The following article was recently posted on the Emsisoft blog. It’s an excellent malware primer that can help take some of the confusion out of understanding the different kinds of malware that lurk around every corner of the Web. We’ve edited the article slightly. We thank the Emsisoft team for allowing us to share this with you.
The malware landscape has shifted – These online threats are waiting for you in 2016In Security Knowledge by Franziska on July 7, 2016
Have you ever wondered what you’d do if all of a sudden the data from your your laptop was held hostage? What if you went to make an online payment and your bank account was empty without reason? This is the sort of nightmare one always imagines happens to someone else. Unfortunately, these are just two of far too many threats that we all face in a climate of heightened cyber crime.
Today’s attackers don’t seem to be deterred at all by modern security measures and the use of malicious software is still a rampant issue for banks, businesses and at home users.
What is Malware?
The term ‘Malware’ covers a plethora of exploitative programs. Defined most simply, Malware is software that is specifically designed to damage or disrupt your computer system.
So what kinds are there?
Generally speaking, Malware can be broken down into different categories which we will explore here in order of danger.
Viruses – no longer a big deal
A virus spreads itself by smuggling its code into another program. Uses for a computer virus vary from stealing sensitive information, taking control of a computer to complete illegal tasks or simply wanting to prove that it can be done, such as hacking a government website and taking it offline. Similar to its biological namesake, a virus requires a host.
Worms – less common
These nasties are similar to viruses in their shared aim to spread as fast as possible. But, unlike viruses, they don’t require a host program. Worms spread themselves via storage devices such as USB sticks and email. Remember that time your sister gave you the USB with all of the family photos on it and suddenly your computer started freaking out? Yep. Your PC likely had worms.
Antivirus software with a dual-engine fileguard is your best defense against any kind of malware threat that spreads through e-mails, USB sticks or downloads.
Spyware – more scary than disruptive
These, well, they spy on you, and collect various types of data from your PC without your knowledge. Within moments of installation, cyber criminals have their hands on huge amounts of your personal information such as your email correspondence, private photos and again, your credit card details. Spyware is also used for surveillance through Keyloggers: a variety of malware that monitor keystrokes and secretly record everything entered into your keyboard. Personal demand for this technology has expanded rapidly in recent years. As parents become more and more concerned about their child’s online behavior, keylogger software developed as a new form of parental control, much like that setting on your smart TV. With a simple program, parents are able to monitor their children’s keystrokes to see what kinds of conversations they are having online and what they are searching for in google when they think no one is watching.
Ransomware – a costly problem
An exploitative crime, ransomware is a type of malware that encrypts your personal data or locks your entire PC. You are asked to pay a “ransom” via an anonymous service in order to unlock your computer and free your data. Ransomware makes up a huge part of todays active threats as it turned out to be one of the easiest income earners for attackers. All other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash to return your data or access to your PC. This is usually achieved through a lockout screen with a countdown timer and a link to a payment page where you are required to pay your ransom.
Earlier this year, Hollywood Presbyterian Medical Center paid $17,000 in cyber-ransom money to recover patient data that was taken hostage through an online malware attack. This kind of malware is usually installed by a Trojan: the big kahuna of malware.
Trojans – the ultimate exploit
The main objective of a Trojan is to install other applications on your infected computer so it can be controlled remotely. Trojans do not spread by themselves like viruses do. But, much the same as the Greeks’ silent attack on the city of Troy, these malicious codes, when executed, release a second program: this is the Trojan itself. Trojans remain an ongoing issue for financial institutions. They are known for taking screenshots and uploading them to remote servers, gathering IP addresses which can be used to identify you, performing malicious web injections and allowing access to your infected PC to anyway who holds the keys.
Trojans are especially dangerous because they combine two pieces of software: the first infects your computer, the second waits silently until you visit your bank’s website, captures your login details and hijacks your online identity. That same generic password (we know you do it) that you use for every single website, email account, Facebook and internet banking site is now recorded directly after your usernames. A lot of credit card fraud occurs this way, where your credit card details are stolen, and as neither a PIN nor a signature is required when shopping online, simply stealing card numbers, expiry dates and the CVV number (on the back) that you entered into what you thought was ebay is sufficient and lucrative for this kind of fraud.
Trojans can also destroy files or information on hard disks or capture and resend confidential data to an external address. By opening communication ports, your computer can become a bot; a member of a botnet army that is remotely controlled by a cybercrime organization.
Bots- just plain scary
These specifically consist of two parts.
A dropper: the exploit or trojan that then opens the machine to download the actual malware, and
The bot itself: which is a remote control software that connects to a master server to wait for instructions. Imagine you have a remote control feature that allows you to let 100k machines do one thing, what you could do with that! For example, you could let all of those computers send only one spam email per hour. Nobody would notice, yet you could send millions in a short time to sell viagra or to simultaneously access amazon.com with 1000 requests per minute and overload their servers so they can’t earn money anymore. You could request ransom in exchange for not launching the attack.
Sadly, even if the ransom demanded goes into the millions, these bots can continue to be used to hack more computers, wait for a new security leak to be discovered and instruct all bots to scan the entire internet for more vulnerable machines and so on.
Suddenly a 100k network of computers has become a virtual monster computer that can crack passwords, mine new bitcoins or do any other calculation intensive job for free and your computer is now part of that botnet.
We know you didn’t mean to send $10,000 of your savings to help fund a terrorism organization. You didn’t intentionally install keyloggers on hundreds of computers to mine data to be held for ransom. But, too bad. Your computer did and you are 100% responsible for what happens on your PC.
When you access a website, good anti-malware software checks if the address is already known for spreading malware, and if so, gives you a warning instead of loading the site. So, look for an antivirus solution that doesn’t rely on signature-based detection alone, but also monitors your programs for unusual behaviour.
A final note on malware
Malware is designed to disrupt and damage your system. But, be aware that it is getting harder to define threats as just one category now. Bots act viral by spreading themselves around, ransomware acts like a virus in the way it manipulates files. Bots are installed via exploits and Trojans. Malware is dangerous regardless of the type or the delivery.
A note on PUPs (Potentially Unwanted Programs)
PUPs or ‘crapware’, on the other hand, are not usually dangerous, but are incredibly annoying. Want to know the temperature in Aruba every minute of every day? No. Us neither. Yet, this and other highly annoying information is suddenly popping up every time you open a program. PUPs, find their way onto your computer much the same way as malware, through a bug in a reputable site or wrapped up in that useful program you actually wanted. A good security system will detect and remove these while providing sound surf protection; a database that contains the addresses of dangerous websites and prevents you from entering that website in the first place…
No matter how computer savvy you are, regularly updated security software with real-time protection should be an essential part of your PC. Protecting your data and your personal details is of primary importance. So what additional features should you be looking for in a well-rounded security program?
Emsisoft Anti-Malware protects your PC in three ways. Surf protection prevents you from visiting dangerous websites. The powerful dual-engine scanner detects any malware if it manages to enter your PC, and even currently unknown parasites will be reliably detected by its advanced behavioral analysis.
Your computer’s health is of utmost importance to us, which is why we work so hard to stay on top of all modern and previous security threats. Threats exist, but so do solutions.
Have a nice (malware-free) day!
Your Emsisoft Team