Malware & Virus, Whether you’re on a Windows, Apple or Linux computer, a desktop, laptop, smartphone or tablet, you’re vulnerable to ever-evolving cyberthreats from computer viruses and other types of malware.
The first step to protecting yourself and your data is understanding what you’re up against. Here’s an overview of the major types of malware, today’s most common computer viruses and their potential impact.
The term “malware” — an amalgamation of malicious and software — is now used to describe any malicious computer program on a computer or mobile device. These programs are installed without the consent of users and can cause a number of unpleasant effects, including crippling computer performance, mining your system for personally identifiable information (PII) and sensitive data, erasing or encrypting data or even hijacking device operations or computer-controlled hardware. Hackers continuously develop increasingly sophisticated ways to infiltrate user systems. Like a game of whack-a-mole, as soon as one threat is neutralized, a replacement evolves, and the next iteration emerges. Let’s look at some of the most common types of malware currently in use.
1. Computer Viruses
What is a computer virus? Computer viruses are a type of malware that earned their name because of how they spread by “infecting” other files on a disk or computer. Viruses then spread to other disk drives and machines when the infected files are received in downloads from websites, email attachments, shared drives or when carried in files on physical media, such as USB drives or—in the early days—floppy disks.
According to the National Institute of Standards and Technology (NIST), the first computer virus, a boot sector virus called “Brain,” was developed in 1986. Tired of customers pirating software from their shop, two brothers claim to have designed the virus to infect the boot sector of software thieves’ floppy disks. The virus spread through infected copies of the pirated software, jumping from the infected floppy disk to the computer hard drive when the program was booted, or loaded onto the new machine.
Unlike viruses, worms don’t require human help in order to infect, self-replicate or propagate. As soon as they breach a system, they infect their entry point and spread through the device and across any network to which the device connects. By exploiting network vulnerabilities—such as missed operating system (OS) updates or application patches, weak email security or poor internet safety practices—worms can execute, self-replicate and propagate at an almost exponential rate as each new infection repeats the process. Originally, most worms simply “ate” system resources and reduced performance. Now, most worms contain malicious “payloads” designed to steal or delete files upon execution.
One of the most common online nuisances is adware. Adware programs automatically deliver advertisements to host computers. Familiar examples of adware include pop-up ads on webpages and advertising messages that are part of the interface of “free” software. While some adware is relatively harmless, other variants use tracking tools to glean information about your location or browser history. Most of the time, adware collects information in order to serve better targeted ads. But sometimes Adware is used for more nefarious purposes including redirecting search results, displaying op-ups that can’t be closed or link to malware, disabling antivirus software or even going all the way off the rails into the territory of spyware—see #4.
Technically, adware is installed with people’s knowledge and consent. But when was the last time you read all the way through a several thousand word “Terms of Service” statement? By clicking the “I Agree” button, you grant consent. Because you have acknowledged and consented to the terms of service, these programs can’t be termed malware. Today’s antivirus software typically identifies these programs as “potentially unwanted programs” (PUPs).
Spyware does just what it says. It spies on what you’re doing at your computer. It collects data such as keystrokes, browsing habits, location data and even login information. While adware might include “repurposing” collected data for sale in the terms of service statement, spyware is more duplicitous. Spyware is considered malware because users are unaware of it. The only intent of spyware is malicious. Spyware collects and sells your data to third parties, typically cyber criminals, with no regard for how the data will be used. Spyware may also modify specific security settings on your computer or interfere with network connections.
In another example of how the line between adware and spyware can blur, the rise of mobile computing has seen an explosion of spyware that tracks user behavior across devices and physical locations without their consent. For example, a free weather app on your smartphone may have gotten your consent to collect and use your location data, ostensibly to provide more accurate forecasts. You agreed to the app’s terms of service which include language enabling to re-use the location as they see fit, so it’s legit. But what happens when that includes selling your location to data to anyone who can afford it, regardless of whether that an online store trying to populate banner ads in your browser or a cyber criminal who cross-references mobile phone user data with other data sources?
Ransomware infects your computer, encrypts your PII and other sensitive data such as personal or work documents and then demands a ransom for their release. If you refuse to pay, the data is deleted. Some ransomware variants lock out all access to your computer. Sometimes, they might claim to be the work of legitimate law enforcement agencies and suggest that you’ve been caught doing something illegal.
Bots are programs designed to automatically carry out specific operations. Although they serve many legitimate purposes, they are also a popular type of malware. Once on a computer, bots can cause the machine to execute specific commands without the user’s approval or knowledge. Hackers may also try to infect multiple computers with the same bot to create a “botnet“—short for robot network. These zombie botnets give hackers the ability to remotely manage compromised computers, enabling them to steal sensitive data, to spy on user activities, to distribute spam automatically or to launch devastating Distributed-Denial-of-Service (DDoS) attacks on computer networks and websites.
Rootkits allow remote access or control of a computer by a third party. These programs are useful for IT professionals trying to troubleshoot network issues remotely, but they can easily become nefarious. Once installed on your computer, rootkits allow attackers to take complete control of your machine to steal data or install additional malware. Rootkits are designed to go unnoticed and actively hide their presence and that of other malware that they install.
As with most computer viruses and malware, although it’s no guarantee of safety, protecting your devices from rootkits starts with keeping current on all OS and application updates and patches to eliminate potential infection routes. Effective detection of rootkits requires real-time monitoring—not just periodic disk drive scans—for unusual behavior system behavior.
8. Trojan Horses
Commonly called “Trojans,” these programs hide in plain sight by masquerading as legitimate files or software. Once downloaded and installed, Trojans make changes to a computer and carry out malicious activities, without the knowledge or consent of the victim.
Bugs—flaws in software code—are not a type of malware, they are errors in software code that popular vectors for attackers with malicious intent. Bugs can, on and of themselves, have detrimental effects on your computer, such as freezing, crashing or reducing performance. Security bugs create holes in a computer or network’s defenses that are especially attractive to would-be attackers. While better security control on the developer end helps reduce the number of bugs, bugs are another reason why keeping current on software patches and system updates is crucial.
Common Computer Virus Myths
- Any computer error message indicates virus infection. Error messages can also be caused by faulty hardware or software bugs.
- Viruses and worms require user interaction to activate. False. This is actually the primary difference between viruses and worms. Although viruses do require the activation of their host file in order to execute, this may be part of an automated process. In contrast, once a worm has breached a system, it can execute, self-replicate and propagate freely and with no trigger, human or automated.
- Email attachments from known senders are safe. Viruses and malware often spread by blast emailing the contacts on an infected computer. Even if you know the sender, don’t open any attachments that you aren’t sure about.
- Antivirus programs will stop all threats. While antivirus vendors do their best to stay on top of malware developments, it’s important to run a comprehensive internet security product that includes technologies specifically designed to proactively block threats. Even then, of course, there’s no such thing as 100 percent security. So, it’s important to adopt safe internet practices to reduce your exposure to attack.
Common Misconceptions About Malware
Malware threats often rely on common misconceptions to create soft targets. By understanding some of the most widely misunderstood points, simple shifts in behavior can remove you from the soft target list.
One of the most common misconceptions about malware is the assumption that infection is obvious. Users often assume they’ll know if their computer has been compromised. Typically, however, the intent of malware is to perform their task(s) for as long as possible. So, malware doesn’t leave a trail to follow, and your system displays no signs of infection. Even malware like ransomware only makes its presence known after it has encrypted the files, thus completing its first task, to be ransomed back to the user.
Another common misconception is that all reputable websites are safe. Compromising legitimate websites with infected code is one of the easiest ways to convince potential victims to download files or provide sensitive information. This is exactly what happened to the European Central Bank (ECB) in August of 2019.
Many users believe their personal data—photos, documents and files—have no value for malware creators. But cyber criminals mine publicly available data, like that on social networks, to create custom targeted attacks on individuals or to gather intelligence for spear phishing emails popular for accessing the networks and assets of large, otherwise secure organizations.
Methods of Malware and Virus Infection and Spread
So how does your computer become infected by computer viruses or malware? There are many common approaches, but the following are some of the most popular methods owing to their efficacy and simplicity:
- Downloading infected files as email attachments, from websites or through filesharing activities
- Clicking on links to malicious websites in emails, messaging apps or social network posts
- Visiting compromised websites, aka drive-by downloads, viruses can be hidden in HTML, thus downloading when the webpage loads in your browser
- Connecting your device to infected external hard drives or network drives
- Operating system and application vulnerabilities provide security loopholes, backdoors and other exploits
- Social engineering attacks, such as phishing scams, trick victims into providing sensitive information or access to personal and work systems through customized attacks that often masquerade as legitimate organizations reporting fake emergencies to push victims to act quickly and without question
- Connected peripherals, smart devices and Internet-of-Things (IoT) devices can act as vectors, or access points, or they can be hijacked and controlled remotely by the hacker
Confidential data, such as passwords, are a key target of cyber criminals. In addition to using malware to capture passwords, cyber criminals also collect login details from hacked websites and devices, even physical means like peering over your shoulder in a crowded cafe. That’s why it’s so important to use a unique and complex password for each online account. This means 15 character or more and including letters, numbers and special characters.
The easiest way to do this is through a password manager tool that generates random passwords, stores them securely and obtains validation/permission prior to entering the stored credentials while masking the characters. Because so many people re-use passwords, password tools ensure that one compromised account does not cascade through your entire digital ecosystem. Also, remember that many security verification questions are ineffective. For example, if the question is “What’s your favorite food?” and you’re in the United States, “Pizza” is a common answer.
Signs of Malware and Computer Virus Infections
While most malware leaves no telltale signs and leaves your computer operating normally, sometimes there can be indications that you might be infected. Reduced performance tops the list. This includes slow-running processes, windows that take longer to load than usual and seemingly random programs running in the background. You may also notice that internet homepages have been changed in your browser, or that pop-up ads are occurring more frequently than usual. In some cases, malware can also impact more basic computer functions: Windows may not open at all, and you may be unable to connect to the internet or access higher-level system control functions.
If you suspect that your computer might be infected, scan your system immediately. If nothing is found, but you’re still in doubt, get a second opinion by running an alternative antivirus scanner. Check out these free tools: Free Cloud Anti-Virus Software and Free Ransomware Protection & Decryption Tools
Ideally, you want to prevent an attack, not discover it. While you should scan your device as soon as you suspect something amiss, your best defense is a comprehensive internet security solution that includes real-time scanning and monitoring of disk drives, files and activities as well as real-time updates on web threats provided by a team of experienced cyber security professionals. This includes monitoring instant messaging services, scanning email attachments, providing a firewall and so much more than scheduled scans and periodic updates. Effective antivirus and cyber security software should be able to work and coordinate between all your devices—how else can they protect you from viruses and malware that do the same?