Recently, I wrote an article that provided tips on how to avoid malware infection, and while the methods I listed there do cut down your chances of catching some nasty online bugs, I felt I could take this one step further and give you an inclusive malware encyclopedia.
With an average of 4,000 ransomware attacks, let alone other kinds of malware infections, occurring every day, I’d feel guilty sending you off without providing a reference of contemporary malware threats. This way, you know what you’re avoiding and why.
In this guide, I will be excluding old malware, specifically kinds that thrived on now obsolete tech, like floppy disks, to infect other computers. I’m confident I could count on one hand the number of readers who regularly use floppies to cart information around. Maybe just one finger.
The first kind of malware I want to touch base on is viruses. In most cases, people use the word “virus” as a catch-all term for anything that infects and negatively impacts their computer, be they Trojans, worms, spyware, etc.
This definition of a virus isn’t far from the truth. Viruses tend to do just that. However, what makes a virus a virus is that it 1) attaches itself to a host program, 2) changes the way the program or the entire system functions, often negatively, and 3) self-replicates to spread more copies of itself throughout the infected system. Viruses cannot infect more files if they are not activated, and they activate only when the infected program is run.
Malware, on the other hand, is the true all-inclusive term that refers to any malicious code. Viruses are merely one kind of malware, just as a cold is one kind of sickness.
People use and market the word “antivirus” in a similar way when referring to any program that guards your computer against different kinds of malware. While I’m guilty of doing the same, I’ll use the word “antimalware” in this article to refer to any cyber-defense program that protects your computer from malware threats.
File infectors are the viruses you think of when someone says their computer was infected. It’s the file-corrupting, self-replicating blight that damages your files until your computer is reduced to a crawling speed or crashes completely.
When a file infector virus gets into your system, they seek out files in your computer, usually .com and .exe, and latch onto them. Once the file is run, they activate and spread more copies of themselves to infect more files.
But what if the infected file isn’t commonly used? The virus wouldn’t spread quickly, if at all. That’s why some file infectors lodge themselves in the memory of a computer, which activates them on startup, allowing them to infect files that pass through the memory and evade antimalware detection.
Like most malware, the extent of a file infector virus’s effects can be as simple as making closable popups appear on your screen to irrevocably destroying your computer. They can also open the way for more malware to be shuttled onto your machine.
Multipartite viruses are especially nasty. These viruses get their name from the combination of “multi-,” short for multiple, and “partite,” which is an object or entity divided into parts. When you put both pieces together, you get a word describing a virus that attacks in more than one place upon infection.
Multipartites infect the computer in two locations: the boot sector of your hard drive, which activates the virus when you start your computer, and file executables, which runs the virus when you open an infected application.
What makes this virus so resilient is that you need to wipe all traces of it away before you can call your system safe. Even if you cleaned up every trace of the multipartite from your files but left a bit of it in the boot record, the virus would repopulate the moment you power on your computer. In the reverse situation, the virus would spread again if you ran one of the infected files.
If the previous virus didn’t sound tough enough, polymorphic viruses are truly devastating. In addition to having the ability to latch onto any kind of file it comes across, the polymorphic virus changes the encryption code of its copies as it spreads them around, which stumps antimalware.
To put this into an analogy, imagine you are a shopping mall security guard trying to track down a vandal who damaged merchandise in one of the stores. Each time the vandalizer passes into a store and destroys stuff, he convinces a bystander to help him do the same. The two vandals go into more stores and continue making copies of their villainous selves while you’re left trying to find a physical pattern to these criminals. The problem is, none of them match up in clothing, height, hair color—nothing.
Antimalware programs rely heavily on signatures to detect infections, but since polymorphic viruses change that signature from copy to copy, finding what bit of code is really causing the damage becomes near impossible for standard antimalware programs. If the software can’t find a through line between a thousand copies of a polymorphic virus, the virus will continue duplicating itself and damaging files uninterrupted.
These viruses hide out in the macro commands of documents like Word and Excel. Since macros are executables embedded in the document itself, simply opening an infected document is enough to launch this virus, at which point it rapidly infects the rest of the macro-enabled documents on your computer.
While most types of viruses are coded for and restricted to one specific OS, a unique feature about macro viruses is that they can leap between different operating systems. This is because macro viruses’ ability to spread is reliant on macros. In other words, the virus can travel freely between Windows, Apple, and Linux operating systems given that the infected document is passed among them.
Like all viruses, the extent of the damage macro viruses can cause varies. It could be as minor as injecting text into your documents, to deleting all the content in them. Some can access email accounts and send infected files to people in your contacts list.
2. Trojans and Worms
In the same way that tomatoes and cucumbers are often called vegetables when they are technically fruits, Trojans and worms are really two kinds of malware that people call viruses.
While Trojans and worms sport similar characteristics to viruses, their method of infection, among a few other characteristics, is what sets them apart from their viral cousins.
Like viruses, worms can attach themselves to files and self-replicate. However, the two crucial differences are that worms don’t need a host file to self-replicate or to be transferred from computer to computer. They can travel freely across networks such as a home network or the internet itself.
To put this in an example, let’s say Chelsea just finished fighting with her kid brother, Matt, and both stomp off to their own rooms to cool off. Chelsea starts browsing her favorite art site, while Matt launches his music creator program. Eventually, Chelsea stumbles across a page infected with a worm. The worm enters her computer and digs through files in search of data. At the same time, it detects that it is on a network. Even though Matt isn’t using the internet, he and Chelsea’s computer still share a common local network. And since the worm doesn’t need to wait for Chelsea to transfer infected files to his computer, the worm copies itself and sends its offspring across the network to infect Matt’s computer. In the end, the music files Matt created and sent to his buddies that day infected their computers, too, and both his and Chelsea’s computers became new targets for additional malware installs.
Once a worm gets into your system, it can destroy files, enlist your computer in a botnet (which I’ll talk more about below), and even create a backdoor for someone to remotely control your computer.
In the mythological Trojan War, as the Greeks warred against the city of Troy, they realized they couldn’t conquer the city by normal means. In fact, if they stayed, they would be picked off slowly. So they built a hollow wooden horse, secretly filled it with soldiers, and left it as a gift for their enemies, who revered horses as sacred.
(trojan-horse-virus place to the right of this paragraph, smushing text to the left)
The following night, after the enemies of the Greeks partied hard in celebration of their supposed victory and gone to sleep, the soldiers within the horse emerged and overtook the city.
This is where Trojan malware got its name. Trojans appear to be harmless software that promises one thing, but delivers a nasty payload once it gets into your system.
Trojans appear most often within infected email attachments and as fake antimalware programs. In addition, they differ from viruses in that they can’t self-replicate, yet they can still leave your computer wide open for subsequent malware downloads.
3. Spyware, Adware, Scareware, Ransomware
Though the effect and appearance of these four types of malware vary greatly, I bundled them together merely because of their similar -ware suffixes. Malware can fall into more than one of these categories, like an adware attack that also installs spyware, or ransomware that uses scareware tactics.
In the malware ice cream parlor, adware comes in two flavors. The first is legitimate software on websites that allows advertisements to appear on your screen and track some of your browsing habits so that the ads can be tailored to your preferences. Ever wonder why the ads you see after researching malware tend to market antimalware services?
This way, site owners can earn revenue for hosting ads, and the advertising companies increase their chances of getting customers to click on relevant ads and potentially buy a product.
The second flavor is malvertisements, or malicious advertisements, which are ads that redirect you to websites that either contain or force-install malware onto your computer. For just a little worse luck, you can get the Really Nasty Edition of malvertisments that infect your computer without you clicking on the ad at all.
This is called a drive-by download. Code embedded in the ad takes advantage of your media plugins like Flash or Adobe to run the malware and infect your computer.
While most bad adware can be avoided by not clicking the ads or by closing invasive pop-up windows, you can prevent a large majority of drive-by downloads with an adblocker, which halts the malicious embedded code from running.
One of the best ways to get someone to buy in on a deal is to create a sense of urgency or scare them into it. That’s why ads on TV about carbon monoxide sensors and lead piping rely on tragic anecdotes and lists of health hazards.
While the ads address very real problems, they knowingly use scare tactics because, hey, it works. After the ad, don’t you get that creeping sensation that there’s a carbon monoxide leak in your house? Or that the water you’re drinking might be the reason why you feel so sluggish?
Scareware, malicious software that attempts to evoke a sense of urgency or fear in order to convince victims to download said software, works the same way.
For example, when a popup warns you that you have a serious malware infection and offers antimalware protection plans, don’t believe it. Trustworthy antimalware developers don’t push their products like that. Ever.
Buying into the scam software and installing it may not only cost you monthly fees for a bogus protection suite, but it may also provide a doorway for the propagators to install more malware onto your computer.
Why scare people into giving you money and computer access when you can encrypt their sensitive data and “promise” to decrypt it for a fee?
Ransomware does just that. Trading subtlety for a blatant attack, you know when your computer is infected with ransomware. A large popup appears, sometimes disabling all ability to control your computer at all, and tells you that your machine or files on it have been encrypted. It also requests a payment, usually in cryptocurrency like bitcoin, to restore the computer or files back to you.
If ransomware is a buff, dual-machinegun-wielding, headband-wearing Rambo soldier shouting what he’s going to do at the top of his lungs, spyware is a noiseless spy slipping into any outfit or mannerism that allows undetected passage into all workplaces, houses, institutions, etc.
Because the goal of spyware is to collect information from individuals and organizations, it is designed to be as undetectable as possible. That means spyware gives minimal, if any, sign of infection, makes a negligible impact on a computer’s performance, and evades antimalware scans.
Once it’s secure in your computer, it can employ keyloggers, webcam overrides, and more to harvest bank account and social media credentials.
Before I talk about rootkits, I need to explain how root accounts work. When you start up your computer and log in to your account, you’ve just gained root access to your computer. You have full control over the system, and you can alter the computer (install, uninstall, modify) as you wish.
A rootkit is software that, once installed to your computer, grants the malicious controller the same root access that you have, except they can also operate your computer remotely and usually without detection.
While rootkits and backdoors may seem indistinguishable in that they give others unauthorized access to a system, rootkits are one kind of backdoor, just as a trapdoor is one kind of secret passage.
For example, if a website programmer builds a business website for a client and includes a customer paywall that blocks better content, the programmer could add a secret key command like “givemefree” to the pay screen, granting free access to the locked content. This is a backdoor, but it’s not root access.
Creating a botnet is like creating a private army. The botnet creator releases malware, typically a Trojan, to infect as many computers as possible. Once the computers are infected, the malware remains undetected on the computers and awaits a command.
Once the botnet creator has amassed a large network of computers, the army can be used for multiple purposes. The most well-known purpose is to initiate a distributed denial of service (DDoS, pronounced DEE-doss) attack, which uses all the infected computers to flood a site with traffic, often to the point of making it unavailable for use. Botnet creators aren’t always the ones who want to use their computer army for DDoSing; they can just as easily rent the botnet out for profit.
Which brings us to another common botnet use: generating money. Botnet creators can take advantage of the enormous computing power at their disposal and use it to mine for bitcoins. They can also have the botnet enter sites and click on ads to make fraudulent click revenue.
Like most other kinds of malware, botnets can install rootkits and other malware onto the computer upon infection, granting the botnet creator even more control over army.
6. Zero Days
These are the aneurysms of the malware world. Zero Day attacks occur without warning when someone exploits a program vulnerability that was previously unknown to the developers. Zero Days are called such because the developers have no time—zero days—to create a patch that softens any initial attacks; the initial attack has already been made.
In some cases, this exploited vulnerability remains unknown to the developers for an indefinite period of time while the attacker plunders the unguarded bounty.
Rather than be a kind of malware, a zero day is more a type of attack. Any malware—virus, trojan, worm—can be a zero day as long as it targets a security gap the developer does not know.
In the End
There is more malware being created today than ever before, and many more variations and archetypes will be designed in the future.
As I mentioned in my article on avoiding malware infection, one of the best defenses against malware comes down to practicing safe browsing habits. It’s been a reliable countermeasure since home computers entered widespread use, and I have a feeling it will be the same in the future, even when new kinds of malware appear.
Trust your gut when you’re out in the web, and browse wisely.