lundi 13 mai 2013

Understanding Different Types of Malware and What They Do



You may have heard of terms like malware, virus, trojan, keylogger, worm, rogueware, fake antivirus, rootkit, ransomware, adware, spyware and dialer. Here’s a brief and easy to understand explanation for the majority of known forms of malware to help you differentiate between them.

 Whether you’ve had a computer for years or only a matter of days, it’s probably a good bet you have heard terms like malware, virus, trojan, keylogger, worm, rogueware, fake antivirus, rootkit, ransomware, adware, spyware or dialer. Most users will wonder what the differences between all these different words are as the word virus is often used as a generic term to cover all types of malicious activity on a computer.
Basically malware is short for Malicious Software and all of the terms above fall into this category because they are all malicious. The different terms being used instead of just plain virus are to categorize what the malicious software is capable of doing. For example, a keylogger is designed to record whatever keys you press on your keyboard and then send that information to a remote location. A trojan on the other hand, allows a hacker to steal information or gain full access to your computer.
Using the the word “virus” to include all types of malicious software is not very accurate, and “malware” is a more suitable term, a virus is after all just one type of malicious software. Thankfully most paid or free antivirus software looks for many different types of malware, not just viruses. Here’s a brief and easy to understand explanation for the majority of known forms of malware out there to help you differentiate between them.

Virus

  The most known term, a virus is a piece of code that attaches to a program such as an executable file, then replicates itself and spreads to other files and onto other computers without your knowledge. When you run an infected file, the virus loads into memory and actively searches for other files to infect or infects files when they’re accessed by the system. The different effects caused by a virus range from annoying popups to corrupting and deleting files or even erasing the hard drive and are commonly transmitted through email attachments. An example of one of the most destructive virus was the CIH that is capable of corrupting the BIOS.

Rogueware / Scareware / Fake Software

There are a lot of names that fall into this category such as “fake antivirus”, “rogue antispyware” etc, but they all work toward the same goal. That is to scare or trick you into believing you have problems with your computer such as several viruses, the computer is being attacked by hackers, there are serious system stability issues or even that your hard drive is about to fail. The rogue software pretends to be legitimate software and will offer to repair the non existent problems if you buy their “software” which obviously is completely bogus.
example of rogueware
This type of malware is usually a form of worm or trojan often found in malicious emails and on adult, pirate video/music or hack/crack websites and requires the user to allow the program to run by tricking them into running a “scan” or downloading a “viewer” for a media file. They often disable running security software and also disable parts of the system such as task manager until removed. A few tools like Remove Fake Antivirus or RogueKiller can hep remove several types of this malicious software in addition to the excellent Malwarebytes Anti-Malware.

Trojan horse

Unlike a virus, a Trojan horse doesn’t try to replicate itself but instead attempts to gain access to your PC and either looks to take control of it or steal information. A trojan usually achieves this by disguising itself as a legitimate program or a program you want to run such as a downloader, hack or crack etc, and the user executes the program to unwittingly activate the trojan. Below is a screenshot of DarkComet which is one of the popular and most used trojan.
They can often be used to also install other malicious programs such as key loggers or rogues onto your system. For more severe virus and trojan infections, you might need to download and boot with an antivirus boot CD.

Worm

Worms are similar in design to viruses in that they aim to replicate and infect as many systems as possible.
The main difference being that Worms don’t need to attach themselves to other programs in order to spread to other computers and instead rely on networking (such as via emails) and other transfer mediums like USB flash drives to propagate. They can also cause network performance issues and slow down computers by consuming large amounts of memory.







Key logger
keylogger sample
Key loggers record all the keystrokes from a computer keyboard and that data is secretly logged. If a key logger is being used maliciously, the logged data such as a typed document, online usernames and passwords, bank details etc, can be sent to a remote location or saved on the local computer without your knowledge. Key loggers can also be used for more legitimate purposes such as monitoring what your kids are typing in while using the internet etc. If you have had problems with key loggers in the past or would like an extra layer of protection, you might like to try an anti-key logger software.

Dialer

With the modern internet connection usually being either DSL, cable or fiber, dialers are pretty much redundant because their main function is to dial an expensive premium rate telephone number instead of the number normally used to connect to your ISP. In the days of dialup and ISDN this was obviously a problem, but as modern broadband doesn’t dial phone numbers to connect, a dialer has no real effect.
 



Spyware

The simple definition of spyware is a piece of software that collects any information about you or your computer without your knowledge, and can send that information to a third party. In its lighter forms, spyware can simply track your browsing habits for serving ads or record your searches in toolbars etc. More serious forms of spyware can collect keystrokes, read cookies or files on the drive, spy on other programs and gather personal data. Spyware is often installed when other software is installed such as freeware or shareware applications which is why you should always take care when installing all forms of software.
Some of the most effective spyware removal tools such as Malwarebytes Anti-Malware, SUPERAntiSpyware and Spybot are also very good at removing adware, hijackers and rogueware.

Adware
adware sample
Advertising supported software (adware) is simply a piece of software that displays advertisements for other products to generate money for its developers which can be either inside the program itself or during the setup installation. This mostly occurs in free software and shareware programs by offering other products or toolbars etc, and really isn’t dangerous in itself, just mostly annoying, irritant and difficult to uninstall. Some adware can serve its ads by tracking your browsing habits or activity, in which case it would be moved into the spyware category.

Browser Hijacker

Hijacking and changing your web browser start page and default search provider without consent can happen when installing certain toolbars or search helpers from software setup installers.
Browser hijack
It isn’t especially malicious, but can still be incredibly annoying, and quite often using the provided uninstaller doesn’t remove all traces and reset your settings completely.

Rootkit

Malicious rootkits often make their way onto a computer via software exploits or trojans and consist of a few parts. One part is to access the highest system privilege level (root) which can enable it to run high level actions, and the other (kit) is to deploy the malicious scripts, libraries or programs onto the system to perform the malicious tasks of stealing passwords,
 installing key loggers etc. Rootkits are stealthy and hard to detect because they start with your PC and activate very early in the boot process. Companies such as Sony and UbiSoft have been criticized in the past for using a form of rootkit in their DRM copy protections.

Ransomware

ransomware
Ransomware is like a more extreme version of rogueware and won’t just offer to repair non existing problems for a fee, it will actually demand a fee and can essentially lock you out of the computer, and in some cases also encrypt your files until you pay to remove it. A common ransomware recently is the Reveton worm which masquerades as a local police authority or other organization which accuses you of illegally downloading porn, warez or copyrighted material. You’re then told to pay a “fine” to unlock the computer. Ransomware often infiltrates a computer by downloading and running a malicious file in similar ways to rogueware or via email attachments. Windows Unlocker on the Kaspersky Rescue Disk is helpful in removing ransomware.

Note:      Although there are several different categories of malware from looking at the list above, most of the malicious software today combines different kinds of malware to achieve a higher rate of infection and giving more control to the hacker. Most are invisible to the user and run silently without your knowledge to avoid detection and do as much damage as possible for as long as possible. Rogueware, ransomware and adware are designed to let you know they’re there. Just because it might not look like you have some form of malware on your computer, it doesn’t mean you don’t have anything malicious at all. Means to protect and scan your systems should always be to hand.

1 commentaire:

  1. Everything said was very reasonable. However, what about this?

    suppose you added a little content? I am not suggesting your content
    is not solid., but what if you added a post title that grabbed folk's attention? I mean Sans titre is a little plain. You should peek at Yahoo's home page and see how they create post
    headlines to grab viewers to click. You might add a video or a related pic
    or two to grab readers interested about what you've written. In my opinion, it would bring your blog a little bit more interesting.

    Feel free to surf to my web site :: http://myfenerbahce1907.com

    RépondreSupprimer