Virus, Malware, Spyware, Trojan, Ransomware, Adware and Drive-by Download….
Your Anti-Virus program may alert you to their presence, but what exactly are they, and what are they doing to your computer? The term “Virus” used to be a generic word for “Something bad on your computer” until recent years. Now these names help IT security experts to categorize the threats and what they are doing to your Operating System. You may be surprised to learn that they are all different in that they infect your system in different ways and they all have different effects.
I obtained my degree in Advanced Information Technology Systems back in 2001, so you could say that I’m well educated and experienced when it comes to these topics. Nevertheless, I’ve accidentally fallen victim to the occasional Trojan before now. The truth is that it’s relatively easy to pick up a computer infection. The good news is, it’s usually relatively easy to remove them these days. Here are the threats to your computer and a description of each category:
While it is still a common word in the field of Information Technology, we rarely use the word “Virus” these days, since it’s too generic. Instead, we use the word “Malware” to describe a self-replicating program which attaches itself onto a Windows process. This Malware could be causing damage to your computer, or recruiting your computer to a private “Botnet” army. (More on that later)
A Trojan is named after the fabled “Trojan Horse” from Troy. As the story goes, the horse was presented as a “gift” but was later revealed to not be the gesture of goodwill that everyone assumed it was. A computer Trojan is malicious software disguised as something else – typically something that seems appealing to the user.
NB: I picked up a Trojan many years ago by searching for a modification for a PC game that I owned. The file looked genuine (Especially as it was over 100Mb in size) but after downloading it, I lost all the files on my desktop. Upon closer inspection, the Trojan was less than 1Mb in size, but the file size was increased by the Hacker inserting a lot of explicit pictures into the installer.
This is perhaps the fastest and easiest way to infect a computer. When a user visits a bad website (There are many of them out there), the website exploits a weakness in the user’s internet browser and inserts code into the back end. The back end of an app is the computer code which powers it all and makes it run – It’s invisible to the user. However, skilled programmers are sometimes able to find a hole to inject their own custom code to change the way the software works for their own benefit.
A Worm is similar to Malware, only it doesn’t attach itself onto a Windows process, it simply runs in the background of your system as its own, independent piece of software. What’s bad about a Worm is that it doesn’t limit itself to a local workstation – it actually spreads itself out across the network, infecting every computer or server it comes across. The effects of each Worm can vary, but rest assured they range from relatively benign all the way to causing shut down an entire network.
What do they do?
The above classification system usually defines how the Malware works and/or how it was delivered and how it infected your computer. However, the classification goes further than that when we examine the nature of the Malware and what it is actually doing behind the scenes:
As the name suggests, Spyware is literally spying on you and your computer. Some Spyware is relatively harmless and simply tracks your internet usage and history – such as which websites you’re visiting or what categories of website you tend to favor. However, other instances of Spyware are far more malicious and track user inputs – such as keyboard and mouse inputs. The most disturbing of which would allow someone to monitor which keys you are pressing when logging in to a website, email or bank account online.
Adware isn’t the most dangerous of Malware. It also generally doesn’t infect your system using one of the delivery methods mentioned above. Adware is usually some form of advertisement delivery system (Remember the classic pop-ups with ads on them? – That’s usually Adware). Adware isn’t installed on your system accidentally; it’s installed when the user installs another program which contains the Adware. A great example of this was the Internet Browser “Toolbars” that used to be popular some years ago. The installation program for the Toolbar would prompt the user to press the “Next” button so many times that the user would become bored of reading everything presented at each screen and keep clicking “Next” repeatedly – therefore unknowingly agreeing to the installation of the Adware.
NB: At the time of writing this article, a new type of Ransomware was discovered. It infects computers by way of hiding within Adware and the aforementioned toolbars. This is the worst type of Ransomware to date (Named “Jigsaw”).
Scareware has been around in one form or another for a few years now. It’s usually some form of advertisement or popup which tells you that your computer is infected or running slow and to “Click Here” to fix it. On mobile phones, the most popular tactic used is to scare the phone owners into believing that the phone battery is damaged but can be repaired by some form of software. Of course, if your battery is damaged or losing its charge, it requires replacement – not software. When a user becomes worried that this advertisement may be true, they click on the link and some form of Malware is installed.
We’ve covered Ransomware various times in recent months because it’s becoming more commonplace. In fact, the FBI has predicted that Ransomware will become a $1 Billion business in 2016. Put simply, once Ransomware has been installed on your computer, it puts encryption onto your documents, files or worse still – your company database, rendering all information inaccessible until a ransom is paid to the Hacker responsible. Ransomware infects your computer because the user installs a program which contains the malicious program.
What else can they do?
Sometimes, Malware doesn’t appear to do anything at all. In fact, sometimes there is absolutely no sign of infection and all systems continue to operate normally. So what are these programs doing?
In most cases, they lie dormant until their creator calls on them to do his or her dirty work for them. When a Hacker wants to attack a particular website or company network, they will need two important things: A way to cover their tracks in order to avoid being identified, and lots more computers.
To do this, the Hacker creates what is known as a “Botnet” – A large collection of computers spread across the globe which are not registered or traceable to the Hacker. By creating a Worm, the Hacker can infect hundreds, if not thousands of computers and recruit them into his or her Botnet army. Once the Hacker is satisfied that he or she has a large enough Botnet, they activate some form of brute force attack on their target, using the infected computers.
On older Windows operating systems, it was easy for someone with a trained eye to spot an infection without the need for a virus scan. On Windows XP, Vista and Windows 7, the Operating System employed many background tasks to carry out vital minute to minute operations. By disguising Malware as one of these processes, Hackers had found a way to disguise their work and hide from Anti-Virus programs.
One of these background processes was named “Svchost.exe”. This is a critical windows process which is used to manage other system services by calling on DLL files when they were needed. On older OS’s, it was common to see multiple instances of this program running, however when a computer starts running unusually slow and an instance of “Svchost.exe” is consuming a lot of resources, it was usually an indication of an infection. The below screenshot shows a great example of this, the “Svchost.exe” process using far more memory than other processes – which should not be the case. This is some form of Malware disguised as a Windows process.
Why do these threats exist?
I’ve been asked this question numerous times – “Why do people create Malware?” Usually when we talk about Malware creators, we tend to picture a young adolescent in their pajamas sitting in front of a multi-screen computer surrounded by junk food wrappers and empty soda bottles. In some of the examples above, it’s obvious what the purposes of the Malware are: Extortion and money. In other cases, the Hackers responsible simply want to be able to say “I did it – I created my own virus, got it to spread and used a Botnet to attack [Victim]!”. This is often why Government agencies networks are frequently attacked, so the Hacker can claim bragging rights if they manage to break in. It’s sometimes even a rite of passage for Hackers to join other Hacker groups.
In other cases, the victim might be a former employer that the Hacker is holding a grudge against, or a website which published something that the Hacker took issue with. In extreme cases, it’s for some sort of cause – As the group ‘Anonymous’ is known for.
How do I stay protected?
The best and simplest answer is – Use common sense.
It’s all too easy to become infected these days, particularly if you’re researching something online and being lead from one website to another. In the case of Scareware, simply don’t believe what these popups or advertisements are telling you in popups. If you have doubts about what they say, take your computer to a specialist.
Do not download and install programs which promise incredible feats – such as doing all your work for you. If you have any doubts, ask someone or perform a Google search for the software in question, there are many websites dedicated to educating people about bogus software.
Keep your system up to date! This is the most important and one of the easiest ways to keep your system safe online. Windows updates, Antivirus updates, browser updates, Java, Chrome, etc. must all be patched whenever a new patch is released. These patches and updates are released when a flaw or “back door” is discovered in the software, and by keeping all your software updated, you’re minimizing the risks of someone exploiting a weakness.
Remember that no amount of protection and keep a computer or network 100% safe. Even Government networks which are protected by millions of dollars’ worth of hardware have been hacked before now. IT security experts can minimize the chances of an attack or infection, but the weakest point of defense will always be the end user, sitting in front of a workstation.
Keeping yourself and other network users educated about the dangers of Malware and how they infect computers is the best form of defense. Don’t download or open files unless you are sure that they are safe. If in doubt, double check with someone. As the old saying goes – It’s better to be safe, than sorry!