Types of malware

- [Instructor] We're all familiar with software that we use to play games, manage our day-to-day work, and support our social interactions. But we also come across software from time to time that's unwanted, and some that's plain malicious. We call that malware. Let's have a look at the types of unwanted and malicious software we might encounter. A virus is a type of malware that's designed to do two things, firstly, to propagate copies of itself to other computers in whatever way it can, and secondly, eventually, to attack its host computer. This might infiltrate itself into your system through some form of attack, or it might present itself with something which is legitimate, so that you unknowing download malware yourself. This is known as a trojan. A worm is a special form of virus which propagates through a network. It doesn't require any user action to move itself from one target to the next, often using its current target to seek out its next group of targets. Spyware is different. It's software which typically doesn't propagate and it's designed to extract information from its host computer for marketing purposes. This might be malicious and take valuable data, or it might just be intrusive and take information it can use to build your marketing profile. Adware is like spyware, but it's designed for advertising, for example, in a popup screen. Adware and non-malicious spyware are called PUPs, potentially unwanted programs, and they're often introduced inadvertently during the installation of other programs. Malware can be created specifically as a non-propagating implant, which can be loaded into your system by some form of attack. It might be an executable file, which is manually started by the attacker or included in your list of programs which start up automatically when you boot your computer. It might be a module, such as a DLL, which is injected into an existing program on your computer so that it can use that program's privileges and hide within that program's process. Another form of an implant is known as a rootkit. This is particularly dangerous software which is designed to implant itself into a privileged area of its target, operate stealthily, and take active measures to avoid being discovered. A rootkit will often open a backdoor on its target. Virus and PUPs can be detected and removed by antivirus software. Antivirus software checks all files coming into the system from USB, mail, or websites, to see if they match any of its virus or PUP signatures. If one does, it will typically be removed or quarantined. Antivirus programs are only about 95% effective in detecting viruses and PUPs. New viruses and PUPs are being created all the time, and antivirus software needs to be updated regularly so that new signatures can be added. Businesses will often download new signatures every four hours or so, but a home user may only check once a week. Consequently, a new virus or PUP can get onto a system if it arrives before its signature is in the system's antivirus database. To catch these exceptions, antivirus software can scan the hard disk to look for viruses and PUPs that have been written to disk. This is typically done weekly after the signature update.