The main types of malware
To begin, need investigating what computer viruses are and where they come from.
In 1961, engineers Viktor Vysotsky, Doug McIlroy and Robert Morris from Bell Telephone Laboratories developed small programs capable of making copies of themselves. These were the first viruses. They were created in the form of a game that engineers called Darwin, whose goal was to send these programs to friends to see which one would destroy more of the opponent's programs and make more copies of himself. The player who managed to fill the computers of others was declared the winner.
Now the term "malware" is used to describe any malware on a computer or mobile device. These programs are installed without the user's consent and can cause a number of unpleasant consequences, such as a decrease in computer performance, extraction of the user's personal data from the system, data deletion or even impact on the operation of computer hardware. As cybercriminals come up with increasingly sophisticated ways of penetrating users' systems, the malware market has significantly expanded. Let's look at some of the most common types of malware that can be found on the Internet.
Computer viruses get their name for the ability to "infect" a lot of files on the computer. They also spread to other machines when infected files are sent by e-mail or transferred by users on physical media, for example, on USB-drives or (earlier) on floppy disks. According to the National Institute of Standards and Technology (NIST), the first computer virus called "Brain" was written in 1986 by two brothers in order to punish pirates who steal software from the company. The virus infected the boot sector of the floppy disk and transferred it to other computers via copied infected floppy disks.
Unlike viruses, worms do not require human intervention for distribution: they infect one computer, and then through computer networks spread to other machines without the participation of their owners. Using network vulnerabilities, for example, shortcomings in email programs, worms can send thousands of their copies and infect all new systems, and then the process begins again. In addition to the fact that many worms simply "eat" system resources, thereby reducing computer performance, most of them now contain malicious "components" designed to steal or delete files.
One of the most common types of malware is adware. Programs automatically deliver advertisements to host computers. Among the varieties of Adware - pop-up ads on web pages and advertising, which is part of the "free" software. Some advertising programs are relatively harmless, others use tracking tools to gather information about your whereabouts or the history of visiting sites and output target ads to your computer screen. BetaNews reported on the discovery of a new type of adware, which can disable antivirus protection. Because Adware is installed with the consent of the user, such programs can not be called malicious: they are usually identified as "potentially unwanted programs."
Spyware does what its name implies - it keeps track of your actions on the computer. It collects information (for example, records keystrokes on your computer's keyboard, tracks which sites you visit and even intercepts your registration data), which is then sent to third parties, usually cybercriminals. It can also change certain security settings on your computer or interfere with network connections. As TechEye writes, new types of spyware allow attackers to track user behavior (naturally, without their consent) on different devices.
Extortion programs (Winlock)
Extortion programs infect your computer, then encrypt sensitive data, such as personal documents or photos, and require a ransom for decrypting them. If you refuse to pay, the data is deleted. Some types of extortion programs can completely block access to your computer. They can give their actions for the work of law enforcement agencies and accuse you of any illegal actions. In June 2015, users who reported financial losses totaling $ 18,000,000 as a result of the CryptoWall extortion campaign addressed the FBI's Internet Fraud Complaint Center.
Bots are programs designed to automatically perform certain operations. They can be used for legitimate purposes, but the attackers have adapted them for their malicious purposes. Having penetrated into the computer, the bots can force it to execute certain commands without the approval or even without the user's knowledge. Hackers can also try to infect several computers with the same bot to create a botnet that will then be used to remotely control hacked machines-steal confidential data, monitor victim activity, automatically distribute spam, or launch destructive DDoS attacks on computer networks.
Rootkits allow a third party to gain remote access to and control a computer. These programs are used by IT professionals to remotely solve network problems. But in the hands of intruders become a tool for fraud: by entering your computer, rootkits provide cybercriminals with the ability to gain control over it and steal your data or install other malicious programs. Rootkits can qualitatively mask their presence in the system to remain unnoticed for as long as possible. Detection of such malicious code requires manual monitoring of unusual behavior, as well as regular adjustments to the software and operating system to eliminate potential infection routes.
These programs masquerade as legitimate files or software. After downloading and installing, they make changes to the system and carry out malicious activities without the knowledge or consent of the victim.
Bugs - errors in fragments of the program code - this is not the type of malicious software, namely errors committed by the programmer. They can have detrimental effects on your computer, such as stopping, crashing or degrading performance. At the same time, security bugs are an easy way for attackers to bypass protection and infect your machine. Providing more effective security control on the developer side helps to eliminate errors, but it is also important to regularly carry out software adjustments aimed at eliminating specific bugs.
Myths and Facts
There are a number of common myths associated with computer viruses:
- Any computer error message indicates a virus infection.
- This is incorrect: error messages can also be caused by hardware or software errors.
- Viruses and worms always require interaction with the user.
- This is not true. In order for the virus to infect the computer, the code must be executed, but this does not require user participation. For example, an online worm can infect users' computers automatically if they have certain vulnerabilities.
- Attachments to e-mails from known senders are safe.
- This is not so, because these attachments can be infected with a virus and used to spread the infection. Even if you know the sender, do not open anything that you are not sure of.
- Antivirus programs can prevent infection.
- For their part, anti-virus software vendors are doing everything possible to keep up with malware developers, but users should definitely install a comprehensive Internet security protection solution on their computer that includes technologies specifically designed to actively block threats. Even though 100% protection does not exist. You just need to consciously approach your own online security to reduce the risk of being attacked.
- Viruses can cause physical damage to your computer.
- What if a malicious code causes the computer to overheat or destroy critical microchips? Suppliers of protective solutions have repeatedly debunked this myth - such damage is simply impossible.
Meanwhile, the growth in the number of devices interacting with each other on the Internet of Things (IoT), opens additional interesting opportunities: what if an infected car gets off the road, or does the infected "smart" furnace continue to heat up until the normal load exceeds? The malware of the future can make such physical damage a reality.
Users have a number of misconceptions about malicious programs: for example, many believe that the symptoms of infection are always visible and therefore they can determine that their computer is infected. However, as a rule, malware does not leave traces, and your system will not show any signs of infection.
Do not believe that all sites with a good reputation are safe. They can also be hacked by cybercriminals. A visit to a legitimate site infected with malicious code is an even greater possibility for a user to part with his personal information. This, as SecurityWeek writes, happened to the World Bank. Also, many users believe that their personal data - photos, documents and files - are not of interest to the creators of malicious programs. Cybercriminals use publicly available data to attack individual users, or to gather information that will help them create phishing emails in order to penetrate internal networks of organizations.
Standard methods of infection
So, how do you get infected with computer viruses or malware? There are several standard ways. These are links to malicious sites in e-mail or messages on social networks, visiting an infected site (known as a drive-by download) and using an infected USB drive on your computer. Vulnerabilities of the operating system and applications allow attackers to install malware on computers. Therefore, in order to reduce the risk of infection, it is very important to install security updates as soon as they become available.
Cybercriminals often use social engineering techniques to trick you into doing something that threatens your security or your company's security. Phishing messages are one of the most common methods. You get to the form of an absolutely legitimate e-mail, in which you are urged to download an infected file or visit a malicious website. The goal of hackers is to write a message so that you find it convincing. This can be, for example, a warning about a possible viral infection or notification from your bank or a message from an old friend.
Confidential data, such as passwords, is the main target of cybercriminals. In addition to using malicious programs to intercept passwords at the time they are entered, attackers can also collect passwords from websites and other computers that they hacked. That's why it's so important to use a unique and complex password for each account. It should consist of 15 or more characters, including letters, numbers and special characters. Thus, if cybercriminals succeed in hacking one account, they will not be able to access all of your accounts. Unfortunately, most users have very weak passwords: instead of coming up with a hard-to-find combination, they turn to standby passwords such as "123456" or "Password123", which criminals easily select. Even control questions can not always be effective protection, because many people give the same answer to the question "Your favorite food?", For example, if you are in the United States, then almost certainly the answer is "Pizza".
Signs of infection
Although most malware does not leave any obvious traces, and your computer is working fine, sometimes you can still see signs of possible infection. The very first of them is a decrease in productivity, i.e. processes are slow, windows take longer to load, some random programs are running in the background. Another worrying sign may be considered modified home Internet pages in your browser or more frequent than usual, the emergence of pop-up ads. In some cases, malware can even affect the basic functions of the computer: windows does not open, there is no internet connection, or access to higher-level management functions at a higher level. If you suspect that your computer may be infected, immediately perform a system scan. If the infection is not detected, but you are still in doubt, get a second opinion - run an alternative antivirus scanner.