‘No pictures in this article: If you miss them, just imagine them into it. There are ads though; so do click and buy to your heart’s content.

Having been fighting malware all weekend; which pissed me off no end as I was trying to concentrate on Izeafest, chat in the Izeafest chatroom, and clean a computer, all at once (I’ve incidentally now eradicated the malware.) I thought it fitting to write something about it: -

Recently…

You see, I was infected by three very nasty bits of malware: -

Win32.Backdoor.Poison, which will open up remote access to the user’s computer. Welcome to the botnet.

Win32.TrojanPWSAgent, which is a keylogger which records keystrokes and passwords, transmitting them to a remote server.

and a generic W32.worm that spammed my contacts lists.

Fortunately I had my email program open at the time I was infected, and realised that something was wrong when a load of message undeliverable emails started to appear in my inbox. (My contacts list is cluttered with many no-longer-used email addresses from years ago.) I opened a couple of these, which made it clear that my comp was sending out spam emails: They contained a random passage from a book followed by a line along the lines of “Give her more pleasure…”.

That was an indication that I’d been infected by something. My antivirus (Avast!) hadn’t noticed it though; which was strange, as it usually gives false-positives rather than missing anything. A full-scan by Malwarebytes showed that not even Malwarebytes could see any problem either. Lavasoft’s Ad-Aware to the rescue: It found and quarantined the three pieces of malware listed above after a scan. Avast! also found the W32 Generic worm; but by the time it had finished scanning it was already dealt with.

Was there an upshot from being infected by these viruses? In this case I don’t think so. During the short amount of time the comp was infected whilst online I hardly used the keyboard at all, and I definitely didn’t enter any passwords in that period either, nor afterwards until the machine was clean. (I watched Izeafest on the other comp; the 64-bit Windows 7 comp. (Interestingly, Safari crashed twice in 64-bit Windows 7 that weekend. I used Safari to watch as it has a larger viewing area than FireFox, IE8, and K-Meleon: The other browsers I have installed.)) I don’t think the botnet server actually connected before the malware was eliminated.

Did that 64-bit comp get infected? Yes; kind of: Each comp backs itself up onto the other via the LAN at an appointed time. The infected file; which I’ll tell you more about later, was copied over, but it didn’t activate on the 64-bit comp as soon as it did on the 32-bit comp. – For reason’s I’m unclear on. – Therefore the 64-bit comp had the malware dropper package installed, but it hadn’t activated yet. AdAware found and quarantined the malware package.

Get on with it

I’ll be getting to the point in a minute. First I want to warn you about free Ebooks on Facebook that are distributed by users: Unfortunately free (ancient) Ebooks aren’t all you get; there’s a hidden bonus in one of the files: A dropper, which activates after a certain length of time and infects your machine as it did mine.

I’ve reported the group; although the Facebook reporting system appears to intentionally avoid any method of easily reporting a malware-distributor, for whatever reason. If you’ve joined this group yourself, and have downloaded the free-Ebooks zip file, then I suggest that you scan it with AdAware immediately, whether or not you’ve unzipped it. If you’ve distributed any Ebooks from it then you’re unknowingly aiding in the spread of malware.

That was a long introduction. if you’re still awake, then let’s get into the main point of this post: -

The Main Point:

Notice that the malware’s names all have the prefix Win32 or W32. That means that it’s a 32-bit virus that targets Windows.

“So if I have a 64-bit version of Windows it won’t be targeted, right?”

Wrong: In the same way that it’s easily possible to run 32-bit Windows applications in a 64-bit Windows environment, so its possible for 32-bit malware to execute in a 64-bit environment as far as it goes with Windows. In short the backwards-compatibility of a 64-bit Windows operating system is its downfall, as well as being very handy.

“Why, then, didn’t the malware execute in 64-bit Windows 7, in the case above, at the same time as it activated in 32-bit Windows XP?”

‘Good question. I’m not sure. Possibly it might have something to do with the extra security of Windows 7? If it had attempted to execute in Windows 7 then a prompt would have appeared asking me whether I wanted to allow the process to run anyway. – But it didn’t; so I am as foxed as you are on this one.

Ramble

Finally then; although 64-bit is no more secure than 32-bit against 32-bit malware in itself, it’s still a better idea to install the 64-bit version of Windows 7 on your system if possible. The only thing that should stop you doing so is the fact that your motherboard isn’t 64-bit compatible and/or is running a 32-bit processor. Other than in such a case it would be advantageous to install the 64-bit version.

“Why? – You just said it makes no difference as far as malware is concerned.”

Indeed I did; but it makes a lot of difference as far as the amount of RAM you can use is concerned: A 32-bit operating system can use up to 4GB RAM. Whilst 4 GB RAM is currently enough for most people in general; and is totally adequate for running Windows 7 alone, there are, nevertheless, applications such as games and professional-quality imaging programs, that would thank you for the extra RAM above 4GB by working better, more efficiently, and faster.

In the future at some point, as all apps become more sophisticated, they’ll also become more memory-hungry, and 4GB will become an insubstantial amount of RAM to run them efficiently.

Ten years ago, in the era of Windows 98 dominance, it was common to have 32MB PC100 RAM in a computer. – And that was considered standard. (Yes, in the days of the Socket 7 32-bit single-cored processors, when AGP graphics cards were plentiful and still just about the norm. – When an upgrade from the 4 or 8MB onboard graphics to a 16MB AGP graphics card was considered to be a big thing.) These days you could hardly run an operating system alone with only 32MB RAM. 8MB graphics will just about display the screen in XP. – Badly.

Ten years from now it’ll be the norm to have a 64-bit operating system with 32GBs (Gigabytes, rather than megabytes.) or more of (DDR5?) RAM, and at least 1GB graphics capability. – You wait and see.

Your thoughts? – Please do comment.