Malware – An overview

Malware is a general term that we use to group or categorize different types of malicious software. Malware has changed a lot since it first appeared during the 80’s and 90’s.
Lets take a look at some of basic terms we have used over the last decades to specify malicious pieces of software.
Program Virus
This is the most famous one and the one everyone talks about when talking about malicious software. Program viruses (file viruses) are software that infects files that contain an application, and it often runs every time you run that particular application. That means that it requires a user to actually run the infected application and the virus will be able to run what the user account is able to run.
Macro Virus
These are the types of viruses that infect Microsoft Word documents and Excel spreadsheets. Macros in Excel can be very helpful to automate tasks in reports and it can be created in Excel in a way that it records your mouse clicks and keystrokes to make such a task easy. Macros are very powerful because it actually is about programming Visual Basic for Application (VBA) in Excel and it can take advantage of some of the features in the operating system.
Imagine a typical user which usually do their daily tasks on their laptop with administrative privileges. If the user opens a macro virus it can damage the integrity of the file system like deleting documents and photos depending on the attacker’s intention. The macro virus will also be running with administrator privileges if the user is opening the document is logged in with administrator privileges.
Macro viruses also searches and infects other documents on your computer so when you e-mail your friends and colleagues, they will also be infected if they run similar applications.
Boot Sector Virus
This is a more complex piece of software with malicious intent that infects your computer’s boot sector. When you turn on your computer, one of the first things it will look for is the boot sector. If the boot sector itself is infected that is critical because the virus is able to load before the operating system itself, and it can that way it can hide itself.
Polymorphic Virus
This type of virus is quite similar to the program virus mentioned above but it changes every time that it runs (for example every time you start your computer). One of the challenges with polymorphic viruses is that since they change every time they run, it is difficult for antivirus to detect them.
When you update your antivirus software you get the latest signatures that the company behind the antivirus product has released after doing research of viruses spreading around. This makes polymorphic viruses more difficult to detected since they get random signatures every time they launch and are often encrypted which makes it difficult to figure out what the code is doing.
Trojan
Trojans are software that pretends to be a useful piece of software such as an fake antivirus product (visible to you) but also has malicious code running in the background (invisible to you). Think about it as a legit software “with something extra” added on to it.
Trojans will provide you with a service so that you will not try to uninstall the software you just installed. If you get the service that you wanted and the attacker gets control of your computer, both parties should be happy, right? – To be infected with a trojan, a user often downloads a infected setup file from the Internet or runs it from a infected USB flash drive or similar media so it actually requires the user’s action.
Worms
These can do a lot of harm and they can be looked at as way more aggressive than traditional viruses since they often spread over the network at home, at work or over the Internet. Worms can infect your computer and execute without the need for any of your actions. Worms usually take advantage of vulnerabilities in applications running on your computer and often modifies registry settings in Windows so it can launch itself every time you turn on your computer.

Leave a Comment