AP®︎/College Computer Science Principles
Malware is malicious software that's unknowingly installed onto a computer. Once installed, malware often tries to steal personal data or make money off of the user. Fortunately, there are multiple ways that users can protect their computing devices and networks.
Types of malware
Malware can take many forms:
A trojan horse is a harmful program that masquerades as a legitimate program, and is often downloaded onto computers by unknowing users. Once the user runs the program, it can start inflicting its damage.
Diagram of a laptop with a file on it. File is named "safe.exe" but has an icon of a skull and crossbones inside, signifying malicious code.
A virus is self-replicating: it contains code that copies itself into other files on the system. Viruses may hide in the code of a legitimate program.
Diagram of a laptop with 3 files on it. First file is named "real.exe" and contains a string of binary data plus a skull and crossbones. Arrows go from the first file to two other files with similar contents.
A worm is also self-replicating, but it copies itself into entirely different computers within the network. It can travel along networked protocols such as email, file sharing, or instant messaging. Many worms don't take any harmful action besides replicate themselves, but even those worms can disrupt a network by hogging bandwidth.
Diagram of 3 laptops. First laptop has a file with a skull & crossbones inside it, signifying malicious code. Arrows go from the first laptop to 2 other laptops, and the 2 laptops also have the same file on them.
The most dangerous malware uses all three techniques, such as the ILOVEYOU worm that infected over 10 million personal Windows computers in the year 2000. Here's how it worked:
- The trojan phase: First, a user opens an email with subject line ILOVEYOU in the email application Outlook. They excitedly discover a love letter for them and download the attachment. However, the "love letter" is actually an executable program.
A screenshot of an email in Microsoft Outlook. The email has Subject "ILOVEYOU" and text that says "kindly check the attached LOVELETTER coming from me." The attachment has the filename "LOVE-LETTER-FOR-YOU.TXT.vs"
- The virus phase: The program searches for files on the operating system with certain extensions (such as JPG) and overwrites them with a copy of itself.
- The worm phase: The program sends an email with the "love letter" to every contact in the Outlook address book. The cycle begins again!
The ILOVEYOU worm is estimated to have cost $5 to $15 billion in terms of removal, recovery, and lost productivity. It also led to new legislation in the Philippines (the home of the worm creators) that makes it illegal to unleash such destructive malware on the world.
The effects of malware
Once malware gets onto a computer, it can cause damage in multiple ways.
Spyware steals data and sends it back to the malware creators. A common form of spyware are keyloggers, programs that monitor everything a user types including, of course, their many passwords.
🔍 You can try out a simulated keylogger below. This one isn't sending any data to a server like a real keylogger would, but even so, it's better to not type in any real information.
Adware pops up advertisements to users. The ads either earn money for the malware creators or urge users to download other forms of malware.
Ransomware holds a computer hostage by encrypting user data or blocking access to applications, and it demands the user pay a ransom to the anonymous malware creators.
In 2017, the WannaCry computer worm spread through nearly 200,000 computers across 150 countries. The malware encrypted user data and only decrypted the data if the user paid $300 in Bitcoin to the creators.
A screenshot from the WannaCry computer worm. It says "Oops, your files have been encrypted!" and includes instructions about how to pay them to decrypt the files. There are two countdowns, one counting down to a date when the payment will be raised and another counting down to a date the files will be lost forever.
Cryptomining malware utilizes a computer's resources to mine for cryptocurrency. That allows the creators to earn cryptocurrency without needing to spend money on powering their own computers.
Attackers are constantly finding new ways to compromise systems. Fortunately, at the same time, security engineers are coming up with protection mechanisms.
A security patch is an update to the code of an application or the entire operating system, and often fixes a bug that's been exploited by malware. Computers, including mobile phones and hardware devices, should always keep up to date with security patches to reduce the risk of malware.
A firewall is a system that monitors incoming and outgoing network traffic to a computer or internal network, and determines what traffic to allow. Firewalls can do automated detection of suspicious traffic and can also be configured manually. Firewalls cannot identify and block all malware, but they are a useful line of defense for what they can identify.
Antivirus software protects an individual computer by constantly scanning files and identifying malware. Once an antivirus program finds a piece of malware, it can guide the user through deleting or repairing the file to be safe again. Of course, new kinds of malware are invented all the time, so antivirus programs must constantly update their list of known malware.
🙋🏽🙋🏻♀️🙋🏿♂️Do you have any questions about this topic? We'd love to answer—just ask in the questions area below!
Want to join the conversation?
- Will you get infected if you click a random link(6 votes)
- You might if it contains an exploit that your browser is vulnerable to.(5 votes)
- Is it possible to buy a fire wall?
Also could i build one(5 votes)
- Your computer should have a firewall already from the operating system, so you don't really need to buy one. However, some antivirus software will come with its own firewall that you can use instead of the operating system's firewall.
Technically, you could build your own firewall. However, you probably shouldn't. Generally, implementing your own cybersecurity software is a bad idea. It is easy to get something wrong and leave it vulnerable. It is better to stick with software that has been professionally reviewed for security vulnerabilities.(3 votes)
- How do I find out what protection I already have on my phone or computer? Where would I purchase malware protection software?(4 votes)
- You can usually find the security software information within the device settings under security.
If you wish to purchase additional/alternative software to protect your device, you can search for antivirus programs on the internet. Make sure to read reviews of the software and you should look at comparisons people have put together on various antivirus programs. You might want to consider factors such as cost, the impact on computer performance, malware detection rates, and what additional features the software might have (e.g. game performance boosting, password manager, web protection, firewalls).(5 votes)
- What is the difference between a worm and a virus?(2 votes)
- A virus requires human actions to spread while a worm can spread automatically.(4 votes)
- Window firewall is enough or should we install and use another firewall software?(1 vote)
- The built-in security solutions that come with the Windows OS have been improving in the last few years, and they can certainly be relied upon when the system is unlikely to encounter significant cyber threats.
There are better antivirus solutions on the market, but many of these solutions will have an accompanying cost. If you want to look into other solutions, there are a myriad of software products out there: Norton AntiVirus, McAfee, Trend Micro, etc. It will be up to you to determine the level of security you need.
To further this, the best protection is prevention. Be wary of malicious actors when interacting with material online and stay away from websites that do not have a trustworthy host.(4 votes)
- in protection can you use a proxy? or is that also considered a firewall?(2 votes)
- I don't know, but you can try asking pamera, she's one of the teachers.
Oh, are you japanese? Your name sounds so.(2 votes)
- I have a question! I once have a memory card which has 8GB storage but I got virus on that card. I don't remember how I got virus but it keeps duplicating the files on that memory card infinitely. So I checked its storage space and its show 10TB. I really have no idea how virus increase its storage space. It only have 8GB storage but in my computer it showed 10TB. Is it possible that virus can manipulate computers to misread the storage amount? Or is the virus increased the SD storage space ( I dun think this is possible though :")))?(1 vote)
- To add storage space the software needs to add components, and it can't do that, so it must be reading the storage space wrong.(2 votes)
- How many malware's are there besides the one's in the text?(1 vote)
- It is impossible to know. I once made a simple "malware" that i used on my self, though i designed it to have no long term effect. and also only work if the OS's settings are set to a specific setting. I never did anything with it, but it exists. My point is that anyone could have made a malware and its possible that no one knows about it. There are easily over 100,000 malwares that are public, maybe even over a million, though most of them are very shallow, and won't do much. By the definition in the article, sending someone a mp4 of a rickroll meme is malware, It's just that the intent is different than most malware. Based on this, we can see that it is quite hard to even define what is a malware.(1 vote)
- How do I find out what protection I already have on my phone or computer?(1 vote)
- Are the creators of different malware able to make malware with the ability to damage or even destroy the devices firewall or no?(1 vote)