Malicious software breakdown: The what and why about Malware
By Steve Ragan Mar 26, 2007, 17:05 GMT
While talking online to my friend, Robin, I was asked a rather simple and at the same time complex question about Malware. The question was, “What is the difference between Spyware, Adware, Malware, and Viruses?” Now, to some of you, that would seem like a rather simple question to answer. However, take into fact, Robin is like many of the people online, she knows about the internet, some of its dangers, and many of its features. She does not, however, understand all of them and pointed out to me that often those terms tend to jumble.
After talking to her, I started thinking about what I write about on Monsters and Critics. Some of the stories, not only here but all over the web, tend to use terms that people who are in IT or security people in general will get. However, for the average user, those terms simply fail to sink in. After all, to any security person who deals with networks and computers all day, the informed or uninformed and the answer should be clear. Drill that down and separate it into people who are online, like Robin, are informed, but not clear on the subject matter totally and the lines are blurred. Some of those users are at risk, and others are at serious risk.
So back to the question, “What is the difference between Spyware, Adware, Malware, and Viruses?” The answer, while complex, can be broken down to understandable terms. Malware describes Spyware, Adware, and Viruses in one short and simple term. Spyware, Adware, and all Viruses can be named Malware because each of them is malicious by nature. Now, for a longer version of the answer with a little more detail.
Malware describes any form of software that is written with malicious intent. Malware is not just one single file, or program. Malware will come in all kinds of ‘flavors’ or verities. Malware can come as an email attachment, a downloaded file; it can also become installed by viewing a malicious website. Several of the most common forms of Malware are interchangeable with the terms Virus, Worm, Adware, Spyware, and newer term, Badware. Badware is not really a term, it is a coin-phrase created by stopbadware.org.
Viruses and Worms are almost the same. Both are malicious and can do harm to your computer. The difference is that Viruses mainly target your computer and your computer alone. Worms on the other hand will target your computer and if you are online or on a network, attempt to spread. Most of the items in the news lately related to Malware are Worms. The Bagle Worm, the Storm Worm, NIMDA, and CodeRED all of those examples are Worms. The damage these Worms create is that they spread on their own. Once infected you will notice them but often cannot stop them from spreading on your own.
The code behind a Worm is crafty; some Worms are a work of art when you inspect the code that creates them. The make-up of a Worm is exploitation based. They work to exploit weaknesses in the computer system and make copies of themselves in order to spread to other computers. On a network level, this can increase the costs of maintaining support, seen in the form of money spent to pay employees to correct the infection. On a personal level, you as the user will have lost time online, you might have possible file loss or in the worst case, you will need to format or erase all of the data on your computer reinstall everything and start over.
The topic of Worms also lends its self to another tech-term used in the news, Trojans. Often you will see Worms delivered with Trojans. Trojans get their name from the Trojan War. Criminals will package Worms or hide other malicious files inside something innocuous, like a Zip file or Freeware files like a game or other such program. If you are not familiar with the Trojan War, Wikipedia explains it as such:
“The Greek siege of Troy had lasted for ten years. The Greeks devised a new ruse: a giant hollow wooden horse. It was built by Epeius and filled with Greek warriors led by Odysseus. The rest of the Greek army appeared to leave, but actually hid behind Tenedos. Meanwhile, a Greek spy, Sinon, convinced the Trojans that the horse was a gift despite the warnings of Laocoon and Cassandra; Helen and Deiphobus even investigated the horse; in the end, the Trojans accepted the gift. The Trojans hugely celebrated the end of the siege, so that, when the Greeks emerged from the horse, the city was in a drunken stupor. The Greek warriors opened the city gates to allow the rest of the army to enter, and the city was pillaged ruthlessly, all the men were killed, and all the women and children were taken into slavery.” --Wikipedia Entry on Trojan War.
You see, malicious coders are tricky. They will use any means at their disposal you trick you into installing, or downloading their Malware. This may seem like a scare tactic, but sadly, it is the truth. There are millions, literally millions of computers online infected with one type of Malware or another at this very second. Many of those computers are owned by very bright highly intelligent people, so do not think for a second that education plays a role in infection. The criminals play off human nature. They know there are some types of emails or websites that you will pay attention to and you will often do exactly as they want. Take for example the Storm Worm; it is still active online today. The premise was simple, attach an EXE file to an email, and with that EXE include Malware. The user will click on the EXE file and install the Malware.
However, these days, most people are skeptical of emails that come from unknown sources, so it seems, the hoax worked. Picking various topics each one designed to grab your attention several thousand people clicked on the attached EXE file and infected their computers. Originally sent December 2006, two months later, the Storm Worm was all over the world. There were two main reasons the Storm Worm spread so fast. One was the email subjects, they all related to current news events and people wanted information. Many people get information online, so this information played right into the criminal’s hands. The other reason is that it is in fact a Worm; remember, they are designed to spread.
The topic of the Storm Worm covers the Worm part of the questions in detail. To complete the topic, we can cover some of the basics dealing with the types of Malware. Malware, as mentioned before, can come in all sorts of various ways to your computer. Likewise, they each do something different. There are Keyloggers, which record the keys pressed on your computer, and send that information to a third party. Some Keyloggers will only to record information when you visit certain sites, like banks or online gaming sites. Keyloggers are also used in legal settings. A company might deploy them to monitor the online habits of employees while at work. Same setting Keyloggers are also used in corporate espionage.
Another thing you will see in Malware, which is quite popular recently, is the Malware that creates Botnets. Botnets consist of two things. Simplified they are the master and the zombie. The zombie is your computer, because once infected with the Malware that creates Botnets, the master can send commands to control your computer remotely. This is done for several reasons. The top two are Spam and controlled targeted attacks on other networks online. Most Botnets are created for profit. They can be leased or sold to the highest bidder for good money. There is an entire underground market for the selling of such networks.
The second parts of the question now that Malware is explained, and you know what it is are Adware and Spyware. These two terms are again apart of the same thing. Both can be malicious, and both are Malware in that sense of the word. They each can be included with Trojans, and each of them is hard to remove on your own. They are different by definition, and both are low risk compared to Worms and Viruses.
Spyware does exactly what the name suggests, it spy’s on you. Spyware comes more often than not in programs downloaded, for example browser toolbars from unknown sources, or little add-ons for your desktop. They will ‘phone-home’ and report on browsing habits, in turn, this information is relayed to online marketers, and the ads you see online are targeted to you. Most users and companies are against Spyware because in a way it violates your privacy online by reporting every move you make. Spyware has been known to report such details as what ads you click on, what searches you make, and what sites you visit most often.
Adware is what causes popup ads on your desktop and other advertisements that seem to appear out of nowhere. Sometimes, these ads simply appear, and other times they seem to react to various websites you visit. It is a nuisance and like all other Malware, you will have a very hard time removing it on your own. That is the end of the answer. It covered all aspects of the question, and explains the what, where, and why of Malware.
Remember Malware is just a shortened term, and can relate to anything online that is malicious in nature. Now that you know what it is, how do you remove it and prevent it?
Removal will come from Anti-Virus software or AV for short. AV has advanced over the years. Almost all of the Malware online will be caught by AV programs. However, not all AV Programs are created equal, some are better at catching Malware than others are. If you know a computer person and ask them, what they prefer or what they use, will only get you an opinion. Instead, research it; many sites online will provide detailed AV testing one such site is www.av-comparatives.org which is very popular in the AV industry.
If it is opinion you want, then I personally suggest AVG (www.grisoft.com). I suggest this over others because it comes in ether fee versions or paid versions, (I use free) and is always a top runner in online tests. Along with that, I use another program called Spybot SD (www.spybot.info) which will catch and remove most Malware.
Prevention is hard to explain. I cannot tell you ignore emails, links, and websites you do not know. The fact is at one time your favorite website was unknown to you. Instead use caution, and always keep your AV programs updated. No matter your operating system, Windows or Mac, keep the operating system updated with all the latest patches. Never give out personal information to anyone online over email. No bank will ask you to install a file or send information over instant messenger or email.