You’ve no doubt heard the term before, but do you know what it means?
Malware is short for malicious software and in its most general form can be considered computer code that was created with the explicit purpose to damage, disrupt, steal, or otherwise cause harm to a computer or network without the knowledge or consent of the owner.
The first examples of malware were created as pranks and experiments, but the malware industry has long since expanded and is now almost exclusively the domain of bad actors and nation-states. Malware poses a great risk to computer users as the different forms of malware can be used to harvest your personal information such as your bank passwords and login information and your social media account login credentials. Malware is often used to spy on your behavior and activities online, and it is not uncommon for a third party to be following you around the internet and seeing what you are doing and whom you are talking to. A popular form of malware will interject advertising on your computer and the websites you visit, and this form off attack has drifted away from the incessant pop-ups of old to being indistinguishable from the ads that you typically see everywhere else on the internet. Some forms of malware can infect your computer and use it to send spam email without your knowledge. The newest form of malware is the most insidious and poses the greatest threat to end users – it infects your computer and encrypts all of your data and holds it for ransom until you pay a few hundred dollars.
Growth and Impact
These behaviors have tremendous economic and intelligence incentives and as such, we have seen the growth of malware explode recently.
Within the last ten years, the growth of total malware has exploded. AV-Test, an independent IT-security institute registers over 390,000 new malicious programs every day! All of these new forms of malware have a tremendous economic impact as businesses must invest to harden their security measures and users must be educated in secure computing practices, not to mention the costs and productivity losses should someone become infected. Let’s put the economic impact of malware into context:
Economic Impact of Malware
|Criminal Action||Estimated Cost||Percent of GDP||Source|
|Piracy||$1 billioin to $16 billion||0.008% to 0.2%||IMB|
|Drug Trafficking||$600 billion||0.05||UNODC|
|Global Malware Activity||$300 billion to $1 trillion||0.4% to 1.4%||VARIOUS|
|Car Crashes||$99 billion to $168 billion||0.7% to 1.2%||CDC, AAA|
|Pilferage||$70 billion to $280 billion||0.5% to 2.0%||NRF|
|US Malware Activity||$24 billion to $120 billion||0.2% to 0.8%||VARIOUS|
According to a study done by the InfoSec Institute for 2013, businesses experienced an average of 122 successful attacks per week and it took businesses an average of 32 days to resolve the issue. The average cost for these attacks was $32,469 per day! These costs get passed on to you, the consumer at the end of the day.
While these statistics are indeed alarming, they do nothing to measure the impact of lost family photos, a hijacked Facebook account, or a stolen bank account to your life. These events would have a profound impact on your life and that is why understanding, preventing, and knowing how to remove malware is so important.
After you finish reading this article and understand malware in its different forms, please visit my pages containing information on secure computing habits, how to prevent malware, and how to remove malware should you become infected:
- Secure Computing Habits
- How to Prevent Malware
- How to Remove Malware
Types of Malware
There are many different forms of malware and it is important that you understand what each of them are and what they are capable of. You will notice that many of these types of malware are named after something in the real-world that describes their behavior. Let’s begin by taking a look at the types of malware that you are probably most familiar with: the self-replicating kind.
Similar to its biological counterpart, a computer virus is a type of malware that propagates by inserting a copy of itself into, and thus becoming, part of another computer program. The virus then spreads from one computer to another, leaving a trail of infected computers in its wake. Almost all viruses attach themselves to some type of executable file, which means that it is possible for the virus to exist on your machine in a dormant state until the infected file is opened. Once the host code is ran, the virus code is ran as well and the machine becomes infected. Most computer viruses also work much like their biological counterparts in that they don’t usually want to destroy the host, but they want to keep it working so that it can continue to spread. Computer viruses spread when the infected software or document that they are attached to is shared with another computer.
While early viruses were oftentimes destructive and earned them the widespread recognition and nefarious reputation they now enjoy, most viruses nowadays are more likely to steal your personal information or be used in a Distributed Denial of Service (DDoS) attack against a website. Be aware however that a computer virus can deliver almost any kind of payload, and is often used as a way to inject other forms of malware onto a computer.
Types of Viruses
Named after the famed wooden horse that the Greeks used to infiltrate Troy, a Trojan is a harmful piece of software that appears to be a legitimate application. Users are usually tricked into loading Trojans onto their computer. Unlike viruses, Trojans do not replicate themselves but instead must spread through some form of user interaction such as the opening of an email attachment or downloading a file from the internet.
Trojans typically open up a backdoor on your computer to give the attacker access to the machine. The attacker will then either load additional malware so that they can steal your data (such as your social media login information or your bank account information) or instruct the machine to become part of the attacker’s botnet.
Types of Trojans
Similar to computer viruses, worms don’t require the user to open an infected file or program to infect a computer. Worms are standalone software that simply replicate functional copies of themselves. In order for a worm to spread, they must either exploit a vulnerability on the users’ computer or use some form of social engineering trick to get users to open them. Worms spread on their own by taking advantage of file-transport or information-transport features on the infected computer. The only purpose of a worm is to reproduce itself again and again.
It is important to remember that worms can spread on their own whereas viruses need interaction on the part of the user to infect the machine. Worms will oftentimes spread by going through an infected machines contact list and sending mass emails with infected attachments. While not as common as they once were, worms are incredibly difficult to remove from a network, but they are relatively easy to remove from an infected computer.
As its name implies, spyware is a form of malware that spy’s on a users’ activity without their knowledge. Spyware can not only monitor the activities of the user, but can also collect and log their keystrokes, and can harvest the users’ data (social media account login information, bank account information, etc.). Many newer forms of spyware can also modify the settings and configuration of security software or browsers to protect themselves from discovery and deletion.
Spyware can infect a computer by exploiting a vulnerability in a program on the user’s computer, or by bundling themselves with the installers of legitimate programs (don’t ever download anything from Download.com!!!), or in Trojans. Spyware is often the payload of one of the other infecting agents (virus, Trojan, etc.).
Adware, or advertising supported software, was not always a bad thing. In the early days, it simply meant that software was either free or discounted in exchange for showing the user advertisements. It didn’t take long however for this to become a problem. Adware has since transitioned into displaying pop-up ads on websites or within software itself. It is quite common to find adware in the free versions of products that have a paid version as well. Software makers and nefarious actors use this as a revenue generating tool.
While generating ads might seem harmless to some, it is not uncommon for adware to also bundle spyware with it. Oftentimes, adware will base the ads it displays to users based upon the information gleamed from spyware!
You have likely heard the term “bot” before, and your understanding might not be accurate. Initially, bots weren’t harmful per se, but were programs designed to automatically perform specific operations. Some of these bots would be used in video gaming to help the user aim, in internet auctions to submit a bit at the last possible instant, or to enter in online contests. More recently however, bots have been used maliciously in botnets (a collection of infected computers controlled by an outside party) to DDoS sites, or to send spam. While a botnet in and of itself won’t harm your computer, it can be used with a botnet to harm other computers or websites.
It is best to think of a dropper as the payload of another type of malware. A dropper is a small program whose purpose is simply to aid in the distribution of other malware. A dropper will reside on a users’ computer undetected, and once it receives instructions from its creator, it will open up channels to allow for more malware to be installed on the machine. The creator of the dropper will be paid by the people that created these other types of malware.
One of the most powerful forms of malware is known as a rootkit. A rootkit is a type of malware that is designed to remotely access and control a computer without being detected. It allows outside parties to remotely execute programs, access and steal the users information, modify the configuration and settings of the computer, change software (such as preventing antivirus software from discovering it), or install other malware.
Rootkits are very difficult to remove because of the level of power and control they grant their creators. It is quite easy for them to cover their tracks and avoid detection. It is not impossible however, and you can read my how to remove malware article to see how.
Exactly what it sounds like, scareware is a type of malware that is designed to scare users into thinking that there is a terrible problem that they can only solve by using the scareware program. This is most common with fake antivirus programs that pop up alerts saying that the computer is infected and they need to clean it immediately. Many of these programs have been intentionally designed to look like the most common antivirus programs so that it tricks the user into thinking they are legitimate. Once the user completes the process however, they have just handed their credit card over to the bad guys and will often find themselves charged much more than they thought.
You need to familiarize yourself with ransomware as it is a rapidly growing threat and can have severe impact on you and your life. Ransomware is a type of malware that will hold a computer system and its files captive while demanding a ransom for their “safe return”. The malware will restrict the user’s access to the computer by either encrypting the files on the hard drive or by locking down the system and forcing the user to pay in order to remove these restrictions or decrypt their data.
Ransomware has become incredibly sophisticated and in many cases an infected machine cannot be recovered unless the ransom is actually paid! You can imagine how well this works however, since there is very little to stop them from doing this again a week later once you have paid the ransom.
This is why it is so important to have a backup!
Ransomware can spread like a computer worm (which is beneficial to the authors since the more computers that are infected, the more money they can extract through ransoms), or through infected files, etc. This is a highly lucrative sector and the authors have utilized all methods at their disposal to infect a computer.
Think You Might Have Malware?
There are many different kinds of malware, but all exhibit similar traits that allow us to spot problems. A computer that has been infected with malware will typically exhibit one or more of the following symptoms:
- Freezing or crashing computer
- Appearance of strange programs, desktop shortcuts, or files
- Slower computer
- Slower web browsing
- Increased CPU usage (listen for a louder than normal fan)
- Emails sent without your knowledge
- Problems connecting or maintaining a connection to your network
- Other weird computer behavior
What to do? If you think that you have malware on your computer, please go to my article how to remove malware to learn what steps to take to clean up your computer. Once that is done, I would recommend reading my article on how to prevent malware so that you don’t become a victim again.
Many of these forms of malware depend on the behavior of the user to spread and it is important that you learn to develop secure computing habits. My article outlines what you should do and what you should be wary of while browsing the internet.
Malware is growing rapidly and its economic impact is enormous. You must be cognizant of the impact malware can have on your personal life as well however. Bad actors can use these different types of malware to log into your social media accounts ruin your reputation online (or worse), steal your bank account information and empty your accounts, or prevent you from ever accessing your computer or any of your data again.
For these reasons, it is important to understand the different types of malware, how they spread, and what they can do. Train yourself to recognize the warning signs of an infected machine and be vigilant. Be careful opening attachments, stay away from suspicious websites, keep your computer updated, and regularly updated and scan your computer with an antivirus program. Also, do yourself a favor and learn some secure browsing habits to protect yourself as you browse the web.
InfoSec Institute – 2013 The Impact of Cybercrime: http://resources.infosecinstitute.com/2013-impact-cybercrime/
AV-Test.Org – Malware Statistics: http://www.av-test.org/en/statistics/malware/