Malware, short for malicious software, is a kind of software that can be installed on a computer without approval from the computer's owner. There are different kinds of malware that can hurt computers, such as viruses and spyware. These programs can steal passwords, delete files, collect personal information, or even stop a computer from working at all. Computer security or anti-malware software is usually good at stopping malware from installing itself. When security software isn't installed, malware can get into the computer. Getting rid of malware can be difficult, even when using programs designed to remove it.
History[change | change source]
People first started writing malware in the 1970s and early 1980s. Computers were very simple then. They did not have any interesting information for malware to take. Instead, people wrote malware for fun or just to show that they could. Even the most common piece of malware from this time did not do damage to people's computers. In fact, malware was so rare that the word "malware" was not coined until 1990.
More people started using the computers in the late 1990s and early 2000s. Computers were getting more complex just as fast. People saw that they could use malware to get useful information now, like passwords and credit card information. So, more programmers started writing malware. The number of malware programs on the Internet has grown very quickly ever since then the late 1990s and is still growing today. Experts think that 31.5% of the world's computers have some type of malware installed.
Purposes[change | change source]
The main reason people write malware is to hurt others and make money, usually by stealing or deleting important information. The Cryptolocker computer virus, for example, makes it so a person cannot use their own computer until they pay the malware writers for a software key to unlock it. Another virus, CIH, tries to make it so the victim can never use their files or turn on their computer again. Malicious keystroke logging software remembers everything a user types in and gives it to the malware author to read.
World governments have written malware to hurt their enemies. Experts think that the United States government made a virus named Stuxnet to stop an important place in Iran from working. The Chinese government probably used a virus to stop people from protesting its decisions.
How malware gets installed[change | change source]
There are a lot of ways malware can get onto someone's computer. One common way is through email attachments. These attachments are usually sent from other computers that already have malware on them. When someone downloads and opens the attachment, the virus installs and uses their computer to send itself to even more people.
Another way malware installs itself is when a victim gets malware just by going to a website with the malware hidden on it. This is called drive-by downloading. A user does not have to click anything for their computer to get infected from a drive-by download. This kind of malware attack is usually found on websites that are not used a lot or whose security methods are very old. However, even current websites that people use all the time can host drive-by downloads when someone hacks the site.
People who write malware also get their programs onto computers by attaching them to real programs that people want. This is most common with pirated programs. This is because the downloader was doing something illegal and cannot complain to the authorities without getting in trouble themselves. However, some non-piracy websites also put malware (or other unwanted programs that are almost as bad as malware) in a download with real, legal software in a process known as bundling. Computer security experts complain about websites that bundle real software with malware. Their complaints do not always stop the websites from bundling.
Kinds of malware[change | change source]
There are many different kinds of malware. Each acts a different way.
- Viruses are a kind of malware that need a user-run program to work. They cannot copy themselves or move from one computer to another without a program to host it. Viruses are very common in pirated programs. They can harm computers in many different ways, like deleting files and stealing passwords.
- Worms are a lot like viruses and can cause the same kinds of damage. However, they're able to move through the internet and copy themselves onto computers without help from a host program. This makes them more dangerous than a virus. Worms are usually found in emails and drive-by downloads.
- Trojan horses are like a much more dangerous version of a virus. They need a user to agree to run a program to work and cannot copy themselves from one computer to another. However, trojan horses can make the same problems a normal virus can make. They can also allow the malware writer to control the victim's computer, install more malware, steal bank data, and more. For example, ransomware is a type of trojan horse that stops a victim from using their files until they pay the person who wrote the malware. Experts think that trojan horses are the most common type of malware in existence.
- Adware is a type of malware that earns the program authors money with advertising. These programs show users ads and force them to use websites that make money for the malware writers. Adware will also find personal information about the victim (such as their age, race, and job). This is so the malware authors can sell the information to other people. A user can usually uninstall adware easier than most malware. However, this is still difficult to do without a specially-designed program.
- Spyware is a more dangerous kind of adware that steals more information from a user. Spyware can steal someone's Internet traffic, account passwords, and anything they have typed into their computers. Spyware is also much harder to uninstall than adware is.
Why computers get malware[change | change source]
There are a few reasons why computers get programs a user didn't mean to install. One common reason is because of regular programs that have software bugs. Malware can use bugs, such as a buffer overflow, to make a program do something it was not designed to do. Malware can also get onto a computer if it tricks a user into putting it there themselves. This can happen when a user plugs in a USB flash drive that has a virus on it already. Malware also commonly uses social engineering to get users to run it, like pretending to be an important email attachment for work. Some malware even pretends to be an anti-malware program to get people to run it.
How malware is stopped[change | change source]
Since malware is such a big problem, many companies make programs to try to stop it. These anti-malware programs have a lot of different ways to find malware. One is static analysis, which looks at the source code of a program before it is run. Then, if the program is similar to malware the static analysis program has seen before, the anti-malware program will stop the code from running. Another way of finding malware is dynamic analysis. Dynamic analysis runs only part of a program it is checking. If this part of the program tries to do anything that could be bad or harmful, the anti-malware program will not let the program run.
Malware can also be stopped without a program. This can be done by not letting a computer connect to the Internet or other computers, called creating an air gap. However, these computers can still get malware if someone puts it there another way. One example is when someone plugs in a USB drive that was already plugged into a computer with a virus.
References[change | change source]
- Leyden, John. "The 30-year-old prank that became the first computer virus". The Register. The Register. http://www.theregister.co.uk/2012/12/14/first_virus_elk_cloner_creator_interviewed/. Retrieved 1 November 2014.
- Dalakov, Georgi. "First computer virus of Bob Thomas". History of Computers and Computing. http://history-computer.com/Internet/Maturing/Thomas.html. Retrieved 1 November 2014.
- Lee, Timothy. "How a grad student trying to build the first botnet brought the Internet to its knees". The Washington Post. Washington Post Company. http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/01/how-a-grad-student-trying-to-build-the-first-botnet-brought-the-internet-to-its-knees/. Retrieved 1 November 2014.
- Messmer, Ellen. "Tech Talk: Where'd it Come From, Anyway?". PCWorld. IDG Consumer & SMB. http://www.pcworld.com/article/147698/tech.html. Retrieved 11 November 2014.
- File, Thom. "Computer and Internet Use in the United States". U.S. Census Bureau. http://www.census.gov/prod/2013pubs/p20-569.pdf. Retrieved 11 November 2014.
- "The Evolution of Malware and the Threat Landscape – a 10-Year review". Microsoft Security Intelligence Report. Microsoft Incorporated. http://www.microsoft.com/security/sir/story/#!10year. Retrieved 11 November 2014.
- "Annual Report PandaLabs 2013 Summary". Panda Labs Reports. Panda Security. http://mediacenter.pandasecurity.com/mediacenter/wp-content/uploads/2014/07/Annual-Report-PandaLabs-2013.pdf. Retrieved 15 November 2014.
- Cannell, Joshua. "Cryptolocker Ransomware: What You Need To Know". Malwarebytes Unpacked. Malwarebytes Corporation. https://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/. Retrieved 1 November 2014.
- "Virus: DOS/CIH". F-Secure. F-Secure Corporation. http://www.f-secure.com/v-descs/cih.shtml. Retrieved 1 November 2014.
- Grebennikov, Nikolay. "Keyloggers: How they work and how to detect them (Part 1)". Securelist. Kaspersky Labs. http://securelist.com/analysis/publications/36138/keyloggers-how-they-work-and-how-to-detect-them-part-1/. Retrieved 11 November 2014.
- Kushner, David. "The Real Story of Stuxnet". IEEE Spectrum. IEEE. http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet. Retrieved 1 November 2014.
- Greenberg, Andy. "Evidence Mounts That Chinese Government Hackers Spread Android Malware". Forbes. Forbes Media. http://www.forbes.com/sites/andygreenberg/2013/04/01/evidence-mounts-that-chinese-government-hackers-spread-android-malware/. Retrieved 1 November 2014.
- "How Malware Attacks And Spreads In Your Computer". Combofix. Combofix. http://www.combofix.org/how-malware-attacks-and-spreads-in-your-computer.php. Retrieved 2 November 2014.
- Siciliano, Robert. "What is a “Drive-By” Download?". McAfee Blog Central. McAfee Incorporated. http://blogs.mcafee.com/consumer/drive-by-download. Retrieved 2 November 2014.
- Lemos, Robert. "Security pros slam Cnet Download.com's bundling". InfoWorld. InfoWorld Incorporated. http://www.infoworld.com/article/2618688/antimalware/security-pros-slam-cnet-download-com-s-bundling.html. Retrieved 2 November 2014.
- "What Is the Difference: Viruses, Worms, Trojans, and Bots?". Cisco. Cisco Systems, Incorporated. http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html. Retrieved 3 November 2014.
- "What is a Trojan Virus?". Kaspersky Lab. Kaspersky Lab. http://www.kaspersky.com/internet-security-center/threats/trojans. Retrieved 3 November 2014.
- "What is Adware?". Kaspersky Labs. Kaspersky Labs. http://www.kaspersky.com/internet-security-center/threats/adware. Retrieved 3 November 2014.
- "Adware". BleepingComputer. Bleeping Computer LLC. http://www.bleepingcomputer.com/virus-removal/adware. Retrieved 3 November 2014.
- Beal, Vangie. "The Difference Between Adware & Spyware". WebOPedia. Quinstreet Incorporated. http://www.webopedia.com/DidYouKnow/Internet/spyware.asp. Retrieved 3 November 2014.
- Schwarz, Thomas. "Buffer Overflow Attack". COEN 152 Computer Forensics. COEN, SCU. http://www.cse.scu.edu/~tschwarz/coen152_05/Lectures/BufferOverflow.html. Retrieved 6 November 2014.
- Mills, Elinor. "USB devices spreading viruses". CNET. CBS Interactive Incorporated. http://www.cnet.com/uk/news/usb-devices-spreading-viruses/. Retrieved 6 November 2014.
- "Social Engineering". Kaspersky Labs. Kaspersky Labs. http://usa.kaspersky.com/internet-security-center/threats/malware-social-engineering. Retrieved 6 November 2014.
- "Heuristic analysis in Kaspersky Internet Security 2012". Kaspersky Lab. Kaspersky Lab. http://support.kaspersky.com/6324. Retrieved 4 November 2014.
- "Air Gap". Technopedia. Janalta Interactive Incorporated. http://www.techopedia.com/definition/17037/air-gap. Retrieved 6 November 2014.