Common Types of Malware

Malware is the collective word used to describe all types of Internet threats. These threats include, but are not restricted to, the following (click to find out more):

Computer Viruses

Up until just a few years ago, viruses were the main type of malware threatening computer systems. Even now, the majority of people tend to refer to malware as “viruses”, and any Internet security software as “antivirus”.

A virus is a type of software that has the ability to copy itself and infect a computer system without the user’s knowledge or permission. It got its name based on its similarities with biological viruses. Just like biological viruses get into the body and infect cells, computer viruses enter computers and infect files. Both types of viruses also reproduce themselves and spread by passing the infection from one system to another.

Viruses can enter a computer in many different ways, for example through email, downloading files, through different types of disks, or by simply surfing the Internet. Its effects can range from annoying to highly destructive.

Back to Top

Worms

Viruses are sometimes confused with computer worms and Trojan horses. To start with worms, this is a self-replicating computer program, which spreads by exploiting vulnerabilities in a computer’s operating system. The main difference between a virus and a worm is that a virus needs user intervention (e.g. starting a software program, or sending an email) to spread, while worms spread automatically by self-replication. In many cases, worm infections happen through email messages, making them easy to confuse with viruses.

Unlike a virus, a worm does not need to attach itself to an existing program, but can spread on its own, using a network to send copies of itself to other computer terminals on the network. It does not require any user intervention. While viruses almost always ruin or modify files on a targeted computer, worms generally cause harm to the entire network. The level of harm can range from only consuming bandwidth to something substantially more serious. Worm infections are always common but tend to increase significantly around special events and holidays such as Valentine’s Day, Christmas and Halloween.

Older worms were mainly written for Unix; however, the majority of today’s worms are written for Windows. Apart from that, worms tend to work in the same basic way today as they did in its earlier years. They scan a network for vulnerabilities, break into computers where they find this, and start self-replicating.

Back to Top

Spyware

Spyware is a type of malware that is designed to monitor a user’s interaction with the computer. However, despite its name, spyware does not stop there, but may in some cases take control over your computer in a similar manner as a Trojan horse can do. Spyware does not spread like viruses, but are generally installed by exploiting security holes or come packaged with user-installed software, for example peer-to-peer applications. Even though it defeats the purpose of the attack, spyware often tend to install so many processes that the infected computer becomes completely unusable.

Back to Top

Trojan Horses

When it comes to malware (rather than old stories), a Trojan horse, just like its mythological predecessor, is an item that appears completely harmless at a first glance. Often Trojan horses come in the shape of an interesting tool, game or other type of software. It is not until executed that Trojans (just like a worm) cause harm to your computer data, the computer system’s functional performance, or its networking throughput. In theory, a Trojan may be capable of almost any type or level of harm.

A Trojan may not always activate its effects at first, but can be set to activate after a certain number of uses. When they do activate, they can wreak havoc on your system by deleting files, destroying information on your hard drive and opening up a backdoor to your security system. This way, Trojans can get complete access to your system, making it possible for an outside user to remote control your computer, for example to copy and resend your confidential information.

Back to Top

Crimeware

Crimeware stands for all types of malware created to obtain money or confidential information. This includes hackers, Trojans, Phishing, and Spyware, to name a few.

These days, malware writers are no longer looking to experiment or to get “famous”, but have realized the possibilities when it comes to getting financial returns from their efforts. This means, you can no longer simply worry about your computer crashing, but your money and confidential information, or your entire identity, is at serious risk. Any person or company with access to the Internet could be attacked by crimeware at any time.

Crimeware programs are created in order to gather confidential information, such as your credit card numbers, passwords and more. They can also perform keylogging, i.e. register the keystrokes made on a computer, or take control of a computer and manage it remotely.

A few serious effects of crimeware are the following:

  • Private data theft.
  • Identity theft.
  • Financial loss through theft of passwords for online services, e.g. your bank accounts.
  • Privacy intrusion.

In order to protect yourself from crimeware, you need to make sure you are using a complete Internet security solution, such as Kaspersky Internet Security. Antivirus only is not enough, but you also need antispyware, and a firewall, as well as proactive technologies to detect unknown malware.

Back to Top

Rootkits

Rootkits is a type malware that is extremely hard to detect. It hides deep inside your operating system to avoid detection, making it almost invisible. Rootkits have become very common – as well as very dangerous – in the past couple of years.

What makes rootkits so dangerous is that they can be used as a way to get continuous access to a remote computer. This way, your computer can be accessed and controlled remotely. Rootkits can also hide the existence of other elements, e.g. computer viruses, from the user and in some cases even by the security software itself.

Internet Security products may work in a number of different ways to detect rootkits. This includes signature-based detection (the traditional method of detection used by antivirus companies) and heuristic detection (behavior-based detection, which finds rootkits by noticing a change in the computer’s normal activity). Because of the almost invisible nature of rootkits, several methods need to be combined.

Back to Top

Adware

Adware is software with an advertising purpose. It can use several different methods for displaying ads, for example pop-ups, banners, changes to the browser home page or search page, etc. It is important to note that even though Adware may be annoying, it is often not dangerous. In fact, adware often comes bundled with free software, as a way for the software developer to be able to provide their software for free. In cases like these, adware will be installed with the user’s consent and knowledge.

Back to Top

Phishing

In later days, “phishing” and “phishing attempts” have become words you hear a lot. In short, phishing means personal data theft, which is something that is only getting more and more common. Phishing attempts generally happen via email, looking like they were sent from trustworthy sources such as your bank. This way, phishers try to get you to give out personal, confidential information. Usually, phishing emails include links to fake, copycat websites, replicating the trustworthy website you were expecting to see. In order to look real, the included links appear to go to the same trustworthy site.

The main damage caused by phishing is identity theft and confidential data theft, but other serious issues can include loss of productivity or use of corporate network resources (bandwidth, mail flooding, etc.).

Back to Top

Spam

Spam is unwanted email sent out as a mass mailing, normally with an advertising content of some sort. Some of the most common characteristics of spam email messages are:

  • The sender email address is often unknown to the user and is quite often non-existent. In some cases, the sender address may show as your own.
  • In most cases, the email does not have a Reply address.
  • In many cases, spam messages include an eye-catching subject.
  • Spam has some kind of advertising content/purpose: miracle products, special offers, easy ways to make money, etc.
  • Most spam comes from the United States or Asia and is written in English. Spam in Spanish is getting more common.

Back to Top

Botnet

A Botnet is a number of computers, which, without their owners’ knowledge, have been taken over by cyber criminals, and set up to forward transmissions (including malware and spam) to other computers on the Internet. Another term to describe a botnet would be a “zombie army”. The zombie computer does whatever its new “master” wants it to do.

Reports from Kaspersky Lab and Symantec see botnets (not spam, viruses, worms or any other type of malware) as the current biggest threat on the Internet. Their spread can be likened to a pandemic. A few years ago, it was believed that up to 25% of all computers were already part of a botnet! Most computers that are part of a botnet are home-based.

A botnet “zombie” is often created by a small Trojan horse, which places a malicious application, a bot, on a user’s computer. The Trojan was let in through an open Internet port. At any time, the “master” – the botnet controller – can send a single command to unleash the effects of the army.

One common use of a botnet is to perform a “denial of service attack” against remote targets. Through the zombie army, huge volumes of traffics can be generated, resulting in e.g. a website getting shut down. Another common strategy is to have the army send out email spam. Instead of one sender sending out an enormous amount of email spam, messages sent can be spread out among a very large number computers, and avoid detection by anti-spam techniques. Other purposes include click fraud and the theft of application serial numbers, login IDs, and financial information such as credit card numbers.

Several botnets have been found and removed from the Internet; however, new ones keep showing up. In July 2010, the FBI arrested a young Slovenian, who is held responsible for malicious software turning an estimated 12 million computers into a botnet. Well-known botnets include Conficker, Zeus, BredoLab and Cutwail.

To protect your computer from being turned into a zombie, it is extremely important to have an effective firewall solution. This is something offered by products like Trend Micro Titanium Internet Security and Kaspersky Internet Security. To simply keep your computer protected from viruses is not enough; instead, look for an “all in one” type of solution.

Back to Top

Mobile Threats

These days, it is no longer enough to protect your computer against Internet threats, but your mobile phone is also at serious risk when it comes to getting infected. Together with a few other Internet security brands, Trend Micro has taken the lead develping mobile anti-virus and Internet security products against this new type of malware. This way, you can make sure you are not only protected from malware when on your computer, but also when using your mobile phone. Don’t wait finding out more about Mobile Malware and protecting your mobile today.

Back to Top