Scum-ware:
When Malware turns from Nuisance and Annoyance to a Critical Problem

In the past, I have discussed in this column the problems of Spyware and Malware. Today, the problem has gotten even more pervasive, just as has SPAM . Some malware has earned the name of Scum-ware. The reason for this name change is the complexity of the software and just how difficult it is to remove from your system. While each ‘infection’ is different, extricating your system from the jaws of this software may take more than one utility. This article contains updated information from the the article Malware: Do You Know What is Running On Your System?

What is Scum-ware?
Scum-ware is Malware on steroids. So, by definition, if Malware is a word coined to categorize software that either has only bad intentions or has a hostile of even a Trojan intention. Malware or malicious software is a word used to describe hostile software, like Viruses, Trojan Horses and Worms, Scum-ware is Malware that is so insidious that it puts hooks in all parts of your system so that if you use a removal tool that does not get every part of the problem removed, a simple reboot or logout / login will send this software to its source on the web and ‘like magic’, it will reload its missing components. If only all of our applications were this sophisticated, imagine how much more productive we could all be. This ‘software’ may act as a utility to let you do something you want to do, maybe play cards, keep track of dates, etc. In reality, they begin to watch activity on your system and phone home to the mother site so you get SPAM, directed advertisements and my personal favorite, pop ups that you do not want and did not ask for. In addition to the annoyance factor, the programs deprive your machine of 1) your disk space, 2) bandwidth and 3) privacy.

How did they get there?
That is a good question. The answer really has not changed all that much over the past few years. Some get there simply by going to a web site or opening a piece of SPAM. Others rely on your help. That’s right, you will be presented with a license agreement, you know, the one your just press next until the software loads. Buried in the license agreement there are things like you giving them permission to install software on your system, collect data or in one case, send the program or a link to the program to everyone in your email address book (remember 'FriendGreeting' and its derivatives?). Still others will ask for simple permission. This is often done in the form of the trust connection. You are presented with a screen that allows you the option of a download. It says do you want to install and run the program in question. You can tell it yes or no, usually with the option of trusting the site in the future. If you check that box, they can do whatever they want to. Other programs use another approach. You get a program that, for example, keeps track of the logins for your web sites. That is all it does. You say ok to the license. Later, you get an email or a pop-up saying the license has changed. At that point you are busy, so you just click ok. In doing so, you have given them permission to install what they want. Many of the popular music / video / file sharing software packages do just that. Still others, including many Internet Relay chat clients and so called “Adult” content emails being opened or viewed can result in malicious code being pushed to and installed on your PC without your knowledge, while you are connected.

Critical Problem?
Where does it become a critical problem. Well, if you get a system that is infected, you may start having problems with not only your system, but with your enterprise network. In many cases, as you might expect, this software does not play fair. The end result is that the software tries to spread itself to other and begins to use all of the bandwidth you have on your enterprise for that purpose. If you have unprotected ‘everyone’ shares, the software can even propagate itself to others on your network, much like a virus or Trojan and then they start transmitting too. In the worse case scenario, you may receive communication from your ISP indicating that an address within your enterprise has a problem and unless you solve it, they will discontinue services. AT&T, Qwest, the RBOC (Regional Bell Operating Companies) and others follow this practice now.

What Can I Do About The Problem?
The problem of Malware and Scum-ware is best solved through a variety of means just as an infection in the human body may take more than one type of medication. Products like SpyBot Search and Destroy and Ad-Aware are very popular because they are either no cost or accept donations. If you run both on the same system, you are likely to have different results. This has led many people to run both on a system. WinPatrol is also used by many to see what is running and what it does. As of this time, we have not seen any one commercial product that will do all that each of these individual software products is capable. So a layered approach may well be the best solution for now.

Where Can I Find Out More?
There are many sites on the web that give some very good information on Malware and on removers for Malware and associated components. You can check out information on both SpyBot Search and Destroy and Ad-Aware. As I mentioned in a previous article, this is not an endorsement, you can find a rather inclusive list of malware and the associated threats associated with programs that people use and download everyday at by going to the following URL, http://www.cexx.org/adware.htm. In addition, the link for programs that remove these programs can be found at http://www.cexx.org/noadware.htm. You can also find lots of information by using your favorite search engine and searching for Malware. Once you have removed the pariah from your system, make sure you run the program you are using to detect these programs at least once a week, if not daily and check frequently for updates. You will be amazed at the speed increase you will see without all this junk clogging your machine's performance! If you have questions or comments about this article, contact me (JohnBoline@hagerman.com).


All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, CNE, USE and a member of the Network Professional Association. The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Entire contents © 2004 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden.