Questions tagged [malware]

Malware is any software application which subverts the will of the legitimate owner of a computer, by means of force or subterfuge, with or without personal or monetary gain on the part of the creator.

"Malware" is a portmanteau of "malicious" and "software"

Common forms of malware include:

Botnet clients, which grant the malware author some degree of control over the compromised operating system and are generally employed in sending spam e-mail and may be rented out to perform DDoS attacks.
Data exfiltrators, which collect and transmit data about the computer they reside on back to the creator. These are commonly used to target login and account details for financial, social networking, and gaming websites.
Rogue Utility Applications, which attempt to use scare tactics in order to entice the computer's user to purchase the "full version" of the Rogue Utility.
Adware, which causes advertisements to appear on the user's desktop, in webpages, or elsewhere.
Rootkits, which attempt to conceal the presence of both the root kit and (usually) an accompanying piece of malware from another category from standard system tools and diagnostic utilities.

324 questions

votes

8 answers

A previous IT worker probably left some backdoors. How can I eliminate them?

I started working for a company that fired a previous IT worker for leaking data. I can only say the following things: We use a Firebird DB with an application written by another company, Proxmox, for virtualization of Windows Server 2008 R2, SQL…

asked Jan 25 '17 at 09:00

user2265690

votes

3 answers

Unusual HEAD requests to nonsense URLs from Chrome

I have noticed unusual traffic coming from my workstation the last couple of days. I am seeing HEAD requests sent to random character URLs, usually three or four within a second, and they appear to be coming from my Chrome browser. The requests…

http malware chrome

asked Feb 14 '11 at 14:58

JeremyDWill

votes

8 answers

Are zipped EXE files harmless for Linux servers?

I ran a malware scanner on my site, and it marked a bunch of zipped EXE files as potential risk files (these files got uploaded by users). Since I'm able to uncompress the files on my Mac I assume these are real ZIP files and not just something like…

security anti-virus malware

asked Dec 22 '16 at 08:49

Xavin

votes

3 answers

Why are NginX and Lighttpd not affected by Slowloris?

I am investigating the vulnerability to Slowloris and I think I understand how and why this sort of attack works. What I don't understand is why Lighttpd and NginX are not affected (according to the same article as linked above). What do they make…

apache-2.2 web-server lighttpd denial-of-service malware

asked Jun 17 '11 at 16:13

The Shurrican

2,230
7
39
58

votes

7 answers

What are the pros/cons of blocking a program from running in %appdata%, %temp%, etc.?

While researching ways to prevent CryptoLocker, I saw a forum post that advised using Group Policy Objects (GPO) and/or antivirus software to block run access in the following locations: %appdata% %localappdata% %temp% %UserProfile% Compressed…

windows security malware

asked Feb 11 '14 at 14:37

poke

1,079
4
11
21

votes

4 answers

How do I deal with the removal/eradication of an unknown worm on our network?

TL;DR I'm pretty sure our small network has been infected by some sort of worm/virus. It seems to only be afflicting our Windows XP machines, however. Windows 7 machines and Linux (well, yea) computers seem to be unaffected. Anti-virus scans are…

windows windows-server-2003 security network-monitoring malware

asked Dec 09 '11 at 20:25

Mr. Shickadance

votes

13 answers

Make browsing safe for porn surfers

At several places I've done some work at, I have a suspicion that some of the executives browse porn on their work computers. It appears this porn surfing has lead to virus infections on their computers despite the presence of an anti-virus. …

malware

asked Jul 29 '09 at 18:50

Brett G

2,023
1
27
45

votes

3 answers

Postfix sending and receiving the same e-mail every 5 minutes for 4+ months

Back in June I sent myself the EICAR test signature to make sure my postfix/amavis/spamassassin etc setup was working properly. I didn't notice at the time, but this somehow created a tear in the space-time continuum or something whereby every 5…

email postfix malware amavis

asked Oct 07 '11 at 07:45

James Carppe

votes

5 answers

Prevent execution of Windows executables

Is there any way to tell Windows (XP and above) not to execute files (*.exe files), which are present in drives/folders other than certain folders, that I mention? In short I want executables from only a 'whitelist' to be executed. I think this is…

windows security malware

asked Jun 14 '09 at 09:38

mohan

votes

5 answers

how to find out what created a file?

I have some virus files being randomly created on root of a c: disk of one of my servers. How can I find out what created it? Some 3rd party software maybe?

windows malware rootkit

asked Jun 05 '09 at 17:14

Boris Vezmar

votes

3 answers

Windows 2012 R2 - Search for Files using MD5 Hash?

My organization recently discovered malware that was sent to some users via email that managed to get past our email security in a sophisticated, targeted attack. The names of the files vary from user to user but we have collected a list of the…

windows malware search hash md5

asked Jan 27 '17 at 17:55

Brandon Wetter

votes

6 answers

What is the best way to find Conficker infected PCs in company networks remotely?

What is the best way remotely to find Conficker infected PCs in company/ISP networks?

networking security malware

asked May 08 '09 at 12:35

Kazimieras Aliulis

2,324
2
26
45

votes

4 answers

Updating Malware cleaning skills

I have seen some sites offering 'Malware University', training classes on getting rid of malware. Do you think that updating your malware removal skills (or arsenal) is necessary from time to time? How do you become more effective at dealing with…

security anti-virus malware

asked Jun 17 '09 at 22:49

Terry

1,073
1
11
17

votes

1 answer

Is it possible to hide a malicious alias in Bash on Linux?

Is it possible to conceal the existence of a malicious alias in Bash on a Linux system and have it executed by the user without their knowledge?

linux security bash alias malware

asked Oct 23 '09 at 02:31

Dennis Williamson

60,515
14
113
148

votes

3 answers

Can "wannacrypt" (wcrypt) spread via Linux server serving over SMB?

Is it possible, or will this only spread via a Windows machine serving over SMB? If Linux serving over SMB can spread wannacrypt, what's the approach to take?

linux server-message-block malware smbfs

asked May 13 '17 at 07:19

fredrik

2 3

…

21 22 Next