Malware is classified by how it propagates itself or what it does. The names and a brief description of the common types of malware appear below:
Viruses: Viruses are one of the most common types of malware. Like their biological namesakes, computer viruses propagate by making copies of themselves. When an infected program runs, the virus will attempt to replicate itself by copying itself into other programs, usually while completing the malicious actions it is designed to do. Viruses often arrive in infected email attachments or via a download triggered by a click on a link in an email or on a website. Even just visiting a website can start an automatic download of a virus. Some viruses will send themselves to everyone in your contact list; others will use your computer to infect strangers as they come with their own address lists.
Worms: After viruses, worms are one of the next most common types of malware. Unlike a virus, a worm goes to work on its own without attaching itself to programs or files. Worms live in a computer’s memory and can propagate by sending themselves to other computers in a network or across the Internet itself. As they spread on their own, they can very quickly infect large numbers of computers and may cause a firm’s network – or even parts of the Internet – to be overwhelmed with traffic and slow down or stop working all together.
Trojans: Trojans are named after the wooden horse the Greeks used to infiltrate Troy. A Trojan is a malicious program that is disguised as, or embedded within, otherwise legitimate-looking software. Computer users often unwittingly infect themselves with Trojans when they download games, screensavers, utilities, rogue security software or other enticing and usually “free” software from the Internet. Once installed on a computer, Trojans will automatically run in the background. Trojans are used for a variety of purposes, but most frequently they will open a backdoor to a computer or capture keystrokes so that sensitive information can be collected and sent to cyber criminals.
Spyware: Like Trojans, spyware also often comes in the form of a “free” download, but can also be installed automatically when you click on a link or open an attachment. Spyware will do many different things, but usually it will collect keystrokes or other information about you that will be shared with third parties without your consent. This can include usernames, passwords and surfing habits.
Adware: Adware works like spyware, but will focus on your surfing habits and will slow down or stop your browsing by taking you to unwanted sites and/or inundating you with uncontrollable pop-up ads while you are browsing the web.
Botnets: A botnet is a collection of software robots (“bots”) that together create an army of infected computers (known as “zombies”) that are remotely controlled by the originator. Your computer may be part of a botnet and you may not even know it. On an individual level, bots will do most of the typical malware tasks and damaging activities. When working together, botnets are used to execute denial-of-service attacks (DoS attack) or distributed denial-of-service attacks (DDoS attack). A DoS attack is accomplished when thousands of computers are told to visit a particular website or server at the same time, thereby crashing it and/or making it impossible for regular users to access it.
Rootkits: Once malware is installed on a system, it is helpful if it stays concealed to avoid detection. Rootkits accomplish this by hiding inside the host computer’s operating system. They can be very hard to detect and will do most of the typical malware tasks and damaging activities.
Scareware: Scareware is plain devious. While visiting a website, a pop-up advertisement will appear with a “Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click ‘Yes’ below.” If you click “yes,” you download malware onto your computer.
Ransomware: Ransomware infections are becoming much more common recently and are usually spread by infected email attachments or website links that trigger a download. The most common type, Cryptolocker, will scramble all the data files on your computer with virtually unbreakable encryption. You learn you are infected when a pop-up window tells you that your data has been scrambled and will be deleted unless you pay a ransom within a very short period of time, typically 48 hours or so. The ransom is typically in the range of $100 to $300 and payable only in Bitcoins, a type of virtual currency that makes payments untraceable. It is a relatively low amount so you have an incentive to pay it as a nuisance; but as you are dealing with criminals, paying it does not guarantee that you will get your data back.
For more info on the cybercrime dangers law firms face, and the steps that you can take to avoid them, please see the Cybercrime and law firms issue of LAWPRO Magazine.