- PCs, Mac computers, laptops, smartphones, and tablets are all subject to an ever growing variety of malicious software programs and other security threats. As a first step towards securing your devices and protecting yourself online, it’s worth ensuring you have a good understanding of the major categories of malware and other threats.
What is Malware?
The name malware is short for ‘malicious software’. Malware includes any software program that has been created to perform an unauthorized – and often harmful – action on a user’s device. Examples of malware include:
- Computer viruses
- Word and Excel macro viruses
- Boot sector viruses
- Script viruses – including batch, Windows shell, Java, and others
- Password stealers
- Backdoor Trojan viruses
- Other Trojan viruses
- Adware… and many other types of malicious software programs
Difference between a computer virus and a worm?
This is a type of malicious program that can replicate itself – so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions – such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.
Worms are generally considered to be a subset of computer viruses – but with some specific differences:
- A worm is a computer program that replicates, but does not infect other files.
- The worm will install itself once on a computer – and then look for a way to spread to other computers.
Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.
What is a Trojan virus?
A Trojan is effectively a program that pretends to be legitimate software – but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.
Cybercriminals use many different types of Trojans – and each has been designed to perform a specific malicious function. The most common are:
- Backdoor Trojans (these often include a keylogger)
- Trojan Spies
- Password stealing Trojans
- Trojan Proxies – that convert your computer into a spam distribution machine
Why Trojan viruses are called Trojans?
In Greek mythology – during the Trojan war – the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse – and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates – for the Greek army to enter Troy.
Today, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.
What is a Keylogger?
A keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data – such as login details, passwords, credit card numbers, PINs, and other items. Backdoor Trojans typically include an integrated keylogger.
What is Phishing?
Phishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information – such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site – such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site – typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data – such as your login, password, or PIN.
What is Spyware?
Spyware is software that is designed to collect your data and send it to a third party – without your knowledge or consent. Spyware programs will often:
- Monitor the keys you press on your keyboard – using a keylogger
- Collect confidential information – such as your passwords, credit card numbers, PIN numbers, and more
- Gather – or ‘harvest’ – email addresses from your computer
- Track your Internet browsing habits
In addition to the potential damage that can be caused if criminals have access to this type of information, spyware also has a negative effect on your computer’s performance.
What is a ‘Drive-by Download’?
In a drive-by download, your computer becomes infected just because you visit a website that happens to contain malicious code.
Cybercriminals search the Internet – looking for vulnerable web servers that can be hacked. When a vulnerable server is found, the cybercriminals can inject their malicious code onto the server’s web pages. If your computer’s operating system – or one of the applications running on your computer – has an unpatched vulnerability, a malicious program will be automatically downloaded onto your computer when you visit the infected web page.
What is a Rootkit?
Rootkits are programs that hackers use in order to evade detection while trying to gain unauthorized access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.
The fact that many people log into their computers with administrator rights – rather than creating a separate account with restricted access – makes it easier for cybercriminals to install a rootkit.
What is ADWARE?
Adware programs either launch advertisements – such as pop-up banners – on your computer or they can redirect search results to promotional websites.
Adware is often built into freeware or shareware programs. If you download a freeware / shareware program, adware may be installed on your system without your knowledge or consent.
Sometimes a Trojan virus will secretly download an adware program from a website and install it on your computer.
If your web browser doesn’t have the latest updates, it may contain vulnerabilities that can be exploited by hackers’ tools – or Browser Hijackers – that can download adware onto your computer. Browser Hijackers can change browser settings, redirect incorrectly typed or incomplete URLs to a specific site, or change your default homepage. They may also redirect Internet searches to pay-to-view and pornographic websites.
What is a Botnet?
A botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.
What is a DoS attack?
Denial-of-Service (DoS) attacks are designed to hinder or stop the normal functioning of a website, server, or other network resource. Hackers can achieve this in several different ways – such as sending a server many more requests than the server is able to cope with. This will make the server run slowly – so that web pages will take much longer to open – and can make the server crash completely, so that all websites on the server are unavailable.
What is a DDoS attack?
A Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer – to install a Trojan or other piece of malicious code.
Article Courtesy of Kaspersky Lab