Online Security: Types of Malware and How to Stop Them

You’ve probably heard that securing your computer against malware is a vital thing to do. But chances are, you probably don’t give it that much thought. How serious is the problem, anyway? Well, as more and more aspects of our lives are dependent on electronics, making sure your computer is secure against all types of malware is becoming a very important habit to have. You could lose valuable data, become a victim of identity theft, or even have your computer rendered completely inoperable. The risks are just too great these days to neglect cybersecurity.

Types of Malware

Malware is a very generic term for any computer code that intentionally does something that damages the target computer, reduces its functionality in some way, or does something the computer’s user doesn’t give it permission to do. The key is intent. Otherwise, it’s just a software bug.

Some of the more specific terms related to malware describe its purpose. Spyware is malware that tries to gather information about a computer user, such as bank account information or browsing habits. Adware is malware that shows a person a bunch of ads for the purpose of generating ad revenue. Ransomware is malware that locks your computer in some way (like encrypting your hard drive) and then demands a payment in order to unlock it.

There are many different types of malware that can accomplish each of these goals. For example, spyware can take the form of a Trojan horse or a keylogger. In addition, malware can be a hybrid of two or more types. The following are the types of malware you’re most likely to be dealing with and show up in your antivirus program’s report:

Virus

Viruses are programs that modify other files or programs by inserting its own code in them. This is how it replicates. Those “infected” files or programs become “hosts”. Viruses typically require some human action to replicate or spread to another device (like opening a file or forwarding an email attachment).

Viruses generally have three parts: a search function, a payload, and a trigger (aka logic bomb). The virus’s search function looks for things to infect. The payload is the code that the virus is supposed to deliver and execute. While some payloads are relatively harmless, such as displaying a political message, many others will harm your computer in some way. The trigger is what sets off the virus to begin its processes. The trigger could be a number of things like a particular date, having a certain file type or program on your computer, opening a file, or reaching a certain capacity on a hard drive.

Some viruses make slightly different copies of themselves to make them harder to detect. Another tactic a virus might use to avoid detection is to copy itself in the boot sector of the computer (boot sector virus). That way, it’s outside of the computer’s operating system.

Worm

Worms are programs whose main purpose is to spread from computer to computer, usually through the use of some security exploit. Whereas viruses typically need human action to spread, worms spread automatically. They might not even have a payload like viruses do. By continuously spreading over a network, it can cripple it by using up a huge amount of bandwidth. For example, a worm accesses an email contact list and sends copies of itself to each of those contacts. Then, those copies access the email lists on those computers and send more copies to each of those emails and so on.

The most common payload for worms is installing a backdoor. This backdoor allows the worm author to control the computer (a “zombie” computer). By amassing a large number of “zombies” connected to the Internet, the author forms a botnet. He or she can then use the botnet to launch other attacks like DDoS (distributed denial of service) attacks, to do click fraud, or to send spam.

Trojan Horse

Trojan horses or just Trojans are programs that hide in other files or programs and install malware when someone opens them. Often, the file or program they’re hiding in seems completely legitimate. Trojans are similar to viruses, but unlike viruses, Trojans generally don’t care about replication. Instead, they typically spread through file sharing programs, where a Trojan can be downloaded by many users, or through worms. They are the most common form of malware, accounting for about 80% of all detected malware in the world according to one estimate.

Trojans can install all sorts of malware, but most commonly, they install a backdoor or ransomware. In fact, they’re usually the way botnet controllers recruit new computers.

Rootkit

Rootkits are programs that install themselves somewhere where they load before the operating system does, similar to boot sector viruses. This can give them root access (full system control). With this level of control, they can disable programs that try to look for them or the payload they carry. This makes them very tricky to detect and remove, if it’s even possible. Sometimes, the only way to remove them is to reinstall the operating system.

They typically act as a backdoor, allowing the controller to steal or falsify information, install malware (or programs with a pay-per-install compensation model), or control the computer as part of a botnet, all while hiding these actions.

Some rootkits are beneficial. For example, a laptop may have a BIOS-based rootkit that tracks it and allows the owner to remotely disable or wipe it if it ever gets stolen.

Keylogger

This type of spyware registers the keys pressed on a keyboard and sends that information to the keylogger author. Its uses include blackmail, obtaining usernames and passwords, and obtaining other sensitive stuff like financial information. Keyloggers are common payloads for Trojans and viruses.

File-Less Malware

Most kinds of malware are file-based and spread using a computer’s file system. In contrast, file-less malware is a type of malware that exploits and spreads in memory only or spreads using non-file OS objects, like registry keys. It can be pretty hard to detect these because they often exploit tools built into the OS, such as Windows PowerShell.

Tracking Cookie

Tracking cookies are small text files that keep track of your browsing history and other website data. They are generally harmless. But since other websites can read them, it can be minor violation of your privacy.

Another problem with tracking cookies is that hackers can exploit security vulnerabilities in websites to obtain cookie data. This can let them gain insight into your browsing habits or even obtain login information.

Potentially Unwanted Program (PUP)

These programs are generally bundled with another, legitimate program. For example, when installing a program that you want, you may also asked to install another program. Sometimes, you might not even get to choose whether to install the extra program or not.

Some examples of what these kinds of programs do include displaying ads, tracking computer usage, and forcing you to go to a particular page when you open your web browser.

Tips for Securing Your Computer Against Malware

While it may be nearly impossible to defend against every type of malware out there, you can certainly reduce your risk. Defending yourself against malware requires a combination of security measures and personal caution. Here are some things you should do help keep your computer malware-free:

Get Antivirus/Anti-Malware Software

Windows 10 already has Windows Defender Antivirus and Windows Defender Firewall by default. But if you want something else, make sure it’s a well-known product that has proven performance. There are plenty of fake antivirus programs out there that claim to solve “issues” on your computer but actually just install malware.

It’s important to only have one real-time scanning antivirus program active at once. The reason is multiple antivirus programs may interfere with each other. An antivirus program monitors and sends system information, which (to another antivirus program) can look like a virus. As a result, the competing programs may try to block or remove each other. Having more than one active antivirus program may also cause issues like “double-counting” malware and using up too much computer power. You can, however, have other malware scanners installed on your computer that don’t run real-time checks. These won’t cause any issues and might even find things that your antivirus program misses. Just remember to run only one scan at a time.

Even the best antivirus programs are limited by their malware definitions. Most automatically update these, but in the cases where they don’t, you should update them at least on a weekly basis.

Make Backups

This is one of the best ways to protect your data. By making regular backups, you can survive a ransomware attack or even an attack that wipes your computer relatively unscathed. You can either make backups manually by copying your files to an external hard drive or have a cloud service back up your data for you automatically.

Keep Your Operating System and Programs Updated

Updates for operating systems usually contain fixes for security vulnerabilities. It’s absolutely vital that you update your OS with the latest updates. For example, much of the damage (if not all) from the WannaCry ransomware attack could have been prevented if the victims had updated their computers with a patch that Microsoft released months before. I always update my computer every “Patch Tuesday” (the second, sometimes fourth, Tuesday of every month when Microsoft releases updates), and you should too.

If you haven’t done so already, you should switch to the latest OS as soon as you are able. Companies, like Microsoft, don’t support their older OSs forever, so sooner or later you won’t be getting any more updates. That means your computer won’t get the latest security fixes. For example, Microsoft will stop updating Windows 7 on January 14, 2020. If you’re still using it, you should probably switch to Windows 10 before then. Or you could switch to another OS entirely and use a virtual machine for any compatibility issues if you’re really fed up with getting attacked and can handle some inconvenience.

Another thing you should also do is regularly check your programs for updates. Most of these updates fix bugs or other issues, but some may fix security vulnerabilities.

Use the Latest Web Browsers and Plugins

Similarly, you should use a web browser that has regular updates. Modern web browsers, like Microsoft Edge, Google Chrome, and Mozilla Firefox, have built-in security measures that can help you stop a malware attack.

You also need to check your plugins and extensions for updates, since outdated ones can be a security vulnerability.

Use Strong Passwords

Having a weak password can allow an attacker to gain access to you computer without much effort and put malware on it. A strong password can act as a deterrent to a would-be hacker.

Use a Pop-Up Blocker

Many kinds of malware attacks use pop-ups. It’s a good idea to get a pop-up blocker to stop these kinds of attacks if your web browser doesn’t come with one.

Enable Click-to-Play

If your web browser has this feature you should enable it. What it does is stop Flash and Java objects (ex. ads) from running unless you specifically click on them. Some malware can infect your computer through ads without you even doing a thing. By stopping them from running, you can stop this kind of attack.

Have a Suspicious Eye

Most of the time, computers get infected because their users tried (or got tricked into) visiting shady sites or downloading unknown files. You should never download any program from anywhere except trusted sites. Get it from the official site, if possible. You should also never click on any link or attachment in emails or other communications (ex. IMs, pop-ups…) from unknown sources. Even if it’s from someone you know, if it looks suspicious (ex. weird grammar, spelling, or format), double check with that person that he or she actually sent it. After all, it could be the work of a worm.

Some malware attacks come in the form of “scareware”, malware that doesn’t actually do much but tries to scare the user enough that they end up downloading some other malware. It’s typically something like “X number of problems detected. Click here to scan/fix”. It’s completely bogus, so don’t click on it.

Another similar scam is email extortion. Usually, this an email saying something along the lines of “Your email username/password is this, and I have hacked you and found so and so dirt on you. If you don’t pay X amount of money, I will tell all your contacts/report you to police”. Experts say to view these sorts of schemes with a huge dose of suspicion. Attackers can purchase email usernames and passwords from old leaked or stolen company data for cheap. And since this sort of scam is sent to thousands of people, the attackers most likely haven’t been spying on you or have access to the information they say they have (if it even exists). For instance, whenever I see something that says it has access to my Facebook or Twitter account, I just laugh because I don’t have either.

Use a Non-Administrative Account Whenever Possible

The IT world calls this practice “least privilege”. Basically, you want to give a user only as much access as he or she needs to do the job. That way, the user (or a hacker if the computer account gets taken over) can’t mess with important settings or install unwanted programs.

Limit File Sharing

File sharing is one of the main ways malware spreads. When using these programs, you could be inadvertently downloading a malicious file or you could be spreading an infected file to others. If you do need to get a file through file sharing, make sure to scan it before opening it.

Disable the AutoPlay/AutoRun Feature

Some kinds of malware hitch a ride on removable media (like USB drives) and activate when the AutoPlay/AutoRun feature triggers. Disabling the feature will prevent an infected drive from automatically infecting your system.

Avoid Using Public Wi-Fi

It may be convenient and save you some data on your plan, but it’s not a good idea to use public hotspots. First of all, by their very nature, they’re unsecure connections. This means anyone on the network can intercept and read the data you send and receive. Second, an attacker could connect to the network and start spreading malware to all other devices connected to it. It’s just not worth it.

What to Do in Case Your Computer Gets Infected

It’s unfortunate, but sometimes despite your best efforts, you still get a malware infection. Most of the time, you can just get your antivirus/anti-malware software to scan and quarantine/delete the infected files. But what if the malware infection is more serious and prevents you from even doing that?

There are a few things you can do. The first requires a bit of setup. As a general safety measure, you should always have a USB drive with your operating system’s boot files (bootable media) and up-to-date antivirus/anti-malware scanners on it. If you have this, disconnect the computer’s Wi-Fi card and enter safe mode without networking (booting from the USB). Then run the scans, one by one, and remove the malware.

If you have backups, another option is to restore the infected parts of the system using the backup. It’s possible to save the state of a computer, and if you have the state of the computer from before the infection saved as a backup, restoring your computer with it will be pretty painless.

The last option is for when the system just can’t be fixed. In this case, you’ll need to do a clean install of your OS and then restore your files from a backup, reinstall all your applications, and reconfigure your settings.