If you read any technical blog, including ours, on a regular basis you are bound to come across a fair number of security related articles talking about security flaws, worms, viruses, Trojans and all manner of nasty sounding programs. With a large selection of malicious software out there, it can be tough to tell the difference between a virus and worm.
Here’s an overview of the most commonly used terms for malicious software.
Malware – Malware is a portmanteau of malicious and software. When we, or any other IT professional, talks about malware, we are generally speaking about any software that is designed to steal information, disrupt operations or gain access to a computer or network. In tech, and indeed many news articles, malware is used as a general term. It can also be referred to in legal circles as a ‘computer contaminant’.
Virus – A virus is a malicious code that is spread from one computer to another. Computer viruses are usually introduced to a system by a user downloading and opening an infected file. They can also be spread by any removable media including CDs, DVDs, USB drives, SD cards, etc. If an infected file is put onto say a USB drive, which is then plugged into a new computer and the infected file is opened, the virus will be introduced into the system. For malicious software to be labeled as a virus, it has to be spread through human action, usually in the form of the user unknowingly opening an infected file.
Trojan horse – A Trojan horse takes its name from the Greek story where a wooden horse was used to hide Greek soldiers who secretly entered Troy. In a similar way this computer virus is a program that is disguised as a useful program that when installed will do damage to your system. The severity of a Trojan horse varies from annoying to completely destructive, and while they are malicious, they will not replicate or transfer to other computers. Many modern Trojan horse programs also contain a backdoor (more on that below).
Worm – Worms are similar to a virus. In fact, many experts consider a worm to be a subclass of virus. Worms, like viruses, spread from computer to computer; the major difference being that worms can spread themselves. Computer worms also have the ability to replicate on a host system and send these copies to other users. The most common way of transmission is through email, or via a company’s network, often causing computers to run slowly while using a ton of bandwidth, ultimately leading to a system crash.
Spyware – Spyware is a malware program that captures user activity and information without the user’s knowledge or consent. Some can even go so far as to capture every single keystroke a user makes – this is commonly known as a keylogger. Spyware infects computers either through user deception (i.e., “You’ve won 1,000,000,000 dollars” ads) or through exploits in programs. Some spyware has been known to redirect users to websites or even change computer settings.
Adware – The main purpose of adware is to show ads and gain the hacker ad revenue. These ads can be pop-ups, extra banners added to web browsers, or ads shown during the installation of third party software. While generally not a form of malicious software on its own, it can, and often does, come with spyware.
Rootkit – Rootkits are all about stealth. When installed they hide themselves from detection while allowing an unauthorized user to access and control your computer. Nine times out of ten, the unauthorized user will have full administrative access, which means that if they were malicious enough, they could really do some damage.
Backdoor – Backdoors are similar to Rootkits, in that they allow an unauthorized user to access your computer. Many Trojan horses install a backdoor for the hacker to access and remotely control your system.
Bug – Some users think that a bug in software is a form of malware, placed there by the developer to ruin the program or a system. In fact, bugs aren’t malware, they are an error or fault in the software’s code. It’s true that hackers have exploited bugs to infect systems, but the bug was the way in, not the malicious software itself.
In the early days of the Internet, viruses were often installed separately from Trojans and worms. With the rising complexity and effectiveness of malware prevention software, hackers have started to blend their attacks together, often using a combination of one or more types of malicious software to infect systems. These combination malware infections are normally complex, but have been incredibly effective.
While malware is usually malicious towards single users, a new form of warfare that utilizes malware has arisen. Cyberwarfare is rumored to have been used by governments and companies to steal information or completely disrupt a countries information networks. While most Cyberwarfare is conducted at the country or conglomerate organization level, it is only a matter of time before small to medium companies are targeted.
Tools like Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), which is meant to fix bugs in Internet explorer, as well as strong anti-virus measures, timely virus scans and an efficient Internet use policy will go a long way toward preventing malware from infecting your computers. If you’re worried about the security of your computers and network, please give us a shout, we may have a solution for you.