Safety handbook

How to save and protect your computer from viruses and malware

The different types of viruses and malware

Virus: What is a virus?

A virus is the most common piece of malware. It is a piece of code which is capable of copying itself
and can corrupt your system or destroy your data. A virus can appear at any time as long as there’s
something or someone to insert it into a computer. An example of a real life virus is the ILOVEYOU
which was the most destructive virus in the early 2000s. It caused the destruction of 10% of the world’s
Internet connected computers. There are many different ways to cure an infected computer and to
prevent future infections.

Path to infection

Like all things there’s a process to how a virus infects the computer. Before it copies itself it has to
have access to the computer. To get access to the computer the virus can be inserted or downloaded
by a person or sent as an attachment through an email. When it copies itself, it copies an already
existing file and then infects the computer along with the other files. After being infected the
computer will experience random pop ups, will run very slowly, random crashes will occur, and files
will be missing. With the ILOVEYOU virus it used social engineering to get people to click on the
attachment through a love confession. After clicking the attachment the virus overwrite all other files
and became unbootable. As people know though with every infection there’s always a cure.

Methods to cure

There are many methods to curing an infected computer. One method is to download anti-virus
software onto the infected computer. After it’s downloaded, the software will scan for viruses and
when the virus is found the anti-virus will eliminate the virus. Some computers it’s not as easy.
Sometimes only an IT expert can fix the infected computer. For the ILOVEYOU virus users affected by it
had to download a robust virus removal program to remove the virus.

Ways to prevent infection

To keep users from experiencing the effects of a virus there are many ways to help protect their
computers. One of the most common ways is to download anti-virus software or a firewall onto the
computer as soon as possible. This will protect the computer from future viruses and clean out any
existing viruses. Other ways to prevent infection are to always back up files, delete any spam mail, do
not open any random emails with attachments and keep software up to date.
Worm: Don’t worms live underground?

This chapter isn’t about the insect worm, this is about the independent computer virus that replicates
itself over and over again and spreads to other computers. A worm virus can infect a computer at any
time and doesn’t need to help of human interaction to do so. It mainly infects the software of
computers just like any other virus. A popular example is the Morris worm virus which was a self-
replicating computer program created by Robert Tappen Morris that started spreading November 2nd,
1988.

Paths to infection

When a worm virus is introduced to a computer through spam mail or software vulnerabilities, it will
start to infect the user’s computer without their knowledge. A worm will delete and modify files, add
more malware to the computer, and make copies of itself over and over to deplete the system and
storage. The Morris worm would self-replicate and would exploit vulnerabilities such as weak passwords
and infect those computers. This caused the computers to have a slower performance speed which
eventually made the infected computer unstable, but just like a regular virus there was a cure.

Methods to cure

Similar to a virus, computer worm users can download up to date anti-virus software to scan for any
viruses or worms. Before that, disable the system restore just in case the worm starts messing with the
system. Then use the anti-virus software to scan for any worms. If a worm is detected the software will
eliminate the worm so it can’t infect the computer further. Users affected by the Morris worm had to
use these same methods if their computers were still stable.

Ways to prevent infection

The different ways to prevent a computer from getting infected are to update the computer’s system
software, and be cautious of the emails and attachments that the computer receives. As an extra
precaution have anti-virus software or a firewall already downloaded to the computer prior to using it.

Trojan horse

A Trojan horse is malware that looks like a regular program but after opening this program it becomes
very destructive. This type of malware exists because it wants access to data like credit card
information and any other personal information that’s stored in a user’s computer. It happens when a
user downloads and opens a random program that they may not be familiar with. The Storm worm virus
was one of the worst Trojan horse viruses that started January of 2007 in Europe.

Paths to infection
There are many different types of Trojan horse viruses and how they infect computers. The most
common type of Trojan horse is the backdoor type which leaves a backdoor inside the user’s computer
so it can be remotely controlled by the program. This virus gets access to computers when a user
downloads and opens a random program that seems harmless, and then Trojan virus infects the
computer and takes control of it. This Storm worm works in this way as well by getting access to
computers through false email attachments about an upcoming storm. After users opened this program
to see what was happening the virus took over and continued to send the virus to other computers
through spam mail.

Methods to cure

There are multiple ways to cure a computer of a Trojan horse virus depending on the type of virus. One
way is to identify and remove the program that contains the Trojan horse. The fake program will show
constant error pop up messages on the computer. After disable the system restore so the computer
doesn’t crash and then remove any Trojan infected programs. Users can also download Trojan removing
programs that can do this as well. These methods were also used by users affected by the Storm worm.

Ways to prevent infection

Since almost any program could possibly be connected to a Trojan virus, users should only download
programs that come from reputable sources not random sites on the Internet. Also like any other virus,
make sure not to open any random email attachments and download the proper anti-virus software or a
firewall to the computer in advance.

Adware

Almost every computer user has had a run in with adware software. It’s a type of malware that
presents unwanted advertisements in the form of popups or other advertisements which aren’t usually
harmful to a computer. Its purpose is to gain revenue for the person who created the advertisement or
pop up whenever a user clicks on the pop up or advertisement. Adware can appear anywhere on a
computer screen as long as it’s on at any time since it’s usually in the form of ads or random windows.
Certain types of adware will use intrusive methods to sneak into users computer systems to spy on their
activity. An example of this intrusive type of malware is Fireball which infected about 250 million
computers in 2017.

Paths to infection

Adware can infect a computer without the user’s knowledge. For example if the user downloads a file
from a client or a peer, the program could contain adware. Once the program is downloaded the
adware will start sending pop ups and advertisements to the user’s computer. While the pop ups are
being displayed the program has planted tracking devices onto the user’s computer which can then
copy information inputted into the keyboard or perform hard drive scans. If left unchecked the adware
program will start to copy personal information like credit card numbers, passwords pictures and other
types of information. The Fireball adware was distributed by a company, but it was bundled in with
multiple programs that it would have not been easily detected. Once inside, it began spamming users
with pop ups and started to track their activity and copy personal information.

Methods to cure

To cure a computer infected with adware, the first step is to uninstall the false program. Then
download a malware scanner to scan the computer for the rest of the adware virus. Find a reliable
cybersecurity program like Malwarebytes and download it so it can remove the rest of the adware. The
same had to be done with the Fireball malware except the user needs to make sure every Fireball
related extension and file is deleted before using the cybersecurity program.

Ways to prevent infection

There are many ways to protect a computer from the vicious effects of adware. A couple ways include
using an ad blocker to keep unwanted pop ups off the computer, downloading/applying a firewall to
the computer prior to using it, using adware remover software, and pay for premium or ad versions of
popular services.

Spyware

Though it sounds like a cool spy gadget, spyware can do some serious damage to a person’s life as well
as their computer. This type of malware infects a computer and searches for any kind of data or
personal information about the user. Just like adware, spyware infects user’s computers without them
knowing. Its purpose is to gather as much information about the user without getting caught. The
Infostealer software does exactly what its name says. These types of programs have the ability to
search computers and steal personal information about the user.

Paths to infection

Spyware disguises itself like a Trojan horse, in the form of a program and without the users knowledge
makes its way into the computer. It can also be in the form of security vulnerabilities which means the
computer’s security software isn’t up to date or strong enough to protect the computer from viruses
and malware. Other ways include downloading unreliable software, and software bundles similar to the
Fireball. The Infostealers find their way into user’s computer by being downloaded by the user of the
computer by accident. After the Infostealer is inside the computer it beings to look for personal
information like bank information, credit card numbers etc.

Methods to cure
Removing spyware is similar to adware in most ways. A couple differences are that before removing
and scanning for the spyware the user has to turn off the Internet on their computer. Next try to
uninstall the program by checking the Add/Remove option the control panel. Then scan for the
malware and download an anti-virus or spyware removal program to get rid of the malware. For the
Infostealer software downloading a Malwarebytes program will remove the spyware easy and quick.

Ways to prevent infection

An easy way to prevent spyware from hacking a computer is to download and install anti-spyware
software. There’s also methods like keeping the computer’s operating system up to date, enabling a
firewall and don’t download anything off of the computer’s browser if it’s from a random website.

Scareware

This brand of malware uses mimicry and deceit to infect a user’s computer. Scareware scares users
into downloading fake anti-virus software so the malware can get into the computer. It flashes fake
pop ups on the users screen about a fake virus and attacks when the user is web browsing on websites
that may not be the safest. Its purpose is to get into a person’s computer to get access to their
personal information and take control of the computer. An example of scareware to watch out for is
Spysheriff which

Paths to infection

Scareware will put fake pop ups on a person’s computer screen that they have a virus and scare them
into downloading a fake anti-virus software so the malware can get into the computer. When the user
is finished downloading the fake anti-virus software, the malware gets into the computer and starts
copying any information the user gives them. This includes credit card information when they pay for
the anti-virus software. The malware can also take control of the compute after the software has been
downloaded which gives the malware access to any information about the user including their identity.
The Spysheriff is a type of fake anti-virus program that a use will download to get rid of the imaginary
virus. Then Spysheriff has access to any kind of information that is stored on the user’s computer.

Methods to cure

Unlike the other pieces of malware, scareware is a bit more difficult to get rid of. If you have
Spysheriff for example, the first step is to figure out what type of scareware is on the computer. After
that, the user must attempt to remove the false anti-virus software from the computer. This is a
delicate step so be cautious. The next step is to download or re-enable the real antivirus software so it
can scan for any remains of the virus and get rid of it.

Ways to prevent infection

Ransomware

This is most likely the most harmful type of malware out of the ones explained in the previous
chapters. Once ransomware has access to a person’s computer it will keep the user from being able to
access their data until a sum of money is paid so the user can get back the files. The main entrance
into someone’s computer for ransomware is through email attachments. The attackers who send the
attachments want to collect either money or data they can use against the person or organisation they
attack. This type of malware affects the whole computer especially the operating system which
controls the computer. The most popular brand of ransomware is the Cryptolocker which encrypts files
on desktops and networks ten old them for ransom.

Paths to infection

There are two ways a computer can be infected by ransomware. One way is to be sent through email
attachments and once they are opened the malware infects the computer and takes over the coulter.
Another way is the malware will find loop holes in the computer’s security system without having to
trick users. Cryptolocker uses both methods to get inside a computer, and then waits until the user
pays a sum of money to have their files decrypted.

Methods to cure

The removal of the ransomware like Cryptolocker is pretty simple. The user must reboot their
computer to safe mode, and then install antimalware software. The software once downloaded will
scan the system to find the ransomware program and restore the computer back to normal. The
downside is that the user won’t be able to decrypt their files unless they pay the ransom because only the
attacker has the key to decrypt the files.

Ways to prevent infection

To protect files from being held for ransom a user should keep their operating system up to date, don’t
install software that doesn’t have a clear indication on what it is, back up files weekly, and as always
download anti-virus software.

Hopefully after reading about the most popular types of malware, you can now properly protect your
computer from getting infected.
 Bibliography

https://itstillworks.com/kill-computer-worm-4813694.html

The author of this article is Joshua Duvauchelle. It was published by It Still works and sponsored by the
Leaf Group. The purpose of this site is to help people with their IT problems and to keep their
computers running when they get infected. The article is written in the form of steps so viewer can see
what step to do first when they have a computer issue. The site is a couple years old (from 2017)
because majority of the articles have the years 2017 in the title. My overall evaluation of the article is
that it’s pretty reputable and I’d use it in the future again when looking for information.

https://softwarelab.org/what-is-adware/

The author of the article is Tiber Moes and was last updated February of 2019 because it shows that
right next to the author’s name. Software labs published the article but the site is operated by
Momento Ventures INC. The site’s purpose is to help users protect their computers from malware by
giving them tips and providing information about the types of malware. This site was very helpful when
I was looking for real life examples of the different types of malware. I did a google search when I
chose an example to see if the site was lying or not.