If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

## Computers and the Internet

### Course: Computers and the Internet>Unit 4

Lesson 4: Cyber attacks

# Computer malware

AP.CSP:
IOC‑2.B (LO)
,
IOC‑2.B.10 (EK)
,
IOC‑2.B.7 (EK)
,
IOC‑2.B.8 (EK)
,
IOC‑2.B.9 (EK)
,
IOC‑2.C (LO)
,
IOC‑2.C.2 (EK)
,
IOC‑2.C.7 (EK)
Malware is malicious software that's unknowingly installed onto a computer. Once installed, malware often tries to steal personal data or make money off of the user. Fortunately, there are multiple ways that users can protect their computing devices and networks.

## Types of malware

Malware can take many forms:
A trojan horse is a harmful program that masquerades as a legitimate program, and is often downloaded onto computers by unknowing users. Once the user runs the program, it can start inflicting its damage.
Diagram of a laptop with a file on it. File is named "safe.exe" but has an icon of a skull and crossbones inside, signifying malicious code.
A virus is self-replicating: it contains code that copies itself into other files on the system. Viruses may hide in the code of a legitimate program.
Diagram of a laptop with 3 files on it. First file is named "real.exe" and contains a string of binary data plus a skull and crossbones. Arrows go from the first file to two other files with similar contents.
A worm is also self-replicating, but it copies itself into entirely different computers within the network. It can travel along networked protocols such as email, file sharing, or instant messaging. Many worms don't take any harmful action besides replicate themselves, but even those worms can disrupt a network by hogging bandwidth.
Diagram of 3 laptops. First laptop has a file with a skull & crossbones inside it, signifying malicious code. Arrows go from the first laptop to 2 other laptops, and the 2 laptops also have the same file on them.
The most dangerous malware uses all three techniques, such as the ILOVEYOU worm that infected over 10 million personal Windows computers in the year 2000. Here's how it worked:
• The trojan phase: First, a user opens an email with subject line ILOVEYOU in the email application Outlook. They excitedly discover a love letter for them and download the attachment. However, the "love letter" is actually an executable program.
A screenshot of an email in Microsoft Outlook. The email has Subject "ILOVEYOU" and text that says "kindly check the attached LOVELETTER coming from me." The attachment has the filename "LOVE-LETTER-FOR-YOU.TXT.vs"
• The virus phase: The program searches for files on the operating system with certain extensions (such as JPG) and overwrites them with a copy of itself.
• The worm phase: The program sends an email with the "love letter" to every contact in the Outlook address book. The cycle begins again!
The ILOVEYOU worm is estimated to have cost $5 to$15 billion in terms of removal, recovery, and lost productivity. It also led to new legislation in the Philippines (the home of the worm creators) that makes it illegal to unleash such destructive malware on the world. start superscript, 1, end superscript

## The effects of malware

Once malware gets onto a computer, it can cause damage in multiple ways.
Spyware steals data and sends it back to the malware creators. A common form of spyware are keyloggers, programs that monitor everything a user types including, of course, their many passwords.
🔍 You can try out a simulated keylogger below. This one isn't sending any data to a server like a real keylogger would, but even so, it's better to not type in any real information.
Ransomware holds a computer hostage by encrypting user data or blocking access to applications, and it demands the user pay a ransom to the anonymous malware creators.
In 2017, the WannaCry computer worm spread through nearly 200,000 computers across 150 countries. The malware encrypted user data and only decrypted the data if the user paid \$300 in Bitcoin to the creators. squared
A screenshot from the WannaCry computer worm. It says "Oops, your files have been encrypted!" and includes instructions about how to pay them to decrypt the files. There are two countdowns, one counting down to a date when the payment will be raised and another counting down to a date the files will be lost forever.
A screenshot of the WannaCry ransom message
Cryptomining malware utilizes a computer's resources to mine for cryptocurrency. That allows the creators to earn cryptocurrency without needing to spend money on powering their own computers.

## Protection

Attackers are constantly finding new ways to compromise systems. Fortunately, at the same time, security engineers are coming up with protection mechanisms.
A security patch is an update to the code of an application or the entire operating system, and often fixes a bug that's been exploited by malware. Computers, including mobile phones and hardware devices, should always keep up to date with security patches to reduce the risk of malware.
A firewall is a system that monitors incoming and outgoing network traffic to a computer or internal network, and determines what traffic to allow. Firewalls can do automated detection of suspicious traffic and can also be configured manually. Firewalls cannot identify and block all malware, but they are a useful line of defense for what they can identify.
Antivirus software protects an individual computer by constantly scanning files and identifying malware. Once an antivirus program finds a piece of malware, it can guide the user through deleting or repairing the file to be safe again. Of course, new kinds of malware are invented all the time, so antivirus programs must constantly update their list of known malware.

## Want to join the conversation?

• Will you get infected if you click a random link
• You might if it contains an exploit that your browser is vulnerable to.
• Is it possible to buy a fire wall?
Also could i build one
• Your computer should have a firewall already from the operating system, so you don't really need to buy one. However, some antivirus software will come with its own firewall that you can use instead of the operating system's firewall.

Technically, you could build your own firewall. However, you probably shouldn't. Generally, implementing your own cybersecurity software is a bad idea. It is easy to get something wrong and leave it vulnerable. It is better to stick with software that has been professionally reviewed for security vulnerabilities.
• Window firewall is enough or should we install and use another firewall software?
• The built-in security solutions that come with the Windows OS have been improving in the last few years, and they can certainly be relied upon when the system is unlikely to encounter significant cyber threats.

There are better antivirus solutions on the market, but many of these solutions will have an accompanying cost. If you want to look into other solutions, there are a myriad of software products out there: Norton AntiVirus, McAfee, Trend Micro, etc. It will be up to you to determine the level of security you need.

To further this, the best protection is prevention. Be wary of malicious actors when interacting with material online and stay away from websites that do not have a trustworthy host.
• What is the difference between a worm and a virus?
(1 vote)
• A virus requires human actions to spread while a worm can spread automatically.
(1 vote)
• Are the creators of different malware able to make malware with the ability to damage or even destroy the devices firewall or no?
(1 vote)
• How do hackers create malware?
• They code the malware.