Malware, Viruses, Trojans Defined
by Ira Wilsker 


In the past week, I was called upon four more times to clean malware off of infected computers. One user had a major name brand antivirus program installed, running, and updated and could not understand how the malware had penetrated his antivirus software and contaminated his computer.  He had purchased the antivirus software last fall from a big box electronics store based on the recommendations of a salesperson. 


He had been told that this particular brand of security software was the best as it was their top seller, and that antivirus software was all that he really needed.  Based on that recommendation he plopped his hard earned money on the counter, went home, installed it, updated it, and blissfully surfed the internet, opened email attachments, downloaded software and music, and had just a jolly good time online until his computer gradually slowed to a crawl, and friends informed him that they were receiving spam emails from him.  This user was perplexed, as his antivirus software was running, and indicated that it was updating several times a day. 


He just could not understand how 90 different malware programs had infected his computer.  His problem started when he purchased inadequate security software; while the product he bought was excellent at protecting his computer from viruses, and some Trojans and spyware, it did not offer the all-inclusive protection of the comprehensive security suite offered by that publisher (and others as well) that would have only cost him a few dollars more.


 There is a common misconception in user circles that viruses are the primary computing threat, as users have had heard about viruses for several years.  Today, viruses are present, but a relatively minor threat in terms of  prevalence.  I did a quick analysis of the most common new threats recently listed by TrendMicro, and found that viruses only made up 4% of the new significant threats to our computing security. 


On the other end of the spectrum, Trojans made up 42% of the commonly seen new threats, worms were at 14%, backdoors at 14%, web based threats were at 6%, java script malware was at 6%, 4% were hacking utilities, 2% adware, and about 8% other threats.  It is obvious that protective software that protects the computer primarily from viruses is failing to protect the user from the majority of contemporary threats; it is precisely this fact that led to this user's infected computer, despite his premium quality antivirus software. 


 A lot of users have a misconception about the common threats in circulation, believing that they are generically all viruses, but, as I saw in this case, this blissful ignorance may lead to a computing nightmare.

While not necessary to use a computer, it would likely be beneficial for computer users to be aware of the different threat groups that can impact our computing.  According to Wikipedia, "A computer virus is a computer program that can copy itself and infect a computer." 


Many viruses attach themselves to legitimate programs or data files on the infected computer.  The fact that a computer virus can copy itself to infect other computers is what makes it different from other types of malware, for which viruses are commonly confused.  Viruses can be spread through digital media (USB drives, CD or DVD discs, and floppy discs) or through network connections that the virus can use to copy itself to other attached computers.  Once a virus has infected a computer it may perform a variety of tasks as programmed by its author. 


Viruses may damage the data on a hard drive or degrade the performance of the computer.  Some of the viruses are stealthy and their effect may not be noticeable by the user, as the viruses do their damage in the background.  Some viruses are functionally benign, other than they reproduce themselves countless times on the infected hard drive, until they consume all of the free space on the hard drive.


Computer worms are a malicious computer program that wriggles through computer networks sending copies of itself to other computers attached to the network.  Most worms are free standing programs, and are commonly programmed to spread themselves through the network without any action by the user.  Most worms have an explicit nefarious function such as deleting files on the infected computer, or encrypting critical files, only releasing them after an extortion payment is made to the cyber criminal. 

Some worms open a backdoor into the computer that will enable the creator of the worm to take remote control of the computer, converting the computer into a "zombie" under his control, which can be used to generate revenue for the originator of the worm by sending spam mail from the infected computer, with the spam fees collected going to the author of the worm. 


Some worms are used to create a zombie network of computers, also called a "botnet", where the compromised computers can be used to launch directed cyber attacks on other computers or networks, in an act of cyber terrorism.

For those who are aware of the epic "Helen of Troy" of Greek mythology, the term "Trojan Horse" means an object looks like it serves one purpose, but really has an unobvious, usually nefarious, purpose.  Cisco, the networking company, describes a Trojan as, "It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems".


In cyber speak, a Trojan Horse, typically shortened to the simple moniker "Trojan" is a program that appears to have a useful function, but after being installed by the user, the Trojan may be used to perform other undesirable functions.  Some Trojans are money makers for their authors because they place paid (and usually unwanted) pop up advertisements (Adware) on the infected computer, redirect web searches, or shift online purchases to a seller not of the buyer's choice without his knowledge. 


 Some Trojans are keyloggers, which are commonly used for identity theft, or to give unauthorized users access to a computer system.  Trojans are often spread through intentionally downloaded software, surreptitiously bundled with another often legitimate program, from email attachments, and purloined websites with executable contact (ActiveX is sometimes used for this).  Some Trojans can be installed on the target computer by way of code written in Java, or a Java script, that when executed, implants the harmful content on the victim computer.


One of the more recent and costly types of malware to attack our computers is generically referred to as "Rogue Antivirus Software", which is usually implanted on the victim's computer by a Trojan.  There are thousands of these rogue programs in current circulation, infecting millions of computers at any given time.  Rogue antivirus is sometimes installed by the user using "social engineering" tactics, which tricks the user into clicking on something that installs the rogue software.  Some of the common lures to ensnare the user into loading rogue software on the computer are offers for free screen savers, toolbars, utilities to play specific video formats (often attached to an email), sham online security scanners, contaminated PDF files, insecure web browsers, and other vectors. 


The common thread of this rogue software is an authentic looking  popup that informs the user that his computer is (falsely) infected with hundreds of viruses and Trojans, and for a fee it will clean the computer.  These popups which will not permanently close will typically hijack the computer, destroy the installed legitimate security software, prevent access to online services that can kill it, prevent cleaning utilities from executing, and otherwise take control of the computer until the user pays a fee, typically $30 to $70.  This fee is to be paid by credit card or other online payment service to a website that looks legitimate, but is really a complete scam. 


Not just will the rogue software not clean the computer of the pseudo infections after the fee is paid, but now a cyber criminal, often in Russia, has the user's credit card information.  it is not uncommon for that same credit card information to promptly be sold on illicit websites, and to have substantial unauthorized charges appear on the compromised credit card account.


While there are many other cyber threats out there, those listed above are among the most commonly encountered by users.  The traditional antivirus software will protect from some of the threats listed, but not all of them; this enhanced security capability is in the purview of the comprehensive security suite, or a combination of different types of individual security utilities, and not the free standing antivirus program.  This is explicitly why I currently recommend a high quality integrated security suite, rather than an antivirus program.  There are several good commercial security suites available, as well as a few free security suites.  Just be aware that antivirus software by itself is inadequate to protect against today's contemporary cyber security threats.