Malware: Get an Understanding
Malware is any program or file that is harmful to a computer system. Malware includes computer viruses, worms, Trojan horses, and spyware programs that gather information about a computer and/or a computer user, without permission. We have all come in contact with some form of malware on our computers. Whether its the pop-ups trying to convince you to buy that ‘thing’ you clicked on yesterday or the virus that caused your computer to slow to a halt and rendered it unusable, we have all been touched by malware.
Malware will never go away because there are new Internet users getting online everyday, more and more of our lives are being exposed on the Internet and there is money to be made by those that seek to get their malware onto your computer. Malware is here to stay so it is best to understand it as much as possible.
Malware can be roughly broken down into types according to the malware’s method of operation.
There are three characteristics associated with these malware types.
- Self-replicating malware actively attempts to propagate by creating new copies, or instances, of itself. Malware may also be propagated passively, by a user copying it accidentally, for example, but this isn’t self-replication.
- The population growth of malware describes the overall change in the number of malware instances due to self-replication. Malware that doesn’t self-replicate will always have a zero population growth, but malware with a zero population growth may self-replicate.
- Parasitic malware requires some other executable code in order to exist. “Executable” in this context should be taken very broadly to include anything that can be executed, such as boot block code on a disk, binary code in applications, and interpreted code. It also includes source code.
Malicious software, or Malware, include computer viruses, worms, trojans, rootkits, spyware, dishonest adware, crimeware, botnets, keystroke loggers, dialers and other undesirable software. If you surf the internet, chances are, you have been exposed to malicious software. Some of the more obvious signs of your computer being infected are excessive pop-ups, files and applications slow to open, internet connection slower than usual, your internet browser is redirected to an unknown website, and the loss of your internet connection.
Adware is any software that causes advertising to be shown while the program is running. The people that write these programs include code to deliver ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen and sometimes through text links or in integrated search results. Adware is marketing-focused, and may even redirect a user’s web browser to certain web sites in the hopes of making a sale. Some adware will attempt to target the advertisement to fit the context of what the user is doing. Adware may or may not track personal information. It may also gather information anonymously or in aggregate only.
Trojans are programs that enables an attacker to get nearly complete control over an infected PC. Trojan Horses (also known as trojans) differs from viruses and worms in that they don’t replicate themselves, relying on a separate mechanism for distribution. Their primary feature is that they masquerade as a legitimate program or offer something desirable (such as a link for something free or interesting), but harbor a malevolent purpose. Trojans are a frequently used tool by malicious hackers. These types of programs are often found attached to peer-to-peer downloaded files. The authors of the programs often hide them in executable software, in compressed files such as RAR and ZIP files. When a Trojan executes, the program performs a specific set of actions. This usually works toward the goal of allowing the trojan to survive on a system and open up a backdoor.
Viruses are malevolent software that spreads itself automatically by infesting other files on your PC.
A computer virus has three parts:
- Infection mechanism- How a virus spreads, by modifying other code to contain a (possibly altered) copy of the virus. The exact means through which a virus spreads is referred to as its infection vector. This doesn’t have to be unique – a virus that infects in multiple ways is called multipartite.
- Trigger- The means of deciding whether to deliver the payload or not.
- Payload- What the virus does, besides spread. The payload may involve damage, either intentional or accidental. Accidental damage may result from bugs in the virus, encountering an unknown type of system, or perhaps unanticipated multiple viral infections.
Viruses are software which attaches itself to other software. A boot virus inserts its code into the boot record or master boot record of a disk. When the machine boots from that disk, the virus code is executed. A file virus inserts its code into an executable file, so that when that file is executed, the virus is executed as well. A macro virus attaches itself to documents like Word or Excel.
Worms are virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. Propagating by infecting other code is the domain of a virus; actively searching for vulnerable machines across a network makes a worm. Worms can affect large computer networks and spreads very quickly because of the program’s delivery method. Worms are classified by the primary method they use for transport. A worm using instant messaging (IM) to spread is called an IM worm, and a worm using email is an email worm. For example, many email worms arrive as an email attachment, which the user is tricked into running. When run, the worm harvests email addresses off the machine and mails itself to those addresses. Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
Data Miners are software that has the primary function of gathering data about an end-user. Data miners monitor, analyze, and collect specific information found in a database or volume of data from various sources. Data gathered maybe personal or in aggregate only and is usually done for marketing purposes. Data miners may be used maliciously. Some have been employed to steal personal information like logon credentials and credit card numbers.
Dialers are programs that can secretly change your dialup connection setting so that instead of calling your local internet provider, your PC calls are routed to an expensive 0900 or international phone number. Dialer enabled viruses are picked up just like other viruses with a lure of free software or downloads. Dialers are still in use for malicious and non-malicious purposes, but malicious use has relatively, subsided because many people are moving to broadband internet connections as opposed to dial up connections.
Don’t Be Afraid of Malware!
Knowing is half the battle! Malware is nothing to fear, but it is something to be mindful of. Good malware protection and good practices can reduce the chances of a malware infestation of your computer. Here are a few tips:
- Get a good anti-virus program – The are several to choose from and many good ones on the market. You can even get some decent ones for free. When choosing an anti-virus program look for one that is simple to use and has real-time protection. Some other thing that help are auto updating and scheduled scans. I can’t count how many times I have been called to remove malware from a computer only to find that there is an anti-virus program on the computer but the definitions are way out of date and the last scan was a year ago! Your anti-virus program’s definitions need to be up to date and the program cant help if it never scans your files. We like Malwarebytes Anti-Malware.
- Look at all options when installing software – Many software programs, especially ‘free’ ones, have other programs bundled with them. During the install process, it will ask if you want to install theses additional programs (or toolbars) but the default choice is ‘yes’ and if you are not paying attention you can inadvertently add unwanted software to your computer. Just take a few moments during the install to read before clicking ‘next’ to hurry through the install process.
- Be careful with downloads – Downloading infected files is one of the easiest ways to get malware on your computer. File sharing is a major vehicle for spreading malware. A good practice when downloading files from anyone or anywhere, is to allow your anti-virus program to scan it prior to you opening it or clicking on it. This way, any infections can be discovered before it is released on your computer.
Author: Keith Barney