Malware and Types of Malware

bootkit head

Software is an inseparable component of a computer. Different types of software have made our work easy. But the negative part is that there are some types of software that are very harmful for our system and data stored in it.

Malware

The term malware has been formed by the combination of two words Malicious and Software. Malware is a type of software that is written and developed to create mischief or hurt the user. There are various types of malware: Virus, Trojan Horses, Worms, Rootkits, Backdoors, Ransom ware, Spyware, Adware and Scare ware.

Purpose of malware

In the beginning, malware was written for the sole purpose of experiment only. Sometimes, it was also written as a joke. But there were no bad intentions in the mind of the writer to harm other individuals. However, with advancement in technology, it is being used with more malicious intentions. These bad intentions can be to:

  • Steal personal, financial or business information
  • Obtain personal information
  • Disturb activities
  • Obtain secret government and security information
  • Obtain bank account and credit card details
  • Take control of user’s computer for illegal purposes
  • Send email spams
  • Circulate banned data
  • Advertise products

Symptoms of presence of malware

Malware can affect your computer in many ways. The most common symptoms of presence of malware in the computer system are as follows.

  • Unexplained messages start appearing on your screen.
  • Some files are deleted on their own.
  • Unknown files are added to your hard disk.
  • An entire disk or drive of the computer is erased.
  • The keyboard does not work properly.
  • The software or operating system seems to be changed.
  • Unexplained problems occur while printing your files.
  • Making the system unusable or crashing of the system.
  • Slowing down of your computer system.
  • Problem in booting process or starting of your computer system.
  • Your friends start telling you that they have received emails from your address but you have not sent any of those emails.
  • Automatic rebooting or restarting of your computer system.
  • Your computer starts showing low memory capacity status although there is lot of unused memory space.
  • The data on the system becomes inaccessible.
  • Unwanted pop-ups start appearing on the screen as advertisements.
  • Random appearance of a blank blue screen on the monitor.
  • Automatic opening and closing of CD and DVD drives.
  • Random playing of strange sounds.
  • Reformatting of your system or hard disk.

Types of malware

Virus

The term virus used in computers has been taken from biology. Viruses are very small organisms that cannot be seen by human eyes. They live inside living organisms and replicate themselves to cause diseases.

A computer virus is nothing but an electronic version of this virus. It is a program that is hidden inside another ordinary looking program or software. When it enters the computer system, it replicates itself and causes infection in the system.

The infections generally caused by a computer virus (referred to as ‘virus’ from now) reduce the storage capacity in the hard disk, slow down the CPU speed, corrupt the data, send undesirable emails to everyone in contacts list without knowledge and so on.

Creeper is widely acclaimed as the first virus on ARPANET (the predecessor of present day Internet). It was written as an experiment of a self-replicating program by Bob Thomas in 1971.

There are three types of computer virus that exist at present:

  • File infector virus: This virus attaches itself to executable files of the computer. The executable files are those files which have ‘.exe’ as their file extension. As soon as you will run the infected program, the virus gets activated and thus spreads infection. This virus either deletes or damages files in your computer system. Cascade, Sunday and Invader are common examples of file infector virus.
  • Boot sector virus: A boot sector is the section of the hard disk which contains instructions to tell the computer how to start up. A boot sector virus either copies boot sector instructions present in the hard disk to some other location or overwrites these instructions. Disk Killer and Stone Virus are common examples of boot sector virus. This virus occupies some portion of your hard disk which contains instructions that tell the computer how to start up. As soon as the computer gets started, the boot sector is not consulted by the computer. This virus slows down the processing speed of your CPU.
  • Macro virus: Macros are MS Office files like Word or Excel files that have computer programs in them apart from their data. A macro virus is the most dangerous and non-detectable type of virus. They enter the system as a part of an Office file and appear non-suspicious. Nuclear and DMV are common examples of Macro virus.

Trojan Horses

These are ordinary looking files but are actually programs that delete your files or corrupt them. They are generally transferred as innocent attachments to an email. They do not duplicate themselves when they are executed. They are usually written with the intention of stealing the data of the user. They present themselves as routine, useful or something interesting to attract their victims. These are used to take unauthorized access and control of the infected computer system.

The Trojan Horses can:

  • Crash the computer
  • Corrupt user data
  • Format hard disk
  • Make an unauthorized transfer of electronic money into other accounts
  • Infect other systems on the network
  • Steal data from the system
  • Modify or delete data of the system
  • Unnecessarily download or upload files
  • Control computer system remotely

Worms

Worms are like viruses but differ from them in one feature. Whereas viruses are transferred from one system to another as an attachment to a file or a program, worms can spread on their own and do not need the support of attaching to a file or a program. They generally spread through the internet. Worms replicate themselves and spread to other computers via network.

Worms are designed only to spread from one system to another and not to cause changes in data of the systems they pass through. Some worms cause problem of increased network traffic and other unintended effects. Worms usually break some security hole in the software or the operating system of a computer.

The most dangerous worm has been Code Red. Other popular worms have been Slammer Worm and Storm.

Backdoors

Generally, when you log into a computer system, it asks for the username and password (if any) to access the system. A Backdoor is a type of malware that has been designed to avoid this routine procedure. It is generally designed to gain access to a system over a network.

Backdoors can get installed to a system with or without the knowledge of the user. Sometimes, when a user downloads some huge files from the Internet, backdoors may get downloaded or installed. Downloading mischievous files or software unknowingly, is also a cause for installation of backdoors into a computer system.

Subseven, NetBus, Award BIOS have been some infamous backdoors. These backdoors have been used by attackers to gain unauthorized access to the computer systems of the victims.

Rootkit

A rootkit is a special type of malware that gives administrative rights to use the computer. The term is inspired from the use of word “root” in Unix that denotes the user account of the administrator and “kit” that denotes the collection of any kind of items or software programs.

A rootkit may consist of other malware. For example, it may contain a type of spyware to know what data or websites are visited by the user. In a way, it helps in creation of the backdoor in a system. This backdoor is used by a hacker to hack information, alter log files, and corrupt other systems on the same network. The hacker installs the rootkit on the computer which in turn gives administrative rights to use the computer.

Unlike other malware, rootkits are directly not harmful. They are simply used to cover other malware, gain entry to the computer system and then attack the computer system using other malware like virus and Trojan Horses. The rootkits are activated before the booting up of the operating system. As a result, they are very difficult to detect. Since you cannot easily detect a rootkit, therefore, you cannot easily remove or delete it.

A common example of a rootkit is Back Orifice. It was designed to find the shortfalls in the security measures of the MS Windows operating system.

Spyware

Spyware is a type of malware that does not directly destroy the data of a system. It is designed so as to collect information about an individual or an organization. The concerned individual or the organization is not aware of the fact. The information so collected by the spyware is sent the corporate houses to increase markets of their products.

Generally, the spyware collects information about the websites that are frequently visited by the user. On the basis of the websites visited by the user, advertisements start appearing on the screen of the computer system by way of banners and pop-ups.

Some types of spyware collect more sensitive information from the computer system of the victim. This sensitive information can be in the form of bank account details, usernames and passwords of email accounts, etc. Some types of spyware can automatically download and install other software also in the system. Some of these are designed to gain control over the existing software operating on the system of the victim. Some types of spyware are designed to change the settings of the computer.

Spyware is different from other types of malware as it does not multiply. It only installs itself once on the system of the user. The presence of spyware in the system reduces the operating speed and connection speed of the computer system. The presence of spyware in a computer system can be detected from these common symptoms of the infected systems:

  • The performance of the computer system has started decreasing.
  • The computer starts behaving differently.
  • The CPU of the system is continuously processing even if the user is not doing anything.
  • The free space in the computer hard disk has decreased on its own.
  • There is huge traffic of the Internet activities from the system.
  • The applications installed on the system have started closing on their own.
  • The system has failed to reboot.
  • The computer system and its hard disk have crashed down.
  • The user has started facing difficulty in connecting to the Internet

Adware

The word adware has been formed from two words Advertising Supported Software. Adware is generally used to display advertisements in the form of banners and pop-ups on the infected computer systems. Adware is generally bundled up with applications that a person has purchased from the market or has downloaded from the Internet. Sometimes adware is used by software developers to collect funds for the expenses incurred in the development of the software.

Spyware is used to collect data about the websites visited by the user. On the basis of the data collected and supplied to corporate houses, advertisements appear on the computer system of the user. These advertisements are displayed with the help of adware.

Adware is the only malware which has positive as well as negative effects. Adware helps software developers to collect funds for the software. With the collected funds, they can improve and upgrade the software. On the negative side, the advertisements that appear on the computer system distract and irritate the user.

Ransomware

Ransomware is a type of malware that focuses on the user and data stored in the computer system of the user. Unlike other malware, it is neither hidden nor difficult to detect. In fact, ransomware announces itself to the user. As soon as the ransomware enters the computer system, it takes control of the computer system and converts the data on the system in a special format and locks the files. It then flashes instructions on the screen to pay bride or  ransom to the attackers to get the data back.

Ransomware attacks the system if your system is not installed with updated antivirus. Since ransomware locks up your files in special format, it is very difficult to recover from the attack of malware without paying bribe or ransom. Ransomware infects your computer in the following ways:

  • Drive-by download: This is the most common way by which ransomware is installed in the computer. It is automatically transferred to the system when the user visits some malicious websites or clicks on a mischievous link.
  • Exploiting weakness of the computer system or antivirus: Ransomware can also enter the computer system by finding a hole in the security system of the computer.

To keep your computer system safe from ransomware attack, keep these points in mind:

  • Always keep a backup of all your data.
  • Do not click on a weblink before you are sure that it is not a mischievous link.
  • Install good antivirus software in your computer system and regularly update it.
  • Still, if you are attacked by ransomware, do not pay bribe or ransom to the attackers. This encourages them to attack further innocent people. Instead of paying ransom, get in touch with the local cyber security office or cell to fight against such attackers.

Scareware

Scareware is a type of malware that is designed to trick Internet users to purchase or download useless or dangerous software. Generally, it shows dialog boxes and pop-ups similar to the Windows operating system. These pop-ups ask for downloading latest antivirus or antimalware programs. The message also shows that an initial test has already been run on the computer system and there are a large number of files that are infected with virus and malware. The infection can be completely removed only if the user purchases the software. The user gets scared of loss of data and purchases the program which in fact is some useless or dangerous software.

In this way, the user may lose money or download infected files on the computer system.

How does malware spread?

A biological virus spreads by contact. Similarly, computer malware also spreads by contact. The contact here means when a piece of infected hardware comes in touch with another piece of uninfected hardware. This contact may be physical (through USB or cable) or electronic (through Bluetooth or the Internet).

Malware can spread from an infected hard disk or removable disk to an uninfected disk or removable disk. It spreads whenever an infected program or system is used and the uninfected disk is accessed by the user. Accessing a disk means to view files on the disk, run programs, send print commands or even start the computer.

After malware infects a file, it waits for a signal. The signal becomes part of the computer malware program itself. The signal can be of two types:

  • A time bomb signal is the one in which the malware is activated at a specific time like day, date, month and hour.
  • A logic bomb signal is one in which the malware is activated when a specific function is performed like opening and printing files, connecting to the internet and sending emails.

Malware either copies itself from one system to another or executes some instructions (actually the damages) as planned by the person who has prepared the malware as soon as it gets the signal.

The spreading of malware increased with the use of the Internet and emails. Before that it spread through CDS and other removable storage devices. The use of the Internet and email enabled the virus to spread from one system to another without coming in direct contact or through some removable storage devices. Accordingly, the damage caused by such malware is much more than that in earlier times.

Tackling malware

You can follow these simple rules to prevent your system against attack from a virus and other types of malware.

  • Do not open the email messages you receive from people you do not know.
  • Do not open the email messages you receive from people you know but the subject line is strange or does not look good to you.
  • Do not be in a hurry to go through your emails quickly. Think twice before opening and reading an email.
  • Do not open emails which do not have the name of the sender in the “From:” field.
  • Use firewall in your system.
  • Install and use effective antivirus software and keep it up to date (discussed in detail later in this chapter).
  • Regularly scan your computer for virus.

Antivirus

What to look for when buying an antivirus software? – Geekymint

Antivirus is a type of software which is used to identify and prevent viruses and other malware from infecting your computer. The first antivirus program was Reaper which was created to delete the first virus program Creeper. Antivirus programs have one drawback which is that they reduce the speed of the computer. However, considering that they prevent the destruction of your important data, this is a small compromise that you have to make.

Microsoft itself provides solutions with registered versions of Windows 7. It provides Microsoft Security Essentials and Windows Malicious Software Removal Tool. In addition, it sends Windows (Security) Updates Patch on the second Tuesday of each month. It also gives an option to download Windows Defender (Windows Defender is a software product that helps to fight malware).

These commercial antivirus programs update their virus definitions through the Internet on daily basis so as to remove a new virus and other malware. In order to make antivirus programs effective, you should regularly update your antivirus definitions. Regularly updated antivirus programs are considered as more reliable than free version antivirus software. You can also change the settings of your antivirus to automatically update virus definitions whenever connected to the Internet.

You must regularly scan your computer using these antivirus programs to check and delete viruses from your system.