If you have logged on to the internet, picked up a newspaper, or generally not been living under a rock for the past 5 years, you’ve heard a lot about malware, viruses, and crypto. Do you know what they are though and how they are different? Many people use all of these terms interchangeably, however, they are different. With over 350,000 types of malware discovered DAILY it’s important to understand the differences.
- Malware – A mashup of MALicious softWARE. This is any kind of software that is intentionally designed to cause harm to computers, servers or networks. This is the catch-all term.
- Virus – Chances are if someone says computer threat, your mind goes straight for the virus. Like the virus that humans get, these programs spread throughout a network on their own and once another computer gets the virus installed, that computer is infected. These can delete files, lock programs or do nothing at all.
- Spyware – Another mashup, of SPY and softWARE. This is software that, once installed, stays in the background transmitting data back to the originator. This can be every keystroke that is made on the computer, websites visited or webcam images. These can lead to stolen passwords, bank account information, or other personal information.
- Trojan – Named after the deceptive horse that the Greeks used to invade Troy. If you are unfamiliar with the story, it’s a good read. Much like the horse, these programs in and of themselves appear harmless but provide the way for nefarious individuals to get malicious software loaded on the infected computer.
- Ransomware – Often you’ll hear of a business or organization getting ransomware. This is a piece of software that will lock an infected machine or the data on the machine and demand payment to unlock the computer/data, rather than steal it to try to sell. These ransomware programs are frequently delivered through a trojan and alongside spyware.
- Worms – Unlike viruses which spread file between files on a computer, worms spread machine to machine on a computer network. The 2003 SQL Slammer rapidly infected 75,000 servers in 10 minutes. This traffic can render a server useless or at least slow it down to the point where it’s not usable.
- Adware – Yet another mashup (IT people love those) of ADvertising softWARE. Adware’s sole purpose is to bombard you with advertisements, getting the b-list actors some revenue. Adware is a little different as it is not malicious, primarily annoying; however, some variants are also trojans.
- Rootkit – These get into the architecture of an operating system and build a back door into the operating system. They are very difficult to detect and next to impossible to remove. The only way to ensure that it is completely gone is to rebuild the compromised system.
Understanding the basic variants of malware is good, however, the most successful attacks are layered and use more than one type of malware to gain access to a system. A virus getting noticed then quarantined and removed are part of the technological past. Ultimately, you need a layered approach to keep the malicious parties at bay. Next-Generation firewalls with intrusion detection and prevention systems, advanced endpoint protection, email threat prevention all help, but ultimately, education for users is the final line of defense.
About the Author
Matt Becker is a Senior Engineer at Worksighted. He is focused primarily on large infrastructure projects including cloud migrations, networking refreshes and on premise server upgrades. Matt graduated from Michigan State, and lives with his wife and two kids in suburban Grand Rapids, MI.