Malware

What it is:

• Malicious program that attaches itself to a legitimate file or program (the Host)
• Infects machine when host file is run or opened
• Typically cannot run itself, needs human intervention

What it does:

• Harmless as presenting “I’m here!”
• Dangerous as deleting files
• Trigger immediately or wait for instructions or wait for a specific date

How it spreads:

• Via any files that move between computers (e.g. email)
• Once on machine, looks for files to infect
• Relies on user transmission of those files

What it is:

• Disguises itself as useful software or legitimate files.
• Typically cannot run itself, needs human intervention.

What it does:

• Harmless as changing icons on your desktop.
• Dangerous as opening “back doors” to the machine.

How it spreads:

• Purely human intervention; “invited” onto system.
• Cannot replicate itself.
• Opening files or images…

What it is:

• Malicious program that spreads itself without a Host.
• Designed to duplicate and spread via network.

What it does:

• Can cause network problems (heavy traffic).
• Acts of vandalism are rare but possible.
• Will often open “back doors” to the machine.

How it spreads:

• Replicates itself on the same machine.
• Capable of spreading itself often via email.
• Via network, often through their own back doors.

What it is:

• Normally legitimately installed software.
• Free software paid for by the advertisements (to recoup development costs).

What it does:

• Downloads and/or displays ads on your machine.
• Provides a free version of software.

How it spreads:

• Downloaded and installed deliberately by user.
• May note sites you visit and display corresponding advertisements (SpyWare).

What it is:

• Any program that monitors your behavior: e.g. surfing habits, sites visited.

What it does:

• Record and deliver info you enter online.
• Can install software, redirect browser.

How it spreads:

• Piggy-backs on other software; not as a virus as it’s often intentional.
• Can operate like a Trojan e.g. fake security software.
• Tricks users into bypassing security.

What it is:

• Program(s) which hide deep on your system.
• Replaces system files which then hide processes.

What it does:

• Allows unauthorized access to your machine.
• Sniffers, keyloggers, zombie computer.

How it spreads:

• Spread as Viruses or Trojans (not Worms).
• Rarely spreads itself any further once infected.

What it is:

• Spyware that records personal data.
• Refers to a collection of machines.

What it does:

• Very low-key – it wants to remain hidden.
• Gathers information and relays it (e.g. banking).
• Used for identity theft, compromise online acts.

How it spreads:

• Spread via Trojans or like Worms
• Scan local environment to find vulnerable machines

What it is:

• Attempt to gain personal information such as passwords or account information fraudulently e.g. Email masquerading as bank representative.

What does it do?

• Gain access to account, or identity theft

How it spreads:

• The majority of attempts happen via email.
• Also Instant Messaging and Social Networking.
• Refer to websites that look like the original.

What it is:

• Attempt to leverage personal information such as passwords, other account information, or computer data behind a ransom/pay-wall. All of the above malware types can also be ransomware. 

What it does:

• Restricts user access to information or data until a ransom is paid.

How it spreads:

• The difference between them is that the attackers encrypt the data or prevent user access by other means(i.e. encrypting ransomware or screen lockers), although there are types of ransomware that utilize viruses to "scare" the user into paying the ransom, without actually having control over their data. This is called scareware, and it is closely associated with the fear-tactics used in phishing attempts.
• In any case, if you see a message telling you that your data has been compromised, and that you have to pay a ransom to get it back, please contact the ITS Helpdesk.

Bad or suspicious links, especially in HTML email, what a link says might not be where it’s actually going.

Dangerous attachments: Attachments can contain the malware itself, which might or might not be caught by antivirus tools. As a rule of thumb, don’t open one unless you know exactly who sent it and what it contains.

Phishing:  Tricking a user into giving away personal or financial information

Out of date software: may have vulnerabilities which can be exploited. Be sure to apply all patches and updates.

Browser plugins: are popular targets because they are easy to install and often don’t get updated.

Operating system: are the primary line of attack for malware developers. Run security patches and updates regularly.

Legitimate websites can contain dangerous links or harmful code:

• Facebook (stolen passwords)
• Forums, blogs, etc.
• Security holes in webservers
• Bad advertisements / popups

Search engines: can be tricked or "seeded" with malicious sites

Some attacks can happen without any interaction from you:

• Sometimes called drive-by downloads
• Usually associated with a browser or plugin vulnerability