Various Types of Malicious Programs
These are some of the terminology used to describe various types of malicious programming: malware, virus, worm, trojan horse, rootkit, crimeware, phishing, and adware.
Malware is a generic term referring to the entire spectrum of programming, whether malicious or merely annoying, whose sole purpose is to gain access to a computer without the owner’s knowledge or consent. Legitimate programming that has bugs or other problems which end up harming a computer is not considered to be malware – it’s just poorly designed. The key to whether or not a piece of programming is malware is the intent of the programmer. Does the program have a legitimate purpose, or is there an illicit motive behind its creation? Examples of malware include viruses, Trojan horses, rootkits, adware, crimeware, worms, and spyware.
Virus is a term that is commonly used interchangeably with malware, however, for a piece of malicious computer code to be a true virus, it must have the capability of spreading from computer to computer via the internet (in the form of a shared downloaded program) or a removable memory device (flash drive, diskette, or CD). Before a virus can do damage to a computer, it must be “unlocked,” which happens when a user clicks on an infected program. Rather than the intended program opening, the virus usually will execute first. It quickly replicates itself and moves rapidly through a computer’s system, just as a natural virus will infect a host organism, propagate, and begin working against the body’s defenses. If a computer is linked to a network, like most workplace computers are, the virus can quickly spread to each computer in the network through, for example, harmless –looking email attachments. If left unchecked, viruses can replicate themselves until all free space on a computer’s hard drive is filled. More commonly, the virus will delete or alter data stored on the hard drive, and/or permanently degrade the computer’s functionality.
Worm is a term referring to a category of malicious self-replicating programming. It differs from a virus in a few important ways. First, worms do not need to embed themselves in another program – they are stand-alone computer programs. In addition, worms generally are not designed to do damage to a computer’s files. Rather, they are commonly used to open a “backdoor” in a computer, allowing a remote user to gain access to the system. When a computer has been hijacked, it is called a “zombie,” and entire networks of these compromised computers are known as “botnets.” Spammers often send out their illegal marketing emails using “zombies,” without the knowledge or consent of the owner. The security issues, for both individuals and business, are self-evident.
Trojan Horses are programs which appear to be helpful, but in fact compromise the computer’s security, allowing unauthorized access to the computer and network. Depending on the intent, worms and viruses may be correctly considered to be Trojan horses. Once a computer has become infected, a host of ill-intended functions can take place, including:
- Deleting or altering data
- Degrading programs in a deliberate attempt to reduce a computer’s ability to function properly
- Uploading files from the computer, or downloading additional malicious software
- Helping to set up botnets
- Spying on browsing habits
- Copying keystrokes (to steal password and user ID information)
- Identity theft (stealing bank account, tax, and personal financial information)
- Displaying pornographic advertisements or images.
Rootkits are programs designed to hide the fact a computer’s security has been compromised. They are often Trojan horses as well, tricking the user into believing it is a helpful program. Rootkits are used by hackers to gain administrative control over computer networks. The rootkit will block parts of a network off from each other, which helps to conceal the illicit activities from the legitimate network administrators.
Crimeware is specially-designed malware that facilitates identity theft. The malware allows an identity thief access to a person’s online financial accounts (bank, stock, credit cards). The thieves can clean out the accounts and disappear into cyberspace, usually well-before the victim has any idea what is happening. Using crimeware, the identity thief can install keystroke logging software which allows access to user IDs and passwords, as well as programming which directs the internet browser to a counterfeit site where the user ID and password are stolen.
Phishing is not a program or rogue piece of code floating through cyberspace, waiting for a unsuspecting internet user to download and install it, but it is a growing problem and anyone concerned with privacy concerns on the internet needs to be familiar with it. Phishing is a technique hackers and identity thieves use to gain control of a person’s private information. In a phishing scam, an email or instant message will arrive from a seemingly legitimate sender, such as a bank, PayPal, eBay, online stock trading company, or a social networking site (such as Facebook or MySpace). The person receiving the email will be directed to what looks like legitimate site and asked for their personal information. Once the passwords and user IDs have been surrendered, they scammers can clean out bank and stock accounts, make fraudulent purchases with credit cards, and other financial crimes.
Adware, also known as “advertising-supported software” is software which displays or downloads advertising or marketing pitches to a computer. Advertisers pay programmers of freeware or shareware to place banner ads on the computer’s desktop while the program is running. It allows the programmers of this free software the opportunity to receive compensation for their efforts. However, adware becomes classified as malware when it secretly bundles spyware along with it.
