“Computer viruses are an urban myth.”Peter Norton, circa 1988
Malware is a common term heard throughout the security industry, but it is also heard a lot outside the industry, because it has become so ubiquitous in the computing landscape. Many users have to deal with it often, in its many different forms, on their personal computers, their computers at work, and more recently, even their smartphones. Malware, commonly defined as “malicious software,” is any software that was developed with nefarious intentions. It can be as harmless as a prank or as serious as a complete takeover of one’s computer. Malware can take many forms, but rest assured, none of them are pleasant.
A virus is a software that is self-replicating and designed to spread from host to host. In the dawn of the computing era, every malicious software was referred to as a virus, but as time has progressed, the term malware has taken its place. A virus will often attach to a host file, replacing it or modifying it, so it can then be transported to another host, almost always by user intervention. Early viruses spread through floppy disks, but then transitioned to Internet downloads, jump drives, and emails. One of the first viruses found in the wild was called Elk Cloner. It spread through floppy disks, and upon being ran for the 50th time, would take over the victim’s computer and display a short poem dedicated to itself. A less common form of a virus is a boot sector virus. This type of virus copies itself to the boot sector of a hard drive or floppy disk, allowing it to load itself into memory before the operating system or typical anti-virus software has a chance to run. This allows the virus to be persistent and much harder to remove.
Adware, alone, tends to carry the lowest risk of all of the different types of malware. It is often installed with user consent in a bundle with other software. A lot of download sites bundle adware with the free software they offer for download, in order to generate more revenue. On a side note, that is why software should be downloaded from the original author’s website, instead of download sites. The intention behind adware is to monetize software without consent of the original author. A lot of adware injects ads into webpages they do not own or into popular software they did not author. More aggressive adware has also been known to create popups that cannot be closed and generate an overwhelming number of popups with graphic advertisements. It is usually more annoying than harmful, but that does not exempt it from being malware.
Spyware, while very similar to adware, is written for the specific purpose of capturing information generated by a user. It can also be installed in the same way adware is installed–with consent–or as part of a trojan, which we will discuss later. Some spyware can use a keylogger to steal credentials or just capture browsing habits in order to monetize that user’s browsing habits. While it seems closely related to adware, it takes things a step further by tracking usage habits, capturing keystrokes, and monetizing that information, among other things.
A worm, much like a virus, is self-replicating and designed to spread from host to host, but does not require user intervention. All that is required to be infected by a worm is to be on the Internet (or local network) and be vulnerable. Worms are designed to spread at an exponential rate, because as more systems are infected, they go on to infect more machines themselves. A worm combined with a virus can be even more devastating, because the virus then has a method of transportation that is highly efficient, that it did not have by itself. An example of well-known a worm was one named Code Red. It attacked vulnerable IIS web servers back in 2001, spreading across the entire world in less than 24 hours.
Trojans, much like the story of antiquity, is a piece of software that is deceptive in nature. A trojan is often an executable file that looks legitimate, but is carrying a hidden payload of malware. Trojans are essentially a malware delivery vessel, in other words. An example of a trojan is a piece of software for which one would normally pay, being offered for free on a website that is commonly associated with pirated software. Always proceed with caution with any software that seems “too good to be true,” and always download software from the original author’s website when possible to avoid this type of situation.
A rootkit is one of the more dangerous forms of malware. Most rootkits go undetected, because of the way the malicious software manipulates the underlying file system and presents it to the operating system. Basically, it hides itself. One of the more famous uses of a rootkit was by Sony BMG. When a Sony copy-protected disc was inserted into a computer, a piece of software was automatically installed without user consent and hid itself from the operating system. After much public outcry, Sony released an “uninstaller” that merely un-hid the files, but also installed more software, unbeknownst to the user. These rootkits also introduced vulnerabilities for other malware and eventually led to Sony being hit with multiple class-action lawsuits.
A keylogger, as discussed earlier, logs all keystrokes on a computer. They will often dump all information into a log file which can then be retrieved by an attacker or can be automatically uploaded to a central server that is controlled by an attacker. Some keyloggers are more advanced than others, but they all serve a specific purpose, to log all data input through the keyboard of a computer so an attacker can look for usernames and passwords, credit card information, social security numbers, and other highly valuable information.
Ransomware is by far the most destructive form of malware, and also one of the newest. Ransomware took off around 2013 and has changed the face of malware in a large way. Ransomware, in its many forms, runs in the background encrypting certain file types, and then when it is complete, displays a warning that all of a user’s files are encrypted and holds them for a monetary ransom. That ransom is usually $300 or more dollars, at the time of this writing, per infected machine and is only payable through anonymous payment methods. If remediation is attempted and the malware removed, all files will remain encrypted. Security researchers have discovered decryption methods and keys for some forms of ransomware, but many forms still require payment. When it comes to ransomware, the best defense is prevention and backups.
Although there are many different forms of malware, they all have the same intent: causing issues for users. While malware was more demonstrative and harmless in the beginning, as time has progressed, it has become more destructive and monetized. Malware may be a catch-all phrase in the information technology industry, but now the differences are clear and well defined, and that is important in the information security industry.