malware (viruses, worms et al)

What is it?

Malicious software -- "malware" for short -- is an umbrella term for destructive entities such as viruses, worms and Trojan horses.  The common factor is that these digital invaders alter the way a computer operates, without the permission or knowledge of the user.

Like spyware (a distinct category of dangerous software), malware is an inevitable plague of modern computing life for anyone who wants to surf the Web or use email.

In a simpler time, the primary way a computer got infected was by physical contact -- sharing files on portable storage media like floppy disks.  Today malware more commonly arrives in electronic mail messages, either in a infected file attached to the email or via an enticing Web link within the message.

Malware can also be embedded in a downloaded file (e.g., an image or music file from a peer-to-peer service).  Or it can enter through an open network connection, without any inadvertent abetting action by a human user, if a computer does not have appropriate security protections.

Some malware inflicts damage directly on the computer that has become its host, by altering data files or programs.  Particularly vicious malware can destroy the contents of a computer's hard disk entirely, or otherwise render the system unusable. 

Others varieties commandeer the infected system to use for reproduction.  Destructive possibilities include using the compromised system as a "zombie host " for launches of denial-of-service attacks (flooding a target web site with requests) or for mass export of questionable materials (such as pornography).

In addition to wreaking obvious havoc with files and programs, malware may announce its presence by presenting text, graphics or audio.  (Some creators like to brag.)  Alternatively, malware may operate entirely in silence unless/until discovered, or an internal "sunsetting" clock shuts it down.  Lack of obvious symptoms is no guarantee of a clean bill of health.

It's essential!  Most organizations now scan email entering and leaving their networks, and most Internet Service Providers (ISPs) now offer some kind of network-level malware scanning.  But there is still no substitute for having up-to-date anti-virus software installed on your computer. 

The anti-virus software should be set to check all incoming email and email attachments, all files downloaded from Web sites, and all files transferred from removable media (floppies, CDs/DVDs, flash drives).  It should also be set to scan the system's entire hard drive regularly, to detect malware that has made it past your scans.

Separate "anti-spyware" protection is also recommended, unless this is built into the anti-virus software.  "Firewall" software (or hardware) to detect intrusions over network connections is also highly recommended for at-home systems, particularly those connected by DSL or cable modem.  (Your organization's network almost certainly has firewalls to protect you at work.).

Anti-virus and anti-spyware software will intercept and isolate any problems they detect, and attempt to un-do any associated damage to critical system files.

Not all infections can be reversed.  Some of your data files may not be recoverable.  In extreme cases, you may be required to re-install your computer's operating system, which will erase all your data files.  You will need to re-install your other software as well. 

For this reason -- as well as the ever-present risk of hard drive failure -- we strongly recommend that you have secure backup copies of critical files.  

While you have detected an infection and are undertaking a recovery, disconnect from the Internet.  This will prevent any further damage effected by remote control.

Unfortunately, the software can't do it all.  You will also need to practice "safe computing" to avoid (re)infestations:

Be cautious about email attachments.  Unless you are sure the email is from a reliable source, don't open the attachment.  Scanning with anti-virus software is a good safety step, but the newest malware may still get through because its signature isn't in the system yet.  Be conservative about your own use of attachments.  Cut and paste plain text into emails whenever possible.  Malware can't hide in that.

Be cautious about file downloads.  Even files from seemingly reliable places can contain malware.  Downloads from malware havens like peer-to-peer networks are practically guaranteed to produce an infection sooner or later.

Be cautious about links in email and on Web pages.  Links can trigger file downloads or start up executable files.  Be sure you know what you're clicking on.

Use appropriate security settings.  Your computer's operating system, browser and email software can be set to protect you against the most common forms of attack (e.g., by disabling macros and scripting languages).   

Keep your anti-virus and other protective software up to date.  Protective software must be regularly updated with new "signatures"  -- the digital fingerprints of malware -- in order to be effective at detecting the newest infestations.  Fortunately, most products can be set to install updates and new signatures automatically.

Keep up with upgrades for your computer's operating system, Internet browser and email software.  Malware designers target software vulnerabilities, particularly those for which recent "patches" have been issued.  You increase the odds of becoming a victim if you use un-updated software.  (Use whatever automatic update features are available for these too.)  

It is common to refer to all malware as "viruses."  Modern malware writers build increasingly complex hybrid beasts that blur the categories anyway.  But, in case you were wondering, the formal differences are these:

Viruses require a host for survival and reproduction, just like their biological namesakes.  Viruses must insert their code into an application like Word or Excel, or a data file for such programs, particularly ones that have macros or a scripting language capability.

Worms, by contrast, are self-replicating programs that do not need a separate software host.  Worms are generally "network-aware" creatures that can propagate by seeking out other connected computers with inadequate defenses.

Trojan horses -- or trojans -- are programs or data files that appear benign but carry a malicious payload like a virus. The term owes its origin to the famous wooden horse from Homer's Iliad, doing to the host computer what the Greeks did to Troy.

It may be easier simply to think of a malware infestation as any software combination that blends a malicious payload (the part that does the damage) and a propagation mechanism that allows it to spread.  

How are those beasts different from spyware?   The distinction is less one of form than of function.  Spyware is any software that aims primarily to extract information -- either by harvesting data stored on computers or by monitoring a user's computer activities. 

Since spyware is generally installed without users' knowledge, and does things that most users do not desire, it probably deserves to be labelled as malicious too.  (Companies that promulgate the less invasive forms of spyware -- designed primarily to track your behavior for marketing purposes -- prefer the term "adware.")

Spyware-avoidance requires some of the same defensive actions as malware-avoidance, so following the steps listed here will provide some protection.  However, full protection requires defenses that are unique to spyware, including software designed specifically to detect and eliminate it.  Read more about that here.

Defending against viruses and worms (Microsoft: Security At Home)
How computers get infected with viruses and worms, symptoms of infection, and ways to prevent it.

Home Computer Security (CERT Coordination Center)
The critical protective measures for your home computer, including anti-virus

Keeping your computer up to date (Microsoft: Security at Home)
Using Office Update, Windows Update, and Automatic Updates to keep Windows PCs safer.

Recovering from viruses, worms and Trojan horses (US-CERT)
Summary of the rules for malware avoidance, detection and recovery.

Understanding anti-virus software (US-CERT)
Basic information about what they do and how they work.

Last modified: 22-Apr-2006 [RC]