This primer is meant to serve as a reference guide to malware so that our clients can better understand the issues going on around them and in the news. A certain level of technical acumen is typically expected by reporters and news outlets, and this article contains more than enough information to satisfy those expectations. If you are experiencing problems related to malware or viruses, call us at (719) 345-2345 for a free consultation and quote.
MALWARE | Malware is a general term used to describe any program or software that causes an unwanted modification to your computer, operating system or browser. Malware can be defined to include viruses, but typically describes less severe programs, addons and extensions like spyware, adware, and unwanted programs. When you hear 'malware' in the news, it could refer to almost anything in this blog post.
SPYWARE | Spyware is a subset of malware designed to secretly collect personal data from its victims. It is often disguised as a beneficial program or bundled with free software without the users knowledge. Data collected by spyware ranges from advertising information like browsing history and demographic information to usernames, passwords and full files, including personal files.
ADWARE | Adware, like spyware, is a subset of malware. While it can similarly be disguised as or bundled with free software, it is also commonly found as browser toolbars and extensions. Regardless of its form, adware exists to bombard you with relentless popups, pop-unders and banner ads, slowing down your computer and Internet. It can usually be uninstalled easily but often finds its way back onto target computers, eventually.
RANSOMWARE | The most severe form of malware currently being distributed. Ransomware encrypts all or a portion of your hard drive and holds your personal files hostage. You can read our full blog post about ransomware and it's many variations here. Typically, the ransom is 1 'Bitcoin', a digital currency worth around $500. Paying the fine rewards you with a decryption key for your data, while failure to pay the ransom results in permanent, unbreakable, encryption of your files. Most recently, a ransomware program named 'WannaCry' crippled the UK and European health care systems before being broken by security expert Marcus Hutchins.
POTENTIALLY UNWANTED PROGRAM (PUP) | A PUP, while not typically malware, is a program that is usually bundled with other programs or distributed in less-than-honest ways. Due to these poor distribution methods, these programs are often downloaded by accident, even if the programs serve a useful purpose, causing them to be viewed as a nuisance. Most antivirus programs allow you to decide if these programs are wanted or not, rather than automatically quarantining or removing them.
VIRUS | We are all familiar with viruses. Technically, they are computer programs or scripts designed to perform a malicious function after being triggered by the victim. This means they do not actively seek out new victims and are always the result of an action taken by a user -- think clicking a malicious link in an e-mail or downloading an infected file. Viruses serve many purposes such as sniffing, keylogging or simply causing damage to a target system.
WORM | A worm is simply a virus that can copy itself and propagate over a network without human intervention. Worms seek out new targets and mindlessly infect target systems until there are no more left. Worms are good for creating botnets or infecting offline systems, like factory and industrial controls; for example, Stuxnet was a worm designed by the US and Israeli military to target nuclear equipment in Iran and is commonly known as the first digital weapon.
TROJAN | A trojan, like the Trojan Horse, is a virus or piece of malware in disguise, either bundled with or masquerading as legitimate software. Trojans convince victims to download an inactive virus that only activates after certain events; for instance, a trojan may activate at a certain date and time, when you visit a certain website, or only if you have an outdated version of Windows. It is also possible to be infected with a trojan that never activates.
ROOTKIT | Rootkits are the worst of the worst viruses. They install themselves so deep in your operating system, or even beyond it, that they go undetected by antivirus scans. In order to accomplish such a task, they exploit very serious vulnerabilities and therefore prey mostly on old or unpatched computers. Since such powerful viruses are necessarily rare, they can also be used as weapons by hackers and governments.
WHAT MALWARE CAN DO
KEYLOGGER | Keyloggers are malicious programs that record every key you press on your keyboard. This data is sent over the Internet to a hacker who can then reconstruct your activities to determine your usernames, passwords, financial information and more. Keyloggers can be installed by or be part of viruses, worms, trojans, rootkits, or other malware. Keyloggers can also be easily built from basic electronics and physically plugged into a target system.
SNIFFER | A sniffer is similar to a keylogger, only it records all of the information passing over your network. This means that it can't record your keystrokes, but it can see the sites you've visited, the e-mails you've sent and, to an extent, collect enough data about you that a hacker can steal your digital identity in certain situations, such as during a bank transaction.
BACKDOOR | Backdoors are a metaphor for their real-life counterparts. Many viruses, worms and other malware 'leave the back door open' when they are done with their task, giving future malware a way back in should the need arise. Backdoors are sometimes installed on purpose by software developers who need a convenient way to configure or test software, often from a remote location. This is widely considered to be a poor security practice.
BOTNET | When a computer is infected by a virus or other malware, it can sometimes be put to work for the hacker who planted it there. In Denial of Service (DoS) attacks, a botnet, or 'network of bots' made up of thousands or millions of infected computers is instructed to send data traffic to a target over the Internet. The combined power of all these 'bots' sending small amounts of data can be enough to overwhelm a target, forcing it to shut down for the duration of the attack. Many botnet victims remain unaware that their computer is infected -- the sheer number of infected systems in a botnet can be large enough that only a very small contribution, likely to go unnoticed by the average computer user, is needed from each system.