These terms aren’t just used by geeks. They make their way into even
mainstream news stories about the latest web security problems and tech
scares. Understanding them will help you understand the dangers you’ve
heard about.
Malware
The word “malware” is short for “malicious software.” Many people use
the word “virus” to indicate any type of harmful software, but a virus
is actually just a specific type of malware. The word “malware”
encompasses all harmful software, including all the ones listed below.
Virus
Let’s start with viruses. A virus is a type of malware that copies
itself by infecting other files, just as viruses in the real world
infect biological cells and use those biological cells to reproduce
copies of themselves.
A virus can do many different things — watch in the background and
steal your passwords, display advertisements, or just crash your
computer — but the key thing that makes it a virus is how it spreads.
When you run a virus, it will infect programs on your computer. When you
run the program on another computer, the virus will infect programs on
that computer, and so on. For example, a virus might infect program
files on a USB stick. When the programs on that USB stick are run on
another computer, the virus runs on the other computer and infects more
program files. The virus will continue to spread in this way.
Worm
A worm is similar to a virus, but it spreads a different way. Rather
than infecting files and relying on human activity to move those files
around and run them on different systems, a worm spreads over computer
networks on its own accord.
For example, the Blaster and Sasser worms spread very quickly in the days of Windows XP because Windows XP did not come properly secured
and exposed system services to the Internet. The worm accessed these
system services over the Internet, exploited a vulnerability, and
infected the computer. The worm then used the new infected computer to
continue replicating itself. Such worms are less common now that Windows
is properly firewalled by default, but worms can also spread in other
ways — for example, by mass-emailing themselves to every email address
in an affected user’s address book.
Like a virus, a worm can do any number of other harmful things once
it infects a computer. The key thing that makes it a worm is simply how
it copies and spreads itself.Trojan (or Trojan Horse)
A Trojan horse, or Trojan, is a type of malware that disguises itself
as a legitimate file. When you download and run the program, the Trojan
horse will run in the background, allowing third-parties to access your
computer. Trojans can do this for any number of reasons — to monitor
activity on your computer, or to join your computer to a botnet. Trojans
may also be used to open the floodgates and download many other types
of malware onto your computer.
The key thing that makes this type of malware a Trojan is how it
arrives. It pretends to be a useful program and, when run, it hides in
the background and gives malicious people access to your computer. It
isn’t obsessed with copying itself into other files or spreading over
the network, as viruses and worms are. For example, a piece of pirated
software on an unscrupulous website may actually contain a Trojan.
Spyware
Spyware is a type of malicious software that spies on you without
your knowledge. It collects a variety of different types of data,
depending on the piece of spyware. Different types of malware can
function as spyware — there may be malicious spyware included in Trojans
that spies on your keystrokes to steal financial data, for example.
More “legitimate” spyware may be bundled along with free software and
simply monitor your web browsing habits, uploading this data to
advertising servers so the software’s creator can make money from
selling their knowledge of your activities.
Adware
Adware often comes along with spyware. It’s any type of software that
displays advertising on your computer. Programs that display
advertisements inside the program itself aren’t generally classified as
malware. The kind of “adware” that’s particularly malicious is the kind
that abuses its access to your system to display ads when it shouldn’t.
For example, a piece of harmful adware may cause pop-up advertisements
to appear on your computer when you’re not doing anything else. Or,
adware may inject additional advertising into other web pages as you
browse the web.
Adware is often combined with spyware — a piece of malware may
monitor your browsing habits and use them to serve you more targeted
ads. Adware is more “socially acceptable” than other types of malware on
Windows and you may see adware bundled with legitimate programs. For
example, some people consider the Ask Toolbar included with Oracle’s Java software adware.
Keylogger
A keylogger is a type of malware that runs in the background,
recording every key stroke you make. These keystrokes can include
usernames, passwords, credit card numbers, and other sensitive data. The
keylogger then, most likely, uploads these keystrokes to a malicious
server, where it can be analyzed and people can pick out the useful
passwords and credit card numbers.
Other types of malware can act as keyloggers. A virus, worm, or
Trojan may function as a keylogger, for example. Keyloggers may also be
installed for monitoring purposes by businesses or even jealous spouses.
Botnet, Bot
A botnet is a large network of computers that are under the botnet
creator’s control. Each computer functions as a “bot” because it’s
infected with a specific piece of malware.
Once the bot software infects the computer, it will connect to some
sort of control server and wait for instructions from the botnet’s
creator. For example, a botnet may be used to initiate a DDoS (distributed denial of service) attack.
Every computer in the botnet will be told to bombard a specific website
or server with requests at once, and these millions of requests can
cause a server to become unresponsive or crash.
Botnet creators may sell access to their botnets, allowing other
malicious individuals to use large botnets to do their dirty work.
Rootkit
A rootkit is a type of malware designed to burrow deep into your
computer, avoiding detection by security programs and users. For
example, a rootkit might load before most of Windows, burying itself
deep into the system and modifying system functions so that security
programs can’t detect it. A rootkit might hide itself completely,
preventing itself from showing up in the Windows task manager.
The key thing that makes a type of malware a rootkit is that it’s stealthy and focused on hiding itself once it arrives.
Ransomware
Ransomware
is a fairly new type of malware. It holds your computer or files
hostage and demands a ransom payment. Some ransomware may simply pop up a
box asking for money before you can continue using your computer. Such
prompts are easily defeated with antivirus software.
More harmful malware like CryptoLocker literally encrypts your files
and demands a payment before you can access them. Such types of malware
are dangerous, especially if you don’t have backups.
Most malware these days is produced for profit, and ransomware is a
good example of that. Ransomware doesn’t want to crash your computer and
delete your files just to cause you trouble. It wants to take something
hostage and get a quick payment from you.
![cryptolocker[4]](http://www.howtogeek.com/wp-content/uploads/2013/10/cryptolocker4.png)
So why is it called “antivirus software” anyway? Well, most people
continue to consider the word “virus” synonymous with malware as a
whole. Antivirus software doesn’t just protect against viruses, but
against all types of malware. It may be more accurately referred to as
“antimalware” or “security” software.
Credit: Chris Hoffman
No comments:
Post a Comment