Different types of malware exist today and it is likely you have heard about some of them. However, do you know exactly whey they are and what they do? More importantly, do you know how to deal with them if they cross your path?
Each type behave in specific ways and have a different malicious intent. It is important you understand this to keep yourself safe whilst going about your everyday online life. A definition of malware can be given as:-
The aim of this section is to provide you with a basic understanding of all types of malware, so you do not underestimate its impact if you are affected or targeted.
We are all online and connected 24/7 these days. The proliferation of mobile devices (Opens New Window), social media, and technologies such as artificial intelligence, presents too many opportunities for cyber criminals to easily exploit and take advantage of people in our connected world. This must change.
The second aim of this section is to arm you with the knowledge, tools and techniques to protect yourself and your devices properly, just like a professional does.
Ransomware has grown to be one of the most popular types of malware in existence. It is a criminal industry worth billions of pounds or dollars, and has affected individuals, health services, and businesses across the world.
In its simplest form, ransomware is a software program that infiltrates your device, and blocks or encrypts valuable data files so you cannot access them. The criminals then extort money from you before unlocking, or decrypting, your files, so you can access them again.
The RobbinHood ransomware attack in 2019 cost the city of Baltimore, USA, more than $18 million. The Wannacry (Opens New Window) attack of 2017 cost the NHS in the UK untold millions of pounds.
Ransomware infiltrates through social engineering e.g. realistic phishing e-mails that look legitimate, but contain masked links that trigger the installation of the malicious software in to your device, without you knowing about it.
Once installed the ransomware program enables the cyber criminals to profile your activity then target your key files that are most valuable to you for encryption. From here the criminals employ several physiological techniques to extort money from you, including the threat of deleting your valuable files at an increasing rate, the longer you wait to pay their ransom.
Make sure you have at least two good offline backups of all your important files. Regularly check the backups can be restored.
The sophistication of ransomware will continue to evolve. Fileless ransomware is emerging where a software program does not necessarily need to be installed on your device. This type of attack infiltrates your computers memory by exploiting flaws in legitimate applications or operating systems, and is much more difficult to prevent.
Spyware, and forms of Keylogging and Adware, are software programs covertly installed on your machine that can capture your keystrokes as you use your device, and bombard you with various adverts based on your tracked online activity.
Spyware is an invasion of privacy. You are not aware of what the software is doing silently on your machine, and it is very likely you would object if you were given the choice to have the software installed or not.
Criminals can use this software to record your online banking details and other login details, for example. Adware can profile your online activity sufficiently over time to enable criminals to sell information about you to advertisers without your knowledge. Other forms of fraud and blackmail should not be ruled out either.
However, often Spyware is used to check the online activities by family members or loved ones. For example to collect evidence against a cheating spouse, or to ensure their children's internet safety.
Spyware has been around since the mid 1990s. Suppliers such as McAfee (Opens New Window) are very aware of these programs, and their Anti-Malware applications are excellent in identifying and removing such programs quickly and easily to minimise any damage.
However, this does not mean your device is safe. The fact Spyware could be installed on to your machine in the first place is a reg flag and a cause for concern. This is because the mechanisms or vulnerabilities exploited to access your machine in the first place are also used by much more sophisticated and damaging Malware.
If you have been subjected to Spyware I would recommend you perform a full security review of your device, and take a good look at your web surfing habits. For example:-
A modern form of security assurance that can protect your identity whilst online is to purchase a VPN, or Virtual Private Network, solution (Opens New Window).
Trojan's are malicious software programs that are very well disguised as legitimate software applications.
They are an incredibly popular form of malware and are very easy to create. In fact, millions of different Trojans are released every month. This is why they are so difficult to defend against.
Some of the most deadly Trojan's in history include Emotet, a sophisticated banking Trojan that cost the industry millions of dollars to resolve, and Zeus, another Trojan that targeted banks and multinational corporations. Both were written to steal sensitive data including usernames and passwords.
Legitimate looking e-mails and attachments are just one of many ways Trojan's and infect your machine. Another example is legitimate looking anti-virus programs.
Trojan's do not usually have the capability to replicate themselves on to other devices, on a network, like other types of malware can. However, they only need to get on to one networked device to start stealing sensitive information.
To protect yourself you need a good quality anti-malware solution that is frequently updated with the latest information about new Trojan horses.
In the event you accidentally open that attachment, or runs that legitimate looking installation file, you want to be confident that your device security has your back.
Worms are quite nasty. They are often initiated by dodgy e-mail attachments, similar to Trojan's. However, once they are on your machine or network, they can self replicate and infiltrate all other machines and services that are accessible.
Worms have been around for years, just like Spyware. They were the scourge of companies and IT support teams in the late `1990s are early 2000s, when e-mail was exploding in popularity.
All it takes is one person to open and click that dodgy link, or open that suspect attachment, and the entire organization would be affected. This often looks like slower network performance, lost files, and full e-mail servers.
One of the most notorious worms this century is known as the ILOVEYOU worm.
The ILOVEYOU worm originated in the Philippines and on the 5th May 2000, attacking millions of PC's worldwide. Once the attachment was opened, the script would overwrite random files, damaging our image files, music files and operating system.
The worm would then replicate by sending itself to all of your contacts in your address book.
Today sophisticated antivirus software and business systems such as cloud connected e-mail filtering systems, offer a level of protection against malicious worms.
However, it is very important we remain vigilant of e-mail attachments, even from those who we know and trust. How do you know if they have been affected or not?
One of our guest writers produced an excellent article that is worth a read, on how to remain safe from computer threats (Opens New Window).
A computer virus is what most people refer to when their machine is infected with a form of malware. The term is synonymous with most types of malware.
Computer viruses are small programs that get in to your system and attach themselves in secret to your computers operating system, applications or data files. This is much the same way as a virus infects a human and multiplies.
Virus writers target vulnerabilities, for example, in an application's programme code, to enable their virus to do the damage they intend.
When you open your application or load your file, the virus is also loaded, and that triggers the damage.
The damage depends on the virus writer. Some cause little disruption such as an unwelcome message on your screen Other cause significant damage such as deleting or amending key system files.
Traditional viruses that are written to cause damage are thankfully in the minority of malware floating around the Internet today. This is because there is no money to be made out of it. They are also difficult to clean. Most anti-virus programs simply quarantine the infected file and it is up to you to replace it, or remove and re-install the affected software.
However, some modern forms of malware can be comprised of different malware types. For example, Stuxnet is a worm, a rootkit, and a virus.
Viruses spread like other forms of malware such as rogue e-mails, dodgy websites or illegal software.
The symptoms of a virus may vary, including:-
It should go without saying by not that all your devices should have a good quality anti-virus package installed from a reputable provider.
Anti-virus packages scan computer files on request and in the background. Part of their analysis checks for any changes file size and composition.
If the changes match the pattern of a known virus in the application's database, you are alerted.
The key to dealing with malicious programs is to prevent them from entering your computer in the first place. Smart internet surfing habits and a good anti virus package are your starting points.
If your machine gets infected, the next best thing is to remove the offending virus quickly, if that is at all possible. At the least deal with the issue as efficiently as you can.
Another of our guest writers produced an excellent computer protection article (Opens New Window) about how to protect yourself and your devices whist online.
Rootkits have been around for years as a means of launching cyberattacks. There is thriving black market on the dark web for sophisticated and almost undetectable rootkits that can protect other forms of Malware from detection.
Rootkits are intuitive so almost anyone could launch their own malware attack if they so desired. This is how the cyber criminals make their money in the multi-billion dollar malware industry, and a reason why there is so much malware online today.
Their main use is to enable remote control access to your devices with full administrative rights. They inject themselves into the code of legitimate software of varying types including applications, operating systems and even firmware.
This is what makes a lot of rootkits almost impossible to detect and therefore, remove successfully.
As with other forms of malware, rootkits infect your machine through phishing e-mails scams, nefarious websites and illegal software downloads. Fraudulent software masquerading as legitimate software are also a route on to your devices if you are not careful.
Some site visitors recommend Comodo Cleaning Essentials (Opens New Window) as an anti-virus solution. However, my suggestion for using a more established anti-malware solution as a compliment to Comodo, which is excellent at identifying and removing rootkits, still stands.
Bots are a type of software program that automates specific tasks on command. A botnet is simply a series of connected computers that are coordinated by the bot programme to perform instructed tasks.
Some botnets are designed for legitimate reasons. They can maintain large websites and manage large chat rooms, for example. However, they can be equally destructive when used for malicious reasons.
Once the bot is on your device, they usually communicate with a source or master server, then execute the plan alongside all the other devices that have been compromised.
A common task executed by Botnets are Distributed Denial of Service attacks (DDoS). This is where the legion of botnet controlled devices send huge amounts of spurious data to a target such as a website or organizations IT systems.
The volume of data botnets can send, overwhelms the system or website, and make it crash and unusable. This can result in a loss of business and revenue. It also presents an opportunity for the cyber criminals to hold the targets to ransom.
Botnets can also do things like generate fake internet traffic, inflate income for website owners, issue spam e-mail, and hold owner of botnet infected devices to ransom for the removal of the botnet software.
Logic Bombs are malicious programs that are dormant once installed on a device, until the trigger event takes place. Just like its virus counterpart, the aims of logic bombs are to cause maximum damage.
As you can see in the image above, logic bombs can be setup to be dormant for months or even years, and then 'explode' as an unexpected event. This is one of the reasons why we need to be especially vigilant during holiday periods and other notable dates.
These events could include deleting an important file, or even destroying hard disks and other computer hardware components (Opens New Window).
Logic bombs can also be written in the other forms of malware such as viruses, worms and Trojan horses.
As with all forms of Malware it is beneficial to get in to the habit of good internet behaviour, and avoiding bad practices (Opens New Window).
There are several types of malware that are written to undertake specific tasks, ranging from Spyware to Trojan Horses. Regardless of the types of malware that exist today, and in the future, you have a duty to yourself and your family to do all your call to protect yourself.
Also don't forget to protect your mobile devices too. Apple devices and especially Android devices are also susceptible to malware. You just need to be careful when selecting the type of anti-malware package so your mobile device does not slow down too much.
ESET Mobile Security and Antivirus (Opens New Window) is a free solution that has excellent reviews.
This CSO article (Opens New Window) also describes different types of malware and how to recognise them. Excellent read.
Finally, I would suggest you take a look at some malware articles in the site archive (Opens New Window). Although the articles are not maintained, they are focused on the setup and configuration of some top antivirus provider products. I find that although products evolve and improve, the fundamentals of how they should be setup and used do not change all that significantly.