Malware / Viruses

Intro

Starting off, this article does not cover all the different types of malwares. It only covers the most commons one. I might also make individual posts for each type of malware since there is quite a bit of things to cover for each type. Since each person has a different view on what is considered a malware or a virus, let me clarify my definition. I consider something a malware or a virus when it does something harmful to your personal computer or when it does something which like gather or store private information without permission or acknowledgement. Malware can also be something like Adware which just displays ADs on your PC.

Adware

As the name suggests, this type of malware usually just fills your PC with advertisements. This type of malware does not usually harm your PC, all it really does is just displaying promotions. People usually get this by installing some form of infected freeware or shareware. Take note that, the owner of the freeware can intentionally implement the adware. This can be used to generate some form of income or money for the owner signing up for it. Once the infected program is launched, the adware begins it’s work. it installs itself silently without your knowledge or permission. Once done installing, it would usually wait for a reboot or even start showing ads right after installing. Waiting for a reboot would usually confuse the owner of the PC as they would not know exactly where it came from. Starting directly after installing however would give the adware away instantly as it would be obvious that the adware had came from the freshly installed program.

Spyware

Similar to adwares, spywares are harmless. Harmless in a way that it does not damage your PC. However, as the name suggests, it does in a way spy on your PC. This can go from just stealing messages sent from programs like discord or steam to stealing bank information and passwords to online websites. Spywares usually is a program which collects information from your PC which is sent to a third party without your permission. Note that a key logger ( something that logs your key strokes ) is in a way considered a spyware. Spywares like adware usually installs itself silently, however unlike adware, spyware can stay silent for it’s whole lifetime. This makes spyware very hard to notice. Anyone, even you, can have a spyware in your PC and not notice until you manually analysis the PC, assuming the spyware went under your anti virus’s radar.

Ransomware

If you are familiar with the May 2017 attack, you would know a ransomware also known as WannaCry. It was not the what the program did to the PC but how it spread that made it so big. Anyways, ransomware usually encrypts or even deletes important files to then ask for a ransom to be paid to get it back. Obviously, there is usually no way to know if you get back your files after paying the ransom. These payments are usually done using crypto currency. Payments like this is, in theory, untraceable or refundable. Ransomwares like this are very harmful to your PC, running a well designed ransomware can fly under the radar and basically encrypt everything in your PC which isn’t needed to boot up your computer. Other thing to take note is that if you are ever infected by a ransomware, it is better to just reset or format you drives and reinstall windows or other operating systems you use.

Rootkits

Rootkits are usually paired with another program which runs in user mode. Rootkits ( drivers .sys ) are one of the most powerful type of malwares out there. Along side Bootkits, a well designed Rootkits can stay undetected in your PC forever and have full control of your PC. Why? Rootkits are runs in kernel mode, i have explained kernel mode in another post. This means that the rootkit basically has full control over your PC and your whole operating system, having access that normal usermode program does not have. Due to this, rootkits can hook onto APIs both kernel mode and usermode and basically return whatever they want to return. So lets say, if the creator of the rootkit wants to hide a process, they can easily do this by hooking onto APIs which enumerate the running processes and just make it so that the process that they want to hide is not in the list, but skipping the process or even unlinking it. There is good news though, rootkits when installing makes a lot of noise and leaves quite a few traces. Anti viruses takes advantage of this by setting callbacks and hooks of their own to check what drivers are going to load and even return an access denied if the driver is seemed to be malicious. This however only works if the anti virus is installed before the rootkit, that is why it is always a good idea to install an anti virus rather then waiting to be infected to do so. Some advance anti viruses can detect rootkits even after it is installed, however if the rootkit is well designed and clears it’s traces when installing, they can easily be hidden. Other disadvantages that rootkits have is that windows themselves have added features like PatchGuard and DSE ( Explained in my other post ), and how the software requires some form of elevated privileges ( Malware can hijack programs with admin rights to bypass this ).

How Viruses Can Spread

There are many ways that a malware or a virus can spread. Here are a few ways that viruses can spread

  • Email Links ( Links In Scams Like Winning A Lottery )
  • Websites ( Abusing How The Browser Works Or Doing A Driver By Download )
  • Social Engineering ( Convincing People To Run The Program Or Spread It )
  • Infected Cracked Programs ( Cracking Premium Programs And Adding A Back Door To It )

Word Of Advise

Avoiding malwares can be quite simple. It just requires you to be cautious. Things such as using websites like VirusTotal to scan files that seems fishy. There are also programs such as “Process Hacker” which can help you monitor processes in your PC. You can also do things like verifying digital signatures that programs have or having seconds thoughts on giving a random program without a proper digital signature admin rights. Most malwares can’t function without admin rights, you can use this to your advantage by investigating programs which are not signed and wants admin rights. Other things like not clicking on links on emails whose sender is not known to you and prevent unnecessary visits to your local computer shop.

If you are ever infected by a virus or suspect something off ( things like not being able to open task manager or not being able to do curtain things all of a sudden ), i would advise you to call a professional or just backing up the important files and reinstalling the operating system on a formatted drive or a fresh drive.

Leave a Reply