Desk with laptop and computer monitor with a malware alert on each screen

Malware

You’ve no doubt heard the term before, but do you know what it means?

Malware is short for malicious software and in its most general form can be considered computer code that was created with the explicit purpose to damage, disrupt, steal, or otherwise cause harm to a computer or network without the knowledge or consent of the owner.

The first examples of malware were created as pranks and experiments, but the malware industry has long since expanded and is now almost exclusively the domain of bad actors and nation-states.   Malware poses a great risk to computer users as the different forms of malware can be used to harvest your personal information such as your bank passwords and login information and your social media account login credentials.  Malware is often used to spy on your behavior and activities online, and it is not uncommon for a third party to be following you around the internet and seeing what you are doing and whom you are talking to.  A popular form of malware will interject advertising on your computer and the websites you visit, and this form off attack has drifted away from the incessant pop-ups of old to being indistinguishable from the ads that you typically see everywhere else on the internet.  Some forms of malware can infect your computer and use it to send spam email without your knowledge.  The newest form of malware is the most insidious and poses the greatest threat to end users – it infects your computer and encrypts all of your data and holds it for ransom until you pay a few hundred dollars.

Growth and Impact

These behaviors have tremendous economic and intelligence incentives and as such, we have seen the growth of malware explode recently.

Within the last ten years, the growth of total malware has exploded.  AV-Test, an independent IT-security institute registers over 390,000 new malicious programs every day!  All of these new forms of malware have a tremendous economic impact as businesses must invest to harden their security measures and users must be educated in secure computing practices, not to mention the costs and productivity losses should someone become infected.  Let’s put the economic impact of malware into context:

Economic Impact of Malware



Source: InfoSec Institute: http://resources.infosecinstitute.com/2013-impact-cybercrime/

According to a study done by the InfoSec Institute for 2013, businesses experienced an average of 122 successful attacks per week and it took businesses an average of 32 days to resolve the issue.  The average cost for these attacks was $32,469 per day!  These costs get passed on to you, the consumer at the end of the day.

While these statistics are indeed alarming, they do nothing to measure the impact of lost family photos, a hijacked Facebook account, or a stolen bank account to your life.  These events would have a profound impact on your life and that is why understanding, preventing, and knowing how to remove malware is so important.

Illustration of burgler in front of laptop installing malware

Attackers are out there. Protect yourself

After you finish reading this article and understand malware in its different forms, please visit my pages containing information on secure computing habits, how to prevent malware, and how to remove malware should you become infected:

  • Secure Computing Habits
  • How to Prevent Malware
  • How to Remove Malware

Types of Malware

There are many different forms of malware and it is important that you understand what each of them are and what they are capable of.  You will notice that many of these types of malware are named after something in the real-world that describes their behavior.  Let’s begin by taking a look at the types of malware that you are probably most familiar with: the self-replicating kind.

Virus

Similar to its biological counterpart, a computer virus is a type of malware that propagates by inserting a copy of itself into, and thus becoming, part of another computer program.  The virus then spreads from one computer to another, leaving a trail of infected computers in its wake.  Almost all viruses attach themselves to some type of executable file, which means that it is possible for the virus to exist on your machine in a dormant state until the infected file is opened.  Once the host code is ran, the virus code is ran as well and the machine becomes infected.  Most computer viruses also work much like their biological counterparts in that they don’t usually want to destroy the host, but they want to keep it working so that it can continue to spread.  Computer viruses spread when the infected software or document that they are attached to is shared with another computer.

While early viruses were oftentimes destructive and earned them the widespread recognition and nefarious reputation they now enjoy, most viruses nowadays are more likely to steal your personal information or be used in a Distributed Denial of Service (DDoS) attack against a website.  Be aware however that a computer virus can deliver almost any kind of payload, and is often used as a way to inject other forms of malware onto a computer.

Types of Viruses

This type of virus typically infects program files such as .exe, .bat, and .com. This type of virus will stay in memory and try to infect all of the programs that load into memory.
This type of virus infects files used by programs that can run macros. The most common examples would be Microsoft Word, Excel, and PowerPoint files.
This type of virus resides in memory and copies itself to the first sector of a storage device which is used for partition tables or operating system loading programs. This allows the virus to gain a hold of the system at a low enough level that the protections implemented once the operating system has loaded are typically ineffectual.
This type of virus infects the boot sector of the hard drive and also resides in memory. As soon as the computer starts up, it gets infected from the boot sector of the hard drive. This type of virus is incredibly difficult to remove once in place.
This type of virus is a combination of a boot sector virus and the program/file viruses mentioned earlier. These viruses infect program files, and once the infected program file is opened, they will infect the boot record. Once you boot the computer the next time, the virus from the boot record loads into memory and can begin infecting other files, etc.
This type of virus can encrypt its code in different ways so that it appears differently in each infected computer. These viruses do this to avoid detection by antivirus software.
This type of virus uses several different techniques to avoid detection by antivirus software. Stealth viruses will usually redirect the disk head to read another sector of the hard drive instead of the one in which they reside, or they might alter the reading of the infected file’s size that is shown in the directory listing so that nothing appears amiss.

Trojans

Named after the famed wooden horse that the Greeks used to infiltrate Troy, a Trojan is a harmful piece of software that appears to be a legitimate application.  Users are usually tricked into loading Trojans onto their computer.  Unlike viruses, Trojans do not replicate themselves but instead must spread through some form of user interaction such as the opening of an email attachment or downloading a file from the internet.

Trojans typically open up a backdoor on your computer to give the attacker access to the machine.  The attacker will then either load additional malware so that they can steal your data (such as your social media login information or your bank account information) or instruct the machine to become part of the attacker’s botnet.

Types of Trojans

Also known as RATs, remote access Trojans derive from remote access tools. Remote access tools are a legitimate application used by system administrators (and others) to remotely access a computer. The key differentiator is that remote access Trojans are installed without the user’s knowledge or consent. It is best to think of these as backdoors into your system, and can be used by nefarious individuals to send files from the host computer back to the attacker, log the user’s keystrokes, take screengrabs, or turn on the user’s webcam without their knowledge.
Data sending Trojans are typically used for advertising purposes, but they can also be used for data theft from a user’s computer. As the name suggests, these types of Trojans take information from your computer and send it back to the attacker. This type of information varies from your browsing habits (to better serve ads to you), to actual files on your computer.
Destructive Trojans are just that – destructive. Once one of these Trojans has been installed on a computer, it will begin to either systematically or randomly delete information from your computer. These types of Trojans can delete files, entire folders, registry entries, and important system files.
Attackers need to be able to hide themselves and mask their identity in order to evade detection, and they will sometimes use a proxy Trojan to do so. Once a proxy Trojan has been installed on your computer, the attacker then uses that to access the internet through your machine. Therefore, any action that the attacker takes is registered as coming from your computer!
Once an FTP Trojan has been installed on your computer, it acts like an FTP server. This allows the attacker to download any program or file from your computer, or upload any program or file to your computer. This type of Trojan is commonly used to upload other forms of malware onto your machine and can lead to a flood of infection.

Worms

Similar to computer viruses, worms don’t require the user to open an infected file or program to infect a computer. Worms are standalone software that simply replicate functional copies of themselves. In order for a worm to spread, they must either exploit a vulnerability on the users’ computer or use some form of social engineering trick to get users to open them. Worms spread on their own by taking advantage of file-transport or information-transport features on the infected computer. The only purpose of a worm is to reproduce itself again and again.

It is important to remember that worms can spread on their own whereas viruses need interaction on the part of the user to infect the machine. Worms will oftentimes spread by going through an infected machines contact list and sending mass emails with infected attachments. While not as common as they once were, worms are incredibly difficult to remove from a network, but they are relatively easy to remove from an infected computer.

Spyware

As its name implies, spyware is a form of malware that spy’s on a users’ activity without their knowledge. Spyware can not only monitor the activities of the user, but can also collect and log their keystrokes, and can harvest the users’ data (social media account login information, bank account information, etc.). Many newer forms of spyware can also modify the settings and configuration of security software or browsers to protect themselves from discovery and deletion.

Spyware can infect a computer by exploiting a vulnerability in a program on the user’s computer, or by bundling themselves with the installers of legitimate programs (don’t ever download anything from Download.com!!!), or in Trojans. Spyware is often the payload of one of the other infecting agents (virus, Trojan, etc.).

Adware

Adware, or advertising supported software, was not always a bad thing. In the early days, it simply meant that software was either free or discounted in exchange for showing the user advertisements. It didn’t take long however for this to become a problem. Adware has since transitioned into displaying pop-up ads on websites or within software itself. It is quite common to find adware in the free versions of products that have a paid version as well. Software makers and nefarious actors use this as a revenue generating tool.

While generating ads might seem harmless to some, it is not uncommon for adware to also bundle spyware with it. Oftentimes, adware will base the ads it displays to users based upon the information gleamed from spyware!

Bot

You have likely heard the term “bot” before, and your understanding might not be accurate. Initially, bots weren’t harmful per se, but were programs designed to automatically perform specific operations. Some of these bots would be used in video gaming to help the user aim, in internet auctions to submit a bit at the last possible instant, or to enter in online contests. More recently however, bots have been used maliciously in botnets (a collection of infected computers controlled by an outside party) to DDoS sites, or to send spam. While a botnet in and of itself won’t harm your computer, it can be used with a botnet to harm other computers or websites.

Dropper

It is best to think of a dropper as the payload of another type of malware. A dropper is a small program whose purpose is simply to aid in the distribution of other malware. A dropper will reside on a users’ computer undetected, and once it receives instructions from its creator, it will open up channels to allow for more malware to be installed on the machine. The creator of the dropper will be paid by the people that created these other types of malware.

Rootkit

One of the most powerful forms of malware is known as a rootkit. A rootkit is a type of malware that is designed to remotely access and control a computer without being detected. It allows outside parties to remotely execute programs, access and steal the users information, modify the configuration and settings of the computer, change software (such as preventing antivirus software from discovering it), or install other malware.

Rootkits are very difficult to remove because of the level of power and control they grant their creators. It is quite easy for them to cover their tracks and avoid detection. It is not impossible however, and you can read my how to remove malware article to see how.

Scareware

Exactly what it sounds like, scareware is a type of malware that is designed to scare users into thinking that there is a terrible problem that they can only solve by using the scareware program. This is most common with fake antivirus programs that pop up alerts saying that the computer is infected and they need to clean it immediately. Many of these programs have been intentionally designed to look like the most common antivirus programs so that it tricks the user into thinking they are legitimate. Once the user completes the process however, they have just handed their credit card over to the bad guys and will often find themselves charged much more than they thought.

Ransomware

You need to familiarize yourself with ransomware as it is a rapidly growing threat and can have severe impact on you and your life. Ransomware is a type of malware that will hold a computer system and its files captive while demanding a ransom for their “safe return”. The malware will restrict the user’s access to the computer by either encrypting the files on the hard drive or by locking down the system and forcing the user to pay in order to remove these restrictions or decrypt their data.

Ransomware has become incredibly sophisticated and in many cases an infected machine cannot be recovered unless the ransom is actually paid! You can imagine how well this works however, since there is very little to stop them from doing this again a week later once you have paid the ransom.

This is why it is so important to have a backup!

Ransomware can spread like a computer worm (which is beneficial to the authors since the more computers that are infected, the more money they can extract through ransoms), or through infected files, etc. This is a highly lucrative sector and the authors have utilized all methods at their disposal to infect a computer.

Think You Might Have Malware?

There are many different kinds of malware, but all exhibit similar traits that allow us to spot problems. A computer that has been infected with malware will typically exhibit one or more of the following symptoms:Computer viruses crawling on credit cards

  • Freezing or crashing computer
  • Appearance of strange programs, desktop shortcuts, or files
  • Slower computer
  • Slower web browsing
  • Increased CPU usage (listen for a louder than normal fan)
  • Emails sent without your knowledge
  • Problems connecting or maintaining a connection to your network
  • Other weird computer behavior

What to do? If you think that you have malware on your computer, please go to my article how to remove malware to learn what steps to take to clean up your computer. Once that is done, I would recommend reading my article on how to prevent malware so that you don’t become a victim again.

Many of these forms of malware depend on the behavior of the user to spread and it is important that you learn to develop secure computing habits. My article outlines what you should do and what you should be wary of while browsing the internet.

Conclusion

Malware is growing rapidly and its economic impact is enormous. You must be cognizant of the impact malware can have on your personal life as well however. Bad actors can use these different types of malware to log into your social media accounts ruin your reputation online (or worse), steal your bank account information and empty your accounts, or prevent you from ever accessing your computer or any of your data again.

For these reasons, it is important to understand the different types of malware, how they spread, and what they can do. Train yourself to recognize the warning signs of an infected machine and be vigilant. Be careful opening attachments, stay away from suspicious websites, keep your computer updated, and regularly updated and scan your computer with an antivirus program. Also, do yourself a favor and learn some secure browsing habits to protect yourself as you browse the web.

References:

InfoSec Institute – 2013 The Impact of Cybercrime: http://resources.infosecinstitute.com/2013-impact-cybercrime/
AV-Test.Org – Malware Statistics: http://www.av-test.org/en/statistics/malware/

About jvaudio

I have masters degrees in information systems management, project management, and computer science. I have bachelors degrees in technical management and finance.

I love to learn. I love to write. I love technology. I love math.

Visit My Website
View All Posts