I know if a dialer or spy program is running in my computer?

The best way of finding out is to use a good, up-to-date program that detects malware and to carry out a full scan of your computer.

In order to detect dialers, you can also check if the phone number used to connect to the Internet is the one provided by your ISP (Internet Service Provider).

In order to check for spy programs, on the Internet there are lists of all applications that are known to include spyware. Check if any of your applications appear in these lists.

[Top]

What should I do if I find a spy program or dialer in my computer?

f you find a dialer, uninstall it, or if it cannot be uninstalled, manually delete it. Then, you will have to re-configure your Internet connection, so that the number that appears in the Dial-up networking settings is the one provided by your ISP (Internet Service Provider)..

If you find a spy program, uninstall it and try to use a different application with similar functions but that does not include spy software.

[Top]

If a program on my computer is affected by a vulnerability, what can happen?

A vulnerability does not pose an immediate threat to computers. However, it is a potential entry point for other threats, such as viruses, worms and Trojans, which can have destructive effects.

For this reason, it is highly advisable to keep informed about the vulnerabilities discovered in the programs you have installed and apply the latest security patches released by manufacturers of these applications, which are usually available on their websites.

[Top]

How can I distinguish a hoax from a real virus?

Hoaxes are not viruses and take no damaging action on your computer. A hoax is simply a message warning of a virus (non-existent) that antivirus programs cannot detect.

[Top]

What should I do if I receive a hoax?

If you receive a hoax, bear the following in mind:

• Pay no attention to the content of the message.
• Don't forward it to anyone.
• Do not follow any of the advice or instructions in the message.
• Delete the message.
• Get information from a reliable source (recognized antivirus companies)

[Top]

What effects can viruses have?

Viruses have a wide range of effects, from complete destruction of all information on a computer to running small joke programs with little or no damaging effects.

[Top]

What effects don't viruses have?

At the moment, there are no known viruses that can directly harm the hardware (CD-ROMs, floppy disk drive, etc) or overwrite the information stored in write-protected media (for example, a CD-ROM), or affect other elements that may be near the computer, such as credit cards.

However, there are currently some threats that can damage the BIOS (Basic Input/Output System), the operating system (avoiding its normal running) or completely delete the information stored in the hard drive. Though these actions may make the computer work improperly, they cannot cause an irreparable physical damage.

Lastly, bear in mind that although at the moment there are no viruses that may cause damage to the hardware, it does not imply that in the future a threat of such characteristics could not be developed.

[Top]

What are the most dangerous viruses?

The danger that a virus represents is based on two factors: the damage it causes and its ability to spread. So, a virus that deletes information and spreads rapidly across the Internet is more dangerous than one that deletes information but cannot spread.

[Top]

What is the main virus entry point?

The Internet is currently the main virus entry point. This is due to the enormous possibilities it offers for exchanging information (e-mail, browsing web pages, file downloads, chats, newsgroups, etc) which it turns make the mass proliferation of viruses possible.

There are also other virus entry points such as CDs and floppy disks or even IT networks.

[Top]

What should I do if I receive a suspicious e-mail?

The first thing to do is simple: don't open it. Then scan it with a good, updated antivirus.

[Top]

Why are there more viruses and infections every day?

The main reason is that every day, more and more users are interconnected via the Internet or other networks, which creates a major channel for the spread of viruses.

Virus programmers are also using ever more sophisticated techniques to create viruses and more cunning ploys to trick users. Similarly, vulnerabilities in commonly used software are now being exploited frequently by virus authors as a means of spreading malicious code.

Due to this, Panda Security offers a daily update of the Virus Signature File. In addition, when a new virus is detected, we offer a beta version* of the Virus Signature File. The update the beta version of the Virus Signature File program is also available.

* Note: The Beta version includes the latest virus detected, although, due to the frequency with which it is released, it is not certified by our Quality Department (however, the daily update is certified)

[Top]

What is crimeware?

Virus authors are largely people looking for some kind of social recognition or notoriety.

Their principal objectives are to exploit whatever possible means (security holes, user naivety, new technology) etc. to ensure their creations spread as widely as possible.

[Top]

Are there different classes of crimeware? What is considered crimeware?

Crimeware is not a single category within malware (malicious software), but is more a definition of all types of malware used for financial gain:

• Massive attacks: attacks aimed at a large number of potential victims. No matter how small the percentage of people who are successfully tricked, as the number of recipients is so large, the attack can be highly profitable.
• Targeted attacks: these are silent, selective attacks. They can be more dangerous than massive attacks as they are more carefully prepared and more successful.
• Identity theft: the aim is to obtain confidential user information, in particular bank account numbers, credit card numbers, passwords, etc.
• Keyloggers: these are programs that capture keystrokes made by the user. All words entered through the keyboard will be visible to the attacker, from the text of email messages to information entered in forms, passwords, etc.
• Banker Trojans: these try to obtain information for accessing online banks used by the victim.
• Bots, botnets and zombies: these concepts are interrelated. A bot is a program that allows a system to be controlled remotely without either the knowledge or consent of the user. The compromised computer is known as a zombie. A network of zombies that receive and execute orders simultaneously, is called a botnet.
• Phishing: mass-mailing of messages which, using social engineering techniques, try to obtain user credentials for accessing online banking services.
• Spear phishing: this is a combination of phishing and targeted attacks: as it focuses on specific bank clients, it aims to be more credible and have a higher percentage of success.
• Dialer: program designed to switch the telephone connection being used to connect to the Internet to another, premium-rate, number. This activity results in an extremely expensive phone bill.
• Scam: A fraud designed to get a person or group of people to hand over money under false pretences, such as the promise of free holidays, lottery prizes, etc.
• Spam: junk email, normally mass-mailed advertising. These types of messages can be highly annoying and consume both time and resources.
• Spyware: programs that gather data about users' Internet habits and preferences. This information is then sent to the creators of the spyware or to third parties.

Adware: programs that use various means for displaying advertising, such as: pop-ups, banners, changes to the browser home page or search page, etc. It is sometimes installed with the user's consent and knowledge, but on other occasions it is not. It operates in the same way regardless of whether the user has consented or not.

[Top]

What differences are there between crimeware and other threats?

Without entering into arguments about whether crimeware is more or less dangerous than other threats that are not designed to provide financial returns, it is fair to say that the losses caused through crimeware are far more direct, severe and easily quantifiable.

[Top]

Why should I be worried about crimeware? What are the risks of having crimeware in my computer or company?

The effects of these types of threats and attacks include:

• The risk of theft of confidential corporate or financial information and the invasion of privacy. It is an evolution of industrial espionage, without the need to have ‘moles' on the inside stealing corporate information. The consequence of this type of action can stretch from financial loss to even bankruptcy or other potentially ruinous consequences for companies.
• Legal problems, given that if an attacker were to take control of one or more computers and launch, say, a denial of service attack, the IP address of the attacker would be that of the user, who would have no knowledge of this action.
• The annoyance of unwanted advertising and other similar action.

Productivity losses due to system slowdowns, operating system errors, general computer problems, etc. caused by the threats themselves which could be camouflaged

[Top]

How does crimeware affect me?

The damage caused by crimeware is not limited solely to computers (formatting stored data, productivity losses, etc.). It goes much further. Examples include:

• Financial loss when bank details are obtained.
• Identity theft.
• Legal problems if the computer is used fraudulently.
• Confidential information leaks: company plans, client databases, etc.
• Damage to corporate image.
• Loss of client confidence.

[Top]

What is the current trend?

Just as at the end of the 90s and from 2003 to 2004 we saw an explosion in the Internet worm phenomenon with massive epidemics (ILoveYou, Sircam, SQLSlammer...), in 2005 this trend began to decline.
As time passed, two things became apparent: massive epidemics were less frequent and had less impact and malware was becoming increasingly sophisticated technologically.
In addition, the objectives of these attacks shifted from being massive to being targeted. In fact, in 2005 there were no serious alerts caused by threats; all alerts were of moderate intensity.
Moreover, new types of threats are appearing which are not necessarily viruses, and whose main strength is the ability to go undetected by users and security solutions and offer their creators the possibility of taking remote-control over computers and entering them without anybody realizing.
This scenario could be described as a ‘silent epidemic' as opposed to the “massive epidemics” predominant in the industry until 2004. etc.

[Top]

Who is behind crimeware? What is their objective?

To trace the evolution of threats we have to look at the evolution of their creators. These have gone from being merely curious and looking for notoriety to looking for personal financial returns and/or forming part of a complex network of business, national or political interests.
At the same time, the level knowledge has been increasing, and tools or techniques that were yesterday only in the hands of experts, today are available to those starting out in the 'profession', thereby increasing the general skill levels of all of them.

[Top]

What is the target company profile?

Unfortunately, there is no single profile for potential victims of these types of attacks. Whether they are massive or targeted attacks, any person or company with an Internet connection, regardless of their characteristics, business sector or interests, could be attacked at any time.

[Top]

How can I know if I am under attack from crimeware?

The truth is it is difficult to know at first sight if you or your company is affected by crimeware. Nevertheless, there are certain signs that would help you to determine if crimeware could cause you problems.

• Receipt of messages via email, instant messaging or other channels with unsolicited attachments, links or requests for confidential information under any pretext. Such messages could indicate that you are being targeted by fraudsters.
• Unusual operations in your bank accounts and credit cards: transfers that you have not made, Internet operations that you have made but do not appear in your statements, etc.

[Top]

Are there really documented cases of crimeware?

Although relatively few cases have been discovered (and such cases are often kept under wraps), there have still been several cases that have featured in the general media.
One of the most notorious cases occurred in Israel, where an Israeli writer, Amnon Jackont, discovered that parts of a book he had begun to write appeared on the Internet, along with other personal documents.
The Tel Aviv police examined Jackont's computer and found a Trojan that was sending information to servers located in other countries, such as the UK.
Finally, after studying the Trojan, they established that the creator was Michael Haephrati, Jackont's ex son-in-law, and they arrested him. After analyzing information on the remote servers, confidential information about several Israeli companies was discovered.
Haephrati had been creating custom-made Trojans for several private detectives working for large companies that were spying on competitors. The companies paid the detectives, who in turn paid Haephrati.
One of the ways in which they sent the Trojans to PCs was through emails or CDs with documents that appeared to be commercial offers, the victims opened them and in went the Trojans.
The police arrested more than 20 people from several companies. In fact, even some other companies who were charged announced that they themselves were being spied on... In Israel this scandal has been huge and it may only be the tip of the iceberg, with companies in other countries also affected.

[Top]

How can I protect myself from crimeware? How can I prevent crimeware from affecting me?

Methods for protecting against crimeware and its effects include:

• Developing a protection strategy for your IT resources at two levels:
  - Installing a quality IT security solution in each computer. Ensuring it is always enabled and up-to-date.
  - Carrying out thorough periodic audits of each computer.
• Downloading and applying security patches for vulnerabilities in the applications that you have installed.

• As in many other areas, information is one of the first lines of defense. Stay informed about news related to crimeware and its methods.
• Act with caution and use your common sense: be wary of unsolicited messages (e-mail, instant messaging...) which:
  - Requests confidential information, even if it appears to come from a reliable source.
  - Asks you to click on a link.
  - Contains an attachment.

[Top]