Malware is infecting users’ computers and mobile devices at an ever faster rate. Many people see malware, viruses, spyware, adware, worms, Trojans as the same thing. Although all of these programs are harmful, they are not the same. Each of them behaves differently.
Threats determined by the multiplication method
When creating antivirus programs, the method of malware penetration on users’ computers is always taken into account. With this in mind, malware usually falls into one of the following categories
A virus (Virus) is the most well-known form of malware. The term “computer virus” is often used interchangeably with the term “malware”. In fact, these concepts do not have the same meaning. The term “malware” means any malware, including computer virus.
A distinctive feature of a virus is that it can copy itself and spread by attaching other, commonly used, legitimate programs to its files. Linked files will act as a transport mechanism. For example, if a virus joins a music file, each time it copies the file to a disk, memory stick or USB drive, or transfers the file over the Internet, the virus will be copied and transmitted with it.
Worms are computer programs capable of self-replicating. Usually distributed via the Internet, most often via e-mail. Distinction between worms and viruses consists in methods of their work: the virus joins to other program, the worm is independent process.
Computer worms use the network to send copies of themselves to other PCs. Worms create a background process that is independent of the user’s access to a specific file. They infect the network, not just the individual computer. This strategy is a Worms replication mechanism. Because worms often exploit network vulnerabilities, they can be partially prevented by the use of a permanent firewall.
E-mail is the primary source of infection. By infecting a single PC, the worm gains access to an email list and sends its copies to the network. Such malware is always hidden in the form of e-mail attachments. Therefore, you should not download the contents of unknown emails, even if their source looks convincing.
Trojan is malware that comes to your computer under the guise of a useful application. Trojan is installed on the PC together with the necessary program through the installation wizard. The main difference between viruses, worms and Trojans is that Trojans do not replicate themselves – they are installed by the user.
Trojans are usually used to steal confidential data, collect information, send spam, interfere with the overall performance of the PC, and use the computer’s capabilities for questionable purposes.
The best way to avoid Trojans is to think twice before downloading a new application. Especially when the protection system gives out a warning about the danger of infection.
Drive-by download is a type of malware that is automatically downloaded to a user’s computer when visiting unreliable websites. Drive-by consists of small code fragments that often go unnoticed by weak security features. After implementation, the infected code exploits the vulnerabilities of operating systems, web browsers and modules connected to them, such as Java, Adobe Reader, Adobe Flash.
The results of Microsoft Security Intelligence Report (SIR) reports confirm that Drive-by exploits have become the main threat to web security. To minimize the risk of infection, you need to install a reliable antivirus with the ability to scan the html code of web pages, constantly update the operating system, a working web browser, and avoid visiting unfamiliar websites that may contain malicious code.
Threats determined by action (harmful load)
The viruses, worms and Trojans described above are determined by the way they are spread. But there are other malicious programs that are determined by their behavior on the infected computer. This type of malware is classified as such: Spyware, Adware, Scareware, Rootkit, Ransomware. In some cases such programs try to reproduce themselves without harming anyone, in other cases they can create a security threat.
Spyware is any software that collects confidential information from a PC and sends it to remote users. The sources of Spyware are usually applications downloaded from the Internet.
Spyware is designed to steal personal information, learn passwords and credit card numbers, and track browsing habits. They can change the home page of a browser, install unwanted or malicious files from the Internet.
Since spyware applications are most often designed to earn money at the expense of others, they usually do not do much damage to the computer.
Advertising software (Adware) is designed to display ads and works through browser or network settings. Does not harm the devices, but can slow them down. Advertising programs are often the main source of revenue for developers.
The Adware process can be implemented by redirecting web visits to unnecessary pages. Another method is to intercept browser settings to add unnecessary toolbars, change the default search engine, and change the home page address.
Scareware is a relatively new type of attack that uses fake antivirus applications. At best, such software does not offer any real protection, at worst it includes actively harmful elements.
Once Scareware is installed, users begin to receive reports of hundreds of viruses infecting their devices, with demands for money to register or purchase a new license to cleanse them.