Malware is short for malicious software. It is a broad term that applies to any software that has unwanted effects for the victim. It spreads in various ways, but always has the same goal: to infect your computer.
You should treat malware seriously and take action if you're infected. Some malware programs don't pose a huge threat. However, most malware infections are serious and can have real-life consequences like identity theft.
Malware is an umbrella term and includes many different types of threats. These range from mild annoyances to severe problems. Here are a few examples of well-known types of malware:
Viruses and worms are what may come to mind first when you think of malware. They can be relatively mild pranks, or they can cause serious harm to your operating system and files. However, even prank viruses can be dangerous. They can have unwanted side effects, like slowing down your computer or crashing it.
Virus is commonly used as a synonym of malware. In common usage, it's perfectly fine to use virus as an umbrella term. However, in computing, virus has a more specific meaning. It's a sub-type of malware with its own properties. Viruses work by attaching themselves to a file or program (a host). Then, they copy themselves and attack other programs on the computer. Viruses can spread can various ways. However, many of the best-known viruses spread by sending emails to the victim's contact list.
On the other hand, worms are much like viruses. Like viruses, worms copy themselves to spread. However, they don't require a host and can spread through computer networks. They take advantage of security holes to infect any computers that aren't protected.6
Viruses were a hot topic in the earlier days of the internet. However, they are much less common in the modern age. On the other hand, worms are making a comeback as ransomware, which you can read about below.
Adware generates ads on the victim's PC so that the creator can make money. On top of this, it may install annoying, hard-to-remove browser add-ons like toolbars. It may change your browser settings and redirect you without your permission. This is called browser hijacking.
The term can mean any software supported by ads. However, it's usually used to mean malware that generates annoying, unwanted ads. Adware is usually considered a "mild" threat. However, some sources classify it as a serious threat. This is because some adware breaches security settings on your computer, exposing your data to worse threats. It can also cause other problems like slowing down your computer and eating up your data plan.1
Spyware is software that gathers info from your computer without your knowledge. Some legitimate organizations use it to monitor computer systems. For example, some companies use spyware to keep track of employee activities. However, you won't usually hear the term applied to anything but malware.
Spyware can be used to steal your sensitive data, such as account passwords and financial info. If you're infected, it will secretly send data from your hard drive to the attacker. It may also log what you type or track your internet browsing. In extreme cases, spyware may install a rootkit. This is a software bundle that lets the spyware access the operating system at an admin level. Rootkits are hard to remove and can hide themselves from antivirus software.
Overall, being infected with spyware can open you up to identity theft. Because of this, you should treat it as a more serious program than adware.
Trojan (short for Trojan horse) is malware that hides its true intentions. Trojans are disguised as legitimate programs, but this is a cover for what the malware is really doing to your computer. Instead of copying themselves to spread, Trojans trick you into downloading them.
The effects of a Trojan can be anything. However, they're typically used as a "backdoor," a method of breaking security on the victim's computer. Once infected, attackers have direct access to the infected computer. They can steal info, spy on the victim, and even control the computer remotely. Trojans often use some of the same methods as spyware, but they are much more dangerous.
A good example of a Trojan is "rogue security software." This is a type of malware that pretends to be an antivirus tool. Their goal is usually to get you to pay for the "full version." If you fall for it, a criminal now has your money and credit card number. These types of Trojans often use scare tactics to trick victims into downloading them and paying.
People create Trojans for a few reasons. Here are two examples:
Stealing the User's Info/Identity
Like spyware, it's easy to use a Trojan to get the victim's data or break their online accounts. Trojans may be able to watch the victim's screen, log their keystrokes, or even access their files directly. Or, in the case of rogue software, it can use phishing tactics.
Creating Botnets
A botnet is a network of computers that an attacker secretly controls via Trojans or other malware. Victims often don't know their computer is part of a botnet. Computers in botnets are often called "zombies." Attackers use their "zombies" to carry out denial-of-service attacks or spread spam messages.2
This type of malware has been growing in popularity. It is arguably one of the most dangerous malware threats today. The "WannaCry" incident of May 2017 was just one of a handful of notable ransomware attacks.
Ransomware programs can spread in a variety of ways. For example, they sometimes work like Trojans. However, there have been a couple of them in recent years that worked like worms, like "WannaCry." This is one of the things that makes ransomware so dangerous.
On infection, ransomware "locks" the victim's PC in some way and demands them to pay to "unlock" it. It essentially holds the computer "hostage." Some ransomware simply puts the PC behind a "paywall," blocking victims from their files. Some actually encrypts the victim's files. This means it scrambles the files so that they're unusable until the ransom is paid.
Ransomware attacks are almost always done to make a profit, because they're such an easy way for criminals to make money.
A PUP is a potentially unwanted program, an app you agreed to install but probably didn't want. They're usually "bundled" with the program you did want to install. They use several tactics to hide the fact that you're installing them and are usually hard to remove. These include dark patterns, user interfaces designed to confuse or trick you.
PUPs aren't considered malware, but they're still something to look out for. They tend to use methods used by adware and spyware, such as browser hijacking. They may also compromise your security settings, opening you up to more problems.
Malware spreads in a variety of ways. Here are a few examples:3
Making malware seems pointless at first glance. You may ask, why would a criminal want to ruin a random stranger's life? The truth is, most criminals who create malware want to get something out of it.
Here are a few common reasons for creating malware:5
Many criminals want to make money from their activities. Cybercriminals are no exception. In fact, money is probably the biggest reason modern criminals create malware.
There are a few reasons for this. For example, ransomware is a way for criminals to extort money out of unsuspecting victims. Also, Trojan horses and spyware give access to personal details that allow identity theft.
While it sounds too out there to be true, virtual goods do have a real-life value attached to them. Some criminals will want access to a victim's online accounts, so they can reap the benefits. Also, buying and selling accounts is more common than you think.
For example, in online games (MMOs), thieves will crack player accounts and sell the player's virtual items to other players for real-world money. This works like a virtual "black market" of sorts. They often do this through malware disguised as useful software aimed at players.
While many malware creators have a clear goal, some just want to watch the world burn. They may create malware as a twisted "prank" or to show off their technical skills. They like taking down other computers, or entire systems, for no reason other than to feel powerful and laugh at the victim. They may also do so to expose security holes in software.
These types of people were common in the earlier days of the internet. However, they're rare today. After all, most modern malware creators do it for the money.
Don't worry, you don't have to be a computer genius to protect yourself against malware. All it really takes is a few simple habits. Here are some examples to get you started:
Some people think that common sense is the best defense against malware. They say that they won't get infected because they're cautious. Unfortunately, this is a not always the case. Being infected with malware isn't always your fault, and you aren't safe even on trustworthy websites. Installing good security software should be a standard action.
Another common myth is that you have to pay subscriptions for good security software. In reality, most paid models only give you extra features. At a basic level, free versions do what they're meant to do just as good as the paid versions.
Antivirus and anti-malware are actually different things. Antivirus software protects your computer against infection before it happens. Anti-malware scans your computer for infection and helps remove it. It's true that both types usually have elements of the other type. Antivirus can scan your computer for malware and anti-malware usually has a simple shield feature. However, they put most of their focus into different things. In other words, antivirus is like a flu shot, while anti-malware is like medicine.
For antivirus, a good place to start is Avast Free Antivirus. For anti-malware, the absolute best is arguably Malwarebytes.
A good ad blocker can protect you against malvertising. This way, malicious scripts from these ads won't be able to touch you.
However, some sites don't let you use ad blockers. In this case, make sure your security software is enabled, and NEVER click on any ads. While not all ads are harmful, there's no way to tell until you click them. Since they're a popular tool for attackers and scammers, it's best to avoid clicking them altogether.
Also, watch out for misleading ads. Some criminals will buy an ad in a spot and size that makes it look like something else. For example, download pages will sometimes be full of ads that look like download buttons. Also, some ads may be disguised as part of the site. Thankfully, it's not too hard to spot ads. Most are labeled as ads, and they will always link to outside the site you're on.
This helps you avoid being exploited by hackers and malware.
If you find a flash drive, CD, DVD, etc. lying on the ground somewhere, you probably shouldn't trust it. Yes, it's possible that someone has just lost their device. However, you shouldn't take your chances.
There is a lot of legitimate, free software on the internet. Make sure you download these programs from the right sources. Trojans sometimes pose as well-known free software like Adobe Flash Player.
Be careful on software download sites like Softonic, Sourceforge, and Filehippo. These sites are perfectly safe and used by legitimate software developers. However, they're also an easy way to distribute malware. Make sure the program you're downloading is legitimate (see the next point) instead of blindly downloading it. It also helps to use ad blockers because attackers will sometimes exploit ad services to trick people into thinking they're clicking a download button.
This a very popular way to spread malware. Never open attachments if you don't know the sender, or if the email seems suspicious. Don't let your guard down if the attachment looks like a "safe" file like a PDF or Word document. Attackers can disguise files by using misleading file names (e.g., "document.pdf.exe") or even changing the icon to look real. Also, Word has a "macro" feature that can easily be used to write a virus.
For example, be wary of those Facebook posts that tell you to click a link to win something or enter a drawing. The same goes for messages and comments. Also, be wary of short URLs like bit.ly. Many legitimate companies use them. However, malware creators and scammers love using them to hide link locations. If you're not sure, run the link through a URL expander to see where it goes.
Never, ever, download pirated content. Beside it being illegal, these types of sites are popular places for distributing malware. They're also popular malvertising spots.
Antivirus software and ad blockers aren't a replacement for critical thinking. This isn't to say you shouldn't use those things. However, you should always take care when surfing the web above all. Letting your guard down leaves you open to getting infected.
Also remember, if something seems too good to be true, it probably is. Trust your gut, and be on guard if something seems wrong.
Sources
1https://www.avg.com/en/signal/what-is-adware
2https://en.wikipedia.org/wiki/Botnet
3http://www.peachpit.com/articles/article.aspx?p=1960827&seqNum=5
5https://www.computerhope.com/issues/ch001404.htm
6https://usa.kaspersky.com/resource-center/threats/computer-viruses-vs-worms