Know your malware

Varun Vohra

Malware is a buzzword in the world of IT security as it is used by security experts very frequently, to the extent that it has become a common household term. The truth is that very few people, especially from non-technical background, know its actual meaning and definition. Malware is a broad category of unwanted software that no one would like to have on their computer. There are various kinds of malware, having specific characteristics. A lowdown:

Adware: Malware that downloads or displays advertisements to the user. Usually, it does not steal any data from the system and is more of an irritant which forces user to see ads. Anti-malware solution with anti-adware ability and disabling pop-ups on browsers are easy fixes.

Botnets: Malware that performs repetitive tasks without user's the knowledge. Bad actors often use botnets to send out spam or phishing campaigns or to carry out distributed denial of service (DDoS) attacks against websites. Protection from botnets can be achieved by using anti-malware and network monitoring solution, configuring firewalls correctly and updating software regularly.

Hijackware: Malware that alters the behaviour of web browser usually to direct users to infected websites. Protection from hijackware can be achieved by using anti-malware solution, not allowing unwanted software to piggyback alongside legit software and configuring browser's security settings adequately.

Keylogger: Malware that records key strokes mainly to detect passwords for unauthorised access. Use of security tokens and one-time passwords for authentication, use of anti-spyware solution and on-screen keyboard are all effective against keylogging. 

Phishing: Attempt to obtain sensitive information such as usernames, passwords and credit card details for malicious reasons by disguising as a trustworthy entity. Education and awareness is one of the best defenses against phishing attacks. For example, users should not divulge personal information electronically and download attachments or click links in legit looking emails.

RAM scraper: Malware with the ability to extract data that is temporarily stored in the system's memory, especially credit card data stored on point-of-sale (POS) systems. Best defense against RAM scraper attacks is to use strong data encryption and hardened POS systems that are difficult to attack. 

Ransomware: Malware from cryptovirology that threatens to publish the user's data or block access to it unless a ransom is paid. Attacks can be prevented by using advanced anti-malware solutions and patching systems regularly. Their impact can be minimised by adopting an effective back-up strategy that empowers the users to simply wipe the infected system and reinstall it from the backup.

Rogue security software: Malware that tricks users into thinking that their system has a security problem and entices them to pay for a fake security tool to resolve the issue, which is actually an infected tool. Using properly configured firewall and anti-malware solution is the best defence. Also, users need to be vigilant when clicking on links or attachments in email messages.

Trojan: Malware which misleads users of its true intent. E.g. a Trojan might appear to be a free app, but once it is installed, it may steal data or install a backdoor providing unauthorised access to bad actors. Anti-malware solutions can help, but user awareness is the best tool against Trojans. Users should not download attachments or click links in legit looking emails and fall in the trap of installing any software.

Virus: Malware that replicates itself by modifying other computer programs and inserting its own code. Sometimes people use the words 'virus' and 'malware' interchangeably, which is not true. Virus is a very specific kind of malware. Strong firewall rules and daily updated anti-virus solution is the best defence as virus signatures change very frequently.

Spam: Use of electronic messaging systems to send unsolicited messages (spams). Use of anti-spam solutions is the best defence and most email services include anti-spam features, which need to be configured appropriately.

Spyware: Malware that gathers information about someone without their knowledge or consent, for example website cookies that monitor a user's browsing pattern. Firewalls to block spyware and use of anti-spyware software are the best mitigation steps.

Worm: A standalone piece of malware that spreads from one system to another. As with virus, the best way to prevent worm infections is the use of strong firewall and daily updated anti-virus solution.