7 Types of Malware

at least to some degree. If you work for a company like mine, you'll hear about malware several times a month, as we have an extremely proactive I T security team that works hard to keep employees up to speed on the dangers of malware and the various tactics used to deliver payloads to targets. But I figure it's always good to do a quick rundown on different variations of malware and what they do. Now, keep in mind, well I'll

be talking about broad categories. You can sometimes find examples of specific malware that kind of belonged to more than one type or category. And I'm really I'm using categories that are identified by Cisco because you have to take definitions from somewhere. But as it turns out, because of these similarities between different types, you can sometimes find other companies that will define them in a slightly different way, but I figure your Cisco is a pretty good authority

to build this episode off of. Just keep in mind, if you do your own research, you might find variations on what we'll be talking about here. So starting off, before we even get into the different kinds, let's define malware, so that term is short for malicious software malware. Back in the early days of computing, I always just heard

of viruses, and you know, viruses are a subcategory. There are a type of malware, and I actually to this day still have to focus to refer to malicious software as malware instead of just doing the lazy thing and calling them all viruses. Because when I was a kid and personal computers were first becoming a thing, that's what we referred to all malicious software. It was all of virus, partly because networking was not really a thing with personal

computers in the early days. So anyway, old habits die hard. That's why I sometimes will still do it. But uh, as I said, we'll see that virus is one subset of malware. And because we're talking malicious software and not just cheeky programs that are meant to cause mischief. We typically will say that cyber criminals are the ones responsible for developing the software in the first place, and they may or may not be the same cyber criminals who

actually distribute the malware. Now, many folks will use the word hacker to stand in for cyber criminal, but I object to that because it implies that hackers collectively are bad people. But if you'll forgive me a short tangent, I'd like to explain why that's not really the case.

So the word hacker in the context of someone who works with code dates back to the late nineteen fifties and early nineteen sixties at m i T the Massachusetts Institute of Technology in other words, and it an originated of the college's Tech Model Railroad Club or t m r C. In fact, there's this humorous definition that Peter R. Sampson created for the term hack, which then could be

extended to hacker. And the definition for hack, according to Sampson, is this hack something done without constructive end, a project undertaken on bad self advice, an intrope booster, or to produce or attempt to produce a hack. So noun and a verb, and I do not wish to put words into Mr Sampson's mouth, but I believe he may be using the word entropy here to specifically refer to a

decline into general disorder. Anyway, the blossoming field of computer science took on hacker to mean people who were putting together code, sometimes fruitlessly, as they were trying to get a system to do something specific, Like they had a specific goal they were working toward, and they were hacking their way to getting that goal to come true. And you know, the early days of computer science there was a lot of trial and error when it came to

writing code that could achieve a specific purpose. There are a lot of early programs that essentially did what they set out to do, but on careful review of the code, as as Jonathan Colton might say, it is not elegant, uh, and it does not really do the goal efficiently, and that you know, it's it's really a poorly programmed piece of code, except for the fact that it actually does

achieve what it set out to do. Now, later on, the word hacker would be used to describe curious folks who just wanted to know how different technological stuff works, like, for example, how does a telephone network route calls. These

hackers would explore technology and technological systems. They would learn all about the quirks of those pieces of tech, you know, what made them tick, and perhaps most importantly, how to make the tech do stuff it wasn't necessarily intended to do, Because there's something really satisfying about figuring out a way to achieve a result using tech that wasn't you know,

built to do that thing. It I think it kind of taps into the same part of our brains for the people who really enjoy doing things like designing Rube Goldberg devices. Those are those needlessly complex devices that are

designed to carry out some uh trivially simple task. Well, I think the same thing that that pleases folks who really love Rube Goldberg devices is what pleases people to learn how the system works and then find ways to exploit it to do something different, not necessarily something bad, but different anyway. The word hacker really is more general than the specific use case of, you know, people who make malicious software, or even person who wants to infiltrate

a secure system. There are hackers who fall into those subcategories, but I wouldn't use hacker as a broad stroke brush to say person with malicious intent. Um, but frequently that's how we encounter the word in the media. And you know, language is fluid, Language does evolve, so it could very well be that I'm trying to hold back a flood

and I should just accept that. Hacker effectively now means jerk face who wants to ruin your day, or maybe ruin your computer, or maybe the company you work for, or maybe the country you live in. It can get pretty scary. Now, one other thing before we start to dive into the categories. The folks who distribute malware are not necessarily the same folks who built the malware. They can be, but they don't have to be. There are

malware programmers for higher out there. We could actually call them hacks, because one of the definitions of hack is a person who does you know, work for higher It's kind of like the gig economy, and often we associate it with someone who does, you know, like bare minimum quality work and does a lot of it in order to make a living. So like a hack, writer is someone who generates an awful lot of writing but isn't

necessarily deeply concerned about the quality of their work. So we could refer to these malicious coders for higher as hackers in that sense, slightly different context from what we

were talking about earlier. Now, these programmers go on to create malicious software and then frequently they will sell it on a dark market, like on the dark Web, where people are are looking for pieces of malware that they specifically want to use to target either a specific target or general target, and they have a specific goal that

they want to achieve. Uh. Sometimes they'll even make a software available for free for distribution, but more often than not you'll find it as like a pay for tool, a weapon you can use in your arsenal. Now, often cyber criminals who purchase these pieces of malware will then go on to tweak that malware put their own spin

on it. So very frequently we will find lots of variations of certain types of malware, and if you do a forensics investigation into the malware, you will discover that there are some common threads of DNA among different types of malware. That can also be useful because if there are common elements between different distributions of malware, it can be easier to scan for that malware and detect it

before it does too much damage. Um, the more different a version is from its origin point, the more likely it is going to escape immediate detection. This is one of the reasons why anti virus software, which we will talk about towards the end of this episode, is really important because we get new variations on old malware all the time, and if it's if it's a dramatic enough departure from the original piece of malware, your anti virus program may not pick up on it. So these things

have to be you know, investigated and then updated frequently. Okay, I think we have laid all the groundwork we need to lay. When we come back, we're gonna start with the various types of malware and we'll we'll get it going with a good old computer virus. But first let's take this quick break, all right. As I said, we're going to start with the computer virus. So the heck

is a virus within the context of malware. So a virus is a piece of malicious software that gloams onto a file that supports some form of macros like you know, most document files do this, and so this this malicious code is piggybacking on top of a file and it is like a virus inside of a host. The host in this case is the file that contains the malicious code, and when someone opens up that file that has the

virus attached, it can activate the virus. So the file that you're opening appears to be legit or safe, but the malicious code that's within the the file then gets to run rampant on your machine. Now, the goal of your typical virus is to disrupt a computer system in some way. Now may do this by placing a very large demands on computer memory. So now your computer can't really run anything properly because it's memory is completely taken

up by dealing with this virus. Or it might replicate itself and or otherwise replicate nonsense information and fill up your computer storage with garbage data. And it may even overwrite files so that you can no longer access key data or programs. That kind of thing. By the way, overwriting files, that's like scorched Earth policy, because if you

delete a file, it doesn't actually leave your machine. The deleted file is essentially marked by your computer as this area of storage is now available, so we can write over it if we want to. But if you haven't overwritten anything. You can still retrieve deleted files. Overwriting files makes retrieval way more difficult. There are entire forensics companies out there that will take great strides to try and

retrieve information from overwritten files, but it's very hard to do. Uh. A common feature of computer viruses is that they do self replicate. That is a pretty standard uh component of of computer viruses, and again they typically do that to kind of gum up with a computer with copies of itself. Okay, next up, let's talk about trojan's sometimes also called trojan viruses. They do share some similarities with your bog standard viruses that we just talked about. A trojan is malware disguised

as a legitimate file or program. So maybe you are prompted to download a video player because you're trying to play some sort of online content online media, but you're getting a message saying, hey, you need to download this media player if you want to watch this. Well, in some cases, not in all of them. Sometimes this is a legitimate message, but frequently this is a tactic that criminals use to convince you to download a file that's

acte a trojan that's housing malicious software. Back in the heyday of media piracy, there were lots of trojans disguised as useful programs, so everything from pirated video games, to productivity software suites, to even anti virus packages. Clever go you would go and say, Hey, I don't want to pay for this expensive piece of software, I'm gonna find it online for free. There was a chance that the free version you found was actually a trojan that was

housing malicious software. Now, typically once a person downloads the trojan and then activates it, the trojan jumps in to get access to sensitive data on the computer or computer device. It might have some code that sends that data back to the jerks who distributed the malware in the first place. That kind of falls into another category we'll talk about a bit later. So in those cases, the militia software is collecting information that someone else should absolutely not have

access to. Could be your personal information, could be stuff like your bank account, could be your medical records, could be any combination of these, could be everything on your computer. Really Now, something else that a trojan virus might have within it is what's called a root kit attack. So root kit it's attacking the root of your operating system and the purpose of this is to give a cyber criminal access to your machine, almost as if the cyber

criminal was sitting down at your keyboard directly. And when a criminal gets administrative access to a computer, that's super bad news. It can also lead to the criminal not only just compromising one machine, but potentially launching attacks on connected systems, so networked devices that that machine can is connected to that could be the next vector of attack. Trojan malware is often the delivery system for other specific

subcategories of malware, such as ransomware. So let's go ahead and do that one now because it is so closely connected. So this is category number three. We've had virus, we have trojan virus. Now we have ransomware. And it's been in the news a lot over the last couple of years. There's been some high profile ransomware attacks over the last

few years. And it's similar in many ways to viruses, and that the goal is to cut off access to important programs, files, folders, entire directories, that kind of thing. But the way it goes about this is slightly different from viruses. So once ransomware has been injected into a computer system, it will run an encryption program and it will encrypt data on part or all of the computer system.

Often it will encrypt data on any part of the computer system it can get access to, so the computer's user will be unable to access those encrypted files because to the computer all that data will just appear to be gibberish. It won't look like useful files or programs,

it will just look like random data. And the companying message will alert the user that some criminal has locked away important stuff on this computer and that only by paying a ransom, typically in some form of cryptocurrency, will the user regain access to their programs and files. This can also end up being a type of blackmail as well for personal stuff. Like let's say that you have

your computer. You're not necessarily part of some big company, but you get by ransomware, and the people who have locked away your data are saying, hey, if you don't want sensitive stuff on here leaked to the public, you've gotta pay me. So that this can also come in the form of blackmail. Well, what they're saying is if you pay us, then we will give you the key

that will allow you to access your programs and files. Again. Uh, so the criminal can grant access by sharing this mathematical key, and that does allow for decryption, you can reverse the encryption process and regain your files and programs and turn it back into useful stuff. So the criminal is essentially holding a user's programs and files or directories or whatever hostage until they get paid a ransom. Now I've said this many times on tech news episodes, but it bears repeating.

It is pretty much always a bad idea to pay the ransom. It can be very hard to resist the urge to pay to get to regain control of your systems, but it's bad to do because paying reinforces that method of attack. If criminals see that ransomware can make them money, even if it only works one time out of five times or anything like that, well that could be enough to keep these attacks going. It's it's proven to work,

so they're going to keep doing it. So paying ransoms really just ensures that more attack X will follow in the future, maybe not directly against you, but definitely against others. Also, another thing you need to keep in mind is the victim can never be really sure that the criminal is actually going to hand over the key needed to decrypt the data. They could just take the money and run and leave you with an encrypted system and then you

don't really have any options. You can try and decrypt it, but like decryption programs can take a lot of computational processing and a ton of time. This is one of the things that quantum computers will completely transform in the future, but we're not there yet. Well, criminals could do that.

It is risky for a criminal to just take the money and run because if folks figure out who carried out the attack, even if it's just like in general terms, like you kind of know what hacker network was likely responsible for the attack, well, that sends a message to future victims that even if they pay the ransom, they'll still get stuck. So there's no point in hang. So criminals are not likely to hold back on it, but

it is a possibility still. It's always a bad idea to really pay the ransom, but it can be difficult to hold off. Criminals like to target companies and organizations that have critical sensitive data on them, which obviously ups the stakes considerably. So hospitals and other healthcare facilities are frequent targets because there are literal life and death situations connected to that data. It is not easy to deny a ransom. When you think that people's lives literally hold

in the balance, that's a difficult thing to do. Um The same can be said of a lot of government agencies that have really sensitive information that they need access to. It is difficult to resist paying that ransom. There are a lot of potential ways that ransomware can find its way onto a system, from targeted attacks to more kind of broad approaches, like a phishing scam can be a

very broadway to get ransomware onto machines. If you don't know what fishing is, then you are a sweet summer child, and I really hate to chip away at your innocence.

But a phishing attack is when criminals create what seems to be a legitimate message, or legitimate website or email, that kind of thing, but it actually directs people to either voluntarily give up information that they should not give up, such as like a bank account number and log in information, or it will direct people to a link that will have them download the malware. Okay, we've got a couple more types to talk about, but before we get to that,

let's take another quick break. Okay, next up, we're gonna talk about worms so not the squiggly little guys who live in apples and that kind of thing. We're talking computer worms. And a computer worm is malware designed to replicate itself very quickly and then to spread across numerous connected devices on a network. So it's only job really is to replicate and infect, and to do that as as widely and quickly as possible. So if one machine on a network gets hit, others on that same network

are in immediate danger. But how does the initial attack happen? How does the worm get on you know, patient zero in the computer network. Well, unlike a virus, a worm doesn't rely on a host file in order to execute its attack, So this isn't a case where a file like a PDF or something happens to be carrying a worm as well. The worm can infect through a direct download, or it can be injected through some other means, such

as on a USB drive. By the way, just in case you haven't heard this for a while, never connect some found USB drive to your computer. You never know if the drive on that USB drive has some executable code on it that's just waiting to infect a network. Anyway, once the worm is on an infected system, it copies itself and sends those copies to other machines on the network, all with the goal of disrupting operations and or destroying data in the process. So those are also bad news.

The next two types of malware are very similar, so we're just gonna put them together. We're talking spyware and add ware. So spyware, as the name suggests, is this malicious software that runs in the background on a machine, real secret like, and then it sends information back to a remote user. You heard me talk about this kind of with the trojan viruses. Spyware can be delivered via trojan and the whole purpose is to send sensitive information

back to the criminal. So spyware can also include specific stuff like key loggers. These are programs that, as the name suggests, record or log every single key stroke made on a computer, so the criminal back home can use that information to figure out stuff like log in credentials, you know, banking information, all sorts of stuff. Well made spyware will not alert the target that something is wrong. It doesn't necessarily impact computer performance that much, at least

not to a noticeable degree. So the goal is to stay under the radar for as long as possible to get as much information as possible. This, by the way, is why I say that James Bond is a terrible, terrible spy. I mean the guy goes around and introduces himself everywhere he goes. He violates like rule number one

of spy ishness, so that spyware. But then what is adwere well, similar to spyware, adware monitors your computer use, but instead of using the information to steal your personal details or gain access to your accounts, adware is spying on you in order to serve up more applicable ads to you. This can include stuff like even hijacking your web browser so that when you open up your web browser, your homepage is no longer whatever it was before, but now it goes to some other site that's connected to

the adware creators or their distributors. This can also lead down pathways to other types of malware, so adware, while it is not necessarily malicious on its own, can lead you to downloading stuff that is malicious. Um and as much nastier machines can also get bogged down with adware. So even if it's not outright malicious, if a lot of different adware gets on your computer, it can start

to affect your computer's performance over time. So because it has been used for malicious purposes, because it's often part of the the entire strategy of attack that that criminals are using, it gets lumped in as a version of malware, so it's it's not necessarily malicious, but it's used frequently enough to be included on lists of malware. And finally, the last version we have is called fileless malware. Now, as that name alright says, this malware is not attached

to some sort of file that you download off the internet. Instead, this malicious code lives in computer memory, so as long as the computer is on, the code can do whatever it was designed to do. You know, malware does different things depending upon the attackers goals, but it just lives in your computer memory, which means that if you reboot your computer, while rebooting clears computer memory. Right. Memory is volatile, meaning that when you turn off your machine and then

turning back on, well, the memory has been wiped. It was it was white clean as soon as you turned it off, and when you turn it back on, you've got a blank slate. That's good in the sense that you could then eliminate the malware that was living in your computer memory, but it also erases all trace of the fileless malware, so it makes investigating and computer forensics

really challenging. There are ways, by the way, that cybercriminals create to create persistent fileless malware, where then involves infecting some element of your computers operating system so that every time it boots up, it injects this malware back into computer memory. So there are those versions as well. Those obviously are easier to investigate because if you find that that root code in the operating system, you know what's happening.

But how do you inject malicious code into computer memory to start with? There are actually a lot of potential delivery systems, including piggybacking onto other types of malware, so that that's one possibility, But another one is to leverage vulnerabilities in known legitimate pieces of software. These kind of exploits allow criminals to lean on trusted code to deliver malicious payloads, and we've seen an increase in that kind of activity over the last couple of years. It's really insidious,

right because you trust the software. It's software from a legitimate source. It is not designed to be malware. It's maybe it's productivity software, maybe it's you know something, It could even be something that your your organization has installed onto your work computer. Right, you might not have had

any hand in that. But if there's a vulnerability in there that has not yet been patched out, and a criminal figures out how to exploit that to deliver payloads, that can be the vector where you get things like fouleless malware injected into machines. There's really nothing you can do about it because the the solution is further up the chain. It's over with the the designers of that that software that's been exploited, and you need to get an update patched out to fix that problem, and that's

not up to you most cases. So that's really the breakdown of the different types of malware. As I mentioned, the delivery systems for these attacks are varied. You can get these types of malware in various ways. There's no single vector that's used by each and they can also be used in combination with one another. So how do you protect yourself against all these kinds of malware? Well, one thing to do is to practice good computer security etiquette,

which includes careful web browsing. That means, you know, you make certain that the sites that you're visiting are legitimate and you're not just clicking on random links that have been sent to you from like strange email addresses or messaging services or something like that, or even text messages. I get a lot of uh spam text messages now that are clearly attempting to get me to visit some link and are a phishing scam. Uh. Same with email.

Gmail in particular, A lot of phishing attacks have been coming to my Gmail address, and Gmail usually was pretty good at weeding those things out, but every now and then I get a new kind of slate of of clearly clearly they're phishing attacks. They're not well made because if you even just look at the scent field, like who these emails are going to, you'll see like, oh, they're literally just doing a dictionary attack of email addresses,

and mine just happens to be in that list. So this is not some sort of personalized message, but it is a way of trying to cast a very wide net and at least get a few bites where I guess that's mixing metaphors. But if you catches in that in that effort um. But that's not the only thing you need to think about when it comes to good

computer security etiquette. Another is being super careful about who you allow to access your physical computer, because a lot of the quote unquote hacking attacks that we hear about are not actually the result of some hoodie wearing hacker wearing fingerless gloves and tapping away on a keyboard in a dark room somewhere, their face only lit by the screen across from them. Instead, a lot of the hacking attacks are carried out by people who just get physical

access to machines. Typically they do this by posing as someone like an I T professional who comes around and says, Oh, I need to update your computer with this new security package or new software update, something like that. That's a

very common way to get access to a machine. So it's always vitally important to verify that someone who's claiming to be updating your machine is actually who they say they are, that they are authorized to do this before you allow it to happen, because countless attacks start through this very kind of social engineering, rather than you know, trying three times to guess the password and getting it right on the third time. Anti virus software is also

an important piece um. This kind of software can affect computer performance during scans in particular, and I know that gets frustrating, but it's still a good idea to have it. Essentially, anti virus software typically refers to a library of known malicious code. So there's this growing database of all the kinds of malware that have been found out in the wild and identified by various security experts. So that library

is updated frequently. No matter which anti virus software you're you're subscribed to or using, they are relying on a library like this. Some of them are updated more frequently than others. Some of them are better and have more examples than others because new code is constant a being

churned out as far as malware is concerned. So your antivirus programs scans your computer for evidence of these examples of known malicious code, and if it finds one, it will sequester and isolate that code to mitigate any harm, and often will automatically remove the code as well. Some programs might actually require you to give the command to remove the malware, but it will isolate it so that it can't do any more harm. And I know that

a lot of antivirus programs can get expensive. Goodness knows that they can really be obnoxious. Once your subscription is starting to get close to the end, you'll just get notification after notification of hey, your protection is expiring, do you want to renew? But they really are a good component for computer security. UH. They're also free antivirus programs out there, and you know they vary in quality, but really some protection is better than no protection at all.

So if you can't afford to subscribe to a like big name UH provider like Caspersky or Norton or something like that, then you can at least look for a good free anti virus suite out there. Also, would the operating system that you use on your device will be a big factor as to whether or not you should really have anti virus on there. I I honestly think that for pretty much any device outside of iOS, you need anti virus. iOS you really don't, but everything else

you you kind of do. However, that being said, if you use a Windows based machine, you absolutely should have antivirus software on there. And the reason is not because Windows is just inherently more vulnerable than other platforms. Although

you know mac OS is locked down pretty tightly. It's because there are more Windows based machines out there than anything else, which in turn means that when criminals are designing malicious software, they want to have the biggest impact they can possibly have, So they're going to be programming their malicious software for the platforms that are the most plentiful out there. When it comes to things like personal computers and work computers, that tends to be Windows based machines.

So when you know that most of the malicious software out there is being written for Windows devices and you use a Windows device, then in turn tells you you should probably have antivirus software installed on your machine just because you're more likely to be a target. Um, but you know there are other platforms out there and they

are not immune. Mac operating system, while it has a great reputation because Apple really locks down its system and makes it very difficult to gain access to it, there are still examples of malware written specifically for Mac OS, and they have been on the rise in recent years. Uh, there were years where Apple was enjoying security through obscurity to some extent, meaning the US there were so relatively few Apple devices on the market malware authors weren't really

targeting those machines. But then but that that's no longer really the case. And as I said, while Apple takes a very lockdown approach compared to the much more open approach to seeing things like Linux and Windows based machines, it is not immune to malware. There are people who still think that max are immune to malware. They are wrong, so keep that in mind too. Anyway, that's the rundown on the types of malware, and my my cry for UH people to install antivirus software on their machines and

practice good computer security. There are other things you can do. Having a firewall installed on your network is really important. UM Using VPNs is a good idea too in many cases, like the combination of VPNs and anti virus are good ways to stay protected. Depending upon the nature of what you do on your computer, you probably want to use

a VPN and anti virus software to protect yourself. This includes companies that you know are allowing workers to work remotely and deal with sensitive information that the company does not want to leave company computers. These are important things to keep in mind. So I just wanted to do that. This was going to be a tech Stuff tidbits. But we're coming up close to forty minutes at this point,

so once again I babbled too much. But if you have suggestions for topics I should cover in future episodes of tech Stuff, whether it's a technology personality and tech maybe it's a specific gadget and it's evolution that you would like me to talk about. Anything along those lines, anything really tech oriented or how tech impacts us in our lives, I'm happy to hear it. You can reach out to me in a couple of different ways. One way is to download the I Heart Radio app. It

is free to download, it's free to use. You can navigate over to the tech Stuff part of the app just by typing tech Stuff into the search field. There's a little microphone icon there. If you click on that, you can leave me a voice message up to thirties seconds in length, and if you like, you can even indicate if I can use the voice message in a future episode of tech Stuff. I will never use any

voice message unless I get your express permission. You have my word on that, because I mean, I know I wouldn't want someone to play a message just because I said something into a microphone unless I intended that message to be played, which is a good thing considering what I do for a living, or if you prefer not to speak into a microphone, which is total legit. You can still reach me on Twitter. The handle for the show is tech Stuff hs W and I'll talk to

you again really soon. Text Stuff is an I Heart Radio production. For more podcasts from I Heart Radio, visit the i Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.