What is malware and its type and how to identify and remove it?

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target’s computer and can take the form of executable code, scripts, active content, and other software.

Malware can be categorized in different types like: virus, Trojan, spyware, worms, adware, ransomware and rootkits etc.

Virus:
A virus is a malicious program that self-replicates by copying itself to another program. In other words, the computer virus spreads by itself into other executable code or documents. The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and steal user sensitive data. 

Trojan:
A Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. But Trojans don’t reproduce by infecting other files nor do they self-replicate .

Spyware:
It is software that aims to gather information about a person or organization, sometimes without their knowledge, that may send such information to another entity without the consumer’s consent, that asserts control over a device without the consumer’s knowledge, or it may send such information to another entity with the consumer’s consent, through cookies

Worm:
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it.
Worms often use parts of an operating system that are automatic and invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks

Adware:
Adware is any software application in which advertising banners are displayed while a program is running. The ads are delivered through pop-up windows or bars that appear on the program’s user interface. Adware is commonly created for computers, but may also be found on mobile devices. These are commonly termed as PUP/PUA (Potentially Unwanted Program/ Potentially Unwanted Application)

Ransomware:
Ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. Ransomware malware can be spread through malicious email attachments, infected software apps, infected external storage devices and compromised websites.

Rootkits:
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.

Keylogger:
Keylogger records the keys strokes on a keyboard, typically covertly, so that person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the hacker operating the logging program.
While the Keylogger programs themselves are legal, with many of them being designed to allow employers to oversee the use of their computers, keyloggers are most often used for the purpose of stealing passwords and other confidential information

Cryptomining malware:
Cryptomining malware refers to software programs and malware components developed to take over a computer’s resources and use them for crypto-currency mining without a user’s explicit permission.
cryptojacking enables the same malicious cryptomining malware activity to be executed directly in a victim’s browser, without installing any software, knaown as In browser-coinmining.

How to Identify the Malware infection, Signs of malware infection:

  • System running slow.
  • Browser populated with lots of adds and unwanted toolbars and extensions.
  • File getting deleted or getting encrypted or some additional files added into your drives without your permission,
  • Systems crashes all of sudden or you application or browser crashes often.
  • Huge loss in disk space or significant increase in disk space
  • Unwanted redirects to malicious and unwanted sites without doing anything on browser.

Best practices to avoid and remove malware:

Different type of malware needs to be treated in different way as each type of malware has its own way of spreading and causing damage to system. Below are some common ways to tackle malware.

  • Avoiding suspicious emails, links or websites
  • Keep your operating system, browsers, and plugins are always up to date .
  • Avoid downloading apps and software from third-party or un-trusted sources sources, always download software from trusted genuine sources.
  • Use good anitivirus like Kaspersky or Symantec or Malwarebytes and avoid using free antivirus as they are not effective against many malware.
  • If got infected, then immediately isolate your system from network and run an AV scan or reimage the host.

References:

3 thoughts on “What is malware and its type and how to identify and remove it?”

  1. Pingback: TrickBot - Banking trojan back in action | Security@Speaks

  2. Pingback: Lnkr Adware: Malicious browser extension campaign | Security@Speaks

  3. Pingback: New Iranian Data Wiper Malware "ZeroCleare" Targeting Energy Sector | Security@Speaks

Leave a Comment

Your e-mail address will not be published. Required fields are marked *