Understanding Malware

Bridewell opens new office in Houston’s Energy Corridor to help combat rising cyber attacks on critical national infrastructure

When we talk about cyber security, there are generally 2 things we are trying to keep out of your computer systems – hackers and malware. Hackers tend to launch targeted attacks on specific computer networks to steal or ransom certain information. While they often use certain types of malware to help them do this, there are plenty of strains of malware that do other things to your computer, and some of them are nastier than others. The term ‘malware’ means malicious software, and there are thousands of strains out there, all designed to disrupt, damage or utilise a computer system. For an individual that’s not great, but for business, this is very bad news. We therefore wanted to take the time to explain what malware is, what the different types do and why we work so hard to protect your systems from them.

Types of Malware

As we mentioned before, there are literally hundreds of thousands of malware strains out there, with more being developed every day to get through new loopholes in security software. Rather than explain each one individually, we’re going to explain the broad categories they fall into, and why each one is dangerous to your business. So, without further ado:

Virus: A virus is a malicious computer program that attaches itself to another seemingly legitimate program. If the infected program finds its way onto your computer, then the virus will attempt to replicate itself to infect other files within the computer system. This can cause performance issues, break your software applications, or even render your whole computer unusable. There are a variety of ways in which software infected with a virus can find its way on to a computer. Common routes are email attachments, downloads from web sites, or removable media such as USB drives. Some viruses are also capable of emailing themselves to other computers, which could cause some serious fallout if sent from a business to a customer.

Macro Virus: Many Microsoft applications, such as Word and Excel, include the ability to create macros. These are short programs, that enable you to automate simple repetitive tasks; for example, to import data into a spreadsheet and then re-format it. Clearly this is a very useful feature. However, the software that allows these macros to be created, can also be used to write complex programs, such as viruses. Microsoft help to protect you against possible viruses lurking in your documents by disabling macros when the file is opened; so, make sure you only enable macros if you know the document has come from a safe source.

Worm: Don’t let the name fool you – worms can be dangerous. Unlike a virus, a worm does not need to attach itself to a host file; it can get onto your computer all by itself. It looks for weaknesses in the network connections of computers, and if it sees a hole, it will worm its way in. The main objective of a worm is to replicate itself to as many different computers as possible. However, it also has the potential to deliver dangerous payloads, such as ransomware.

Ransomware: Ransomware is devious, difficult to remove and unfortunately a current favourite with criminal hackers worldwide. If your machine is infected, the ransomware will lock the contents of your computer by encrypting your files. Unfortunately, the only way to unlock the files is with the key that was used to lock them in the first place, for which you will need to pay a ransom – usually anything up to £3000. However, this is not advised, as there is no guarantee your machine won’t be locked again, or that it will unlock at all. The best way to fix your computer is to do a complete restore from the last backup. So, make sure you backup your computers regularly to a separate storage area; for example, in the cloud. Unfortunately, criminals are now threatening to publish the files of victims online if the ransom isn’t paid, which has caused chaos for affected businesses who deal in confidential data. You can protect yourself against this by encrypting your sensitive files yourself.

Adware: Just like the name suggests, adware displays pop up ads on your screen. While it’s a bit annoying, adware on its own may not pose a security risk. However, don’t just ignore it and close the windows. If adware has found its way onto your computer, the odds are something more dangerous has too; so use it as an indicator and do a thorough virus scan.

Spyware: Spyware is like the conjoined twin of adware – one is hardly ever found without the other in tow. Spyware sits inside your systems and quietly tracks your internet browsing, computer usage and even keystrokes. It then feeds all this information back to the adware so that it can show you more tempting ads. However, some spyware may be more dangerous. It has the potential to gather sensitive information, such as passwords or banking information, so you don’t want it hanging around.

Bot / Botnet: Bots are small programs used to perform simple repetitive tasks in computer networks. They are common on the Internet; used by search engines to crawl the Internet, analysing and cataloguing web pages. However, they can also be used for malicious purposes, and are commonly used to create distributed denial-of-service attacks (DDoS). The bots infect multiple computers (known as ‘Zombie’ computers), linking together to form a botnet. This enables a coordinated attack to be launched against the target; typically, by overwhelming it with network traffic from each bot, preventing legitimate communications.

Trojan: Much like its namesake the Trojan Horse, this malware masquerades as something non-threatening, but hides a dangerous payload inside. For example, the malware may appear to be free software, but will contain hidden capabilities. A common use for Trojans, is to create a backdoor into your system to allow the attacker to steal your information, download more dangerous software, or to gain remote control of your computer. Trojans can lie dormant for some time, so you might have been infected with a Trojan for a while before you realise you have a problem.

Rootkit: This particular breed of malware is one of the more difficult to detect and remove. Rootkits are designed to hide deep inside your computer, where they can gain complete control of the system. They can even render your computer’s security controls useless, leaving the system open to further attack. Think of it like the first in a team of burglars – the one who sneaks inside and waits until you’re out before letting the rest of the team in.

Rogue Security Software: This type of malware is designed to mislead you by pretending to be a good and trustworthy anti-virus program. It will often claim to remove malware from infected machines, when in fact it is malware. Instead of helping you, it will turn off all your other forms of protection and get to work opening the floodgates for more damaging malware strains.

Browser Hijacker: To finish on a slightly less terrifying note, browser hijackers simply change the way your internet browser works. Often this is through a new toolbar that is installed within a user’s web browser. It focuses solely on redirecting your browser away from natural search results and towards the results the developer wants you to see. The motive here is to make money from your web surfing. Not removing browser hijackers can be dangerous though, because they can sometimes track your web activity and even keystrokes. It could also be directing you to websites filled with malware waiting to attack your machine.

Of course, each and every malware infection is engineered slightly differently, usually non-discriminate, but sometimes designed for a very specific target. Most malware infections will fall into one of the mentioned categories, and any one of them could be a danger to your business and your data.