If there is one thing that can ruin your sense of security, it’s malware. It can ruin your day, your computer, and potentially, your organization’s livelihood. Malware is described as any malicious software that is deliberately intended to cause damage to a computer, server, or computer network. Here, it is helpful to distinguish between a “bug” and “malware”.
A software bug, in contrast, is a software program that causes unintended harm, due to an error in the code. The key difference between the two is intent. As for Malware, the term encompasses a variety of malicious software, with the intent to cause harm, including computer viruses, worms, Trojan Horses, spyware and ransomware. In today’s article, we will explore some of the key differences amongst them.
Avoiding reference to the biological variety, computer viruses are what media outlets and most people refer to when discussing any form of malware software. Thankfully, most of the malware programs aren’t, in fact, true viruses. Why thankful? A true computer virus modifies authentic host files in a fashion that, when a victim’s file is executed, so is the computer virus.
True computer viruses are exceedingly rare today, making up less than 10 percent of all malware. For end users, this is a very good thing for the reason that computer viruses are actually the only type of malware that infects, i.e. modifies, other system files. It is actually this characteristic that makes them particularly difficult to remove because the malware necessitates that a legitimate program is executed. This has always been a difficult task, and today, it’s virtually impossible. You read that correctly, even the best antivirus programs battle to do this correctly. More often than not, the best means of handling the computer virus is quarantining or deleting the infected file.
Predating the computer virus, computer worms have been around all the way back to the early 1990s. For years, IT professionals were overwhelmed by computer worms that commonly arrived as message attachments, carried by email messages. In short order, once an end-user opened up the malicious email message, an organization would find themselves overrun.
Unlike viruses, the distinguishing feature of worms is that they are self-replicating; without any user interaction, a worm can spread across a network. It is this attribute alone that makes an effective worm so destructive. Viruses, by contrast, require that an end-user to execute the file before it can try to infect other legitimate files and users.
Worms manipulate other system files and programs to accomplish their objectives. A common example, holding a speed record that stands to this day, the SQL Slammer worm used a vulnerability in Microsoft SQL to sustain buffer overflows on virtually every unpatched SQL server connected to the internet in around 10 minutes!
Trojans, or Trojan Horses, are designed to appear as legitimate programs do, however, they come equipped with malicious commands. Trojans, too, have been around for a very long time; longer than computer viruses, however, in recent years, they have become the most common variety of malware used by hackers.
As is the case with computer viruses, a Trojan must be executed by the victim to become active in the host computer system. In terms of delivery, Trojans tend to arrive by email, otherwise, users may become infected whilst visiting malicious or infected websites.
Generally, Trojans are quite difficult for a user to defend against. The reason for this is two-fold; first, they’re fairly trivial to write and, further, they are spread by misleading users. In other words, we are dealing with the human element, nothing that a firewall or patch can prevent. Due to the prolific nature in which malicious actors push Trojans out to the web, anti-malware merchants find it is an impossible task to keep up with.
Remote Access Trojan
More threatening still are Remote Access Trojans. Remote Access Trojans are form of malware that allow a hacker to control your computer system remotely. After a Remote Access Trojan is connected to your computer, the malicious party can examine files, acquire login credentials and other personal information, etc.
As in the case of other forms of malware, Remote Access Trojans are frequently attached to files appearing to be legitimate, such as emails. However, what makes Remote Access Trojans especially sinister is they can often imitate above-board remote access programs. As you might expect, malicious parties don’t typically announce themselves.
They certainly won’t appear in a list of active programs. It is always more advantageous for malicious parties to maintain a low profile to avoid detection. Without taking proper security measures, it’s possible you could have a Remote Access Trojan on your computer for an extended period without any awareness.
Spyware is unique in the sense that, quite often, they are utilized by people who want to supervise or investigate the computer activities of close acquaintances, particularly, family or a spouse, for example. In more targeted attacks, malicious parties can use spyware to trace the keystrokes of a victim user to gain access to passwords or other sensitive information.
Luckily, spyware programs are typically quite easy to remove once they’re found. This makes sense if we consider the typical targets are close affiliates of the offending party. The process may be as simple as locating the malicious executable and block it from being executed.
A more targeted form of Trojans, ransomware programs are those that encrypt your data and hold it hostage until a cryptocurrency pay off has been made. Popular in recent years, this variety of malware is still rising in use and distribution. Ransomware has crippled organizations across the globe, with a list of victims including but not limited to: healthcare, law enforcement, law firms, countless online vendors and even entire cities.
As previously stated, ransomware programs are typically Trojans, meaning they can also be spread through some form of social engineering. Once executed, most Trojans seek out and encrypt user’s files as quickly as possible.
Ransomware can be prevented just like every other type of malware program, but once it is executed, it can very difficult to reverse the damage without a good proper backup. While nearly a third of users will pay the ransom, that is no guarantee the data will be unlocked. The best approach is to ensure your organization has a current, offline backup of all critical files.
Of the methods and techniques available for cybercriminals to extract data, which that they can leverage over victims for financial gain, malware has become increasingly prevalent. The harvested data may include anything from; financials, trade secrets, travel records, healthcare records, emails and credentials. In truth, the possibilities of the information that can be extracted with the use of malware is practically limitless.
If you would like to learn more about the dangers of malware, and how Packetlabs can help, please contact us for more detail!