Note: If you have any questions on the following information, please don't hesitate to contact the ITS Helpdesk via our support portal at go.carleton.edu/helpdesk, by phone at 507-222-5999, or through email at helpdesk@carleton.edu.
Malware is an umbrella term for various types of malicious software. This term encompasses Viruses, Worms, Trojans, Adware, and more. Common symptoms of a malware infection include slow computer performance; difficulty registering or accessing the network; the inability to run software updates or anti-virus software, and unexplained pop-up warnings, errors, or ads. This article will review some basic information about various types of malware, how to recognize it, and what to do about it.
Student-owned computers suspected of having any kind of malware infection can be dropped off free of charge at the ITS Helpdesk from 8 am 5 pm Monday - Friday.
Types of Malware
Virus (click to show/hide):
What it is:
- Malicious program that attaches itself to a legitimate file or program (the Host)
- Infects machine when host file is run or opened
- Typically cannot run itself, needs human intervention
What it does:
- Harmless as presenting “I’m here!”
- Dangerous as deleting files
- Trigger immediately or wait for instructions or wait for a specific date
How it spreads:
- Via any files that move between computers (e.g. email)
- Once on machine, looks for files to infect
- Relies on user transmission of those files
Trojan (click to show/hide):
What it is:
- Disguises itself as useful software or legitimate files.
- Typically cannot run itself, needs human intervention.
What it does:
- Harmless as changing icons on your desktop.
- Dangerous as opening “back doors” to the machine.
How it spreads:
- Purely human intervention; “invited” onto system.
- Cannot replicate itself.
- Opening files or images…
Worms (click to show/hide):
What it is:
- Malicious program that spreads itself without a Host.
- Designed to duplicate and spread via network.
What it does:
- Can cause network problems (heavy traffic).
- Acts of vandalism are rare but possible.
- Will often open “back doors” to the machine.
How it spreads:
- Replicates itself on the same machine.
- Capable of spreading itself often via email.
- Via network, often through their own back doors.
Adware (click to show/hide):
What it is:
- Normally legitimately installed software.
- Free software paid for by the advertisements (to recoup development costs).
What it does:
- Downloads and/or displays ads on your machine.
- Provides a free version of software.
How it spreads:
- Downloaded and installed deliberately by user.
- May note sites you visit and display corresponding advertisements (SpyWare).
Spyware (click to show/hide):
What it is:
- Any program that monitors your behavior: e.g. surfing habits, sites visited.
What it does:
- Record and deliver info you enter online.
- Can install software, redirect browser.
How it spreads:
- Piggy-backs on other software; not as a virus as it’s often intentional.
- Can operate like a Trojan e.g. fake security software.
- Tricks users into bypassing security.
Rootkit (click to show/hide):
What it is:
- Program(s) which hide deep on your system.
- Replaces system files which then hide processes.
What it does:
- Allows unauthorized access to your machine.
- Sniffers, keyloggers, zombie computer.
How it spreads:
- Spread as Viruses or Trojans (not Worms).
- Rarely spreads itself any further once infected.
Botnet (click to show/hide):
What it is:
- Spyware that records personal data.
- Refers to a collection of machines.
What it does:
- Very low-key – it wants to remain hidden.
- Gathers information and relays it (e.g. banking).
- Used for identity theft, compromise online acts.
How it spreads:
- Spread via Trojans or like Worms
- Scan local environment to find vulnerable machines
Phishing (click to show/hide):
What it is:
- Attempt to gain personal information such as passwords or account information fraudulently e.g. Email masquerading as bank representative.
What does it do?
- Gain access to account, or identity theft
How it spreads:
- The majority of attempts happen via email.
- Also Instant Messaging and Social Networking.
- Refer to websites that look like the original.
Ransomware (click to show/hide):
What it is:
- Attempt to leverage personal information such as passwords, other account information, or computer data behind a ransom/pay-wall. All of the above malware types can also be ransomware.
What it does:
- Restricts user access to information or data until a ransom is paid.
How it spreads:
- The difference between them is that the attackers encrypt the data or prevent user access by other means(i.e. encrypting ransomware or screen lockers), although there are types of ransomware that utilize viruses to "scare" the user into paying the ransom, without actually having control over their data. This is called scareware, and it is closely associated with the fear-tactics used in phishing attempts.
- In any case, if you see a message telling you that your data has been compromised, and that you have to pay a ransom to get it back, please contact the ITS Helpdesk.
Vectors to Infection
Email (click to show/hide):
Bad or suspicious links, especially in HTML email, what a link says might not be where it’s actually going.
Dangerous attachments: Attachments can contain the malware itself, which might or might not be caught by antivirus tools. As a rule of thumb, don’t open one unless you know exactly who sent it and what it contains.
Phishing: Tricking a user into giving away personal or financial information
Software Vulnerabilities (click to show/hide):
Out of date software: may have vulnerabilities which can be exploited. Be sure to apply all patches and updates.
Browser plugins: are popular targets because they are easy to install and often don’t get updated.
Operating system: are the primary line of attack for malware developers. Run security patches and updates regularly.
Malicious or Compromised Websites (click to show/hide):
Legitimate websites can contain dangerous links or harmful code:
- Facebook (stolen passwords)
- Forums, blogs, etc.
- Security holes in webservers
- Bad advertisements / popups
Search engines: can be tricked or "seeded" with malicious sites
Some attacks can happen without any interaction from you:
- Sometimes called drive-by downloads
- Usually associated with a browser or plugin vulnerability
Tips to Help Avoid Infections
Mac users: While it is true that there are far fewer infections for Mac computers, Macs are not invulnerable and can be infected. In addition, infected files may be transferred via Mac as, for example, email attachments. Don't assume you don't need to be protected or be careful just because you're on a Mac!
It's nearly impossible to guarantee a way to avoid infections, but here are some good things to keep in mind:
Have active and up-to-date anti-malware software: Anti-malware software is important in keeping your personal machine safe and usable. We believe that the default anti-virus programs on personal machines, Windows Defender and macOS built in defenses, are sufficient at keeping your laptop clean. A helpful addition would be to download a free scanning software, such as ThreatDown (aka Malwarebytes), to run a full scan of your machine every week. We believe those two things in tandem should keep your computer virus free.
There are more extensive, all-in-one tools which you can purchase, often on a subscription model. If you choose such a tool, you must ensure that you keep the subscription up-to-date. If you don't, the software will stop updating itself and will be unable to detect the most recent malware releases and variations.
Pause and consider links and downloads before clicking and installing: Even trusted sources sometimes get hacked and can provide infected content. Take a moment and think about how likely it is that the action you're about to take will be safe — were you expecting that attachment? Do you really need that software to do what you're doing?
Be suspicious of very scary warning messages: They're almost always malware themselves, especially if you have to click or install something to further scan your computer.
Ask questions: If you're not sure about something, and don't know how to proceed, stop by the ITS Helpdesk or give us a call at 507-222-5999, and we will help you out.