Malware, explained.

I take issue with the virus metaphor. Comparing malware with a virus tends to suggest that they are somehow more what they are: a program.

Malware is just an application which performs instructions outlined by an attacker.  The attacker needs to get the user to launch the application and often desires to prevent the user from terminating the application. Malware does not need to be visible; often much development time is spent writing malware that is as hidden as possible. It is much easier to exploit a user who is complacent — so why advertise that the user has a reason to not trust you?

You better be clicking here before clicking on an Antivirus installer.

If the attacker cannot convince you to launch the virus they must convince something on your computer to launch it.

One common attack is to create an image or applet which loads in a specific web browser or a plugin installed on it. If the attacker knows vulnerabilities for that specific browser or plugin version they can exploit that vulnerability and convince the application to execute instructions in the data that the attacker added exactly where the vulnerable program would accidentally look. Those instructions would have the same permissions as the vulnerable program because the computer could not tell that it is not the vulnerable program. These vulnerabilities are regularly patched which would make you immune to those attacks.

((Technically, DEP might have a chance at stopping it… but only conditionally and it is beyond this article.))

A major problem occurs if you are behind on your updates: you are vulnerable to publicly known exploits. The publicly available patch had to have fixed something, right?

I’m no security phoney…

Mobile devices are just as at risk. The phone creator gives you reduced permissions to attempt to prevent you from installing untrusted code. If you have ever heard of someone jailbreaking their phones then you know that there exists a process to remove admin privileges from the phone creator and give them to yourself. Jailbreakme.com allows you to seize permissions from your iOS device just by browsing a website — imagine a different website which gave the permissions to someone other than you?

A few years ago, iOS had an error in the way that they handle SMS text messages. It was entirely possible for someone to send you a series of text messages and take over your phone. After all, text messages are just data which originates from an untrusted source. If the phone is not patched against that weakness then you are vulnerable.

Thankfully, that just has not happened on a massive scale yet. Just do not be complacent and believe it cannot happen.

As for malware itself, it exists for many purposes:

  • Delivering pop-up or spam advertisements to you (not so much any more)
  • Extort website owners with threats of flooding traffic from thousands of infected PCs to block legitimate users
  • Steal information such as credit card numbers and contacts to scam them posing as you/vice versa
  • Lock the infected PC and demand money to clean it
  • Government espionage

… and so forth.

In almost every case the attacker intends to use your device for financial gain. That is why people do these sorts of things: to make money. Attacks will become progressively less profitable as users become progressively more aware about the situations they face. Eventually most, but not all, attackers will simply find a better job somewhere else — hopefully this time more legal.

Read on to see what antimalware does about this problem and what you can do, yourself.

« PreviousNext »