Email share button Facebook Share Button Twitter Share Button Reddit Share Button

As an Amazon Associate I earn from qualifying purchases. All product links on this page are monetized.

Light Theme · Darkish Theme

What is Malware?

Skull and crossbones in a magnifying glass scanning random data blocks

Malware is computer geek slang for "malicious software." It's a catch-all term for code designed to harm your computer in some way, gather personal data about you, destroy your data or hold it for ransom, inundate you with advertising, or use your computer for some unauthorized (and possibly illegal) purpose.

There are many different kinds of malware that traditionally have been classified under different headings depending on finer points of the malicious code that only geeks could easily understand. If you've ever taken your computer to a shop to have a virus removed, and then had to suffer through the technician's explanation that what you actually had was a worm, not a virus, and how a worm is different from a virus, then you'll know what I mean.

On this page, I'm going to take a different approach that focuses on what these various forms of malware actually do to a computer. Understanding what different kinds of malware do is the best way for ordinary users to be on the lookout for malware, to protect themselves from malware, and to devise a recovery plan to put into action if malware ever does strike their computers.

Let me explain it to you.

 

Different Kinds of Malware

True Computer Viruses

A true computer virus, as first defined by Fred Cohen in 1983, is "a program that can infect other programs by modifying them to include a possibly evolved copy of itself." In other words, a computer virus attaches itself (infects) other files and is capable of replicating itself and spreading to other computers.

The take-home here is to be suspicious of software from unknown and untrusted sources. "Cracked" (pirated) software, for example, is notoriously likely to contain viruses.

Trojan Horses

For purposes of this page, a Trojan horse is any program that arrives disguised as another program. The technical definition is more complex, but my simple definition will do for the average user.

The malicious payload carried by a Trojan horse can be literally anything. The only common factor is that it will arrive disguised as something else in the hope that the innocent user will install the malware. Once installed, the malware can execute with the logged-in user's privileges, which typically are quite high on freestanding Windows computers.

Aggressive Adware

There are many legitimate free programs that are funded by advertising and are not considered malware. Whether you want to install them is up to you.

Aggressive adware refers to malware that basically turns your computer into an advertising machine, with frequent pop-ups usually targeted to you based on your use of the computer. It usually is installed as part of a "free" program downloaded from the Internet; and usually is not technically illegal because the user consented to the EULA without bothering to read it.

Browser Hijackers

Usually installed as part of useless "toolbars," browser hijackers typically have two modes of malicious action. One is to replace ads on sites you visit with their own, essentially stealing revenue from the sites' publishers. The second is monitoring your Internet activity so they can sell it to the highest bidder for advertising purposes. Typically this is not illegal because, you guessed it, the user gave their permission.

Another type of browser hijacker is one that installs silently and exists for the purpose of gathering information about you for identity theft. These hijackers are obviously illegal.

Ransomware

Screenshot of Petya ransomware ransom demand

Ransomware is malicious software that encrypts the data on a desktop computer or server, including poorly-secured backups, and demands a ransom from the user or business for a key that will (supposedly) decrypt the documents. In most cases, the documents will be literally impossible to decrypt without the key.

The ransom is always demanded in Bitcoin or another cryptocurrency because it is almost impossible to track. There is no guarantee that paying the ransom will actually result in getting your files back, but usually you will. Even criminals need to worry about reputation. If people don't get their data back, they'll stop paying the ransom.

Ransomware demands tend to be targeted at big businesses and organization more so than individual users or small businesses. The people who put this stuff out there aren't interested in chump change. They want victims with deep pockets.

Keyloggers and Password-Stealers

One very dangerous form of malware attempts to harvest the user names and passwords that you use to access Web sites, especially banking and other financial institution sites. These malicious programs usually infect your computer by way of malicious Web sites, bogus system updates, infected pictures or video files, infected Flash movies, Email attachments (especially "chain" emails) or "free" software.

Screen and Webcam Recorders

This form of malware usually sits around waiting for the user to visit a porn site, and then records both the porn on the user's screen and the user, shall we say, enjoying the porn. The recordings are then used to blackmail the user.

A cottage industry has grown alongside screen and webcam recorders. Malicious actors will send "sextortion" Emails to random users claiming to have videos of them pleasuring themselves to the most vile forms of pornography, and demanding payment to destroy the videos. Payment is almost always demanded in the form of Bitcoin.

Spambots

Spambots infect your computer for the purpose of sending spam. They install a mail server on your computer and typically send tens of thousands of spam Emails per hour, until your ISP cuts off the connection. Spambots usually arrive on your computer by way of an infected Email attachment, but can also be installed when you visit a malicious Web site. Very often the spam that your computer sends will also contain the malware, so recipients computers' will also become part of the spammer's botnet.

The reasons spammers like using strangers' computers to send spam are that botnets can grow very quickly, allowing more spam to be sent; and that when the spam is reported, it will track back to the infected computers' IP addresses, not their own.

Pornbots

Basically the same as spambots except that they serve porn. Some porn sites do this to reduce their bandwidth costs. The pornographic videos, which require a huge amount of bandwidth, are served from infected computers and embedded into the pages on the porn sites. The infected computers basically become a content-distribution network devoted to porn.

Pornbots are usually installed as part of "browser extensions" needed to view porn on a site. Because the users consent to the installation, pornbots technically are legal as long as the porn itself is legal. (They almost always will violate your Internet provider's Terms of Service, however.)

Illegal Content Servers

Some malware is designed to hijack a user's computer for the purpose of serving illegal materials such as child pornography, bomb-making plans, or terrorist communications and propaganda. This sort of malware usually uses variants of open-source file-sharing software that install silently and run without the user's knowledge -- until the FBI shows up at their door.

Most cases of this sort of infection result from sharing files over the Internet. A requested file may include code that silently opens another instance of the file-sharing software being used, or installs a similar version that runs under the virus scanner's radar. Other routes of infection include malicious Web sites, unsecured wireless networks, and mail attachments.

 

Now that I've explained the different kinds of malware to you, please feel free to visit this page, where I'll explain how to protect your computer from malware.