To combat malware, it’s important that you get your malware classifications right. Here we go, attempting to classify the different types of malware and explaining how to recognize them:
We tend to refer to all malware as viruses, but it’s not so. A virus modifies other legitimate host files in such a way that when a file in the victim’s system is executed, the virus also gets executed. Today, with different kinds of malware infecting the cyber world, computer viruses have become rather uncommon; they comprise less than 10% of all malware.
Remember, viruses infect other files, they are the only malware that infect other files and hence it’s really hard to clean them up. Even the best among antivirus programs struggle with this; most of the time they either delete or quarantine the infected file and don’t get rid of the virus itself.
A worm is self-replicating and spreads without end-user action, causing real devastation. Viruses need end users to kick them off so that they can go on and infect other files and systems, but worms don’t need any such end-user action. They’d simply spread by themselves, self-replicating in the process and destroying systems, devices, networks and connected infrastructure as well. Worms spread by exploiting other files and programs to do the spreading work and when one person in an organization opens an email that contains a worm, the entire network in the organization could get infected in just a few minutes.
Trojans, reminding you of what happened during the Trojan war, would masquerade as legitimate programs though they would be containing malicious instructions. Trojans mostly arrive via email or spread from infected websites that users visit and would only work when the victim executes it. A user may find a pop up that tells him his system is infected; the pop up would instruct him to run a program to clean his system. He takes the bait, without knowing that it’s a Trojan and thus gets infected. Trojans are very common, especially because it is easy to write Trojans and also because Trojans spread by tricking end-users to execute them (thus rendering a security software useless).
Also, read: The rising popularity of trojan virus generators
Ransomware, as the name suggests, demands a ransom from you to get things back on track. The main issue with ransomware, which would spread tremendously fast across organizations, networks, countries, is that they would encrypt all files in a system or network, rendering them inaccessible. A random note would pop up, asking for an amount, to be paid in cryptocurrency, for getting the files decrypted. If the ransom is not paid, the encrypted files could eventually get destroyed and hence ransomware should be seen as one among the most devastating of malware. Most ransomware are Trojans and spread through social engineering. An issue with ransomware infection is that in some cases, files don’t get decrypted even after the ransom is paid.
Adware is nothing but attempting to expose users to unwanted, potentially malicious advertising, which would most likely end up getting them infected. There are adware programs that would redirect a user, during browser searches, to look-alike web pages that would have promotions of other products. Removing adware is easier; you just need to find the malicious executable and remove it.
Spyware, as the name suggests, helps hackers spy on systems and their users. This kind of malware can be used for keylogging and similar activities, thereby helping hackers gain access to personal data (including login credentials) and intellectual property. Spyware is also used by people who want to keep a check on the computer activities of people personally known to them. Spyware, like adware, is easy to remove.
While traditional malware travels and infects systems using the file system, fileless malware travels and infects without directly using files or file systems. Such malware exploits and spread in memory only; they also spread using ‘non-file’ OS objects, like APIs, registry keys etc. Fileless malware attacks are mostly initiated with the exploitation of an already existing legitimate program or by using existing legitimate tools that are built into the OS (for example, Microsoft’s Powershell). Thus, it becomes really tough to detect and prevent these kinds of attacks.
The hybrid attack
This is rather dangerous and devastating. Today, we have malware that could be a combination of more than one stream of traditional malware. There could be malware that could be part virus, part Trojan and part worm. Such a malware might appear as a Trojan during the initial stage after which it would perhaps spread like a worm. There are also bots, wherein the hackers use one kind of malware to gain access to hundreds of computers and then those systems are used (either by the same hackers or by others who purchase them) to carry out other attacks.
Combating malware: Some basic tips
These are some basic things that could help prevent malware infection, to a great extent:
- Update OS, browsers, plugins etc regularly.
- Use all the necessary security tools, decide it based on your requirements.
- Update all software regularly.
- Watch out for social engineering attacks, stay wary of phishing emails.
- Never click on links or download attachments coming from untrusted on unknown sources.
- Practice safe browsing.
- Have strong passwords, change passwords periodically.
- Refrain from using unencrypted public connections.
- Layer your security starting with basic measures like firewall and antivirus.
Julia Sowells is a security geek with almost 5+ years of experience, writes on various topics pertaining to network security.