Can You Tell a Worm from a Bot?

You might think your computer network has been infected by a virus when it’s really suffered a Trojan attack.

And what you might think is an outside hack may actually be an inside job perpetrated by adware.

When your system has been breached, it’s important to accurately identify what has happened. Words matter when it comes to cyber-security.

“People tend to play fast and loose with security terminology,” writes Roger Grimes for CSO. “However, it’s important to get your malware classifications straight, because knowing how various types of malware spread is vital to containing and removing them.”

Malware is a catch-all term to cover any type of software program designed to cause harm to a single computer, server or network. But the fix for one type of malware might not work for another. And not all off-the-shelf anti-virus programs are up to the task.

Five Common Cyber Threats

Following are excerpts from a “malware bestiary” compiled by Grimes:

1. “Most malware programs aren’t viruses. A computer virus modifies other legitimate host files (or pointers to them) in such a way that when a victim’s file is executed, the virus is also executed. Pure computer viruses are uncommon today, comprising less than 10 percent of all malware. That’s a good thing: Viruses are the only type of malware that ‘infects’ other files. That makes them particularly hard to clean up because the malware must be executed from the legitimate program. This has always been nontrivial, and today it’s almost impossible. The best antivirus programs struggle with doing it correctly and in many (if not most) cases will simply quarantine or delete the infected file instead.”

2. “Worms have been around even longer than computer viruses, all the way back to mainframe days. Email brought them into fashion in the late 1990s, and for nearly a decade, computer security pros were besieged by malicious worms that arrived as message attachments. One person would open a wormed email and the entire company would be infected in short order. The distinctive trait of the worm is that it’s self-replicating. Take the notorious Iloveyou worm: When it went off, it hit nearly every email user in the world, overloaded phone systems (with fraudulently sent texts), brought down television networks, and even delayed my daily afternoon paper for half a day. What makes a worm so devastating is its ability to spread without end-user action. Viruses, by contrast, require that an end-user at least kick it off. Worms exploit other files and programs to do the dirty work.”

3. “Computer worms have been replaced by Trojan horse malware programs as the weapon of choice for hackers. Trojans masquerade as legitimate programs, but they contain malicious instructions. They’ve been around forever, but have taken hold of current computers more than any other type of malware. A Trojan must be executed by its victim to do its work. Trojans usually arrive via email or are pushed on users when they visit infected websites. The most popular Trojan type is the fake antivirus program, which pops up and claims you’re infected, then instructs you to run a program to clean your PC. Users swallow the bait and the Trojan takes root. Trojans are hard to defend against for two reasons: They’re easy to write and spread by tricking end-users — which a patch, firewall, and other traditional defense cannot stop. Malware writers pump out Trojans by the millions each month.”

4.      Hybrids and exotic forms. “Today, most malware is a combination of traditional malicious programs, often including parts of Trojans and worms and occasionally a virus. Usually the malware program appears to the end-user as a Trojan, but once executed, it attacks other victims over the network like a worm. Bots are essentially Trojan/worm combinations that attempt to make individual exploited clients a part of a larger malicious network. Botmasters have one or more ‘command and control’ servers that bot clients check into to receive their updated instructions. Botnets range in size from a few thousand compromised computers to huge networks with hundreds of thousands of systems under the control of a single botnet master. These botnets are often rented out to other criminals who then use them for their own nefarious purposes.”

5.      Adware.  “If you’re lucky, the only malware program you’ve come in contact with is adware, which attempts to expose the compromised end-user to unwanted, potentially malicious advertising. A common adware program might redirect a user’s browser searches to look-alike web pages that contain other product promotions.”