A guide to Malware (and protection against it)

In simple terms, we can define malware as any unwanted software that causes intentional harm to computer systems. Any malicious program that was created to intentionally perform any negative task to any computer system is malware.

There are a lot of different types of modern computer malware. Some of the most popular ones are Viruses, Worms, Rootkits, Key-loggers, Ad-ware, Back-doors, and Trojans.

Any of these types can create serious problems for the user of an infected computer system. The aftermath of getting infected can range from simply getting a popup advert every time you switch on your computer, to complete control of your system, including password stealing, permanent file deletion, and even live webcam monitoring.

The biggest part of the worlds population believe that Windows operating systems are the only ones attacked by malware. This is not the case.
It is true that very large percentage of malware is designed for Windows, however, there are all kinds of malware for Linux and Mac too.

Some of the reasons why these other operating systems have much smaller amount of malware designed for them are:
-they are less popular as operating systems and have smaller base of users making them less feasible and profitable for malware creators.
-they both were designed with security in mind, as both Linux and UNIX (mac OS x uses UNIX derivative as the base of the system) have initially been used by computer experts.
-usually, malware creators personally favor and enjoy using Linux or UNIX variants, hence they do not want to harm the operating systems they like and use themselves.
-It is much easier to find educational information on learning to make malware for Windows than for any other OS, hence newer malware creators learn how to do it for Windows and in most cases stick with it. Learning how to do this for other operating system would require considerable effort and research.

So, in short, even though Windows has the largest number of malware designed for it, other operating systems are not bulletproof.

Computer viruses are the most known types of malware by the public. However, unlike how some people tend to believe, they are not the most widespread (that title goes to Trojans). Just like biological viruses, computer viruses have the ability to multiply and spread. They usually use executable files (programs) to multiply by copying itself into any computer program, hence making it infected. In many cases, viruses mutate every time they multiply. They achieve this by changing some code in the copy of themselves. This does not necessarily change the way they function, but simply changes the way they appear to antivirus software, making it harder to detect.

Some of the more popular actions that viruses perform besides multiplication, are:
-Deletion of files
-Modification of files
-Corruption of applications and the operating system
-Creation of new user accounts
-Various pranks (like changing your background image)

Viruses can usually be detected and removed by antivirus software, especially if the virus has been around for a longer time and the security experts have managed to find it and develop a way to remove it from a file without deleting it (this is called disinfecting. However, in many cases, the only way to remove the virus is to delete the whole infected file).

Worms can do very similar things like viruses, but unlike viruses, worms do not need to infect executable files (programs) in order to live or multiply. They are executable programs themselves, and they can spread and multiply by making copies of itself on to other directories, removable media, network nodes (devices connected to your network), and even website servers.

They essentially do the same thing as ordinary viruses, but they simply use a different multiplication methods and are harder to completely remove.

It is believed, that even if you have the best security available, you can still get infected by a worm, if it was designed very well and antivirus developers have not yet found it. These type of worms do not do any drastic or harmful actions that's why they are hard to notice and can spread very far. They might have a logic trigger that will activate them when a specific criteria is met. For example it might simply spread and do nothing else, and activate it's malicious features once a specific date is reached or once the cracker uploads a certain sign to a specified website that would tell the worms to start their work.

This is the least dangerous type of malware. Adware and Spyware does not delete your files or steal your passwords. Instead, it is designed to make profit for the owners of it. Spyware can be used to monitor your activities, and collect large amounts of data in order to develop better advertisement methods according to your responses and activity. Adware simply show adverts to you without you wanting them. It might show a pop up ad every hour, or might hijack your web browser and make it insert adverts into every website you open. Every time you see or click one of those adverts, the owner of the adware gets a tiny fee from the advertisement entity. One single victim wont make any considerable money to the cyber criminal, but if hundreds of thousands of computers are infected, pretty serious money can be made.

In many cases, Spyware and Adware are working together to collect data about you and use that data to show you adverts that you are likely to click.

Trojan, also known as Trojan Horse, is the most widespread malware type. Unlike worms or viruses, trojans can not multiply by them selves. They have to be distributed or spread. The reason why it is called a trojan is that this type of malware conceals itself as a good and useful piece of software even though it is malicious. Just like the famous Trojan Horse that looked like an innocent gift, but actually was designed to carry enemy soldiers that were hiding within it into the inner city.

Trojan horses are capable of almost any task, but in most cases they are used to create a network of victim computers called a "Botnet". This botnet can be controlled by the owner of the trojan horse. The more computers are in a particular botnet, the stronger and more valuable it becomes. Cyber criminals can use it to take down websites temporarily, by over-flooding them with more internet traffic then they can possibly handle (this is known as a Distributed Denial of Service attack, or simply DDoS). Some of the biggest botnets in history had more than 10 million passive and active bots (victims). Even if just 5 percent of those victims were active at any point in time, we are talking about a 500000 computers network waiting for an order to attack any website that the owner specifies.

Besides botnets, trojans are also used to gather private data from users, like usernames and passwords. In some cases, trojans are also used to start-of the spreading of viruses and worms.

Keyloggers, as their name suggests, simply record your keystrokes. Basically, every single word, password, username, or other input you type with your keyboard gets logged into a file which is later sent to the cyber criminal through internet or is physically obtained from your computer.

Usually, keyloggers do not have the ability to spread by themselves, and hence have to be individually distributed. They are usually sent to you in the trojan way. If someone wants to obtain your passwords or other info you type, he or she can attach or in more technical words, "bind", the keylogger to an executable file and send it to you as a game, funny software or something else that is useful to you. There are also some techniques that can be used to make the keylogger seem as a picture. These are usually sent to you by email. There are other more advanced ways to distribute it too.

You should simply not open or accept files from people you do not trust.

Rootkits are also known as "Remote Administration Tools" or simply "RATs" by some people, as their "good" variants can be used by computer experts to remotely fix and maintain computers, or locate stolen computers and even identify the thief.

The main goal of a rootkit is to give the complete control of your computer to the person who has configured and spread the infected file (spreading methods are described later). Note that the cracker (person configuring and spreading the rootkit) does not have to be the creator of the rootkit software. There are many rootkits available for sale in the internet underground. A rootkit is one of the most dangerous types of malware as it allows the owner of the virus to steal the passwords you save in your web browsers (many people allow their browser to remember the username and password, so that they would not have to type it every time). It also provides complete access to your personal files. It can even allow the hacker to see a live stream from your web cam regardless of weather it is on or off. Trust me, it is true - I have seen it done. To put it in short, if you get a rootkit, the hacker can do almost everything that he could do if he had physical access to your computer. This is why crackers call you "owned" once you get infected by their rootkit.

Another factor that makes rootkits extremely dangerous is that they are very hard to detect and remove.
If you find out that you have a rootkit, the best option would be to simply back up your most important files, completely format your hard drives (wipe out everything clean, deleting the rootkits and other malware), and finally reinstall the operating system and all the applications from scratch.
Sounds harsh, but this is the only way to be fully sure that you are clean.

Also, by this time, the cracker might have all your passwords, so you should change them (email accounts, social network accounts, etc) as soon as possible.

There are a few things you can do to minimize the chance of you getting infected by malware. First of all, in order to protect yourself from known viruses, worms, rootkits, adware, spyware, and keyloggers, you should get yourself a reliable antivirus. Note the word "known" in the previous sentence. Antivirus and anti malware software can not detect all the threats. Modern antimalware software can detect some malware by examining a file and looking for a pattern that would represent malicious code inside a program (instead of looking for particular malware signature, it uses a common pattern). However, this does not find all malicious software, and might leave out some advanced and dangerous rootkits, trojans and worms undetected.

You might get scared now. You should not be. There are a few steps you can follow in order to secure yourself:

-Never ever download or instal any pirated software from any file sharing sites, torrents, or friends. Most of the times crackers include powerful malware with this "free" software. They want to infect as many people as they can. One of the more popular goals of such crackers is to infect enough computers to form a botnet that they could later use to take down websites or online services. Pirated software is both illegal and dangerous to you.

-Never accept any files from people you do not trust. Also, do not download or instal software from unknown websites or companies.

-Do not go to illegal sites (weapon sales, drugs, etc...). Not even if you are simply doing research.

-Do not use any removable media such as USB Flash disks, external hard disks, CDs, DVDs, MP3 players, etc. unless you are certain that the person giving it to you takes care of his or her computer security (you can send the link to this lens or share it on facebook if you know some friends that could benefit from this information). If your friend gets infected by some malware and shares a file with you, such as a picture, using removable media, you have high chance to get infected too.

-Scan your computer from malware using trustworthy antivirus software like the solutions provided by Norton, Kaspersky, and McAfee. These will not only protect you from most of modern viruses, worms, and trojans, but will also protect you from hackers using intrusion detection and firewalls. It is worth it to purchase a proper computer security package. You don't want to risk getting hacked or infected by using limited free versions that often lack important features.

-Make sure you keep up to date backups. This is important as you never know what might happen. Maybe a virus manages to get through your security and destroys all your data. Maybe, someone steals your computer, and you lose everything. If anything like this happens, a backup might save your important files. It is advisable to keep the backup in a different place than the computer, as if a thief would brake in, he would not get the back up too. That would be kind of ironic.

As you have seen from this lens, the malware world is pretty big and scary. Viruses, worms, trojans, rootkits, and other malicious software has become very advanced and sophisticated. In order to protect yourself, you have to know the basics about these malicious programs.
If you follow the few tips I gave to you, you should be fine.
However, just in case you do get infected, it is wise to have a full up to date backup of your files ready. This can be a lifesaver if the worst happens.

By the way, if you still don't have a reliable anti-malware software package, you can check out my recommendation at the very bottom of this page.