A question my clients often ask me: What am I getting when I pay you for a malware cleanup?
So what exactly does it mean when you bring your computer over for a “malware cleanup”? Many of my clients look very nervous when I say MALWARE, yet the malware cleanup is my most commonly requested service. Malware is short for malicious software. The term is very generic and refers to a variety of malicious programs. One common misconception I encounter with my clients is that malware is the same thing as a virus; this isn’t actually true. Often, malware does not damage your files and in many cases YOU, the user, have actually given it permission to be there!
Adware is a category of software that automatically delivers advertisements. These may show up in many different forms. The most common behavior is for ads to open in a new window or tab – if it pops up right in front of you, it’s called a “popup” and if it opens in a minimized or hidden window it’s called a “pop-under”. Some adware will also embed banner ads and sidebar ads right into your browser window making it look as though the ads are on the website you are viewing. Adware is often bundled with free software (freeware) as a way for the freeware distributor to generate revenue.
Adware sometimes comes bundled with spyware (see below) to help the advertisers target their ads and further enhance their effectiveness.
A bot is a piece of software created to automatically perform specific operations. Bots are commonly used in botnets (a large group of computers connected via the Internet, which are controlled by a third party). The third party can use the processing resources of these botnets for many purposes; to perform attacks on other networks, to render advertisements on websites, to scrape data from servers, and for distributing malware through file-sharing sites. Often, the only indication you have a bot will be the extra load on your CPU and RAM.
A bug is actually not software, but rather a flaw in software that produces an undesired outcome. These flaws are usually the result of errors in the code of a program. The most common bugs will cause minor issues with a program that aren’t really noticeable, or more frustrating issues like freezing or crashing. A program can also contain a security bug which can be exploited by malware. A security bug allows attackers to bypass user logins and access restrictions and even to steal data. A good software developer will try to stay ahead of these issues by releasing updates to patch each security bug or vulnerability before malware can be written to exploit it.
Ransomware is the latest type of malware, and it’s just what it sounds like – it basically holds your computer, or files on your computer, hostage until you pay the demanded fee. Once the fee is paid, you are usually given a code that opens up access to your system or files. Ransomware is very difficult to remove and some I.T. providers when working with extremely important files have advised their clients to simply pay the ransom fee in order to avoid losing data. Ransomware usually spreads in the same manner as a worm (see below). Because ransomware will infect any drives connected to your computer (server, external drive, flash drive, networked drives) the best way to avoid falling victim to a ransom demand is to use an online backup service which offers access to several days of backups and allows you to restore to an earlier date.
A rootkit is a program designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access and steal information, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, or control the computer as part of a botnet.
Rootkits are very difficult to prevent and deal with because they operate so stealthily. Because a rootkit continually hides its presence, many antivirus programs (even paid ones) cannot remove or even find rootkits. As a result, rootkit detection relies on manual methods to find and remove. Users can help to protect themselves from rootkits by regularly updating Windows, updating virus definitions, avoiding any and all suspicious downloads, and performing regular manual rootkit scans.
Spyware is software that functions by watches user activity without the user’s knowledge. Spyware can monitor surfing activity or other computer activity, collect keystrokes (a keylogger), harvest personal data, and more. Spyware can have a range of purposes, from fairly innocuous spyware used by adware to target popups, to giving creators access to bank accounts or credit cards, to identity theft. There is also spyware that can be legitimately purchased such as for an employer to monitor employees or an individual to spy on their spouse or children. Spyware can also modify browser or antivirus settings and interfere with network connections. Spyware is often given user permission to install, as it’s commonly bundled with legitimate free programs.
A Trojan gives someone backdoor access to and control of a computer, much like a rootkit. But a Trojan doesn’t hide in the same way; rather, it disguises itself as a normal file or program to trick users into actually giving permission for it to install. As with rootkits, a Trojan can give a malicious party remote access to steal personal and financial data or money, install more malware, change system files, watch user activity, join the computer to a botnet, or even just to make their own internet activity anonymous.
Like its biological namesake, a virus can copy itself and spread to other computers. Viruses often spread by attaching themselves to another program and executing code when a user launches the infected program. Viruses can also spread through script files, documents, and vulnerabilities in web apps. Viruses can be used to steal information, harm host computers and networks, create botnets, steal money, render advertisements, and more.
A worm is one of the most common types of malware. Worms spread over computer networks by exploiting operating system vulnerabilities. Worms can cause harm to an entire network by using up bandwidth and overloading servers. They can also contain extra code that damages or exploits host computers. These “payloads’ are commonly designed to steal personal and financial data, delete files, or create botnets.
Worms are technically a type of virus, but they are different from a regular virus in a few ways. The main difference is that worms can self-replicate and spread independently while viruses rely on user actions like opening a file or running a program. A common way worms spread is by sending mass emails with infected attachments to an entire contact list (without the user’s knowledge).
Do I Have Malware?
Although there are many types of malware which differ in how they spread and infect computers, all the types can be used for similar purposes. Because the purposes are often the same, they can all produce similar visible symptoms. Here are a few things to look for:
Increased CPU usage
Freezing or crashing
Modified or deleted files
Appearance of strange files, programs, or desktop icons
Programs running or turning off on their own, or reconfiguring their own settings
Contacts receiving email or other messages that you did not send
Slow computer or web browser speeds
Problems connecting to networks
Homepages or other browser settings being changed
Extra tabs or windows popping up during normal browsing activity