Viruses, spyware, malware, ransomware?! What’s the difference?
Seems like just yesterday when computer viruses were all the rage. I was on vacation at the beach when my daughters were just babies the first time a virus tried to take over my little corner of the world. I got a phone call on my very first cell phone (picture half a brick hanging on my belt) that morning as we were eating breakfast. My boss explained that all the computers were useless because of the “I Love You” virus. But, not to worry, our corporate IT department was doing their best to address the issue and to just enjoy my vacation since there wasn’t anything I could do from 500 miles away. Thanks for the call.
By the time I got back to work the following week things were pretty well handled. The mail servers had been cleaned and everyone had been instructed that if they received another email with an attachment named “I Love You” to not open it. Because as soon as you did open it, the virus would send itself to everyone in your address book over and over again, and the cycle would repeat. Its only payload was self-replication, which was bad enough.
I hadn’t been back on the job for more than a couple of hours when I started getting dozens of emails with the “I Love You” attachment, all from the same person. I walked over to that person’s desk and I asked her if she had clicked on the attachment. Her very sheepish but matter of fact answer was “I couldn’t help it. It said I love you!” Well, there you go. I couldn’t argue with that.
But the worst experience I ever had with viruses was when I was working as the IT Director at a residential university. A new breed of viruses that spread to other computers over the network had just emerged as our students were returning to campus for the fall semester. What a nightmare. Every single student computer was infected within minutes of connecting their computers to the network. Many of our staff computers were infected too. The network was useless since it was clogged with tens of thousands of viruses trying to replicate themselves as quickly as possible. Now don’t be too harsh, this was still in the early days of viruses and it wasn’t common for anyone to have antivirus software on their computers yet. It took nearly 8 weeks of our entire IT department working very long days to finally clean all computers on campus and put protections in place. That experience shaped our work for several years afterward.
Now, to understand what a virus is, we need to start at the top with malware. Malware is an umbrella term for software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Underneath malware is all kinds of things like viruses, spyware, ransomware, bots, worms, trojans, adware, and several others you’ve probably never heard of.
A virus is a type of malware that inserts itself into a legitimate piece of software and attempts to replicate itself. If this sounds like a virus that attacks humans you’ll understand how it got its name. Most people use the term “virus” to generically refer to all types of malware just like many people still refer to all copiers as Xerox and even use the brand as a verb; “Let me Xerox a couple of copies for you”. I even used the term “virus” earlier to refer to the “I Love You” virus which is actually a worm.
The distinctive trait of a worm is that it’s self-replicating. Notice in my story about the “I Love You” worm that the file was an attachment as opposed to being a legitimate program that had been altered by a virus.
Worms have given me their fair share of angst over the years too. See if this sounds familiar: Someone notifies you that they received an email from you that doesn’t sound like you; could be an advertisement for male enhancement cream, herbal supplements, or whatever. They’re pretty sure you’ve been hacked and you agree with them. That’s when they usually ask me how it could have happened and what should they do about it. I get to explain that they probably haven’t been hacked and there really isn’t anything they can or should do about it. The most common way this happens is that someone else has their email in their address book and their computer (the other person’s computer, the identity of whom is a mystery) has a worm. The worm is either randomly or methodically choosing an email from the user’s address book and plugging it into the “from” field of the spam it is sending out. Then it sends an email to everyone else in the address book since the recipient is more likely to open the email if it comes from someone they know. The email doesn’t really come from that person’s email address, it just looks like it; the “from” address has been “spoofed” (another fun term that just means it has been faked”). Then the worm chooses another email from the address book to plug into the “from” field and the cycle continues. Confused yet? You can see why it’s so much fun to explain to someone convinced they’ve been hacked.
Spyware sounds particularly bad, and it can be. It’s defined loosely as malware that gathers information about you without your knowledge or consent and forwards it to a third party. This could be used as innocuously as aggregating a population’s web browsing habits for marketing research or as nefariously as harvesting your credit card number or stealing your identity. In either extreme though, you were never aware it was happening and never gave your consent.
Adware probably represents the biggest daily pain in your backside of all these simply because it is so visible and so prevalent. Adware is a type of malware that is designed to display advertisements on your computer and redirect your search requests to advertising websites to collect marketing data about you (source: kaspersky.com). Got any toolbars on your browser? Many of those fall into this category. Remember endless popups? Those too. This category probably does you the least amount of harm of any type of malware but it sure is annoying.
Ransomware is pretty scary stuff. It does just what it sounds like; takes something you value and then holds it for ransom. The malware encrypts your hard drive on behalf of the person who designed it (I’ll call them the kidnapper), and then demands you pay the kidnapper a ransom in order to get the key. That probably needs a little more explanation: encrypting a hard drive means that you make it impossible to read unless you have the cryptographic key. The key is a long series of letters, numbers, and symbols in a particular order. Without access to a supercomputer and a Ph.D. in cryptography, you probably aren’t going to guess the key. I have had one case of a computer with ransomware myself and I’ve known of many others as well. In my case, I just formatted the hard drive and restored from backup to have the user back to normal in a couple of hours. In all the other cases the person paid the ransom. But even paying the ransom doesn’t guarantee recovery of the data. The only guarantee against data loss in the case of ransomware is to have good backups that go back to the time before the hard drive began to be encrypted. It can take days or even weeks to fully encrypt a drive and for the trap to spring, so your backups must go back farther than that.
Botnets are actually kind of cool, Bad, but cool. Your computer becomes a “bot” when it is infected with malware designed to utilize its resources to do the bidding of the “botmaster”. A botmaster is a person who is in control of all the computers infected with their particular malware. This network of computers is called a “botnet”. Botnets can include thousands or even more computers. The largest known botnets have millions of computers and wield tremendous power. Botnets are used primarily for 1) sending spam, 2) denial of service attacks, and 3) creating more bots. You’re familiar with spam so I won’t say much about it other than your computer could be a bot used to send spam and you might never know it. The botmaster receives a very small payment for each piece of spam successfully sent. But when you can send millions of spam emails per day, it adds up and thus incentivizes the botmaster.
Denial of service attacks are a little more techie though. A simple explanation is that all the bots in a botnet try to communicate with a target at the same time for the purpose of shutting it down. Imagine if you had thousands or even millions of people trying to talk to you at the same time. Computers can carry on conversations much faster than humans, but they still have their limits; throw enough conversations at a computer and you’ll shut it down. Many, if not most large corporations and even small businesses have been the victims of denial of service attacks. If you are attacked and your systems aren’t able to handle it, your website will go offline for the duration of the attack and possibly beyond. Just imagine if Amazon or Netflix were successfully attacked in this way. If you haven’t figured out yet, don’t make a botmaster mad.
The last piece of malware I’ll tell you about is trojans. Trojans, short for Trojan Horse, get their name of course from the wooden horse filled with soldiers that the Greeks left just outside the gates of Troy seemingly as a gift to their god for withstanding their 10-year siege. The citizens of Troy were tricked into bringing the horse inside the city where the soldiers emerged under cover of night and opened the gates for the entire Greek army. Trojan malware tricks you into installing them under the guise of some legitimate use. The program may even do what you thought it was supposed to do (i.e. convert a video from one format to another), but it also performs other functions behind the scenes which you did not intend, like make your computer into a bot.
You might also have heard of “phishing” (pronounced “fishing”) when talking about malware. Phishing and fishing sound alike for a reason. Someone is phishing for your personal information to steal your identity, credit card, or money. They do this by sending you emails trying to get you to call or go to a website and give them the information. They pose as legitimate companies and do their best to trick you into giving them what they want. Another way they do this is when you’re on a website and all of a sudden you get an official-looking message that your computer has been compromised and you need to contact support immediately. They might even pretend to be Microsoft and give you a legitimate-looking webpage to go with it. You may not even be able to close the window further making you think it is your computer actually giving you the message. I have known several people to be fooled by these messages and call the number on their screen. Some of them have even allowed the person on the phone to take remote control of their computer, and some of them have even paid for this so-called support. By the way, if this ever happens to you the simple solution is to just turn off your computer immediately by pressing the power button for more than 5 seconds. That’s not normally recommended but for most users in this situation, that’s my recommendation. The message will not return when the computer is turned back on 99 times out of 100 as long as you don’t go back to that same website. And, if you are ever fooled into letting someone take remote control of your computer, the only surefire way to know your computer has not been compromised is to format the hard drive and reload from scratch.
The real question is what should you be doing to prevent all this mess from adversely affecting your business? Without going into detail you need to deploy defense-in-depth including at a minimum an edge firewall, DNS filtering, endpoint protections, policies, and user training. There is no way to be 100% protected from every perceivable threat but basic due diligence will mitigate the vast majority and keep your business in business.
Contact ProbityTec today at www.probitytec.com and let us show you just how economical and beneficial it is for us to manage all this for you.
Mr. Bentley started ProbityTec in early 2018. He explains that the word probity just means integrity and he requests that you stop using the word integrity in favor of probity from this day forward. ProbityTec provides managed IT services to small and medium size businesses, churches, and nonprofits throughout West Tennessee. Mr. Bentley can be reached at 731-410-7017 and firstname.lastname@example.org.