In this guide you will learn everything you need to know about malware and spyware - including what the different types are, how they operate, what are they trying to achieve and how to detect them and deal with them.
So the first thing you need to learn is what malware is.
So what IS malware?
'Malware' comes from the combination of the words 'malicious' and 'software', and like its name suggests, is a malicious piece of software. The software itself isn't, of course, malicious, but its creators, spreaders and users use it for malicious intentions which are against the law most of the time - depending on your country's laws. Malware tries to infiltrate a person's personal computer and either collect data, steal money, take over that person's personal computer, or do some or all of those. It also sometimes intends to damage a person's or a company's personal computer. Malware hides itself due to its writers' intents which include unlawful actions that will damage the user, and it operates without getting the user's consent.
The term 'malware' includes in it various types of software products that have various abilities and meet various demands by their authors and users - more often than not it is done to achieve money, either directly or indirectly.
Malware also sometimes copies itself to various parts in a user's personal computer and over the internet via the same means in which it infected the user's personal computer, but it uses personal information that the user stores in his computer, to find new targets to infect and abuse. There are - of course - other means in which malware spreads around, but using personal data to find new targets is one of its primary goals.
The more infected computers, the more data is compromised and available to the attacker, meaning that there are more opportunities to make money - either by entering the user's bank account, blackmailing him or her, holding his personal files for ransom, or attacking his computer from afar via the internet, making it unavailable and unusable in this day and age. The same goes for companies and businesses - small or big.
Now, what is spyware?
'Spyware' is a combination of the words 'spying' and 'software' and like its name suggests, is a software that hides itself in a user's personal computer with the intent to collect personal information - again, it is done mostly for financial reasons. This type of software can sometimes be worse than a regular malware, and is often times manifested as a Trojan horse - which is a regular piece of software that houses the bad software within it. The user downloads the software - which is often times an attractive game, or a highly used software, and plays with it without any problems. In fact, the software works perfectly, but by activating it you activate the spyware component which is hidden inside it, and you never notice that it infiltrated and infected your machine. You'll learn about Trojan horses with much more detail in a little bit.
It is considered more powerful because it usually wants to damage the user, rather than ruin his personal computer. It is like a Pandora's Box of sorts.
Both spyware and malware are malicious pieces of software that cause damage to the infected personal computer's user, and they are spread in various ways which include exploiting software and operating system bugs and security holes, open ports, tricking the user, e-mail attachments and more - you will learn about those later.
The main problem with spyware and malware is that they are usually hard to detect and although there are tools to deal with them, they are sometimes scarce and hard to use, or not one-hundred percent effective.
Another problem is the amount of malware and spyware that is roaming via the internet - either actively by looking for computers with certain security holes, and by sending them attached to e-mails, or by passive means - by offering software for download in various websites, or by offering a modified version of a very sought after piece of software, and that indicates the next problem.
The next big problem is that attackers spread their piece of software to other pieces of software - especially ones that are made by reputable companies and are known to be safe to use. They take the source code of the product and modify it, or they take the actual compiled software and modify it, and sometimes they create compilers that add that malware to the source code of the program you are writing or compiling, making it a lot more effective, meaning it has a lot bigger effect on your computer.
A source code is the text that decides what a software product does, but it first needs to be made into a file that a user can operate. The process that turns a source code into a file that the user can operate is called compiling.
Those types of malware and spyware damage the reputation of big companies and damage the trust in a beginning software company - a software company that might consist of one or few people, that work on their time off, and are trying to establish a business, but just because they chose the wrong compiler they get hurt for ever.
It might mean the loss of a job or loss of revenue, or losing several accounts that you have on the internet, network and computer system - the spyware software sees which passwords and usernames you enter, and they hijack your account and abuse it - they change your passwords so you wouldn't be able to enter them.
Another problem (yes, there are more) is that people don't have to be able to compile a piece of source code, and they don't even need to know how to write one. There is a lot of malware software that people already compiled and wrote, which offer an easy to use GUI (Graphical User Interface), and that shows something that many people aren't aware of. Malware writers aren't always the ones that spread it, and malware spreaders aren't always the ones that write it. People write malicious software for fun and for practice, and to see if they can fool the computer and to check how secure a person's or a company's personal computer is, and to fix its holes if it isn't secure enough. They basically use the attackers' tools before actual attackers get a chance to use them.
There are ways in which you can discover whether your personal computer is infested with spyware and/or malware, and there are ways to treat them. It changes from malware to malware, but there are basic ways that fit most of the malware products.
There is your anti-virus which can discover and treat a very small portion of the malware and spyware software, or most of them. It on the company and version you chose, and if you update it regularly. But you need to remember that it's a constant battle, and that malware writers constantly upgrade their malware to overcome the current protections and detection methods, and in return the anti-virus companies write new defenses and detection methods to find and deal with them, and so on. Some of those defenses are put into place by malware writers that work for the anti-virus company or other computer security companies, or ones that write them for personal enjoyment and want to stop attackers.
You need to get a full anti-virus that updates regularly. It also needs to be from a reputable website and made by a reputable company, and it needs to do well in tests (again, tests that appear in reputable websites, and were conducted by reputable companies).
You also need to know that some of those malware products get fixed and soon after their writer (or someone else) modifies them and spreads them, and another fix needs to be made. If you will go to an anti-virus company's website you will see that a lot of the viruses and malware are named in the following format: VirusName.Letter - i.e. Viru.B, meaning the second variant (version) of the virus called Viru.
Also you need to understand that many people are malware spreaders without their knowledge and consent. They are like someone who got a cold but has no symptoms - he keeps infecting people without noticing. Those people might be you!
Those reluctant participants don't have defenses against malware, or don't have sufficient defenses, or they haven't updated their defenses and didn't perform a deep search of their personal computer with it. Another possibility is that they were infected before a fix was written, but those people usually only spread the malware for several hours to days.
You don't need to worry - in the next few pages you will learn how to find out if your personal computer is infected and with what, how to treat it and how to defend against future incidents. Besides anti-virus programs it is advised to have a good firewall software or hardware, that blocks both inbound and outbound connections, and it is also advised to use software products that are specifically against malware - they are just like anti-viruses but just for malware. Because spyware products collect information they might transmit that information over the internet to the attacker, and that is why a firewall that detects and deflects outbound (outgoing) connections is needed.
Don't worry - all will be explained in due time!
I'll elaborate a bit more about spyware and outbound connections - a software that tries to connect to the internet isn't always a sign of a spyware, but rather a cause for suspicion and nothing more. Many software products need to transfer things via the internet on a constant basis, or need to get data from the internet from time to time. Also some of the spyware software gets a sign of "approval" by the user that uses it, via the user agreement license, which is often times referred to as the EULA (End-User License Agreement).
The EULA is (most of the times) written in a small font, is a very long document which is littered with lawyer-speak which is hard for the average Joe to understand. Besides, they trust the website operators and owners they downloaded the software from, to not place harmful software on their website, and they also trust the software writers to not produce a harmful piece of software.
They don't know that some software has a legitimate reason to spy on the user and it asks for permission upfront from the user to do so. Sometimes if the user disagrees he or she can't use that piece of software - which makes people more excepting of that small "necessary evil", especially if they don't know how broadly it spies, since (again) they trust the website owners and operators as well as the software products' writers. That basic inherent trust is abused by attackers.
Also regular people don't have a lot of time to spare to read and fully understand a EULA.
Now we'll move on to the different types of malware products:
There are various types of malware, which are categorized into main categories depending on what they can do and how they do it, and what they want to achieve. There are viruses, worms, rootkits, Trojan horses, spyware, adware and crimeware. You will learn about each of those in the next few pages, excluding spyware which you already learned about.
What are viruses?
Well, viruses are a type of malware that infect various types of operating systems and platforms (even some cellphones) and after infecting a certain personal computer, it spreads itself into many of the different files in the operating system, so it will be harder to remove and so it will be easier to spread unknowingly - the virus writer doesn't know which files the user might decide to burn and share with other people. The virus also finds new people to infect via built in functions or via searching for certain information in the infected personal computer (such as contact addresses in the form of e-mails). They often spread by sending spam e-mails from your computer to the e-mails of your friends and family, or to random people (that way the virus doesn't look like spam and infects many more computer systems). Some viruses also do certain actions in certain dates and times, or they delete or damage some or all of your files.
What are worms?
Worms are also malicious software products but their intention is to replicate themselves. That replication technology is often times used in viruses to make them much harder to delete. The software copies itself and places those copies inside the contents of many other files that are located in a user's personal computer - both to regular user files and to important system files. That means that instead of having one infected location to deal with, you have multiple, and you need to treat all of them. The worm copies itself to a piece of data in a file that the user doesn't see, because it isn't important to him - just to the software displaying that file (basic information regarding it) so the user will have a hard time knowing that that file is infected.
Also a worm does other things in order to defend itself from the user, and that includes copying itself to directories and files that are either hidden - so the user can't see them, and the regular user doesn't know how to make those files visible again.
Worms also hide themselves in files that get other forms of protection so that the user and other software products he installed won't be able to damage them, but the worm breaks through those protections and uses them against the user.
The goal of a worm is to keep a computer infected until the attacker needs it - either to take over it or to spy on it - mostly for financial gain or to participate in a DDOS attack. DDOS stands for distributed denial of service attack, and it is an attack in which many computers all over the world go to a certain computer system or website and browse it, which causes that website to use a lot of bandwidth, making it slower or unavailable for legitimate users. That method - again - is used to extort money from the company or to cause some damage to the website's and computer system's users, and cause a financial loss for the company or country running it.
Worms usually have very little effect on the computer system they infected, until it is used to make room for other malicious software and intentions. A worm will use up bandwidth in order to infect other computers on the network or on the internet, and other computer resources, such as disk space and memory space. The major damage they incur happens over time, when after they infected your computer and copied itself to a lot of your files, it waits for the attacker to make his move, but in the meantime you might unknowingly helped spread the worm. You might have copied files to a CD or a DVD, or even to a Disk-On-Key drive, which you used in many other computers, or gave it to your friends and colleagues. Think if it as flu without symptoms - you will only notice it when the attacker makes his move, and in the meantime he attains control over many more computer systems.
Because worms both abuse security holes and the ability to infect multiple files, they are very efficient and may be present in various websites and e-mail attachments over the world, which the attacker had nothing to do with - the software infected them automatically, and the users did the rest. Worms can either be the opening of something very malicious which might result in something as basic and crude as destroying your files using a virus, or as sophisticated as trying to steal your personal information in order to withdraw money from your bank account, or to pay for goods using your credit cards.
To treat them you will need to disconnect your computer from any network - wired or wireless, including the internet, and run a deep scan with an anti-virus system, and do the same thing to your CDs, DVDs and Disk-On-Key devices. You need to make sure that you won't infect your computer system again when checking your CDs, DVDs and Disk-On-Key devices for worms - don't operate or open any of the files, abort the option in your computer to automatically start your CDs, and rescan your computer system after you checked everything else. Also install a firewall that blocks both inbound and outbound connections - to see if the worm is scanning other computers for vulnerabilities and infecting other computer systems via your machine (which is illegal and you might get arrested for it).
There are some worms that were intended to help the user - they used existing security holes, patched those up and downloaded security updates to make the user's computer system less vulnerable to worms and other malware, but they did all this without the consent of the user, and they used a large amount of bandwidth while doing so, and rebooted the computer several times, causing confusion and aggravation for the user, who might have been busy working or talking to someone in a different country, or even playing a PC game, and lost an hour or more while the computer downloaded and installed those updates - some of them updates that the user didn't want. It takes about an hour for a computer to install security updates, and the extra hours come from checking the computer system afterwards for viruses or bugs (the user is unaware that the worm is "friendly"). Also a user might reboot his computer while it is installing security updates, which might damage it and sometimes make it unusable, and in that case several more days were lost, because the user had to fix it or send it to a company to get it fixed, and spent money. Worms have very little effect on a computer system they infect, but have devastating potential.
And as specified before - a worm can just be a mule carrying a far worse malware. Also besides an anti-virus program and a firewall, you can download specific tools that anti-virus companies produce to get rid of specific viruses. Firstly you need to identify which worm has infected you - either by symptoms or by using an anti-virus program to identify it for you. Those specific software products can be downloaded from the anti-virus company's website, but are added fairly quickly to the anti-virus as an update. Those specific software products are mainly for brand new worms, in order to stop their dissemination.
Those anti-virus companies also give detailed instructions of how to manually remove the worm, and what its behavioral patterns are (where it hides itself, etc).
You can make the cleaning stage quicker and easier by periodically backing up your files - so you will have multiple copies of them on CDs somewhere, meaning that it will be easier to find a recent non-infected version of the file, and replace it with the infected file.
It becomes much more important in this day and age where there are worms that are used to encrypt important files with a strong encryption that will take days to months for you to crack. The worms encrypt the files so that the attacker can hold them for ransom and ask for money or personal information that would benefit him or her, and in exchange will decrypt the file.
Because the files that are held ransom are still on a person's computer system, and that crime was committed automatically via remote means, the attackers are very hard to trace. Also companies that get abused that way often don't report the crime - their losses will be hard to recuperate, and they will draw attention to them from attackers who will abuse their vulnerabilities daily, and from clients and customers who will lose faith in the company and move their business elsewhere. It's a lose-lose situation for the company.
Worms are also used to extort individuals, by getting personal photos and e-mails that they don't want publicized - often times celebrities or other famous people.
Worms can also be used for other malware software that spies on the user and collects information regarding him, and it might send that information to the attacker periodically. The information is, again, used to abuse the user's accounts including his bank account, or to find out company information such as mergers, in order to buy stock and get a lot of money to continue with unlawful activities.
Other worms also plant a back door in the computer, or make sure that the security hole through which they managed to slip into the system will stay open, despite whatever the user tries to do. That security hole or back door are kept there so when the attacker so desires, he may take over the computer system and abuse it to send massive amounts of e-mail spam, which won't get linked back to him, or to turn the computer into a part of a botnet - "zombie" computers that are used to perform DDOS attacks, to extort or spy on the user, or even to store files there - usually copyrighted material, so that other users may download it much quicker than a torrent system allows, and without fear of being tracked by record and movie companies or their lawyers. It basically turns you into an accomplice to various unlawful activities, without your knowledge or consent. If the unlawful activities that are performed from your computer system are detected, you will be arrested and questioned, and your house will be searched and your computers and storage devices will be confiscated, and the attacker will just move on to a different system, leaving you with the consequences.
Worms can perform a lot of things, depending on their intended actions, and since the spam industry generates large revenue, and since infected computers are bought, or e-mails are bought for large sums of money, there is always an incentive to infect more and more computer systems and networks. Basic worms affect your computer's resources and use them up - sometimes to an extreme point, and reach a lot further than that in their consequences - depending solely on the attackers' intent. Also since the worms often times leave security holes in the computer systems they infected, other attackers can take control of them easily and use them for other means, so having a "nice" attacker isn't a guarantee that you will be peaceful.
What are Trojan horses?
A Trojan horse is a malware that disguises itself as a genuine and beneficial piece of software, but performs unintended actions on the system that it gained access to. It got its name from the Greek tale about the Trojans that were given (by their enemy) a gift in the form of a big wooden horse. Their enemy hid soldiers in that horse, and when the Trojans took it into the city by their own volition, the soldiers sprung out of it and conquered the well guarded city.
A Trojan horse exploits the user as the hole in the computer system's defenses, rather than bugs and security holes, which are regularly fixed and patched. The user is the weakest part of a computer system, and if a program that he likes is available for free he or she might download it and operate it, without knowing that by doing so they activated a Trojan horse.
But the Trojan horse doesn't get instant access to all of the computer's resources. It depends on which user it manages to infect - if it infects a very limited user, it has very limited resources and abilities. But some Trojan horse writers allow it to further exploit bugs and holes in software and operating systems, which sometimes allows it to attain a higher user level than the one it infected, and be harder to detect and be much more dangerous.
A Trojan horse is used for various activities - some of them can also be accomplished via other malicious software products. Some of those are the ability to install and uninstall programs, including a program that will spy on the user without his or her knowledge, and will steal data. Other activities that a Trojan horse can accomplish is to install other malware programs such as viruses and rootkits, send files to the attacker and place files in the machine - sometimes to use it as a temporary FTP server where users can go to and illegally download copyrighted material, in much higher speeds than with torrent clients, which will also make them a lot harder to detect and apprehend.
A Trojan horse can also be used to open a different type of server on your infected machine, which range from website hosting to gaming servers and much more. That server will use up your personal computer's resources which includes bandwidth, storage space and memory. Trojan horses can also allow the attacker to view the screen of the infected computer, as well as pull pranks on the computer's users. The pranks range from changing screen-savers, opening CD trays, rebooting a computer, controlling its mouse and much more.
Further more, if someone else finds out that there is a Trojan horse in a computer system, he can use it for his own means. Getting infected with a Trojan horse basically causes a wide-open back door to stay on your computer system for a long time, which allows other people easier access to it, without its owner or user knowing about it.
Trojan horses are used to either gain money by making the computer system a part of a botnet, and sending e-mail spam from it or using it for a DDOS attack, or to gain personal information which is sometimes used to destroy a person or a company, or to gain money from it by means of extortion or any other means.
Trojan horses distribute themselves in different software products, which are attractive for the average user. The attacker makes sure that those attractive software products are usable, so that a user might recommend it to others or give it positive reviews online, which will greatly increase the infection rate.
Some Trojan horses get delivered via websites - in the form of an executable content, such as an ActiveX controller, some are added as e-mail attachments to very attractive e-mails that offer free porn or quick money, and some just search the internet for computers with certain security holes - they search for open ports and the presence of certain software applications, which might be out-dated and easy to exploit (since they aren't patched), or a piece of software that the company who made it stopped supporting (stopped looking for security holes and patching them), or for software products that have very poor or non-existent security. That means software products with security holes that rarely get fixed, or that get fixed in sparse intervals, making them very vulnerable until then.
Also if you are a coder and you compile code on a regular basis, check that your compiler isn't a Trojan horse, or that your copy of it isn't infected with a Trojan horse. Download compilers from reputable and well known sources. There is at least one compiler who is a known Trojan horse, and if you use it, when you compile your code a Trojan horse will be inserted into it, making every software product that you will produce infected. It might ruin your reputation as a company and destroy your company completely, or might damage sales and lead to a big profit loss.
Trojan horses can be (and are) added to reputable companies' software products, and since they are popular people often times download them from websites that aren't the companies' websites, so they might get a damaged version of that product. To prevent that you need to scan the file with a Trojan detector, and check the websites' reputation, as well as look for the original companies' website and download it from there.
What are rootkits?
A rootkit is a malware that is made up of one or several software products combined. A rootkit allows the attacker to infiltrate a personal computer and achieve unlimited control over it. The rootkit is designed to hide itself deep within the computer system where the user won't be able to spot it and will have a lot of trouble finding and deleting it. A rootkit can even evade anti-virus products and other anti-malware products, making it look like your computer is safe. A rootkit does that by reaching such a high level of operation that it has more control over the system than the anti-virus. It "outranks" it.
Some rootkits arrive as a Trojan horse - like the famous case of the rootkits that were inserted into music CDs published by Sony, to achieve more control over the CDs they publish, which resulted in many computer problems for the users that bought them.
Rootkits can also open back doors into the system and make it much more vulnerable to malicious software. Unlike viruses which are usually built to exploit one or several operating systems' (of the same kind) holes, making some systems less vulnerable to them, rootkits are available to a wide variety of operating systems and because they offer complete control and concealment, they are much more dangerous.
Rootkits also make themselves a vital part of the operating system and modify it, to make itself harder to detect. It abuses the fact that important operating system files are usually guarded and concealed from the user (so he or she won't damage them), to do the same with the rootkit software.
The term rootkit came from the Linux and UNIX operating systems in which the highest user - the user that has no limits, is called a root user. In some other operating systems it is called the administrator account.
Rootkits are used for both bad and good means, and can be a single program that offers 24/7 control of the infected computer system, and can also bind with other software products.
Those software products don't have to be harmful, but a rootkit was attached to them making them bad for your computer system.
Because rootkits are so smart and well designed, they are hard to discover by using a regular anti-virus, and a specific rootkit detector is needed, together with a deep probe into the computer system, to check if it's compromised. Those types of programs sometimes also use signatures to detect known rootkit software - both legal and illegal.
Rootkits have also been used recently to hide other malware programs such as viruses and spyware, and ready-to-compile code for simple rootkits is available all over the internet, which helps spread rootkits even further.
But rootkits can also be used for good purposes, such as in an anti-virus program that needs to be deep enough to be protected from viruses, because if one infects it, it not only damages the computer system it's on, and steals a user's very personal data, it also gets a certification of approval so to speak, and gets the benefit of being immune to other programs and anti-viruses.
There are also other programs (besides anti-viruses) that use rootkits for beneficial reasons.
Rootkits arrive in various different kinds, based on what they infected, how deep they reached, and where it hid or implemented itself. There are firmware rootkits which is when a rootkit is using a certain firmware or hardware to keep the computer infected. It uses a vulnerability that that firmware has - the fact that it is rarely checked for code integrity. Code integrity checks are used to check if a code has been changed and modified or not. That fact leaves it open for attacks by rootkit writers.
There has also been a widely publicized case that illustrates this method of action. Several people tampered with several European credit card readers, and since customers protected their credit cards - like banks advise them to do, due to theft and identity theft (which is becoming a more and more widely used attack) - they thought that they were safe. Those customers trusted the banks and the banks' security, and trusted their own means of protecting their personal data and of protecting their credit card, but they still and had their personal information stolen, which might lead to money being withdrawn from their account by the attackers, or for the attackers buying things with their credit cards.
Also a recent research showed that it is possible to implement a rootkit in a computer's BIOS. A BIOS is a piece of software that determines the basic hardware properties of your computer system. The BIOS is a component that every computer system has, and it rarely gets changed or updated. Because it deals with basic hardware, a BIOS software rarely needs to get updated, and because people change computer systems often, their BIOS is up-to-date. A user's intervention is rarely needed.
It means that if you replace your hard-drive, or format it completely and install a new operating system, the BIOS will still stay the same. It is a piece of software that is so basic that it doesn't need to change, so it is protected from modifications made by the user, and rootkits abuse that fact.
Another rootkit version is the rootkit in the hypervisor level. A hypervisor is a piece of software or hardware that allows your computer to run several operating systems at the same time. That rootkit will run the user's operating system on a virtual machine - a piece of software that simulates the hardware that the operating system requires in order to operate. A virtual machine can run that operating system as if the software doesn't exist. That allows that rootkit to intercept any data that the user sends to it and any data that the computer sends back, and modify it completely. There is a software product that Microsoft made to help users protect against generic versions of those rootkit types, but they are very hard to combat.
Another version of a rootkit is the boot-loader rootkit, which is also known as a bootkit and as an "evil maid attack". That type of rootkit places itself in the boot-loader, which is what loads the operating system when a computer is turned on. That type of rootkit can bypass encryption by being there to record the data when the computer decrypts it.
This attack is also hard to combat - you need to have a trusted module made, and its entire job will be to protect the boot-path which will disallow the rootkit to load itself before loading the operating system, but that is difficult, but sadly there aren't any other known ways to defend against that attack.
There is also a kernel rootkit which replaces or adds its code to the operating system - the kernel and the device drivers of the system. The kernel is the core of the operating system - the minimum that is needed for the operating system to operate. Device drivers are a way for the operating system to communicate with the computer system's hardware products.
Some operating systems allow device drivers to operate with the same privileges that the operating system enjoys, and because of it, this kind of rootkit gains a lot of free reign to do whatever it desires. If a rootkit penetrates the kernel - either in the form of a device driver or a kernel module, it is considered very dangerous because it attained a deep level of concealment and control.
Kernel rootkits are very hard to find and discover, because they operate in the level of the operating system, and the computer system's user operates in a very restricted level, so it can't detect the rootkit. The only way to fix this is to take the system off-line, and booting it with a live CD-based operating system. A live-CD operating system is an entire operating system that can run from one CD. It is booted instead of the compromised machine's operating system, in order to prevent the rootkit from being activated, and a program that detects and removes rootkits (which is already located in the live CD) is loaded, and you use it to search for rootkits in the infected machine.
You can also format the entire hard-drive and install an operating system from a trusted source - such as an uncorrupted CD.
There is also a library level rootkit which operates by patching or replacing system calls. System calls are a way for an application to request a certain resource from the operating system. Those resources are disk space, memory space, etc.
One way to stop a rootkit that infected a machine that way is to check those files - sometimes called a DLL or code libraries, against the original files. You check if it changed in any way - size, contents, etc. Digital signatures can also be used to detect infected DLL files. Digital signatures basically encrypt a file using a mathematical formula, and the result is the signature. A program that uses digital signatures checks if the file produces the same result as before, if it is put through the same mathematical formula. If not, it is compromised.
There are also rootkits in the application level, which replace certain applications with Trojan horses that masquerade as those programs, so the user won't notice that something is wrong. They also use patches to change normal software products and turn them into rootkit software products.
Rootkits are generally hard to find because the programs searching for them often times have the user's limitations, yet the rootkit is located much deeper and has the guise of a normal and important component of the operating system. But before rootkits get a chance to get activated, they can be found using signatures - a heuristic based method, which is a limited method that can't locate unfamiliar rootkit software products. You can get rootkit protection in some of the current anti-virus products, but rootkit writers always improve and change their software to counteract those protections, so it's a constant battle between the rootkit writers and users to the anti-virus writers.
What is adware?
Adware is a type of software that is distributed for free, but it relies on constantly updating its data, because its developers get their income from advertisements that the software displays. This method has been used in saturated markets such as the instant messengering market, where users have a lot of free content in the form of software clients, online clients, etc, and they have a lot of freedom in their choice. That causes the different companies to compete and add features to their software, to make it more appealing. Those features might require a server to operate, which costs a lot of money to upkeep. So in order to recuperate those expenditures the companies sell ad space on their clients to various companies. They are usually of a consistent size, and they can be static or dynamic, and how long they are displayed depends on how much the company paid. Some stay for several seconds and appear again after several other ads, and some stay for several days. Those ads need to be downloaded into the user's computer, and it uses a lot of bandwidth on a constant basis.
Also some adware software spies on the users and invade their privacy, because companies make more money on targeted advertisements rather than random ones. The software company keeps track of the user and sees what his interests are, based on data he put in the software, or text messages he sent people. The company sometimes also keeps track of which websites the user visited, by using toolbars that are added to the user's web-browser.
By targeting users with products in fields they are interested in, there is a greater chance to sell them. For instance, ads for medicine will do poorly if only seen by small kids.
Also due to the fact that they are constantly updating, the adware takes a constant toll on the user's bandwidth and might slow down other programs using the internet. They also cause a nuisance because some ads feature moving images or take a considerable amount of your screen space, and distract the user.
Some adware software products install spyware software products after it gained access to the user's computer through his consent, because he or she thought that the ads are worth it, and because they don't know about the spying and bandwidth hogging that the adware does.
Adware usually takes the form of a toolbar for your web browser or as an instant messenger, and many other programs, and you can detect them with malware detectors, or with most of the anti-virus programs in the market today, which implement some form of an anti-malware feature.
What is crimeware?
Crimeware are software products that were written to automate the process of cyber-crime, and are used to steal people's identity for use in unlawful actions or for profit making, and are also used to steal sensitive information in order to profit from it in various ways.
Crimeware can install keystroke loggers on a person's computer to collect sensitive information which he's or she's entering, and to send that data to the attacker. Crimeware can also automate phishing attacks in which a user enters a URL of a website he wants to visit on his web browser, and gets redirected to a similar looking website where his personal data will be stolen.
Crimeware can also be used to steal a computer system's passwords and they can wait for a user to enter a certain personal account, and perform actions on it by masquerading itself as the user. Crimeware also sometimes allows the attacker access to the infected machine.
Crimeware usually infects computers via holes in web applications and via e-mail attachments, with the assistance of social engineering. Crimeware also spreads itself by searching for certain open ports in various computer systems, and by using them to install the software on the computer. A port is a way for one software in one computer to communicate with another software in another computer. It is basically like two people talking on the phone, but the phone line is a way for other programs to reach one of the parties, and the phone line is operational for a very long time. It basically means that other computers have a way to access your software products and your operating system, and infiltrate it using security holes in the software.
The way crimeware has been fought is by regulations and laws passed, and by malware detectors and deleters as well as with anti-virus programs.
Besides malware and spyware, and the types of malware and spyware that was talked about previously, there is also grayware. Grayware is a general term which is used to classify software products that aren't exactly considered malware, but are still annoy or operates using undesirable means. Its effects are less serious than a malware's effects, but they are still hurtful but in a lesser extant. Grayware encompasses some of the spyware and adware software products, and encompasses dialers and prank/joke products, as well as tools for remote access.
Grayware products can still harm the user's computer system, but can sometimes be used for good means and is not an obvious bad software (which viruses are). Grayware can keep track on the habits of the user's who are infected with it, and it might pop up advertisements and use other annoying habits, and might also leave the user's computer system open for attack by much more serious and damaging attackers and malicious software products.
In order to treat all the types of malware, grayware and spyware that were listed here you have a choice between multiple programs. The most basic is the anti-spyware products that scan a computer for known software products and either quarantine or delete them. There are also anti-virus programs to which anti-virus companies attach anti-malware capabilities, so that they may be able to treat the root problem and not just the symptoms. A piece of malware software can be the cause for an arrival of a virus, so to ensure no more viruses arrive to the computer system, the software that is "leading" it needs to be dealt with.
You have to regularly update that sort of software, and you have to run deep scans on a regular basis to keep yourself and your computer system safe. There is, also, a different type if anti-malware program - a one that keeps you protected 24/7 and deals with threats in real time. You can also use a good firewall program that will report you of unnaturally high traffic that a certain software product is producing, and by doing so alerting you to the possibility that it is some form of a malware product, or it can alert you to connection attempts made by people and software products from outside of your computer system - repeated tries, which might tell you that someone is trying to breach your system's defenses.
A firewall will also seal any open ports that don't need to be open, thus leaving you much less likely to get infected with a malware product.