Viruses and Their Relatives, or Know Your Enemy

The Many Types of Viruses

Anyone who is even mildly knowledgeable about IT knows that there is such a thing as a piece of malicious software that we call a virus. And that there is also software that helps you protect against viruses, which we call an antivirus. Over time, new variants of malicious software have emerged that act differently from a classic virus. They spread differently, for example. To make talking about them easier, IT security professionals have developed an entire system of categories for malware. It’s similar to how zoologists or botanists use taxonomy, just a bit simplified. The major categories include trojans, worms, adware, ransomware, crimeware, spyware and more. The general term for all malicious software is malware. And ransomware, for instance, is not a virus, but something like its cousin. In taxonomical terms, you can look at, for example, the class Malware, order Ransomware, family Exploit and genus WannaCry. Which, by the way, does exactly what it says on the tin if you happen to get infected.

How Malware Gets into Your Computer

Back in the early days of IT, viruses spread on floppy disks. While you can’t really catch a virus from a floppy these days, for fairly obvious reasons, the same principle applies to other portable media. In good faith, you put into your PC a DVD that you got from somebody, plug in an external drive or a flash drive and there you have it. In some cases, you don’t even have to click on anything. The rise of the internet brought many new ways of “catching” a virus. You can receive a malicious file by email or download it from the internet, or even from your company’s shared repository if it was unknowingly put there by one of your colleagues or by a particularly smart piece of malware that created a copy of itself there.

A Few Things to Know

Malware is no longer limited to directly executable .com and .exe files, as it used to be in the recent past. Malicious code can now be part of any file that uses programming code, such as macros (in Excel and Word files). It can also be included in other files (e.g. multimedia files) and exploit various vulnerabilities in the programs in which we open them (in this case players). Every piece of software contains bugs, and so does your computer’s operating system. If these bugs make it possible to take control of this software or even the operating system (and e.g. access data, create new records or change data, for example by encrypting it), we call them exploits. For example the WannaCry ransomware mentioned earlier utilised a flaw in the SMB protocol, which is the basic protocol for sharing resources and data in Windows.

Updates Are No Joke

About once a week, we Windows users get a message telling us that a new update is available. The longer we delay installing it, the more likely it is that we will get into trouble. You never know; the update you’re postponing right now might fix a serious exploit that a piece of malware is going to use to spread this very afternoon… Now that we know what an exploit is, we should also mention zero day exploits. This is the term for a vulnerability that no one except the author of the malware is aware of, which means that there is no patch that can fix the problem.        In addition to exploits introduced by a programming error (which may be a coder’s honest mistake as well as an improperly designed mechanism for solving a task), there are also exploits introduced on purpose. These are called backdoors, because that is exactly their purpose. You probably won’t be surprised to learn that some of them were reportedly designed by the US National Security Agency, because governments love to know things and information is the most valuable commodity there is. Backdoors are typically encountered in software acquired through various illicit means. Illicit here does not necessarily have to mean copyright violations; it can also refer to any circumvention of corporate rules – a company computer should only run apps that have been verified and approved by the IT department.

Timely and Effective Prevention

A typical antivirus works with signatures – known sequences of strings in files. These strings correspond to software code; to simplify this, you can imagine that an instruction such as “encrypt all .doc files” is written as a specific sequence of ones and zeroes, and if an antivirus finds this sequence in a file, it triggers an alarm and a defensive response. In addition to traditional antivirus programs, there are also next-generation defence systems, of which antivirus is one part. These solutions are called Universal Threat Management and provide comprehensive protection of end devices and servers against all possible types of attack. It’s also increasingly common for these systems to verify suspicious files that you want to open by first sending them to the control centre, where they go through a security check and then are either allowed or denied. All of this happens in the background without the user’s intervention. If you agree that a secure IT environment is one of the most valuable assets in your company, we can offer the services of our RSM CZ specialists. We have almost 30 years of experience in IT, a wide range of competencies and partnerships with major IT security providers, and will be happy to ensure your data is protected as much as possible.