Malware – The Basic Concepts

When we see breathless posts warning about malware spread across social media, they invariably demonstrate that the author – and indeed those who share the warning – don’t really understand the basic concepts of malware.

Often, this is because they use nonsensical terminology such as “Trojan worm virus” – something, that after reading this article, you’ll understand doesn’t – can’t – exist. It’s just three related words mashed together; an attempt to crank up the panic level. After all, a “Trojan Worm Virus” certainly sounds more alarming than a mere “worm”.

We take a look at the various definitions associated with malware.

Malware

Despite the term “virus” being the most commonly used word to describe software you don’t want on your computer (thanks, Hollywood) the blanket (and usually more accurate) term is malware. This is shorthand for malicious software.

All of the terminology we use in this article (trojans, viruses, worms, ransomware etc.) all fall under the umbrella term malware. That is to say, they are all types of malware.

Malware refers to any software that is designed specifically to disrupt, damage, steal, spy or in any way have a negative effect on a target device and user experience.

If you know you have been infected with something, but don’t know how you got infected or what the infection is doing, you would simply say that you have a malware infection. Until you know more, going any further would be “jumping the gun”. For example, if you said you have been infected with a computer virus, you may not be correct, as the malware may not be classified as a virus. Viruses are not as popular as the movie industry would have you think!

How is malware classified?

Malware can be classified in two different ways. Either by how it spreads or by what it does.

How it spreads… worms, viruses and trojans

For malware to infect a device, it obviously has to find a way to spread itself. There are a number of different ways malware can spread, and these distinctions can result in the malware being classified with a certain name.

Viruses – a virus is a [usually] malicious program that can covertly attach itself to a second, harmless program, and execute itself on any device where the second program goes. It also has the ability to replicate itself, and attach itself to other otherwise harmless programs. A virus requires those programs to spread. It cannot spread by itself. When a user shares an infected program to other users /devices, the virus travels with it.

Despite the popularity of the term computer virus, other classifications of malware are more commonly encountered, such as worms and Trojans.

Worm – a worm also replicates itself in order to spread, but unlike a computer virus, it does not attach itself to other programs, and as such, it does not require a human user to help it spread. A worm can spread automatically from user to user, from device to device, especially if those users and devices are attached to the same network.

Typically, network security software will try and prevent this type of incident from occurring, meaning worms will usually rely on software vulnerabilities to spread. A perfect example of this is the 2017 WannaCry attacks that affected large parts of Europe and the NHS in the UK. In this instance, the computer worm (carrying Ransomware, see next section.) relied on exploiting vulnerabilities in the aged and unsupported Windows XP operating system that many computers across the NHS still used. As a result of the attacks, Microsoft released a security patch fixing those vulnerabilities despite the operating system being unsupported for quite some time. It’s for this reason it is never recommended to use unsupported software.

Trojans – Short for Trojan Horses, this type of malware owes its name to Greek mythology when the Greeks invaded the city of Troy by hiding in a large wooden horse that posed as a present from the Greeks to the residents of Troy.

As such, the term Trojan refers to any type of malware that spreads by posing as a legitimate piece of software or a file, that when opened, infects a device. A Trojan doesn’t replicate itself, and requires a user to willingly execute it. Because a user has executed the Trojan malware themselves, it typically has full access to the device immediately, meaning they can be particularly devastating.

What it does… spyware, adware, ransomware, scareware

Alternatively – and now perhaps most commonly – malware is categorised by what it does when it infects a device.

Ransomware – One of the most popular types of malware out in the wild, ransomware surged throughout 2016 and 2017 and was responsible for a number of high profile attacks. Ransomware owes its success to better encryption technology and methods that allow for anonymous payment, meaning such a threat would not have been feasible in the early days of the Internet, but is now an extremely profitable venture for some crooks.

Modern Ransomware encrypts the desirable files on a device or network, and demands ransom for the decryption key. Often, the encryption is nigh unbreakable, meaning the victim has to restore a backup, risk paying the ransom or accepting that the file(s) have gone. The 2017 WannaCry attacks that spread via a computer worm offloaded ransomware called WannaCry.

Spyware – Spyware is simply malware that can spy on a user, and is typically used in conjunction with identity theft. Spyware may log the websites you visit, or your passwords for your online accounts. Primitive spyware may simply log every keystroke on a device (a “keylogger” or “sniffer”) and send that data back to a crook who can glean sensitive information from it such as usernames and passwords.

Adware – The “malware of the 1990s”, adware would result in spammy pop-up adverts or hijack a browser to visit spammy webpages and adverts. It was one of the earliest types of malware and is still around today.

Scareware – This dishonest type of malware poses as security software and implores users to download and purchase more malware posing as security software.

Backdoor/Rootkit – This type of malware is designed to allow crooks and unauthorised software access to an infected device, such as a botnet networks (a network of infected computers being controlled by a “master”.)

Can a “Trojan Worm Virus” exist?

Because it can be classified in more than one way, malware (or rather, a bundle of malware) can certainly be classified with more than one name. A great example of this which we mentioned above is the 2017 WannaCry attacks that used both a computer worm and a ransomware attack.

However, a Trojan, a worm and a virus refer to exclusively different methods in which malware can spread, and as such, no, such an amalgamation of terms can never really exist. And if you ever see a warning using such a term, take it with a pinch of salt.

Leave a Reply