8 Common types of malware explained in plain English

Published by Stephen Cooper on February 21, 2018 in Antivirus

Computer virus

 

Malicious software, better known as “malware” is a category of computer program that is designed to run for the benefit of those other than the owner of the computer that hosts it. Although many types of malware cause harm, the destruction of data or the inconvenience caused to the computer owner is not the defining feature of malware.

In many cases, you may not even realize that your computer has been infected by malware. You may just notice occasional odd behavior in your computer, but ignore it. When your computer starts acting strangely, you could be the target of monitoring or manipulation.

Malware uses up the processing power of your computer, accesses your internet connection, and aids hackers to make money or cause havoc.

In order to deal with malware, you need to know the different types of malicious software that can get onto your computer. This article will explain the different categories of malware, how they operate, and how you can protect yourself from them.

Virus

The virus is the best known form of malware. Originally, this category was the only form of malware. It was only when the classification of malicious software became better defined that the term “malware” came into common usage instead of “virus.” Nowadays, the distinctive feature of a virus is that it is able to replicate itself to spread, and it usually attaches itself to another, commonly used, legitimate program that acts as its On switch.

The associated file also acts as a transport mechanism. If a virus attaches to a music file, whenever that file is copied onto a disk, memory card, or USB stick, the virus goes with it. The virus will also accompany the infected file when it is transferred over the internet.

The most common form of virus infection is through illegal copyingThis is because commercial distributors of entertainment and software ensure that their systems are virus free. Private individuals are not as thorough.

The best way to avoid infection by viruses is to install an antivirus systemMany operating systems now come with a free antivirus solution included. Commercial antivirus apps rely on a database of characteristics that’s constantly updated by the producers of the software.

This research and update function is part of the value of the antivirus program, so you should make sure that you keep your system up to date.You can get a list of the best antivirus programs to try on the Comparitech Best Antivirus 2018 page.

Most antivirus programs will run constantly in the background and identify viruses when they get onto your device. They will also periodically search through your processor and files for viruses. Antivirus programs can use up a lot of processing power and it can be annoying when the system sweep starts unannounced, in the middle of an important task. Automatic updates can also slow down your device.

It is tempting to change the settings of your antivirus to turn off these automated processes — both updates and sweeps can be commanded manually. However, many users forget to launch the update process or keep putting off system scans to prevent the computer from being slowed down. Postponing updates and scans reduces the value and effectiveness of antivirus software.

Related: 10 free virus and malware removal tools

Worm

Worms are very similar to viruses. Originally, the distinction between a virus and a worm was that the virus was spread on physical media, such as a bootable disk, and the worm was delivered over the internet.

The distinction between worms and viruses now includes their operating methods. Whereas a virus attaches itself to another program, the worm is an independent process.

This malware will create a background process, which means that it is not reliant on the user accessing a particular file. A worm infects a network rather than just an individual computer because it communicates with other devices associated with the computer is has already infected. This strategy is the worm’s breeding mechanism.

The network that the worm infects does not have to be a private company network. It can also infect a network of friends. Infected emails are often sent out by worms. The worm infects one computer or email account, accesses that person’s contacts list, and uses the email program to send out copies of itself, thus spreading. Worm distributors also acquire lists of email addresses and set up bulk email deliveries to send out the worm to those people. The worm is always hidden as an attachment to emails.

Antivirus systems can trap worms. If you have your anti-malware program running all the time, it will detect harmful email attachments and issue an alert when you try to download them. Worms spread through emails because their original method of transmission has been blocked off by firewalls.

Originally, worms could search for records of contact over the internet, get a list of target addresses, and then send out infected messages directly to those computers. However, firewalls block unsolicited incoming connections. Install a firewall and keep it turned on to prevent worms reverting to their original method of invading your computer.

Employ skepticism to protect yourself from worms. Never download an attachment from an email that was sent by someone you don’t know, even if the source of the mail sounds like a credible organization. Don’t get duped by enticing descriptions of attachment contents. If you didn’t request information, and if you don’t know the sender personally, don’t access the attachment.

If an email from a friend seems a little too salesy, or if the subject of the mail seems unlike the usual interests of that person, check with that friend exactly what the attachment is about before downloading it.

Related: How identify and avoid email scams

Trojan

The Trojan horse is the third delivery system for malware. This is the biggest method for malware delivery today. The reason that Trojans are eclipsing viruses and worms is because the characteristics of a Trojan overlap a little with those of its rival mechanisms.

The Trojan advertises itself as a useful program. This might be a file space cleaner, or a utility that speeds up your computer. Sometimes, you really do get the useful tool and it may work very well. However, in the cases where the offered software does really exist, the Trojan is installed along with the desired program through an installer wizard without your knowledge.

The Trojan is just a delivery system. The real harm comes from what is known as the “payload.” Given the hard work that goes into creating these programs, few hackers just give their Trojans one piece of malware to introduce. It is more common that the Trojan installs a “back door.”

The back door is designed to get around firewalls. Remember, the firewall will block unsolicited incoming connections. However, it will allow through responses to outgoing requests. The back door works in exactly the same way as automatic update processes that all the major software houses employ. A background process runs all the time and periodically checks for instructions. Those instructions may include new malware to download.

The best way to avoid Trojans is to think twice before downloading a new program, particularly if your anti-malware system warns you against it. Be particularly careful of downloading software through BitTorrent networks and avoid anything on a torrent download if it is packed in a zip file. Although zip files speed up the transfer process, they can also hide malware from anti-malware protection systems until it is too late.

Only download software that has been recommended. Check out user reviews to see whether anyone reports getting malware by downloading the app that you are interested in. Above all, ask yourself how the software house that created the utility makes money if it gives away the fruits of its efforts.

Rootkit

A rootkit is like a security system for malware. This category of software is not specifically designed to cause damage. Instead, it is meant as a way to protect other malware on your computer. Rootkits get right down into your computer’s operating system and acquire escalated privileges, such as admin rights.

A rootkit can rename processes to disguise running malware as regular programs. It can also restart malicious programs if you or a utility kills one off. Although the rootkit resides in the operating system, it may coordinate browser hijacking systems to prevent you from searching the web for a solution to the symptoms your computer is displaying. It can also redirect you away from the websites of anti-malware producers.

Rootkits can be so successful at defending themselves and their associated malware that sometimes, the only way to get rid of one is to reinstall the operating system. If you are faced with getting rid of a rootkit virus, take a look at The best free rootkit removal, detection and scanner programs.

Spyware

The purpose of spyware is to steal your data and report on your activities. There are many different types of spyware programs and they don’t just infect computers, phones, and tablets.

One type of spyware, called a RAM scraper, specializes in infecting electronic point of sales devices, which means store cash registers. The RAM scraper harvests the payment details of customers as it rests fleetingly in the storage of the machine.

Spyware targeted at the general public is particularly interested in login credentials and financial data.

Keyloggers record every keystroke made on a computer. Online banking login procedures try to defeat these processes by demanding random elements of information. This is because the keylogger does not record what is shown on the screen — just the buttons pressed on the keyboard. So rather than asking you for your PIN, the login screen will ask for the third number of your PIN. The position of the number asked for will change with each log in attempt and this demand is also joined by a request for a specifically positioned letter in a second password. Onscreen keyboards also defeat keyloggers.

Other purposes of spyware are to gather identifying information about your computer and internet connection. This information includes your browser type and your IP address. The spyware will track your activities, logging the web pages that you visit, and it is often used to direct adware.

See also: How to remove spyware

Adware

Adware takes several different forms, but it usually operates through your browser or network settings. The purpose of adware is to make you look at an advert that earns the controlling hacker money.

Adware can be implemented by redirecting your web visits to pages other than the one you thought you were going to. You may arrive at the page you expected, but the adware has injected its own ads into the code of the page.

Another technique involves hijacking your browser settings to add on unwanted toolbars, alter your default search engine, and change you New Tab page.

Be careful to check the DNS proxy settings in your browser because some adware systems redirect your traffic selectively using these two techniques. By this method, the adware can tack on affiliate codes to the web addresses of the online stores that you visit. That way, a hacker makes a percentage on everything you buy online without you realizing.

Ransomware

Ransomware grabs a lot of headlines. It is frightening and so makes good copy for international news agencies. In a ransomware attack, a virus encrypts all of the files on your computer. Nothing is stolen or damaged, but everything on your computer is locked away and you can’t accesses it again without the cipher key.

The creation of Bitcoin greatly aided hackers and enabled this form of attack. Cryptocurrencies afford pseudo-anonymity, so hackers can demand a ransom to be paid in Bitcoin. They can’t be traced by law enforcement agencies following the money to a bank account if they successful switch currencies to leave the trail cold.

Ransomware attacks spread quickly. The encryption systems that implement them are usually delivered by Trojans and worms. The WannaCry ransomware epidemic of 2017 drew a particularly large amount of press.

The media attention given to this type of malware has spawned a digital form of the protection racket. In this scenario a company is delivered a ransom demand before any attack occurs. This is a warning and gives the company the opportunity to pay to prevent the attack occurring. More often than not, this is a scam run by chancers. The attacks never occur whether or not the victim pays up. However, enough companies decide to pay just in case and those few make the racket profitable.

Con artists don’t even need any technical skills in order to launch an attack thanks to “ransomware as a service.” The Cerber ransomware can be hired, with the malware’s creators taking a 40 percent cut of the income of the attack.

See also: How to prevent and remove ransomware

Botware

Botware is controlling software that gives a hacker access to your computer and its resources. The purpose of botware is to make your computer into a “zombie” and an element in a “botnet.” Botnets are used to launch distributed denial-of-service attacks, which are better known as “DDoS.”

In a DDoS attack, web servers or the internet-connected devices of individuals become overwhelmed by connection requests.

The messages that flood a computer in a DDoS attack come from tens of thousands, or even hundreds of thousands of computers around the world. The hacker that commands these attacks doesn’t own any of the computers that take part. Instead, participants in the attack are regular residential computer owners like you.

You probably wouldn’t even notice your computer taking part in a DDoS attack. This is because the contribution of each computer in the botnet can amount to just one short message sent over your internet connection.

Cryptocurrency botnets are a different matter. Mining cryptocurrencies has become big business. However, the blockchain formula that controls these currencies makes the generation of new tokens an expensive and time consuming task. The cost of electricity for the computers that run the coin mining operations particularly erodes the profitability of the enterprise. Hackers have found a way around that problem by using botnets for mining.

If your computer has been enslaved into a cryptocurrency botnet, you will notice. Your computer’s CPU will be running constantly and the fan will run for longer than usual. You will also notice your home’s electricity bill shoots up.

Malware Protection

The main defenses against malware are the same whether you are worried about adware, spyware, viruses, or ransomware.

  • Be cautious about where you copy files from and do some research before you download a free utility.
  • Don’t download software or zip files from P2P systems and try to avoid being over-eager to get a program for free.
  • As an antimalware minimum, make sure you turn on the antivirus and firewall programs that are available with your operating system.
  • Let those programs run from start up and allow them to scan and update automatically. Even if you don’t like these utilities, these services will buy you time while you investigate alternative antimalware systems available on the market.

As a rule, never download attachments from emails. If you receive an email from a company in response to your request for information, then that file should be safe to download. However, you should always be cautious of PDF files and Flash videos even if they have been sent to you by a friend.

Malware is evolving and new types of attacks seem to spring up every year. Use antimalware software and common sense to ensure that you don’t get infected.

Image: Virus informatique by Luc Alquier licensed under GFDL

Leave a Reply

Your email address will not be published. Required fields are marked *