Checklist 09: Demystifying Malware Types and Terminology (Part 1)

• Malware: A catch-all term for security threats.
• Why are there so many different types of security threats?
• Malware types: What’s the difference?
• A brief history of malware.

It seems like just about every week there’s a report in the news about some new security threat causing havoc around the world. This week it might be covering ransomware that’s extorting millions of dollars from the owners of infected computers. Next week it could be about the discovery of a new piece of spyware targeting political dissidents in a foreign country, or a computer worm causing widespread internet outages. So…what’s the difference between those different types of threats? Why not just call everything a virus?

Well, there happens to be a method to the madness when it comes to differentiating between different types of malware, and on today’s show we’re going to cover just what makes a piece of spyware different from a worm, and what makes a keylogger different from adware! Once you can tell the difference between the different types of malware, you’ll be better prepared to understand just how the different types of threats can affect *you*, and which ones are worth losing sleep over!

Malware: A catch-all term for security threats. There are many specific categories when it comes to the different types of security threats, and sometimes the distinction between them can get a bit blurry. Therefore, it’s a good idea to have a generic, catch-all term we can use to describe all of the different types of threats in one fell swoop, and that term is ‘malware.’ So, what does malware actually mean? Well, there are some similar terms that you might be familiar with — ‘hardware’ (that is, your physical desktop or laptop computer itself) and ‘software’ (the programs and apps that run on your computer). In that same vein, ‘malware’ is short for ‘malicious software’ — that is, software that does bad stuff to your computer.

Now that we’ve got a generic term that we can use to describe all sorts of different types of computer security threats, we can tackle the reasons why so many different types of threats exist in the first place.

Why are there so many different types of security threats? With all of these terms being thrown around to describe security threats, it can be difficult to keep track of the differences. Wouldn’t it be easier to just call everything a virus and call it a day? Well…that might be easier, and some people do just that, but there is an important reason to differentiate between the different kinds of threats that are out there.

The primary reason to bother differentiating between the different types of malware is because different threats have different capabilities, and can do different things to harm your computer. Some threats can have a larger impact on your security, so knowing the difference between them can help you determine just how great of a risk any given threat poses to your personal computer security.

Antivirus vendors are very specific when it comes to labeling a given piece of malware as a certain type, while news organizations tend to be a bit more hit-or-miss when it comes to accuracy, with the end result generally leading to a lot of end-user confusion (which leads to some people just calling everything a virus).

So, what’s the actual difference between a virus and some other category of malware? Let’s find out, as we go through a breakdown of the various types of malware.

Malware types: What’s the difference? When differentiating between different types of malware, it all comes down to the name. Different malware types are named in a way to give insight into the behavior of threats that fit each specific category. Once you know the classification of a given piece of malware, you’ll have a pretty good idea of what its capabilities might be.

• Adware: As the name suggests, adware is all about advertising — specifically, crooks use adware to make money from fraudulent use of online ad networks. While definitely more benign that some of the other types of threats, adware can still pose a risk to your privacy (as well as cause endless annoyance when surfing the web). Adware usually arrives in the form of browser extensions or toolbars, often bundled with other applications. Once installed, it can collect information on the websites you visit, display pop-up ads, redirect web pages,, change your homepage, and mess with your search results.

• Keylogger: Keyloggers (also known as keystroke loggers) are specifically built to record each and every key you press on your keyboard. This means it’s recording personal e-mails you type, along with passwords, social security numbers, and credit card information that you might type while at your computer. All of this recorded information can be silently and automatically sent to the bad guys, which is obviously not something that you want happening!

• Ransomware: Ransomware tries to extort money from computer users by holding their files ransom. It does so by digitally encrypting all of the documents, photos, and other important files, effectively locking them so they can’t be accessed by the user unless they pay the criminals for a virtual key to unlock the files. With the advent of stronger encryption algorithms, ransomware is an emerging threat that is seeing more and more use by criminals worldwide.

• Rootkit: A rootkit is designed to take complete control of a computer at the highest level, allowing complete access to the bad guys while modifying system components to hide its very existence from anybody using the computer. The naming convention on this one is a bit more obscure. The term ‘rootkit’ comes from ‘root,’ which is the name of the most privileged account on Unix-based operating systems. The root account has full access and can pretty much do anything on a Unix system, so you can see where the term ‘rootkit’ comes from!

• Spyware: The whole goal of spyware is to…you guessed it, spy on a user. While a keylogger can record everything typed on the keyboard, spyware can go much further in an effort to collect data. This can include taking screenshots or even recording a video of the entire screen, monitoring internet and computer usage, and sending all of the collected data on to a malicious third party.

• Trojan Horse: Named after its mythological counterpart, a trojan horse arrives disguised as something a user might want to install, such as a game or useful program. Oftentimes, trojan horses can be found on illegal file sharing sites, where they are disguised as copies of pirated programs. Once installed, trojan horses can perform a variety of malicious activities such as allowing an attacker to access the computer remotely, stealing data, or installing additional malware components.

• Virus: Much like their counterparts in the real world, computer viruses can infect otherwise innocent files, modifying them in such a way as to self-replicate and help them spread. Computer viruses are the oldest form of malware, which has led to the term being used to describe many different types of malware — even ones that don’t share the same characteristics as a true computer virus! These days it’s actually rather rare to see a true computer virus in the wild.

• Worm: While computer viruses spread from file to file, worms are self-replicating programs that spread from computer to computer over a network. In addition to infecting as many computers as possible, worms are often used as the infection vector in the creation of a botnet, where hundreds of thousands or even millions of infected computers are all under the control of a criminal, and used to participate in a variety of malicious activity.

One thing to keep in mind is that not all malware fits nicely into one specific category. The lines can sometimes get a bit blurry when a piece of malware exhibits traits and behavior from two or more categories — this type of malware is sometimes known as a hybrid or blended threat.

Ok, so now that we’ve covered the differences between the various types of malware, you might have noticed some overlap between the categories. Why do some types of malware share traits, while others do not? Why are you more likely to encounter ransomware than a virus these days? To understand these intricacies, we’ll need to take a look at the history of malware.

A brief history of malware. Over the years, the form and functionality of malware has evolved significantly in response to changes in computer and network environments. The purpose of malware has changed as well — originally created in a more lighthearted fashion as jokes or pranks, malware threats are now used to facilitate cybercrime on a massive scale and as digital weapons of warfare.

It may come as a surprise that Apple played a role in the early days of malware development. One of the first viruses to target personal computers was the Elk Cloner virus, which appeared way back in 1982, and targeted Apple II machines. Written as a prank, this virus spread by infecting floppy disks, which were shared between computers.

In 1988, the Morris worm was unleashed, spreading across the internet from computer to computer. According to its creator, the purpose of the worm was to gauge the size of the internet, but due to a design flaw it ended up taking down a large number of infected systems instead.

These early pieces of malware were products of their environments at the time: Before the advent of widespread internet access, floppy disks were the preferred method of sharing data between personal computers and thus an infection vector for computer viruses. The early internet mostly consisted of servers running the Unix operating system, which facilitated the spread of early internet worms targeting vulnerabilities in those systems.

As time went on, the digital landscape changed, and malware adapted as well. As more and more people started using personal computers, keyloggers and trojan horses started appearing with more frequency. Adware made its appearance as broadband internet access became more ubiquitous. More recently, malware such as Stuxnet and Flame have been used as cyber weapons, and ransomware has taken advantage of advances in file encryption to enable digital extortion.

We may not know what the next big security threat will be, but by looking at the history of digital threats we do know that malware will continue to evolve as technology continues to progress.

That’s it for part 1! Join us next time as we continue our exploration of the common security terminology and acronyms you might encounter when malware reports hit the news!