Malware
Malware(in the jargon of anti-virus services " malware", English. malware, malicious software- "malicious software") - any software designed to gain unauthorized access to the computing resources of the computer itself or to information stored on the computer, with the aim of using the computer resources unauthorized by the owner or causing harm (damage) to the owner of the information, and / or to the owner of the computer, and / or the owner of the computer network, by copying, distorting, deleting or replacing information.
Synonyms
- badware (bad- bad and (soft) ware- software) - bad software.
- computer contaminant (computer- computer and contaminant- pollutant) - a term for harmful software, which is used in the laws of some US states, such as California and West Virginia.
- crimeware (crime- crime and (soft ware- software) - a class of malicious programs specially designed to automate financial crimes. It is not synonymous with the term malware (the meaning of the term malware is broader), but all programs related to crimeware are malicious.
Terminology
By its basic definition, malware is designed to gain unauthorized access to information, bypassing existing access control rules. The Federal Service for Technical and Export Control (FSTEC of Russia) defines these concepts as follows:
- Authorized access to information(English authorized access to information) - access to information that does not violate the rules of access control.
- Unauthorized access to information(eng. unauthorized access to information) - access to information that violates the rules of access control using standard tools provided by computer technology or automated systems. Regular means is understood as a set of software, firmware and technical support for computer equipment or automated systems.
- Access control rules(eng. access mediation rules) - a set of rules governing the access rights of access subjects to access objects
Other definitions of the term "malware"
According to Article 273 of the Criminal Code Russian Federation(“Creation, use and distribution of malicious programs for computers”) the definition of malicious programs is as follows: “... computer programs or changes to existing programs that knowingly lead to unauthorized destruction, blocking, modification or copying of information, disruption of the computer, system computers or their networks…”
It should be noted that the current wording of Article 273 interprets the concept of harmfulness extremely broadly. When the introduction of this article into the Criminal Code was discussed, it was understood that “unauthorized” would be considered actions of the program that were not explicitly approved. user this program. However, the current arbitrage practice also classifies as malicious programs that modify (with the authorization of the user) executable files and / or databases of other programs, if such modification is not allowed by their copyright holders. At the same time, in a number of cases, in the presence of a principled position of the defense and a competently conducted examination, a broad interpretation of Article 273 was declared illegal by the court.
Microsoft defines the term "malicious software" as follows: "Malware is short for 'malicious software', commonly used as a general term for any software that is specifically designed to harm an individual computer, server, or computer network, whether it is a virus, spyware, etc.”
Malware classification
Each antivirus software company has its own corporate classification and nomenclature of malware. The classification given in this article is based on the nomenclature of Kaspersky Lab.
By malicious load
| This section is missing references to information sources.
Information must be verifiable, otherwise it may be questioned and removed. Malicious software can form chains: for example, using an exploit (1), a downloader (2) is deployed on the victim's computer, which installs a worm (3) from the Internet. Symptoms of infection
However, it should be borne in mind that despite the absence of symptoms, the computer may be infected with malware. Anti-malware methodsAbsolute protection against malware does not exist: no one is immune from “zero-day exploits” like Sasser or Conficker. But with the help of some measures, you can significantly reduce the risk of malware infection. The following are the main and most effective measures to improve security:
Legal aspectsThe creation, use, and distribution of malicious software provides for various liability, including criminal liability, in the laws of many countries around the world. In particular, criminal liability for the creation, use and distribution of malware for computers is provided for in Article 273 of the Criminal Code of the Russian Federation. There are three criteria for a program to be considered malicious:
Clearer criteria by which software products (modules) can be classified as malicious programs have not been clearly specified anywhere so far. Accordingly, in order for the statement about the harmfulness of the program to have legal force, it is necessary to conduct a software and technical expertise in compliance with all the formalities established by the current legislation. Links
see also
Anti-malware software products
Notes
| |||||||||
And so on, a technically inexperienced person classifies all this as a virus.
What is the difference between virus, malware, trojan, worm, spyware and the like.
So, how much do you know about dangerous viruses, malware, trojans, worms, rootkits, adware, ransomware, exploit etc.? In this article, we will break down in detail what is the difference between a virus, malware, trojan, etc., and this should help you find the right answers when solving your computer problems.
Let's start.
What is malware?
Word Malware (malware, malicious code) used to describe malware and is general term for viruses, worms, trojans, rootkits, spyware and just about anything specifically designed to harm your computer and steal information.
Malware does not include buggy software, programs that you don't like, software that slows down your computer a lot, devouring a lot of resources.
Malware software is specifically designed to harm our PC and you in the form of information theft.
Viruses
Virus is the most common definition used to describe any "bad" software. However, as we agreed just above, in this case we now use the term malware.
A virus is a program that self-replicates itself (self-copies) after a computer is infected, it attaches itself to other programs and is installed when genuine software is installed. After doing viral code it can destroy host files and start infecting files on a PC, from there it creates a replica (copy) itself and moves from computer to computer through an external drive, the Internet and malicious websites.
How does a biological virus pass from one person to another through environment, touch, cough. So a computer virus spreads from files to files, and then from one device to another. A computer virus attaches itself to executable files and can attack several sections of Windows at once, such as registry, services, or certain software. Some of them can attack MBR (Master Boot Record), autorun scripts, BIOS and MS Office macros.
Generally, the virus is designed to hack into your computer, damage and destroy files and software, complete failure of the PC, which can lead to a complete reformatting of hard drives.
You can always keep your computer safe by using a good antivirus program with regular updates to detect new viruses in a timely manner. And avoid suspicious files and links from unknown websites and emails.
Worms
Worm similar to a virus, but a worm doesn't need host program to do their dirty work. A worm is a standalone program that uses a computer network to propagate.
He relies on network loophole and hole V security, to automatically move from one host to another, and usually does not require user intervention. Since worms do not require any kind of initiation (launch), they can fast spread over the network, infecting every computer in its path.
Worms- the most well-known type of malware that infects a much larger number of computers than a virus.
Here are some well-known worms such as ILOVEYOU that have been emailed and cost US businesses $5.5 billion:
- The Code Red worm damaged 359,000 websites worldwide.
- SQL Slammer managed to slow down the entire Internet for an extended period of time.
- Blaster worm, once it gets to you, will force your computer to constantly restart.
Today's security standards prevent worms from infecting a user's PC over a network, but no security measure can guarantee that they can stop anyone. future worm. However, make sure your firewall is always on and you are using reliable security software to avoid a possible worm attack.
Trojans
Trojan is another type of malware that looks harmless on the outside, but contains malicious code that creates a backdoor that allows you to remotely control your computer.
The term "Trojan horse" comes from the history of Troy, where the Greeks cleverly used a wooden horse to infiltrate Troy.
Unlike viruses, Trojans does not replicate itself, the Trojan is installed by users unconsciously. Once a Trojan has settled on your computer, it can be used for various malicious purposes, such as sending spam, an attack on a network or a specific computer, a DDoS attack on any site, the spread of viruses, the deletion of files, theft of data, the activation and distribution of other malware.
Simply put, Trojan creates backdoor (literally from English backdoor is backdoor or back door), which gives access to your computer to unauthorized persons who can fully control your PC. And so it turns out that they can do whatever they want.
How can these Trojans get access to your system?
If you ever tried to download crack, keygen or patch to get free full version any program, then you could (may) encounter such a Trojan.
Think, why would anyone create and distribute cracks for software? What can they get in return?
For example, they can earn advertising revenue on hosted sites. But such scammers have where to go O bigger goals , creating Trojans and attaching them to cracks and keygens. After installing the crack, you install these same Trojans that expose your computer to high risks with all the ensuing consequences.
Therefore, try to avoid using cracks, keygens or patches.
Spyware
Spyware (spyware) is another type of malware that collects data from your PC without your knowledge or permission, spyware runs in the background and collects your personal data, such as your browsing pattern of the sites you visit frequently, email, cookies, other data stored in browsers, website passwords and even your data credit cards.
Spyware is similar to a Trojan in which users unknowingly install "left" software when installing free software or some other program.
Spyware exists as an independent program that is capable of track your keystrokes while typing passwords, logins, etc., track different files, change your default home page, monitor your activity, steal personal information and send it back to malware creators.
Your data may be used for the purpose of selling it to interested parties, targeted advertising, fraud, spam or to steal confidential information.
Advertising software (Adware)
Adware (adware) slightly different from spyware. The main purpose of adware is to display various advertisements, pop-ups, flash ads, links to g-sites, redirects to different links (redirects), changing the main page and search engine by default, browsing speed slowdowns, browser slowdowns and crashes.
Adware is tracking your browsing pattern, interests, cookies and sends them to software developers who redirect (redirect) users to the sites they need. WITH technical point view such adware is not a virus.
Very often the installation of a free program (freeware) is accompanied by adware (adware). These are sponsored programs where the main program is made free for the purpose of installing adware while removing the (usually) free program.
Adware is considered a legitimate alternative for those consumers who do not want to pay for software, games, programs and other free utilities. It happens that a lot of such Adware accumulates, working at the same time, which becomes very annoying, and some of them are quite difficult to get rid of.
scareware
Scareware (scareware) is another type of malware that uses social engineering to cause shock, anxiety, or a literal perception of a threat; and tricks to buy unwanted and potentially dangerous software.
Scareware generates pop-up windows that resemble Windows system messages, such as a specific error message: problems were found on your computer, a registry error was found, the computer is infected, a virus was found, etc. These pop-up messages are designed to look like they're coming from your operating system, even though they're actually just a simple web page.
Scareware scares users into downloading malware, such as infected browsers, firewall applications, various system and registry cleaners, or buy fake antivirus program or PC optimizer.
Scareware can generate continuous pop-ups that say something like this: " Your computer is infected with spyware or malware, click here to fix it”, if the user clicks on any of these buttons, he may install software that may be malicious.
The best thing you can do to avoid falling into the clutches of scareware is to stay away from it, that is, ignore pop-up messages with such scareware while browsing the Internet.
Ransomware
ransomware (ransomware) is a type of malware that prevents users from accessing their operating system. The ransomware blocks the system and requests a ransom through certain online payment methods (most often SMS) in order to unlock the user's computer.
Some of these ransomware encrypt files on the system hard drive, making it very difficult to decrypt data without a special key. Moreover, the payment of the ransom of the author of the installation of this software does not always guarantee the provision of this key to you. Example - CryptoLocker , which encrypts individual files and folders.
Some ransomware only locks the system without encrypting the data. Such software can be easily removed by a tech-savvy user by booting the computer in safe mode or using an antivirus boot disk.
Ransomware can affect the MBR (from the English master boot record or master boot record, that is, data in the initial sectors of the hard disk), which blocks the system from loading and forces you to pay a ransom. However, no no guarantee that after the ransom is paid, the system will be unlocked.
Ransomware spreads through trojans, scareware, various links and email attachments, infected and pirated programs, through hacked websites.
rootkits
Rootkit (Rootkit - a set of utilities or files that affect the kernel of the system) is the software or a set of malicious applications capable of provide access to computers or a computer network at the administrator level.
Rootkit is activated every time you boot the operating system while running as . And since the rootkit is activated even before the operating system is fully loaded, this greatly complicates the detection of malware using a conventional antivirus.
A rootkit can enter a computer through a Trojan horse, suspicious email attachments, or by visiting fake websites after obtaining user credentials to access the system, either by cracking a password, or by exploiting any vulnerability in the system.
Once a rootkit is installed, it allows install hidden files on the computer and processes, determine user account data, while the rootkit can mask the intrusion and gain root access (kernel access) to the system.
A rootkit can control traffic, keystrokes, can create a backdoor for hackers. It can remove installed programs and protections to prevent its own detection.
Bots
Bot (abbreviated name of the robot) is automated a process or script that interacts with other computers or network services; Webbot is a program that automates the execution various tasks or processes that run on the Internet using specially written scripts.
A web bot can be used for both legitimate and malicious purposes. A harmless bot scans various sites on the Internet in order to be able to organize for the user a simpler and quick search the necessary information, for example, Google or Yandex bots.
However, a malicious bot can distribute unwanted software, which infects the main computer and connects it to a central server.
The central server is called "botnet", which connects to multiple host computers using bots. A botnet can command each host machine for its own malicious purposes, such as server denial of service, spreading malware, monitoring keystrokes to reveal passwords and other input data, spreading spam, harvesting passwords, collecting financial information, or generating mass traffic from using host computers.
Bots don't work alone. Bot army can affect a huge number of computers that can be controlled by a master computer called management server.
Vulnerabilities
Vulnerability (from English vulnerability). People tend to make mistakes that can lead to serious problems. A computer vulnerability is flaws software, operating system, or services resulting from programming errors or oversights that allow cybercriminals to attack a system or websites on the Internet.
The vulnerability leaves open loopholes for potential exploitation in the form of unauthorized access or malicious behavior such as viruses, worms, Trojans, malicious bot infiltration, ransomware, and other forms of malware.
The vulnerability consists of 3 main parts: system defect, identifying security flaws and gaining access to the system or sites. First, the attacker finds holes in the operating system software, then gains access to this security hole by adding their malicious codes.
Exploits
Exploit translated from English means use, exploit, abuse. Security holes are given to hackers advantage in use for their own purposes specific vulnerabilities in the system.
Exploits in computer security are software or a sequence of commands that exploit vulnerabilities to perform tasks such as downloading viruses, trojans, and other malware.
When a software or operating system vendor discovers an exploit that compromises their software/OS, they fix it by releasing an update. As a result, users need to update their software or operating system each time to ensure protection against identified vulnerabilities. The use of outdated software threatens the security of the computer, the protection of sites from penetration, and the protection of confidential data.
Fight against viruses, worms, trojans, spyware, exploits and more.
Now you have a clear idea of various types malware and what it can do to your computer.
Recommended always install an antivirus which has a high level of detection and can not only provide protection against all known threats, but also the ability to block unknown threats.
Try not to install pirated software with cracks and keygens. Be careful when visiting torrents, gambling sites, etc. Always keep your operating system and installed software up to date, make sure the firewall is enabled. When installing free software, be sure to What it is proposed to install in addition to the main program, do not rush to click the "Next" button during installation. Uncheck all the boxes next to the proposed additional installations that are not related to this program.
There is a class of programs that were originally written with the aim of destroying data on someone else's computer, stealing someone else's information, unauthorized use of someone else's resources, etc., or acquired such properties due to some reason. Such programs carry a malicious load and are accordingly called malicious.
A malicious program is a program that causes some kind of harm to the computer on which it runs or to other computers on the network.
2.1 Viruses
Term "computer virus" appeared later - officially, its author is an employee of the Lehigh University (USA) F. Cohen in 1984 at the seventh conference on information security. The main feature of a computer virus is the ability to reproduce itself.
Computer virus is a program capable of creating duplicates of itself (not necessarily identical to the original) and injecting them into computer networks and/or files, computer system areas, and other executable objects. At the same time, duplicates retain the ability to further distribution.
Conventionally, the life cycle of any computer virus can be divided into five stages:
Breaking into someone else's computer
Activation
Search for objects for infection
Preparing copies
Embedding copies
The virus can enter both mobile media and network connections - in fact, all channels through which a file can be copied. However, unlike worms, viruses do not use network resources - virus infection is possible only if the user has activated it in some way. For example, he copied or received an infected file by mail and launched it himself or simply opened it.
After penetration, activation of the virus follows. This can happen in several ways, and according to the chosen method, viruses are divided into several types. The classification of viruses is presented in Table 1:
Table 1- Types of computer viruses
|
Name |
Description |
|
|
Boot viruses |
infect the boot sectors of hard drives and mobile media. |
|
|
File viruses |
Classic file viruses |
they inject themselves into executable files in various ways (inject their own malicious code or completely overwrite them), create twin files, their copies in various directories hard drive or use the peculiarities of the organization of the file system |
|
Macroviruses |
which are written in an internal language, the so-called macros of an application. The vast majority of macro viruses use macros in the Microsoft Word text editor. |
|
|
Script viruses |
written as scripts for a specific command shell - e.g. bat files for DOS or VBS and JS - scripts for Windows Scripting Host (WSH) |
|
An additional difference between viruses and other malicious programs is their rigid attachment to the operating system or software shell for which each particular virus was written. This means that a virus for Microsoft Windows will not work and infect files on a computer with another operating system installed, such as Unix. Likewise, a macro virus for Microsoft Word 2003 will most likely not work in Microsoft Excel 97.
When preparing their virus copies for masking from antiviruses, they can use technologies such as:
Encryption- in this case, the virus consists of two parts: the virus itself and the encoder.
Metamorphism- when applying this method, virus copies are created by replacing some commands with similar ones, rearranging parts of the code, inserting additional commands between them that usually do nothing.
Accordingly, depending on the methods used, viruses can be divided into encrypted, metamorphic and polymorphic, using a combination of two types of masking.
The main goals of any computer virus are to spread to other computer resources and perform special actions in response to certain events or user actions (for example, on the 26th day of every even month or when the computer is restarted). Special actions are often harmful.
Malicious software is a program designed to harm a computer and/or its owner. Obtaining and installing such programs is known as computer infection. To avoid infection, you need to know the types of malware and methods of protection against them. I will tell you about this in the article.
For what do they still create malware? Lots of options. Here are the most common ones:
for fun
- self-affirmation in the face of peers
- theft of personal information (passwords, credit card codes, etc.)
- money extortion
- spreading spam through zombie computers that unite in a botnet
- revenge
Malware classification
The most popular types of malware are:
- computer virus
- Trojan
- network worm
- rootkit
Computer virus
- a type of malware, the purpose of which is to carry out actions that harm the owner of a PC without his knowledge. Distinctive feature viruses is the ability to reproduce. You can catch the virus through the Internet or from removable media: flash drives, floppy disks, disks. Viruses usually infiltrate the body of programs or replace programs.
Trojan
(you can also hear such names as trojan, troy, tryan horse) - a malicious program that penetrates the victim's computer under the guise of a harmless one (for example, a codec, system update, splash screen, driver, etc.). Unlike a virus, Trojans do not have their own way of spreading. You can get them by e-mail, from removable media, from the website.
network worm
is a stand-alone malicious program that infiltrates a victim's computer by exploiting vulnerabilities in operating system software.
rootkit
- a program designed to hide traces of malicious actions of an intruder in the system. It's not always harmful. For example, rootkits are licensed disc protection systems used by publishers. Also, programs for emulating virtual drives can serve as an example of a rootkit that does not harm the user: Daemon Tools, Alcohol 120%.
Symptoms of computer infection:
Blocking access to websites of antivirus developers
- the appearance of new applications in autorun
- launching new processes, previously unknown
- arbitrary opening of windows, images, videos, sounds
- spontaneous shutdown or restart of the computer
- Decreased computer performance
- unexpected opening of the drive tray
- disappearance or change of files and folders
- decrease in download speed from the Internet
- active work of hard drives in the absence of tasks set by the user. It is determined by the flashing light on the system unit.
How protect yourself from malware? There are several ways:
Install a good antivirus (Kaspersky, NOD32, Dr. Web, Avast, AntiVir and others)
- install Firewall to protect against network attacks
- install recommended updates from Microsoft
- do not open files received from unreliable sources
Thus, knowing the main types of malicious software, how to protect against them, and the symptoms of infection, you will protect your data as much as possible.
P.S. the article is only relevant for Windows users, since Mac OS and Linux users do not have the luxury of viruses. There are several reasons for this:
- writing viruses on these operating systems is extremely difficult
- very few vulnerabilities in OS data, and if there are any, they are fixed in a timely manner
- all actions to modify the system files of Unix-like operating systems require confirmation from the user
Nevertheless, the owners of these operating systems can catch a virus, but it will not be able to start and harm a computer running the same Ubuntu or Leopard.
In this article, we answered the following questions:
- What is malware?
- How can you avoid computer infection?
Why create malware?
- What is a computer virus?
- What is a Trojan?
- What is a network worm?
- What is a rootkit?
- What is a botnet?
- How do you know if your computer is infected with a virus?
What are the symptoms of malware infection on your computer?
- How to protect yourself from malicious software?
- Why are there no viruses on Mac (Leopard)?
- Why are there no viruses on Linux?
Your questions:
So far there are no questions. You can ask your question in the comments.
This article is written specifically for
Quite often, novice and average users make one mistake, they call any malicious software a virus or a trojan, while it is correct to call them malware. The difference between these concepts is significant.
There are many different types of malware and, accordingly, methods for protecting and combating them. Therefore, if you use incorrect terminology, then there is a high probability that many unnecessary solutions will be tried before you get rid of malware. For example, rootkits are very different from ordinary viruses, and often it will not be enough to use only antiviruses to clean the computer from them.
This article will briefly explain some of the most well-known types of malware, as well as provide some links to tools to combat them.
Various types of malware
Malicious software (Malware)
Malware is an abbreviation for malicious software. This term is used when it is necessary to combine a group of different malware. Therefore, if you come across such a term, then you should know that we are talking about several types of malware. For example, in the case of antivirus, often, this term implies the availability of tools to combat viruses, worms, trojans and other malicious programs.
Virus
Originally, the term "virus" was used to refer to self-replicating programs that spread by inserting a copy of themselves into existing programs or documents. Sometimes, viruses spread by simply creating files with a copy of themselves, but this method of self-reproduction quickly fell out of use, since such viruses are very easy to detect. The term itself originated from a similar concept in biology. Viruses infect cells and force them to make copies. Computer viruses were among the first malware. Today, viruses are rare, as they have mostly been superseded by other types of malware such as worms and Trojans. Despite the fact that the term virus defines exactly one type of program, it is also often used to refer to any kind of malware, although this is incorrect.
Programs for fighting viruses, you can in the review of free antiviruses.
Worm (Worm or NetWorm)
Technically, there is a difference between viruses and worms, but quite often the term worm is replaced by the term virus. First of all, a worm differs from a virus in that it contains not only all the necessary code for its propagation, but also represents a kind of transport for other malicious programs. For example, a worm may include a Trojan and activate it after infecting a computer. Secondly, worms use a network (local, Internet) to spread. In other words, unlike viruses, the unit of infection for worms is not files and documents, but computers (sometimes network devices). Some of the most famous epidemics have been caused by worms.
Most often, anti-virus solutions are used to combat worms in conjunction with firewalls (firewalls, brandmaurs).
Trojan or Trojan horse (Trojan)
The term "Trojan horse" (often shortened to just "trojan") is applied to malware that pretends to be good applications when in reality they are not. This type of malware gets its name from a trick the Greeks used against the Trojans in Homer's Iliad. The main danger of the program is that it can not only pretend to be a useful program, but actually provide useful functions as a cover for destructive actions. For example, by adding your code to good app. Another danger is that the Trojan can hide the execution of any malicious actions from the system. From a technical point of view, Trojans themselves do not distribute themselves. However, they are often combined with network worms to spread infection, or they are added to good programs and then posted on the public network for download.
Due to the fact that, unlike viruses and others, Trojans may contain code to hide their actions, not only antiviruses, but also Trojan scanners are used to combat them.
Keylogger
A special type of Trojan that records all keystrokes and/or mouse actions on your computer. Subsequently, all collected information is either stored in a place where an attacker can easily pick it up, or transmitted via a network or the Internet. Typically, a keylogger is used to steal passwords. In some cases, the same for stealing personal information.
To combat keyloggers, not only antiviruses and Trojan scanners are used, but also safe on-screen keyboards, as well as programs for removing adware and spyware.
Advertising bookmarks (Adware)
Sponsored bookmarks or Adware is a rather gray type of program. It can be both good, in terms of security, and malicious. An example good option is the installation of free programs that also install the necessary code for the subsequent viewing of advertising. In a way, barter is used. You get functionality for free, but for this you view ads from which the program developer receives income. However, there are many malicious programs among Adware that send your personal information to advertisers without your knowledge or embed ad blocks in other programs, such as browsers.
Spyware
Spyware is a somewhat vague term. Initially, it mainly referred to advertising bookmarks (Adware). However, today, many representatives of spyware differ little from Trojans. Their main purpose, as their name suggests, is to spy on your activities, collect data and share it with someone without your knowledge.
To combat spyware, antiviruses, Trojan scanners, and adware and spyware removal programs are used. In some cases, they can also be detected using firewalls (firewalls). For example, in the presence of strange network activity.
Rootkits
A rootkit is a hidden type of malicious software that runs at the kernel level of the operating system. The main danger of rootkits is that by infiltrating the kernel level of a system, rootkits can perform any action and easily bypass any protection systems, because in order to hide themselves, it is enough for them to deny access to security tools. In addition, rootkits allow you to hide the actions of other malicious programs. Usually, they are used for remote control of a computer.
Because rootkits run at a privileged level, they are difficult to detect and kill. In most cases, conventional antiviruses will not be able to cure an infected computer in any way, so it is necessary to use special programs to remove rootkits. Also, if you suspect a rootkit infection, then it is best to perform a system check using LiveCD or system recovery discs, since in this case it will be more difficult for the rootkit to hide its presence.
Zombie computer (Zombie)
Programs for creating zombies from your computer are designed to inject code into your computer, which, like a logic bomb, will be activated under certain conditions (usually, we are talking about remote access - sending commands). When a computer is infected, Trojans are most often used. Subsequently, a zombie computer is used to send spam, conduct DDoS attacks (distributed attack in service), cheat counters and other malicious actions, without the knowledge of the owner.
As already mentioned, quite often programs for zombifying a computer appear along with Trojans, so antiviruses and Trojan scanners should be used to treat them. In more rare cases, zombie programs are infected by rootkits (or are part of the rootkits themselves), so if you find strange network activity, it's also worth checking the system for rootkits.
Botnet
Often, zombie computers organize themselves into a network called a botnet. In such a network, some of the computers are relays for transmitting commands from the attacker's remote computer to all zombified nodes. This allows attackers to easily control botnet networks measured in tens and hundreds of thousands. As a rule, such networks are used to carry out concerted malicious actions on the Internet, without the knowledge of the owners of infected computers.
The fight against botnet networks quite often consists in searching for repeaters and neutralizing them (blocking access to Internet providers, filtering on network devices, etc.).
Downloading malware with a simple visit (Drive-by-Download)
This type of malware takes advantage of browser vulnerabilities and generates the html code of a page in such a way that simply by visiting them, other malicious software will be automatically downloaded to the computer. Often, such loading occurs without the knowledge of the user at all. Infection with such programs is possible when browsers allow installation of various components and extensions for websites by default. For example, if IE allows installation of ActiveX elements without a prompt, then one visit to the site or even a simple opening of an html page will be enough to infect a computer.
To combat such viruses, antiviruses are used that allow you to scan downloaded files in real time (including the html code of web pages), firewalls (firewalls), as well as various programs for setting secure browser settings, some of which can be found in review of computer tuning utilities.
Scary or extortionate (Scareware and Ransomware)
Scary or extortionate malware mainly relies on psychological influence (fear, threats, etc.) and requires you to transfer funds or click on a link that will start installing a Trojan or other malicious program. Technically, it is not uncommon for such programs to use only authorized and safe system functions, which is why security tools simply do not pay attention to them. And if they use dubious functions, then at a very primitive level.
In most cases, a simple antivirus is enough to eliminate them. If such a program uses only safe functions, then, unfortunately, quite often you will have to manually deal with their removal.
Hidden indicators
Hidden indicators are used to collect information about you or your computer. Unlike spyware, most often they use authorized methods. For example, inserting a transparent 1 by 1 pixel image into a page or email. The meaning in this case is that when downloading this picture from an external server, it records not only the time and date of the request, but also all the information that it can only get, such as your IP address and browser version. On the one hand, this type can hardly be called malicious. On the other hand, without your knowledge, your data is collected on a third-party server, albeit often publicly.
Since, in general, hidden indicators use only allowed methods and for the most part collect only publicly available data, it is highly likely that no security tool will detect them. However, knowing about this type will allow you to think when you find strange elements.
Final Words on Malware
As you can see, depending on the type of malware, not only the list of security tools can change, but also the approaches to combating them. Therefore, try to use the correct terminology - this will save you and other people time and effort.
Note: Perhaps now you understand a little better why technical specialists at the word "virus" begin to ask a lot of "weird" questions.
