Computer malware is a term we’ve all heard of before but what does it mean? In this blog we will be diving into some examples of different types of computer Malware, how they work and how to look out for them.
Let’s start with some background knowledge on computer viruses and malware. They have been around for decades and over the years there has been many variants of malware, with each one designed to be harder to trace and remove.
The first computer virus known was The Creeper System, an experimental self-replicating program, was created by Bob Thomas at BBN Technologies to test John Von Neumann’s theory of a self-replicating machine. More about this theory can be found here. Creeper infected DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the message “I’m the creeper, catch me if you can!” was displayed. The Reaper program was later created to delete Creeper.
Next, we’ll move onto what I have spoken about in the video:
Trojan Horses
The Trojan Horse virus shares the same name as the wooden horse that led to the fall of the city Troy. In computing terms, they work in a very similar way. A basic example of how Trojan Horses work would be that you receive an email with what appears to be a .PDF attachment (This is where the Trojan Horse name comes from). The end user would then click on the “.PDF” file thinking it would be harmless and then the malware inside is released onto your system.
Ransomware attacks are commonly used in the form of Trojan Horses, however, there will be more about Ransomware in another blog post.
Finally, I would like to add that although the Trojans payload can be anything, most modern forms act as a backdoor to a user’s computer. This will then allow unauthorised access to the computer which may allow the attacker to access personal information such as banking information, passwords or personal identity.
More about Trojan Horses can be found here.
Worms
Worms are one of the earlier forms of computer malware which works by spreading copies of itself from computer to computer, often via email. Email worms work by initially infecting the user’s computer by them clicking on a malicious file. Once infected the email worm will send copies of itself via email to every contact in the address book of the infected computer.
Worms are generally scripts that edit the Windows registry so that they start up with the computer. Along with sending copies of itself to the victims contacts list the worm will also replace user data (pictures, documents, etc) with copies of itself resulting in the loss of your files.
Along with Trojan Horses most forms of computer worms carry a payload which will act as a backdoor to the infected computer. This then allows the attacker access to that machine.
Thankfully, most computer worms are not that common anymore due to improved security features in Operating Systems.
More about worms can be found here.
Rootkits/Bootkits
Finally, in this post we will be covering Rootkits and Bootkits. These are one of the trickiest types of virus to not only detect but also to remove.
Rootkits are a type of stealth malware. The “Root” part of the name originated from the traditional admin account on Unix-based Operation Systems. The “Kit” part of the name relates to the components that implement the tool.
Nearly all rootkits work in the same way. They are designed to bury themselves deep within the Kernel, which is the core of Desktop and Android operating systems. The rootkits main purpose is to either execute a worm onto the device or to open up a backdoor to it. The reason Rootkits are extremely hard to trace is down to where they hide. More can be found out about Kernel here.
With most cases where a rootkit has infected a device a reinstall of the Operating System is usually required to fully remove it. If you would like to find out more about Rootkits click here.
Bootkits work in a similar way to Rootkits, however they are designed to infect the Master Boot Record (MBR) or the Volume Boot Record (VBR) of an Operating System. Bootkits are stored in Protected Mode within the system memory instead of the storage drive with the Operating System. This means that even after a full system reboot the Bootkit remains active, running and very hard to remove.
More about Bootkits can be found here.