External Malware

External Malware

Spam is a nuisance, but it isn’t a security risk like sniffers and scanners. Sniffers and scanners are two types of programs that allow hackers to find vulnerabilities and steal data.


External Malware: Sniffers, Spam and Scanners

We’ve covered several different malware types, but external malware covers several miscellaneous programs that can cause serious issues for users and businesses. Sniffers, spam and scanners are the last three malware types that are a nuisance for security teams and even individuals. Sniffers and scanners are more malicious than spam, so we’ll focus mainly on these two malware applications.


A Brief Background for External Malware

Email Icon

Anyone with an email address is aware of spam. Spam emails became so bad that email hosts had to implement spam blocking techniques. Spam messages are now sent to a spam folder where any mistaken emails can be redirected to the user’s inbox. Some email hosts even block spam altogether, and the user never sees it. The aggressive attempts to block spam are from the billions of messages that get sent every year in an attempt to trick users into purchasing product or downloading malicious software.

Spam is a nuisance, but it isn’t a security risk like sniffers and scanners. Sniffers and scanners are two types of programs that allow hackers to find vulnerabilities and steal data.

Sniffers and scanners were first used to help network administrators find performance issues or problems on their corporate network. Just like any other legitimate application that finds vulnerabilities, scanners and sniffers can also be used with malicious intent.


What Do Scanners, Spam and Sniffers Do?

Spying Icon

Let’s first focus on scanners. A scanner is a program that searches a PC for open ports. Ports are virtual connections to a computer. For instance, when you access a website server, you open a link on port 80. A computer has over 65,000 virtual ports available. Some are standards for certain programs, and others are freely open as alternatives or for other customer programs. A scanner looks at each port and determines if it’s open. A firewall closes some ports to block scanners and vulnerabilities, but some computer users leave ports open that shouldn’t be. This tells the hacker that he can run attack attempts on specific ports using specific programs.

Sniffers are probably the most malicious of these three malware types. Sniffers capture data from the network or even the Internet. This is where connecting to a website using HTTPS is important. When you connect to a web server with HTTP, all data sent from your computer to the web server is sent in plain text. If a hacker shares a cable with your computer, a sniffer captures this data as it passes to the web server. It also captures the response from the web server.

As you can guess, this could be a serious privacy issue. The hacker gets access to any data that isn’t protected including user names and passwords. If you use HTTPS, the connection and data are encrypted. The hacker can still sniff your information, but the data is encrypted and unreadable. For this reason, it’s standard for any website to use HTTPS (SSL) on a web server that requires users to transfer sensitive information.

Sniffers are almost as bad as keyloggers, since they give hackers access to any amount of information as long as the sniffer captures data as you communicate.

The final malware, spam, is more of an annoyance than malware. Spam can be used to spread viruses, but they are not destructive themselves other than taking massive amounts of bandwidth. Spam is more of an administrative issue since companies spend millions of dollars combating spam and blocking it to preserve bandwidth. Spam takes hard drive space, network resources, and administrative issues when users fall for spam tactics.


How to Avoid Scanners, Spam and Sniffers

First, let’s focus on avoiding spam. You can’t really avoid spam. As soon as a spammer picks up your email, you start receiving spam. The best way to avoid spam is to use a service that has aggressive anti-spam techniques. If you think about your work email, you probably get very few spam emails. Most corporations use very aggressive anti-spam techniques to stop email from reaching your inbox. Free email hosts also have anti-spam techniques that send spam emails to a spam inbox.

Firewall Icon

The next two malware threats aren’t easily avoided. A scanner can be avoided by using a good router on your network. Home networks have a router by default. Cable and DSL providers provide users with a router that connects to the ISP’s internal network. Users can add an extra router for added security, but most routers block scanners from entering the internal network.

An additional way to avoid scanners is to keep firewall software updated and running on the computer. Firewalls actively block port scanners from accessing ports that should be closed on the computer. If the port is needed, it can’t be blocked without affecting applications that use the specific port. The only way to defend against a scanner is to ensure that firewall and antivirus software are running properly.

Finally, sniffers can’t be avoided either, but users can take steps to secure their data. When connecting to a website that hosts sensitive data, always use the HTTPS protocol. Any time a user name and password is required, ensure that HTTPS is in the host address. Some websites use encryption even if sensitive data isn’t passed, and this improves user protection against sniffers.


Removing Scanners, Spam and Sniffers from a Computer

While user can’t remove a sniffer, scanner or even spam, they can still take steps to ensure that these programs can’t cause issues in the future.

Sniffers are third party programs that don’t actually infect a computer, but they can be used to steal passwords. Spam is a primary vector for malware, so it can lead to future malware infection. Finally, scanners make a computer most vulnerable to attacks. If an open port is exploited, the hacker can do any number of malicious changes to the computer.

Always keep firewall software active, especially if you have a home computer. Keep antivirus active and keep definition files updated. If any vulnerabilities are found, antivirus software stops the infection from becoming a problem without the user’s knowledge.

© Solvusoft Corporation 2011-2023. All Rights Reserved.