Malware is malicious software designed to carry out harmful activities on targeted victim machines, or networks and organisation's. Its main function includes: Stealing sensitive information, disrupting system operations, gaining unauthorized access, extorting money, or causing other forms of damage.
Typically spreads through infected email attachments, compromised websites, or vulnerabilities in software or operating systems. Protection against malware involves employing security measures such as antivirus software, firewalls, and regular software updates to prevent infections and minimize the impact of attacks.
Computer Viruses:
Viruses are malicious programs that attach themselves to legitimate files or programs and replicate when those files are executed. They can spread through infected files, email attachments, or removable storage devices. Once activated, viruses can modify or delete files, corrupt data, or cause system crashes. Some viruses also have the ability to hide themselves and evade detection by security software.
Computer Worms:
Worms are standalone malware programs that replicate themselves and spread to other computers on a network. They often exploit vulnerabilities in network services or operating systems to propagate. Unlike viruses, worms do not require a host program to spread and can self-replicate across networks without user interaction. Worms can cause network congestion, degrade system performance, and disrupt critical services by consuming bandwidth and system resources.
Trojan Horse:
Trojans, named after the Trojan horse from Greek mythology, disguise themselves as legitimate software or files to trick users into executing them. Once activated, Trojans can perform various malicious actions, such as stealing sensitive information, installing backdoors for remote access, or downloading and executing additional malware. Trojans are often distributed through email attachments, malicious websites, or software downloads from untrusted sources.
Ransomware:
Ransomware is a type of malware that encrypts files on a victim's system and demands payment (usually in cryptocurrency) in exchange for the decryption key. It can encrypt files on local drives, network shares, or cloud storage, rendering them inaccessible to the user. Ransomware typically displays a ransom note with instructions on how to pay the ransom and receive the decryption key. Victims are often pressured to pay the ransom to regain access to their encrypted files, although there is no guarantee that payment will result in decryption.
Spyware:
Spyware is software that secretly monitors and collects information about a user's activities without their knowledge or consent. It can capture keystrokes, record browsing history, track mouse movements, and capture screenshots. Spyware often runs in the background without detection and can transmit the collected data to remote servers controlled by attackers. Spyware is commonly used for advertising, identity theft, corporate espionage, or surveillance purposes.
Adware:
Adware is software that displays unwanted advertisements to users, often in the form of pop-up windows, banners, or browser redirects. While not inherently malicious, adware can degrade system performance, consume bandwidth, and compromise user privacy by tracking browsing habits and collecting personal information. Adware is often bundled with free software downloads or distributed through deceptive advertising tactics.
Rootkits:
Rootkits are stealthy malware programs designed to hide their presence and maintain privileged access to a computer or network. They often modify system files, kernel components, or boot sectors to evade detection by security software. Rootkits can provide attackers with persistent access to compromised systems, allowing them to execute malicious commands, steal sensitive information, or launch further attacks without being detected.
Botnets:
Botnets are networks of compromised computers (bots) controlled by a single entity (botmaster) known as a command-and-control (C&C) server. Botnets can be used to carry out a variety of malicious activities, including distributed denial-of-service (DDoS) attacks, spam email campaigns, click fraud, and cryptocurrency mining. Botnets are often assembled by infecting large numbers of computers with malware, such as worms or Trojans, and recruiting them into the botnet network.
Keyloggers:
Keyloggers are software or hardware devices that record keystrokes typed by a user, capturing sensitive information such as passwords, credit card numbers, and login credentials. Keyloggers can operate at the software level, intercepting keyboard input before it reaches the operating system, or at the hardware level, logging keystrokes directly from the keyboard hardware. Keyloggers are commonly used for credential theft, espionage, or surveillance purposes.
Backdoors:
Backdoors are hidden entry points into a system that bypass normal authentication mechanisms, allowing attackers to gain unauthorized access and control. Backdoors are often installed by attackers to maintain persistent access to compromised systems for future exploitation. They can be created by exploiting vulnerabilities in software or operating systems, or by installing malicious software that provides remote access to attackers. Backdoors can be used to steal sensitive information, execute malicious commands, or launch further attacks on other systems or networks.
How to recognize malware?
Scenario 1:
Your computer experiences a significant slowdown in performance, with programs taking longer to load and respond than usual. Upon checking the Task Manager or Activity Monitor, you notice unfamiliar processes running in the background, despite not installing any new software. Additionally, you receive frequent pop-up notifications warning about system errors or security issues, and files and folders disappear or become corrupted unexpectedly. These signs indicate a potential malware infection, such as a virus or trojan, compromising system integrity and stability.
Scenario 2:
You observe unusual behavior in your web browser, such as frequent pop-up ads appearing regardless of the websites you visit. Additionally, your browser's homepage has been changed without your permission, and new toolbar extensions or plugins have been installed automatically. Despite your efforts to revert these changes, they persist.
Moreover, your computer's performance has significantly decreased, with frequent crashes or freezes when using certain applications. These symptoms indicate a potential infection of adware or potentially unwanted programs (PUPs), which are types of malware designed to display intrusive ads and modify browser settings. Recognizing the sudden appearance of unwanted ads, unexpected alterations to browser settings, and performance issues can help identify the presence of malware on your device.
Happy Learning !!