We alerted you last week to the WannaCry Ransomware email attack, which sparked a request to explain the differences between ransomware, malware, viruses, worms, trojans etc…
Malicious software, shortened to Malware, is the term for all software with malicious code designed to infiltrate and cause damage to a computer without the knowledge of the owner.
Each form of malware has its own way of gaining access to your computer and data, and its own method of attack.
Examples of Malware:
- Computer Virus
Designed to relentlessly replicate, a virus is a contagious piece of code that attaches itself to other software, and generally needs some sort of human interaction to activate it. Once a computer virus has infected your computer it can corrupt or delete programs and files, destroy data, flood the network with traffic so any internet activity is impossible, alter the way the computer operates, or stop it from working altogether. Computer viruses are nasty, they can quickly spread across a network, (in the case of a polymorphic virus mutate its underlying code as its spreads). You can unwittingly install a virus onto your computer by opening an infected email attachment, clicking on a link in the message or interacting in some other way with the email, visiting an infected website, or sharing or downloading infected files, applications and system utilities.
There are different types of viruses categorised by how they behave:
- File Infectors – Attach themselves to program files, the program is then loaded causing the virus to be loaded too. Email attachment viruses are file infectors, which are sent as a script which will infect once the attachment is opened.
- Macro Viruses – Embed themselves into a legitimate macro sequence, in a file such as Word. Microsoft disabled macros as default to prevent this, but users were soon targeted to enable macros and launch the virus.
- Overwrite Viruses – Destroy files and data by overwriting files with its own code. This new code can also program the files to spread the virus further.
- Resident Viruses – Hide inside the computers RAM, infecting files or applications as they are loaded. Even if you delete the original virus signature the stored version in the computer’s memory can continue.
- Rootkit Viruses – Allow attackers to gain continued command and control of your computer, taking over whilst hiding its presence. With admin access, files can be executed, configurations changed, and owner usage monitored. In some cases, rootkits can be practically impossible to remove.
- Trojan horse
Trojan horse is malware that disguises itself as something innocent, games, disk utilities even virus programs, in most cases for the purpose of collecting financial information. Once loaded the software will start corrupting data on your computer, and in larger systems create a denial-of-service-attack. Although a Trojan horse cannot replicate itself like a virus can, it is possible for them to attach themselves to viruses and spread that way.
Unlike a virus, a worm is a program in itself, it replicates and spreads destroying files and data until there are none left. Primarily infected via email and messages, they usually target operating system files exposing security failings and move across a network.
Similar to a Trojan horse or a worm, but these provide a backdoor allowing a network connection for the attacker or other malware to enter.
As the name implies this malware takes your computer hostage, preventing you from accessing files or locking it completely until you pay a ransom. Often distributed as a Trojan horse once its installed you will get a message saying you must pay a ransom to continue.
Is a term used to describe unwanted applications not classified as malware but can impact the performance of a computer. The main purpose is to collect information about you, for the sake of advertising profit. Examples are Spyware, Adware and Madware.
Installed in the same way as a virus, spyware once on your computer can capture information such as browsing history, email, credit card details, usernames & passwords. This personal information can then be sent to the attacker’s computer.
Pop up advertisements within a program, which although not always malicious can track internet browsing habits, and if consent has not been given can be classified as spyware. This information could then be sold to third parties. Adware is used when it’s on a computer, and Madware when it’s on a mobile.
Users get the choice in many cases to purchase the application without adverts.
A surveillance software which records keystrokes typed and saves to an encrypted log file. Often used as a spyware tool to monitor login credentials and personal information, some employers are installing it to keep an eye on unauthorised activity.
- Scareware/Rogue Security Software
Typically show themselves as warning messages that your computer has been infected with a virus, and to download software to rectify the problem. Your computer has not been scanned for a virus, but you are lured into purchasing the software, which may then include spyware.
With IT systems being such a valued asset of any business, the need to protect your organisation from attack is critical.
At Curo we only work with the industry leaders to protect your business. To find out more about what Curo can do for you, visit our Security and Anti-Virus section of the Website. Don’t wait, Act now.