Malware continues to be an issue with today’s ever-evolving technology. The name comes from the words “malicious” and “software”. It plagues everyone, from new users to advanced users; everyone can be affected by it. While some systems are more resilient, all systems can be infected if not properly taken care of. So whether you use Linux, Mac OS, Windows or something else, learning about viruses is important to the safety of your system and the internet.
Each piece of malware is different too, although many people just say viruses, it actually refers to a specific piece of malware. Typical functions include stealing banking data, stealing social media passwords, making money via ads, making money from extorting your system, or to cripple the computer network. These are all to the benefit of the hacker and whatever their goal is.
Many different forms exist and target many different aspects of a system. While these are just a few kinds, many more exist. Some are alterations of existing types, and some are completely new. This article will cover the below list and more. Just know what is covered here is not an exhausted list. Such types include
Developers work hard at making sure their product is safe. However one of the best methods of protection against viruses is to learn about them, what they do, and what you can do to protect yourself from getting infected. With that being said, let’s dive in, find out about it all and what you can do to avoid infection.
Table of Contents
Kinds of Malware
These can be distinguished from trojans and worms by their dependency on another program to deliver their payload or code. Once started, they replicate themselves onto other programs and can perform many destructive functions. Kaspersky goes on to say,
“Viruses are often attached or concealed in shared or downloaded files, both executable files—a program that runs script—and non-executable files such as a Word document or an image file. When the host file is accepted or loaded by a target system, the virus remains dormant until the infected host file is activated. Only after the host file is activated, can the virus run, executing malicious code and replicating to infect other files on your system”
Unlike worms, they must be run to function. This typically means tricking the user into thinking that the program is legitimate, which are trojan horses, which will be discussed later in the article. The benefit to this is that simply having a vulnerability in your system or downloading a file is not enough to exploit it. This means that if a malicious file gets automatically downloaded, you mistakenly download the virus, or you realize after the file was downloaded (before execution) that it was malicious, you can simply can delete the file. If the file is deleted by the user or caught by anti-virus software, all is well.
The purpose of a virus is abstract as well, it can take the form of many things, all malicious and to the benefit of the hacker or person distributing the virus. The different kinds of malware and what they do will also be discussed later in the article.
A worm is a standalone piece of malware which replicates itself over the network that a computer is connected to. Once connected, it can do a lot of harm.
Compared to viruses, the file which they are spread through does not need run. If your system is vulnerable it could be infected by a hacker on the same network as you. Another way of infection could be through email attachments or simply by finding other computers on the network.
Generally speaking these are network based attacks, and because of their nature that they do not need run by the user, they spread very very fast. As CSO Online says,
“But once NotPetya was installed on the computers of M.E.Doc users, it began, like all worms, to reproduce and seek out new victims on its own accord. Once installed on a computer, it took stock of all the other computers its victim had interacted with in the past and figured out how to connect. It spread from computer to computer within networks by taking advantage of EternalBlue and EternalRomance, two exploits developed by the NSA and later stolen by unknown hackers.”
The purpose of a worm depends, it can be used for mass exfiltration of data like passwords and sensitive files within a company, or maybe it encrypts the files of a system to cripple a system or gain money (ransomware). So as we can see worms can even be combined with other sorts of malware, taking advantage of the rapid spreading of worms.
Masquerading as harmless software, a trojan horse will execute once the user installs or runs a program. These have the same benefits of viruses, and could be considered a virus at its core. The way it differs is via transmission. Most viruses would naturally come from trojan horses as users need to trust a program to download and run it.
Trojans mostly act as spyware, keyloggers, or backdoors, but they can manifest as something else. They typically have these functions as they can run without the user knowing, and as long as the guise of being a legit program stays up, the malicious intent can continue.
Typically, trojan horses can come from phishing emails, malicious sites and “free” and pirated software. Sketchy free games are a good example of trojan horse viruses. We all know the saying “If it is too good to be true, it probably is”. This is the case with software, the “free” version of a very expensive tool often is packed with malware. This then can steal your banking data, passwords and your sensitive files, costing you much more than the program would have.
If a user sees that their computer is acting not right or other signs that they’re infected, they can usually just delete the virus. Rootkits make this more difficult. They are packaged with other malware and set up so they hide the malicious activity going on. Hiding keyloggers, spyware, using your computer as a bot/zombie for DDOS attacks are all potential attacks that rootkits hide.
Finding a rootkit is even more of a challenge. Since they require root or admin level access to deploy, they can easily blend into a system, obscuring themselves too as they can modify system files at ease. Sometimes you can notice suspicious activity on your system too, like too many resources being used. If this is the case, an advanced anti-virus scan is necessary to find the rootkit.
Sophos is one example of a company which has a reputable tool that can search your system and find potential rootkits. They claim it uses advanced rootkit technology to find and remove the virus. If you think you have been infected by a rootkit, the removal tool is linked. Please note that this is not a guarantee for removal, however it is a good solution by a reputable company offered at zero cost.
This is one of the most destructive forms of malware. Once it executes, it starts encrypting files on the system. The files it encrypt vary from ransomware to ransomware. Some target personal files such as the “documents” , “photos” or “videos” folders on Microsoft Windows. However some go further and encrypt critical system files so your computer cannot function. And some ransomware attacks just encrypt everything.
Once it encrypts the files, it prompts the user to pay a ransom in cryptocurrency- normally bitcoin. After the fee is paid, it then gives the “key” to decrypt your files. This can make the cost of a ransomware attack unbelievably high. Just to decrypt one computer it can be about $700, a price which is feasible for companies to pay, but still hurting them a lot.
Typically speaking, it is either pay the ransom, or get a new computer/hard drive(if the master boot records were encrypted), or lose the data it encrypted. And generally, the advice from organizations is to not pay the ransom as it just encourages this behavior, and there is no guarantee you will even get the key from the attackers.
The reason you cannot just decrypt the files yourself is because when ransomware encrypts the files, it does so with a “high bit” key. This means is computationally and mathematically unfeasible to find the key used, nearing impossibility. However, with some ransomwares the key has been found, and if you are infected with one of them, you can safely recover your files. To check out the list of decrypted ransomwares, head to The No More Ransom Project, which also information about prevention, or Kaspersky. Be sure to check out both lists if you are infected.
Backdoors are not necessarily malicious. They can bypass normal means of authentication Sometimes, they will intentionally be put in place by the user or product owner for ease of access. Such as a product owner looking to help users who are locked out, or a CEO wanting emergency access to his system. However these can often pose a major security risk.
In addition to legitimate purposes, hackers use backdoors to maintain access after a successful attack. If the hack or infection was done stealthily, a backdoor in the system is very useful to the attacker. As after the attack is done, hackers can return to the system with great ease and perform whatever action is necessary.
Typically, the backdoor will be coupled with another form of malware. Its initial attack performs its job, then drops a backdoor in the system so the hacker can attack again later.
Like backdoors, these are not inherently malicious, as all a keylogger is, is a program that can record keystrokes on a keyboard. Examples of non malicious keyloggers are Microsoft Word, Notepad, and every other text editor that is used!
Attackers can deploy them in attacks to steal credentials or other sensitive information like credit card numbers. They can even be configured to only capture keystrokes on certain forms, like social media sites or banking sites. As the user types into their computer, the keylogger sends the stroke back to the attacker while still allowing the user to type normally.
These can also be considered a form of spyware, which is another form of malware not covered here. Essentially spying on the device attacked, spyware can include keyloggers along with other functions.
Malwarebytes goes into more details about keyloggers, including detection methods as well. Besides having an antivirus do the job for you, warning signs include a drop in quality of screenshots or a delay in typing. However it notes advanced and well written keyloggers will not degrade the speed of your system to a noticeable degree. The keylogger will even go as far to make its traffic appear as normal system traffic(which could be aided with a rootkit).
Adware is increasingly common to see nowadays, it provides hackers an “easy” way to make money. It is simply ad malware. While not inherently destructive, this virus is incredibly annoying to the end user. There is nothing too complicated about adware either. Normally it will be delivered in a trojan horse program to try to stay undetected as long as possible.
Panda Security gives some signs that you have adware. They say some signs you have adware are
- Ads in strange places(covering content, etc.)
- A different home page you did not add yourself
- Redirections to strange or ad filled pages
- Your web browser is slower or even crashing
While other signs exist, staying vigilant of how your device normally functions is crucial to keep your device and secure from these annoying ads. To clean your computer from adware, an antivirus software is typically needed.
Logic bombs are a very unique attack. This virus is more local to a system and normally installed by a disgruntled employee of a company. However, like the other attacks, it can be found in pirated and free software. For logic bombs, these are not the primary method of infection though.
The point that makes this virus so unique is that it only executes once a specific logic condition is met. In the case of the employee, if the logic bomb finds the employee has been removed from the database(ie. fired), the code executes. The effect could be many things, like opening a backdoor, stealing money, or deleting critical data from the system.
This is another virus which is very hard to detect as they are installed by people with knowledge and access to a system. If the attacker is an administrator it makes it all the worst. So checking to see what users are doing and modifying on a system is important to catch viruses and logic bombs. Antiviruses can also aide in detecting logic bombs as well as their removal.
What can you do to prevent infection? Common prevention methods include things such as safe internet practices, resistance to social engineering attacks, as they are how most types of malware are spread, and avoiding sketchy files.
Being safe on the internet just means knowing malicious sites when you see them, and not clicking in the first place. If it looks too good to be true, it probably is. Only download files from reputable sources, and follow links to sites you know are safe.
This goes for social engineering attacks too. Phishing emails are a common form of social engineering and leave many people infected each year. By knowing what a phishing email looks like, you can avoid downloading the file or clicking the link in the first place; preventing one way attackers infect your system.
Many sites exist to help you make the right decision about an email or file too. VirusTotal can scan files or websites and CheckPhish is a great tool for checking websites as well. These tools are completely free and can make spotting a malicious file a lot easier.
Another very easy method to protect yourself is to keep everything updated. Viruses and malware typically exploit out of date software that has not been patched yet. By checking your applications and products for updates regularly you can make sure you are taking a crucial step in improving your security.
Monitoring your system regularly is important for the safety of it as well. Checking your bandwidth usage, processes which normally are running, how a typical browsing session goes, and other metrics such as these can help detect an infection on your system.
Finally, the last piece of advice for preventing infection is to install an anti-virus. These products scan the files you download and that are on your computer for potential viruses. If they find it, the tool can prevent it from being run in the first place, or delete the file if it already infected your system. This means that even if the above prevention methods fail, usually the anti-virus can find and clean your system. There is many anti-virus solutions out there all with different pros and cons. Always stick to a well know and reputable one as fake ones do exist. BitDefender, Malwarebytes, Kaspersky and Sophos are just a few well known and used antiviruses.
While viruses are not going away anytime soon, there is many different things you can do to protect yourself. Learning about not only viruses, but the other forms of malware such as rootkits, ransomware, keyloggers, logic bombs is a good starting point.
Each attack is unique from each other. Having different features that set them apart from each other. It is these features which make them all challenging to detect, from trojans horses which are designed to trick the user into thinking it is legit, to rootkits which integrate with system processes.
Because of this, it is a good idea to have an antivirus do the detection job for you, and scan your downloads for potential viruses. Besides antiviruses, learning safe internet practices and making yourself resistant to scams and social engineering are a good way to keep your system safe.
Comment below any methods you have of keeping safe or pieces of malware you find interesting! If you have any questions or concerns, do not hesitate via the Contact Us page, or directly by email at firstname.lastname@example.org.
Make sure to sign up for the site to get notified of any new posts and get exclusive offers for our courses!