Virginia Tech® home

Malware

Malware

Malicious software (malware) includes viruses, Trojan horses, worms, spyware, adware and other software. It attempts to disrupt normal computer use, gather specific information from the machine and its users, gain operational control over the machine, or spread to other connected computers and networks. In the beginning, malware was created either as a proof of concept or a prank to show off a programmer’s technical ability. Since then malware has morphed into a money making and criminal enterprise, where both computers and users can be specifically targeted for exploitation.

Types of Malware

Viruses and Worms

A computer virus is a piece of software that infects a legitimate program, replicates and spreads to other computers when activated by a user. A worm is very similar to a virus but is self-replicating and will spread to other computers automatically. Both of these types of malware generally carry a payload of programming code that is designed to cause damage to the machine or install other malicious applications.

Trojan Horses, Rootkits and Backdoors

Trojan Horses generally masquerade as legitimate software, or piggybacks on a file that a user downloads and runs, allowing an attacker to gain access to the computer. Rootkits attempt to infect core components of an operating system, giving an attacker complete control of the device while making itself nearly impossible to detect. Trojan Horses and Rootkits allow an attacker to create a backdoor into an infected machine, allowing them to bypass authentication systems and thwart existing security mechanisms.

Adware, Spyware and Keyloggers

Adware consists of software that provides advertisements via pop-up ads or browser page redirections. The most common forms are installed along with browser toolbars to assist in searching and navigating the internet. While most adware is relatively harmless in itself, it is often bundled with Spyware or Keyloggers. Spyware is designed to monitor your computer’s actions to collect personal information, usernames and passwords, or internet surfing habits and history. Keyloggers are specialized malware that will monitor the computer and record anything that is typed onto the keyboard, periodically transmitting that data to the attacker.

Botnets and Zombies

Once a computer has been compromised, additional software can be installed that will allow an attacker to use that computer in more sophisticated malicious activity. A botnet is a collection of similarly infected computers that can be used to coordinate attacks against other machines, and generate spam. When the user is unaware of the infection, this compromised machine is oftentimes described as a zombie.

How Do I Get Infected with Malware

Email, Chat and Social Engineering

One of the most prevalent methods of infecting a machine is by crafting an email or a text chat that convinces a user to click on a link, which visits a malicious website and causes the infection. These emails and chats can be Social Engineered and targeted at specific individuals or organizations. Information can be gathered from an organization’s website, press releases, legitimate company email or at the individual level through Facebook, Google+ and other social networking sites. This information can be used to increase the likelihood that someone will click on the embedded link by making it look like legitimate correspondence.

USB drives

A growing method of infecting computers as well as other types of electronic equipment is by creating a USB drive with malicious software that runs when it is plugged in. Many antivirus programs do not scan the USB drive by default and many computers are configured to automatically run any program on the USB when it is inserted. There are also several pieces of malware that will infect all portable media attached and will propagate the malware when plugged into another machine.

Website Drive-By-Download

A website drive-by-download occurs when a user visits a legitimate website and an embedded script covertly downloads and executes malicious software. These can occur if a webserver has been compromised and attackers have placed the scripts on the machine. An alternate method is for an attacker to add the scripts to a server that supplies advertisements and impact multiple websites with a single compromise.

What Can You Do About Malware?

Antivirus software

One of the simplest things that a person can do to combat malware is to install an antivirus program and keep it updated. There are many different versions available, some that are free of charge and others that are available for a nominal cost. Historically, malware has been targeted at Microsoft Windows computers but there are versions that can infect both Apple Macintosh computers as well as Linux based machines. There are new versions of malware that are specifically targeting Apple computers as well as versions that are cross-platform and can infect any type of machine.

Operating System and Application Updates

Another simple way to protect a computer against malware is to keep your computer’s operating system and any installed applications up-to-date. All of the major manufacturers release periodic updates to fix problems that are discovered as well as to close security flaws that could lead to infection. In fact, many malware authors target these flaws in the hopes that a system has not been updated with the fixes. A Zero Day exploit occurs if malicious software is targeted at a security flaw that is currently unknown to the vendor and thus has not been fixed.

Local Firewall

In a network environment, computers need to communicate together to share services and transfer information. All major operating systems ship with a local firewall that can block unwanted connections to a computer and limit who can connect. A local firewall should be run at all times, whether the machine is currently online or is being used offline.

Turn off USB Autoplay

Most operating systems can control the default behavior when a USB drive is inserted into the computer. The autoplay feature should be turned off on the machine. Also, the USB drive should be scanned with the installed antivirus software prior to opening any files.

Adware/Spyware Scanners

In addition to antivirus scanners, there are also adware/spyware scanners that can help identify and remove malicious software. There are free products and pay for service products that can be run periodically to keep a machine clean of this software.

Off-line Scanners

Often, Trojan horses and Rootkits can hide themselves from traditional antivirus software by masquerading as legitimate software or by hiding in a program that is currently running on the machine. In order to identify this malware and remove it, many antivirus companies provide an offline scanner that can be used to boot the machine and scan it outside of the installed operating system increasing the likelihood of identifying the infection.