We can all agree that cyber crime is growing and that the impact of this type of crime can be devastating. Malware in particular is a huge threat, especially for small and medium businesses who're unlikely to employ IT people whose sole focus is network security. That's why knowing the different types can help you understand how to best protect your data and your business.
The best-known form of malware is probably the virus. Computer viruses have been around for years, and the fundamental way they work has remained the same. They're generally made to inflict damage against the end user and can cause havoc in a matter of minutes, purging a complete hard disk and rendering the data useless.
The moniker comes from their likeness to biological viruses; they infect a host cell then replicate and spread themselves to infect an entire system. Other forms of viruses are targetted to ‘seek and destroy' specific file types or sections of a hard disk. For example, criminals conducting cyber-thefts will often release a virus on penetrated systems after extracting the specified information as a method of destroying forensic evidence.
Computer viruses were originally spread through the sharing of infected floppy disks (yep, they've been around that long!). As technology evolved, the distribution method for viruses did too. Today, common methods of spreading viruses are through email attachments, file sharing systems, and web downloads.
Computer worms have existed since the late 1980s, but weren't prevalent until networking infrastructures within organisations became common. Unlike computer viruses, worms have the ability of spreading themselves through networks without the human interaction.
Once infected with a worm, the compromised system will begin scanning the local network to locate additional victims. After locating a target, the worm will exploit software vulnerabilities in remote system, injecting it with malicious code to complete the compromise. Because of its method of attack, worms are threats that continuously evolve however your firewall protection may not. Now is the time to be looking beyond traditional network security and incorporate protection against malware and exploits that pass-through PCs when users browse the internet, send or receive email and download applications. Worms tend to be viewed more as a pain than a real threat. However, they work extremely well at spreading other malware or inflicting damage against target systems.
Designed by Freepik
The classic greek ruse of hiding an aggressive force inside a innocent looking package in order to get past security, the Trojan Horse, gives this particular malware it's name.
Trojans are small bits of executable code embedded into another application. Like viruses, Trojans typically require sort of user interaction to infect a system. However, unlike most worms and viruses, Trojans often try to stay undetected on the compromised host. Typically, the infected file is an application the victim would use regularly (such as Microsoft Word or Calculator) with the aim that the victim unknowingly executes the malicious code when launching a normally innocent program. This often results in Trojans infecting a system without triggering any kind of notification.
There are numerous forms of Trojans, each fulfilling an alternative purpose. Some Trojans are created specifically to extract sensitive data from the infected system; these types of Trojans typically install keyloggers or take screenshots of the victim's computer and automatically transmit the data back to the attacker. Other, more dangerous “remote access Trojans” (RATs), will seize control of the infected system, opening a back door for an attacker to later access. Remote access Trojans are usually found in the creation of botnets.
Spyware & Adware
Like some forms of Trojans, spyware is used to gather and relay sensitive information back to its distributor.
Spyware typically isn’t malicious in nature. However, it’s a major nuisance, typically infecting web browsers, making them nearly inoperable. Spyware is frequently used for deceitful marketing purposes, such as for example monitoring user activity without their knowledge. Occasionally, spyware might be disguised as a legitimate application, providing the user with some benefit while secretly recording behaviour and usage patterns.
Like spyware, adware really is a major nuisance for users. But it’s usually not malicious in nature. Adware, as the name implies, is normally used to spread advertisements providing some sort of financial benefit to the attacker. After becoming infected by adware, the victim becomes bombarded by pop-ups, toolbars and other forms of advertisements when attempting to gain access to the Internet. Adware usually doesn't cause permanent harm to a computer. However, it may render the device inoperable if not removed properly.
Arguably probably the most dangerous form of malware is the rootkit. Like remote access Trojans, rootkits supply the attacker with control over an infected system. However, unlike Trojans, rootkits are exceptionally difficult to detect or remove. Rootkits are usually installed into low level system resources (below the operating system). Due to this rootkits often go undetected by conventional anti-virus software. Once contaminated with a rootkit, the target system might be accessible by an attacker providing unrestricted access to the remaining network.
Knowing when you're infected
Malware in network traffic or on a pc makes its presence known one of three ways:
- A “signature” is a fingerprint or pattern in the file that may be recognised with a network security system such as a firewall even before it reaches a computer. If this kind of file reaches a pc, the anti-virus/antimalware software on the device should catch it.
- A suspect file type appearing out of context, like an executable (.exe) or registry value hidden in a compressed file such as .zip.
- Behaviour; even a good rootkit may reveal itself when it “phones home” to the operator who controls it. If this behaviour is abnormal for example, in volume or time of day- this is an indicator of a compromised system. The conventional security measures of having anti-virus software installed and constantly updated on all machines will address the most typical culprits.