What type of malware collects information?

APTs (Advanced Persistent Threats) get all the press, but generally the most common types of malware cause the most damage when considered in the aggregate. Broad-based attacker techniques are effective because they benefit from the reuse and recycling of the same basic sets of malicious code when targeting organizations. That's why it's important to drive awareness regarding these common types of malware.

Although the official Cyber Security Awareness Month ended in October, the awareness campaign continues as a yearlong program at AlienVault. That’s why we continuously strive to 'arm' our users with the latest information about new attack methods and techniques so that you can be ready to make informed decisions about how to protect your environment.

According to Verizon’s 2013 Data Breach Investigations Report, “Malware and hacking still rank as the most common [threat] actions”. In general, malware can range from being simple annoyances like pop-up advertising to causing serious damage like stealing passwords and data or infecting other machines on the network. And with malware accounting for at least 40% of all breaches*, knowing how to defend against infection can be very valuable – especially for the incident responder. Some of your best basic defenses to protect against malware infection include:

• Installing anti-virus tools
• Disabling auto-run applications
• Conducting traffic analysis
• Securing email usage
• Sandboxing

Malware is as old as software itself and although there are new types of malware constantly under development, they generally fall into a few broad categories. Check out this video to find out what we believe are the most common types of malware you should be prepared for…

Probably the most well-known and most common type of malware, viruses, consist of harmful programs designed to infect legitimate software programs. Once a person installs and runs the infected program, the virus activates and spreads itself to other programs installed on the computer before taking further action such as deleting critical files within the operating system. Similarly, worms are stand-alone programs that are able to transmit themselves across a network directly. Unlike a computer virus, worms do not need to attach themselves to an existing program. However both types of malware can cause severe damage by exploiting shared files and databases.

Another common type of malware is a Trojan Horse. Similar to Greek mythology, Trojans present themselves as harmless, useful gifts, in order to persuade victims to install them on your computer. Thus, Trojans typically appear as regular software. The catch is that the Trojan comes bundled with other software that often includes a backdoor allowing unauthorized access to your computer. Trojans do not attempt to inject themselves into other files or applications like computer viruses instead, they use tactics such as drive-by downloads or installing via online games in order to reach their targets.

The last types of malware that we’re going to talk about are adware and spyware. Though not technically fitting into the virus category, at times these programs may invade your privacy, contain malicious code and at the very least become a nuisance. Adware is a form of financially supported malware that usually presents itself as unwanted advertisements to the user. The Internet is filled with these types of programs that can hijack your PC for profit, most are hidden inside so-called “free” downloads and pop-up ads that forcibly install software on systems with active vulnerabilities.

Similarly, spyware is a type of malware that surreptitiously gathers information and transmits it to interested parties. Information gathered includes the websites visited, browser and system information and IP address. Spyware does not have any infection mechanisms and is usually dropped by Trojans. Once dropped, it installs itself on the victim’s computer and will begin collecting information silently as to avoid detection.

A zombie works in a similar way to spyware. The difference is that a zombie does not usually collect information from the computer. Instead, it just sits there waiting for commands from a command-and-control server controlled by the attacker. Attackers infect tens of thousands of computers, turning them into zombies and then issuing commands so that all of them instantaneously send network requests to a target host, overwhelming it with traffic also known as a DDoS attack or distributed denial of service.

So, what can you do? First, make sure you’re following basic security protocols like keeping your firewall turned on and not opening spam email messages or clicking on suspicious website links. But this type of security can only go so far. With all the threats to address, risks to calculate and systems to rectify, dealing with them all at once is an insurmountable job. The only effective approach to handling threats is in a just-in-time manner: discovering when things are becoming an issue and then rectifying them at that time.

By using built-in security capabilities like asset discovery, inventory, vulnerability assessment and more, AlienVault USM provides accurate and timely detection of malware infection and system compromise so you can focus on the threats that matter. Additionally, AlienVault's Open Threat Exchange (OTX) is the largest collaborative threat intelligence system. OTX provides real-time, actionable information and tools to learn about the latest threats and defensive tactics. Test drive AlienVault for yourself today!

And in the meantime, stay focused on the essentials.

*Source: Verizon 2013 Data Breach Investigations Report (http://www.verizonenterprise.com/DBIR/2013/)

This page provides an overview of the most common malware applications. For specific steps you can take to protect against malware, see our Protect Against Viruses & Security Threats pages.

What is Malware?

Malware is a catch-all term for various malicious software, including viruses, adware, spyware, browser hijacking software, and fake security software.

Once installed on your computer, these programs can seriously affect your privacy and your computer's security. For example, malware is known for relaying personal information to advertisers and other third parties without user consent. Some programs are also known for containing worms and viruses that cause a great deal of computer damage.

Types of Malware

• Viruses which are the most commonly-known form of malware and potentially the most destructive. They can do anything from erasing the data on your computer to hijacking your computer to attack other systems, send spam, or host and share illegal content.
• Spyware collects your personal information and passes it on to interested third parties without your knowledge or consent. Spyware is also known for installing Trojan viruses.
• Adware displays pop-up advertisements when you are online.
• Fake security software poses as legitimate software to trick you into opening your system to further infection, providing personal information, or paying for unnecessary or even damaging "clean ups".
• Browser hijacking software changes your browser settings (such as your home page and toolbars), displays pop-up ads and creates new desktop shortcuts. It can also relay your personal preferences to interested third parties.

Facts about Malware

Malware is often bundled with other software and may be installed without your knowledge.
For instance, AOL Instant Messenger comes with WildTangent, a documented malware program. Some peer-to-peer (P2P) applications, such as KaZaA, Gnutella, and LimeWire also bundle spyware and adware. While End User License Agreements (EULA) usually include information about additional programs, some malware is automatically installed, without notification or user consent.

Malware is very difficult to remove.
Malware programs can seldom be uninstalled by conventional means. In addition, they ‘hide’ in unexpected places on your computer (e.g., hidden folders or system files), making their removal complicated and time-consuming. In some cases, you may have to reinstall your operating system to get rid of the infection completely.

Malware threatens your privacy.
Malware programs are known for gathering personal information and relaying it to advertisers and other third parties. The information most typically collected includes your browsing and shopping habits, your computer's IP address, or your identification information.

Malware threatens your computer’s security.
Some types of malware contain files commonly identified as Trojan viruses. Others leave your computer vulnerable to viruses. Regardless of type, malware is notorious for being at the root, whether directly or indirectly, of virus infection, causing conflicts with legitimate software and compromising the security of any operating system, Windows or Macintosh.

How do I know if I have Malware on my computer?

Common symptoms include:

Browser crashes & instabilities

• Browser closes unexpectedly or stops responding.
• The home page changes to a different website and cannot be reset.
• New toolbars are added to the browser.
• Clicking a link does not work or you are redirected to an unrelated website.

Poor system performance

• Internet connection stops unexpectedly.
• Computer stops responding or takes longer to start.
• Applications do not open or are blocked from downloading updates (especially security programs).
• New icons are added to desktop or suspicious programs are installed.
• Certain system settings or configuration options become unavailable.

Advertising

• Ads pop up even when the browser is not open.
• Browser opens automatically to display ads.
• New pages open in browser to display ads.
• Search results pages display only ads.