Your quick guide to malware types

Think you know your malware? Here's a refresher to make sure you know what you're talking about -- with basic advice about what to do when you've been hit

Page 2 of 2

Hybrids and exotic forms
Today, most malware is a combination of traditional malicious programs, often including parts of Trojans and worms and occasionally a virus. Usually the malware program will appear to the end-user as a Trojan, but once executed, it attacks other victims over the network like a worm.

Many of today's malware programs are considered rootkits or stealth programs. Essentially, malware programs attempt to modify the underlying operating system to take ultimate control and hide from antimalware programs. To get rid of these types of programs, you must remove the controlling component from memory, beginning with the antimalware scan.

Bots are essentially Trojan/worm combinations that attempt to make individual exploited clients a part of a larger malicious network. Botmasters have one or more "command and control" servers that bot clients check into to receive their updated instructions. Botnets range in size from a few thousand compromised computers to huge networks with hundreds of thousands of systems under the control of a single botnet master. These botnets are often rented out to other criminals who then use them for their own nefarious purposes.

Spyware and adware
If you're lucky, the only malware program you've come in contact with is adware, which attempts to expose the compromised end-user to unwanted, potentially malicious advertising. A common adware program may redirect a user's browser searches to look-alike Web pages that contain other product promotions.

Another category of malware is spyware, which is most often used by people who want to check on the computer activities of loved ones. Of course, in targeted attacks, criminals can use spyware to log the keystrokes of victims and gain access to passwords or intellectual property.

Adware and spyware programs are usually the easiest to remove, often because they aren't nearly as nefarious in their intentions. Find the malicious executable, and prevent it from being executed -- you're done.

Fighting the menace
Today, many malware programs start out as a Trojan or worm, but then dial home to a botnet and let human attackers into the victim's computer and network. Many advanced persistent threat attacks start out this way: They use Trojans to gain the initial foothold into hundreds or thousands of companies, while the human attacks lurk, in search of interesting intellectual property. The vast majority of malware exists to steal money -- directly out of a bank account or indirectly by stealing passwords or identities.

If you're lucky, you can find malicious executables using a program like Microsoft's Autoruns or Silent Runners. If the malware program is stealthy, you'll have to remove the hiding component from memory first (if possible), then work on extricating the rest of the program. Often I'll boot into Safe Mode or through another method, remove the suspected stealth component (sometimes by just renaming it), and run a good antivirus scanner a few times to clean up the remainders after the stealth part is removed.

Unfortunately, finding and removing individual malware program components can be a fool's errand. It's easy to get it wrong and miss a component. Plus, you don't know whether the malware program has modified the system in such a way that it will be impossible to make it completely trustworthy again.

Unless you're well trained in malware removal and forensics, back up the data (if needed), format the drive, and reinstall the programs and data when you find malware on a computer. Patch it well and make sure end-users know what they did wrong. That way, you get a trustworthy computer platform and move ahead in the fight without any lingering risks or questions.

This story, "Your quick guide to malware types," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.
Related:
| 1 2 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.