Different Types of Malware
The term “Malware” is usually associated with viruses, worms, Trojan horses, spyware, rootkits, and dishonest adware. As a network administrator or computer technician, you need to know how to identify malware, how to remove it, and how to protect a computer from it.
Malware can be divided into several categories, including the following:
• Viruses
• Worms
• Trojan horses
• Spyware and dishonest adware
• Rootkits
• Backdoors
A computer virus is a program that can copy itself and infect a computer without the user’s
consent or knowledge. Early viruses were usually some form of executable code that was
hidden in the boot sector of a disk or as an executable file (e.g., a filename with a .exe or .com extension). Later, as macro languages began to be used in software applications (such as word processors and spreadsheet programs), virus creators seized upon this technology, embedding malicious macros in documents of various types. Unfortunately, because macro code is automatically executed when a document is opened, these documents can infect other files and cause a wide range of problems on affected computer systems.
A worm is a self-replicating program that copies itself to other computers on a network with-
out any user intervention. Unlike a virus, a worm does not corrupt or modify files on the
target computer. Instead, it consumes bandwidth and processor and memory resources, slowing the system down or causing it to be unusable. Worms usually spread via security holes in operating systems or TCP/IP software implementations.
Trojan horses derive their name from the Trojan horse story in Greek mythology. In short, a
Trojan horse is an executable program that appears as a desirable or useful program. Because it appears to be desirable or useful, users are tricked into loading and executing the program on their systems. After the program is loaded, it might cause a user’s computer to become unusable, or it might bypass the user’s system security, allowing his or her private information (including passwords, credit card numbers, and Social Security number) to be accessible by an outside party. In some cases, a Trojan horse may even execute adware.
Spyware is a type of malware that is installed on a computer to collect a user’s personal
information or details about his or her browsing habits, often without the user’s knowledge.
Spyware can also install additional software, redirect your web browser to other sites, or
change your home page. One example of spyware is the keylogger, which records every key a user presses. When a keylogger is installed on your system, whenever you type in credit card numbers, Social Security numbers, or passwords, that information is recorded and eventually sent to or read by someone without your knowledge. (It should be noted that not all keyloggers are bad, however, as some corporations use them to monitor their corporate users.)
Adware is any software package that automatically plays, displays, or downloads advertise-
ments to a computer after the software is installed or while the application is being used.
Although adware may not necessarily be bad, it is often used with ill intent.
A rootkit is a software or hardware device designed to gain administrator-level control over
a computer system without being detected. Rootkits can target the BIOS, hypervisor, boot
loader, kernel, or less commonly, libraries or applications.
A backdoor is a program that gives someone remote, unauthorized control of a system or
initiates an unauthorized task. Some backdoors are installed by viruses or other forms of
malware. Other backdoors may be created by programs on commercial applications or with a customized application made for an organization.