Malware is the all-inclusive definition used to describe types of malicious software designed to impair or disrupt the operation of a computer, or damage, modify or destroy the data contained on or accessed by a computer. Malware is usually installed without the computer user’s knowledge or consent. Malware is sometimes called a computer virus, but technically computer viruses are only one form of malicious software.
Types of Malware
Computer viruses are one of the most common and widely understood types of malware. They generally “infect”, or attach themselves to, legitimate software programs and apps, for example, your operating system (Windows, OSX, Linux, etc), your email client, your word processor or just about any executable software installed on your computer.
When you use legitimate software that has been infected by a virus, you also trigger and run the virus computer code. This code will seek out other software and applications and attach itself to those. It is this behaviour, conceptually similar to a biological virus spreading among human beings, that coined the term computer virus.
For a computer virus to spread the computer user needs to open or run an infected program or file. These files are often delivered as email attachments or compromised applications that are downloaded from the Internet.
Most viruses are designed to perform a malicious action, such as deleting or corrupting data files, stealing confidential information and transmitting it to third parties, or hijacking the operation of the computer to perform further malicious tasks like sending junk email or infected files without the knowledge of the computer user.
Anti virus software is used to protect against infection and remove already infected applications or files. This is special software that scans each file on a computer looking for virus code, known as signatures, that are already known to antivirus vendors. Good anti virus software runs constantly and scans every file that is downloaded or opened before it can cause infection or damage. Complete scans of every file on a computer can also be run to detect threats that already exist. Anti virus software must be updated, usually daily, as more threats emerge and more virus signatures become known.
The greatest threat comes from new viruses that have not yet been seen by the antivirus vendors. However, some anti-virus software can deal with these unknown threats by examining how files and applications behave once they are run. If a file or app displays suspicious behaviour, such as trying to connect to the Internet when there is no good reason to do so, anti virus software can intervene and block potentially malicious operations. Even so, not all new viruses (often referred to as Day Zero threats) can be prevented in this manner. In such cases, some computers will be infected before the antivirus companies can analyse the new threat and update their software to counter it.
Therefore, it is important to understand that antivirus software does not protect you from all threats. Even with the best defences it is still essential to be vigilant and avoid opening suspicious attachments or downloading files from untrusted sources.
Worms are similar to computer viruses in that they replicate themselves to spread infection. However, they differ by being separate computer programs that do not attach themselves to other software. They have built-in code that allows them to spread across a computer file system and from computer to computer, often using the Internet or email systems. As such, they can replicate without user intervention and thus prevent a very significant threat. Worms can spread very quickly, sometimes infecting thousands or millions of computer systems before anti-virus vendors have time to react.
Good antivirus software will offer good, but not total, protection against worms. The same caveats apply as for virus protection. Known threats can be detected and disinfected or deactivated, but new and previously unseen threats can do much damage before protection becomes available.
Trojans or Trojan Horses
These are possibly the most dangerous type of malware as their effects can go well beyond your computer system and files. Trojans masquerade as benign software so it is easy to download them by mistake, another reason to ensure you only download software from the most trusted sources.
Trojans are named after the famous Greek story of the seemingly innocent wooden horse taken through the gates of Troy that, unknown to the defenders of the city, contained within invading soldiers. They are for many malicious purposes, such as stealing confidential information like credit card details or inline banking credentials, or taking control of a computer to perform malicious and criminal activity. Trojans are often the device used to hijack large numbers of computers systems that are then used to launch large scale cyber attacks on business, e.g. banks, Internet service providers and email services.
Adware is more of an irritation than a serious threat. It is designed to display unwanted advertising on your computer, usually in the form of pop-up adverts in your web browser, but it can affect other applications too. Sometimes the adverts displayed will be legitimate and refer to genuine offers from real companies. Other times the ads can lead to bogus web sites or downloads that contain more serious forms of malware.
Spyware is a more advanced form of adware that tracks your computer usage, perhaps monitoring the web sites you visit or the email you send. The aim is to build a profile of your interests so that more targeted advertising can be sent to you.
Rootkits operate in tandem with other forms of malware to conceal malicious activity or the presence of unwanted software. This means your computer can be infected by malware and even when you use tools to detect and remove infections nothing will be discovered. Rootkits usually achieve this by modifying the core operating system or other important programs and files on the computer. They can be extremely difficult to remove and often the only remedy is to wipe the computer’s disk drives and restore known clean and reliable files from backup.
Backdoors are hidden access methods that bypass computer security. For example, instead of logging into a system using a username and password, a backdoor can be used to bypass that process and grant access. Backdoors are often built into computer software by design so development and support teams can easily access a system for legitimate purposes. However, this leaves the system open to unauthorised third parties to gain unwanted access. Once an unauthorised party has access to the computer, other types of malware can easily be installed.
A keylogger is a program that runs constantly in the background and records every key press made by a computer user. These are then sent to a third party, usually without the knowledge of the user. Keyloggers are not always used for malicious purposes. Sometimes they are deliberately installed with parental control software to record how a child is using a computer and report this back to parents. Other times, employers may use keyloggers to ensure company resources are not being abused.
If a malicious party installs a keylogger it potentially opens a way to cause major damage. User names, passwords, credit card numbers and security codes can all be stolen as they are typed into the computer. This can lead to all manner of online theft and identity fraud.
This is one of the most serious and growing forms of malware. Ransomware does not initially destroy your data, instead it encrypts it, effectively locking it away until a special code is provided to unlock the data. Cyber criminals demand money in return for this code and will delete your data if you do not comply. It is very important to proceed in a specific manner if you fall victim to this type of malware. Please see our article on Ransomware for full details.
Browser Home Page Hijacks
This is a very common form of malware that changes the initial page you see when you run your Internet browser. The replacement page may look identical to a common home page, such as the Google search page, but it’s a malicious copy that may contain links to infected web sites or trigger further malware downloads. Often the home page is hijacked to display unwanted advertising or offensive material.
How Protect Against Malware
Avoiding infection by malware is a two step process.
First, get a good anti virus program and ensure you keep it updated on a regular basis. See our article on effective and trustworthy antivirus solutions.
The second tier of protection is you and your computer usage and browsing habits. If you only open email attachments or download software from sources you know you can trust, and if you only visit reputable web sites it can go a long way to ensuring protection.
Good habits in tandem with a good anti-virus (or anti-malware) package will keep you safe most of the time. But nothing is ever guaranteed, so you should also be regularly creating backups of, at least, your most important data. Should you ever need to wipe your disk drives following a serious malware infection, you will be able to restore a reliable copy of your data.
See our article on Malware Prevention for more details.