Here’s what you need to know about spyware, trojans, malware, ransomware, and many other threats that your security software must stop. So what’s the difference?
The best antivirus software protects us from many more types of malware than just viruses. Here’s what you need to know about spyware, trojans, ransomware, and many other threats that your security software must stop.
If your antivirus software does nothing but protects against computer viruses, then it would be pretty useless. The term computer virus, coined in 1984 by American researcher Fred Cohen, specifically refers to a program that inserts its code into other programs. When an infected program is run, the virus spreads.
However, the vast majority of malware is not a virus. The reason for this is that malware encoders want to make money, and the virus is difficult to monetize. Fortunately, modern antivirus programs offer protection against a large number of malware, eliminating all types of malware. The best software protects against all types of threats, so you usually don’t have to know which threat is what.
However, situations can escalate when you need to know what has invaded your system, and many stories in security breaches, hacking, and attack news can be confusing if you don’t know the proper terms. That’s why we bring you a guide to the most common types of software threats you’re probably reading about (and hopefully you won’t encounter) that can help keep you up to date or safe.
Threats defined by the replication method
A virus starts when a user launches an infected program or runs software from an infected disk or USB drive. Viruses are hidden so that they can spread widely without being detected. In most cases, virus code simply infects new programs or disks. Eventually, often at a predefined date and time, the virus starts.
Early versions of the virus were often senselessly destructive; these days, viruses are more likely to be used to steal information or implement DDoS (Distributed Denial of Service) attacks on the targeted website.
Worms are similar to viruses but do not require users to run an infected program. Simply put, a worm copies itself to another computer and then runs that copy. In 1988, a worm called Morris, intended as a simple proof of concept caused serious damage to the coming Internet. Although he was not supposed to be malicious, his excessive self-replication sucked up a large amount of flow.
Trojans hide malicious code inside a seemingly useful application. A game, tool, or other application typically performs its intended task, but sooner or later it will do something harmful.
This type of threat spreads when users or websites inadvertently share infected content with others. Trojans can also be great for making money. Banking Trojans insert fake transactions in order to “dry out” users’ online bank accounts. Other Trojans can steal users’ personal information so that their creators can sell it online.
Threats defined by the method of behavior
Viruses, worms, and trojans are defined by the way they spread. Other malicious programs base their names on what they do. Spyware, unsurprisingly, refers to software that spies on a user’s computer and steals passwords or other personal information. Many modern antivirus programs include components specifically designed to protect against spyware.
Adware displays unwanted advertisements and often targets what interests the user by using information stolen by spyware components.
Rootkit technology connects to the operating system to hide malware components. When a security program requests a list of files from Windows, the rootkit removes its files from the list. Rootkits can also hide registry entries.
Bot attacks do not actively damage the user’s computer but it makes the system susceptible to damage others. They quietly hide until the owner, or “bot shepherd”, initiates the appropriate command. After this, along with hundreds or thousands of others, the bot does everything it is told. Bots are often used to send spam.
Some malware exists specifically to help distribute other malware. These dropper programs tend to be small and unobtrusive, but they can inject a constant amount of other malware into a user’s computer. Dropper can get instructions from its remote owner, as well as bots, to determine which malware to distribute.
As the name suggests, ransomware holds a computer or data on it and asks for a ransom for it. In its most common form, a ransomware threat will encrypt documents and demand payment before decrypting them. In theory, a user’s antivirus should be able to deal with ransomware just as it does with any other malware. However, since the consequences of a ransomware attack are quite severe, users are also advised to use special tools to protect against ransomware.
Not all antivirus programs are what they look like. Some are actually fake, counterfeit programs that do not protect the user’s security and damage his bank account. At best, these programs do not offer real protection; in the worst case, they include actively harmful elements.
They work hard to scare the user into paying for registration, so they are often called scareware. If you register, you spend your money and hand over your credit card information to thieves. Avoiding scareware is becoming increasingly difficult as these programs become more complex.
Multiple vectors, single solutions
These categories are not mutually exclusive. For example, an individual threat may be a virus type, may steal personal information such as spyware, and use rootkit technology to hide from a user’s antivirus. Also, a scareware program can be a type of Trojan, and it can also steal private data.
The term malware encompasses all of the listed types of malware. Any program whose purpose is harmful is a malware program. Industry groups, such as the Anti-Malware Testing Standards Organization (AMTSO), use this term for clarity, but general users are still looking for antivirus, not anti-malware. Although the word antivirus is domesticated, we need to know that the antivirus we use should also protect us from malware.