Ransomware, Spyware, Malware, and Viruses Oh My! – Understanding the Differences

Malicious software is an issue that as an IT Company we have to deal with on an almost daily basis. The amount of Malware out on the internet is immense and growing every day. Recent research shows that there are over 15 million different pieces of malware out there. While this may seem like an astronomical number, rest assured that nearly all of these samples have been detected and can be cleaned or blocked outright. We understand that there is not a lot of clarity on this topic so we wanted to take a moment and define some of the terms that we use so you have a better understanding of what everyone is talking about when the talk about malware.

Malware (malicious software) is a piece of computer software designed to compromise or damage a computer system without the consent of its user. Since this is an extremely broad term that covers viruses, worms, trojan horses, rootkits, spyware and adware, we thought it would be helpful to separate and define each category.

RansomWare

One of the newest, most vicious forms Malware is known as RansomWare, named as such due to the way it takes over and holds hostage all of data it can. This can mean being locked out of a single computer’s data, or, depending on the time the Malware is given, your entire server and every computer.

RansomWare tends to come in through email as a harmless link; FedEx tracking info, a DropBox share, an offer to see a family photo album, or other innocuous looking items. Once that link is followed, however, the malware works quickly encrypting all the data it can reach as fast as it can until the user intervenes. If the vector for the Malware is on a business network, it can spread to anything connected to infect data elsewhere. Once encrypted, the data cannot be accessed or fixed.

Once the RansomWare has infected a workstation, it will show a message demanding payment by cryptocurrency to the source of the Malware to decrypt and release your data back. Often payment does mean you will receive your data (to encourage others to pay up upon their own infection), but the originators of the RansomWare may also take the money and run leaving you with years of data completely inaccessible.

Computer Virus

virus is a program that is capable of reproducing its executable code to infest a target from a host machine without the consent of the targeted user. A virus can not spread on its own, it requires installation by the user. Installation can happen over an office network, via email, or even through an optical or removable drive. In order to run, viruses often attach themselves to legitimate pieces of software.

Worm

Worms are much like viruses except that they exploit security vulnerabilities to spread themselves to other computers without the any involvement from the user. Like viruses, a worm may carry instructions to perform other malicious actions other than just propagating itself across the network.

Trojan Horse

Trojan Horses are named as such because of the way that the piece of malware works. Trojan horses or ‘Trojans’ are any program that convince a user to run it, while concealing a malicious payload. The effect of running this Trojan can be as severe as deleting user files or the creation of a staging ground for the installation and execution of more malicious or unwanted software.

RootKits

RootKits are not really malware by definition but they are associated with malware. A rootkit was originally a set of tools that a human attacker would install on a system in order to stay concealed. We now use the term ‘Rootkit’ to describe code or full programs whose sole purpose is to conceal the activities of other malicious code.

Spyware & Adware

Spyware and adware are typically known to fit into the ‘malware for profit’ category and are generally not too dangerous. These flavors of malware tend to alter the users browser behavior to benefit the creator of the program. Pop-Ups and Browser redirection are very telling signs that you have yourself a spyware or adware infection.

We may not be able to completely eliminate malware, but through careful computing practices and regular malware scans we can minimize its impact. In subsequent posts, we will show you how to develop good computing habits to avoid this type of malicious software and to insure that your computer remains healthy.