Whether you’ve had a computer for years or only a matter of days, it’s probably a good bet you have heard terms like malware, virus, trojan, keylogger, worm, rogueware, fake antivirus, rootkit, ransomware, adware, spyware or dialer. Most users will wonder what the differences between all these different words are as the word virus is often used as a generic term to cover all types of malicious activity on a computer.
Basically malware is short for Malicious Software and all of the terms above fall into this category because they are all malicious. The different terms being used instead of just plain virus are to categorize what the malicious software is capable of doing. For example, a keylogger is designed to record whatever keys you press on your keyboard and then send that information to a remote location. A trojan on the other hand, allows a hacker to steal information or gain full access to your computer.
Using the the word “virus” to include all types of malicious software is not very accurate, and “malware” is a more suitable term, a virus is after all just one type of malicious software. Thankfully most paid or free antivirus software looks for many different types of malware, not just viruses.
Here’s a brief and easy to understand explanation for the majority of known forms of malware out there to help you differentiate between them.
The most known term, a virus is a piece of code that attaches to a program such as an executable file, then replicates itself and spreads to other files and onto other computers without your knowledge. When you run an infected file, the virus loads into memory and actively searches for other files to infect or infects files when they’re accessed by the system. The different effects caused by a virus range from annoying popups to corrupting and deleting files or even erasing the hard drive and are commonly transmitted through email attachments. An example of one of the most destructive virus was the CIH that is capable of corrupting the BIOS.
Rogueware / Scareware / Fake Software
There are a lot of names that fall into this category such as “fake antivirus”, “rogue antispyware” etc, but they all work toward the same goal. That is to scare or trick you into believing you have problems with your computer such as several viruses, the computer is being attacked by hackers, there are serious system stability issues or even that your hard drive is about to fail. The rogue software pretends to be legitimate software and will offer to repair the non existent problems if you buy their “software” which obviously is completely bogus.
This type of malware is usually a form of worm or trojan often found in malicious emails and on adult, pirate video/music or hack/crack websites and requires the user to allow the program to run by tricking them into running a “scan” or downloading a “viewer” for a media file. They often disable running security software and also disable parts of the system such as task manager until removed. A few tools like Remove Fake Antivirus or RogueKiller can hep remove several types of this malicious software in addition to the excellent Malwarebytes Anti-Malware.
Unlike a virus, a Trojan horse doesn’t try to replicate itself but instead attempts to gain access to your PC and either looks to take control of it or steal information. A trojan usually achieves this by disguising itself as a legitimate program or a program you want to run such as a downloader, hack or crack etc, and the user executes the program to unwittingly activate the trojan. Below is a screenshot of DarkComet which is one of the popular and most used trojan.
They can often be used to also install other malicious programs such as key loggers or rogues onto your system. For more severe virus and trojan infections, you might need to download and boot with an antivirus boot CD.
Worms are similar in design to viruses in that they aim to replicate and infect as many systems as possible. The main difference being that Worms don’t need to attach themselves to other programs in order to spread to other computers and instead rely on networking (such as via emails) and other transfer mediums like USB flash drives to propagate. They can also cause network performance issues and slow down computers by consuming large amounts of memory.
Keyloggers record all the keystrokes from a computer keyboard and that data is secretly logged. If a keylogger is being used maliciously, the logged data such as a typed document, online usernames and passwords, bank details etc, can be sent to a remote location or saved on the local computer without your knowledge. A keylogger can also be used for more legitimate purposes such as monitoring what your kids are typing in while using the internet etc. If you have had problems with keyloggers in the past or would like an extra layer of protection, you might like to try an anti-key logger software.
With the modern internet connection usually being either DSL, cable or fiber, dialers are pretty much redundant because their main function is to dial an expensive premium rate telephone number instead of the number normally used to connect to your ISP. In the days of dialup and ISDN this was obviously a problem, but as modern broadband doesn’t dial phone numbers to connect, a dialer has no real effect.
The simple definition of spyware is a piece of software that collects any information about you or your computer without your knowledge, and can send that information to a third party. In its lighter forms, spyware can simply track your browsing habits for serving ads or record your searches in toolbars etc. More serious forms of spyware can collect keystrokes, read cookies or files on the drive, spy on other programs and gather personal data. Spyware is often installed when other software is installed such as freeware or shareware applications which is why you should always take care when installing all forms of software.
Some of the most effective spyware removal tools such as Malwarebytes Anti-Malware, SUPERAntiSpyware and Spybot are also very good at removing adware, hijackers and rogueware.
Advertising supported software (adware) is simply a piece of software that displays advertisements for other products to generate money for its developers which can be either inside the program itself or during the setup installation. This mostly occurs in free software and shareware programs by offering other products or toolbars etc, and really isn’t dangerous in itself, just mostly annoying, an irritant and difficult to uninstall. Some adware can serve its ads by tracking your browsing habits or activity, in which case it would be moved into the spyware category.
Hijacking and changing your web browser start page and default search provider without consent can happen when installing certain toolbars or search helpers from software setup installers.
It isn’t especially malicious, but can still be incredibly annoying, and quite often using the provided uninstaller doesn’t remove all traces and reset your settings completely.
Malicious rootkits often make their way onto a computer via software exploits or trojans and consist of a few parts. One part is to access the highest system privilege level (root) which can enable it to run high level actions, and the other (kit) is to deploy the malicious scripts, libraries or programs onto the system to perform the malicious tasks of stealing passwords, installing key loggers etc. Rootkits are stealthy and hard to detect because they start with your PC and activate very early in the boot process. Companies such as Sony and UbiSoft have been criticized in the past for using a form of rootkit in their DRM copy protections.
Ransomware is like a more extreme version of rogueware and won’t just offer to repair non existing problems for a fee, it will actually demand a fee and can essentially lock you out of the computer, and in some cases also encrypt your files until you pay to remove it. A common ransomware recently is the Reveton worm which masquerades as a local police authority or other organization which accuses you of illegally downloading porn, warez or copyrighted material. You’re then told to pay a “fine” to unlock the computer. Ransomware often infiltrates a computer by downloading and running a malicious file in similar ways to rogueware or via email attachments. Windows Unlocker on the Kaspersky Rescue Disk is helpful in removing ransomware.
Note: Although there are several different categories of malware from looking at the list above, most of the malicious software today combines different kinds of malware to achieve a higher rate of infection and giving more control to the hacker. Most are invisible to the user and run silently without your knowledge to avoid detection and do as much damage as possible for as long as possible. Rogueware, ransomware and adware are designed to let you know they’re there. Just because it might not look like you have some form of malware on your computer, it doesn’t mean you don’t have anything malicious at all. Means to protect and scan your systems should always be to hand.