Computer virus, keylogger, and Trojan Horse are programs designed to take unauthorized control of the infected computer to cause harm to the system’s data or degrade its performance. A computer virus is a security challenge in the technology field. Viruses cause the destruction of data and software programs on the computer. In some cases, a virus may do nothing other than just replicating itself. However, they are responsible for using a large part of the system resources such as CPU and memory which results in the performance degradation of the computer.
Mode of Operation Of The Computer Virus
Computer viruses work by attaching themselves to an already existing file or program. It replicates itself to spread from one computer to another. In most cases, they tend to infect executable files that are parts of legitimate programs. So, when a user executes an infected file, the virus activates and begins to work by replicating further or causing the intended damage to the system. A virus cannot perform its task of harming and replication unless it runs on the computer. This is the reason viruses often choose an executable file as its host and attach to them.
Types Of Computer Virus
1. Non-Resident Viruses: This kind of virus will execute along with its host. It finds and infects other possible files and eventually transfer the control back to the main program (host). The operation of the virus will end along with that of its host.
2. Resident Viruses: Whenever the user runs an infected program, the virus activates and loads its replication module into the memory. It then transfers the control back to the main program. In this case, the virus remains active in the memory waiting for an opportunity to find and infect other files even after you close the main program (host).
Worms are standalone computer programs with a malicious intent that spread from one computer to another. Unlike viruses, worms have the ability to work independently and hence do not attach themselves to another program.
Mode of Operation Of The Computer Worms. Worms often use a computer network to spread itself by exploiting the security vulnerabilities that exist inside the individual computers. In most cases, worms only spread without causing any serious change to the computer. Unlike viruses, worms do not cause damage to the system files and other important programs. However, they are responsible for consuming the bandwidth thereby degrading the performance of the network.
REMOTE ADMINISTRATION TOOLS (RATs)
A Remote Administration Tool (RAT) is a piece of software that allows a hacker to remotely take control of the target system to execute commands and carry out operations on it. With the help of RATs, a hacker can control the target system as if he has physical access to it.
Mode of Operation: A hacker can install a RAT program manually when he gets administrator access to a system. Hackers normally attach RAT programs to other malicious programs like a trojan horse to deliver it to the target system. Once a RAT enters a computer, it can allow the hacker to remotely take control of the system. With the help of a RAT, an attacker can carry out the following operations on the target system:
- Watch Live screen activities and capture screenshots.
- Read/Write/Upload/Download files and folders.
- Install/Uninstall other malware programs.
- Modify Registry such as add/edit/delete entries.
- Power off/Reboot the system.
As you can see from the above list, there is almost no operation that the attacker cannot perform with the use of a RAT. Some of the examples of popular RATs include PsTools, Radmin, and LogMeIn.
A keystroke logger (or simply known as a keylogger) is a program that records every keystroke you type on the computer’s keyboard. Programs like RAT can install keylogger programs remotely without manual operations. Once the installation is complete, a keylogger operates in a complete stealth mode by hiding itself. It hides from well-known places such as the Programs folder, System tray, Adds/Remove programs, Task manager etc. This makes it very hard to track.
A keylogger will capture every keystroke you type on the computer’s keyboard. This includes passwords, bank logins, credit card details, emails, chat conversation etc. It stores the logs in a safe place to be accessible only to the attacker. Some keyloggers can also send the logs via email or upload them to the hacker’s FTP account. Some of the popular keystroke loggers include Elite Keylogger, Powered Keylogger, and Actual Keylogger.
Spyware is a type of malicious software that collects information about the activities of the target computer without the knowledge of its users. Most spyware programs also come pre-loaded with a keylogger which makes them more powerful. These type of programs are often installed by the owner or administrator of the computer to monitor the activities of the users on it. This can be a parent trying to monitor his/her child or a company owner trying to monitor their employees. Unfortunately, hackers and criminals use these programs to spy on users of their target machines.
Mode of Operation: Spywares work in a total stealth mode so that its presence is completely hard to find from the users of the computer. Spyware silently monitors all the activities of the computer such as keystrokes, web activity, screenshots, emails, IM logs etc. These logs are stored secretly for later access or uploaded online so that the installer of the spyware program can have access to them.
Apart from monitoring, Spywares do not cause any damage to the computer. Sometimes, the affected computer may experience degradation in its performance. SniperSpy, SpyAgent, and WebWatcher are some of the examples of popular spyware programs.
A rootkit is a special type of malicious program that hides certain programs like spyware, keyloggers and other processes from normal methods of detection. This gives unlimited access to the target computer. Rootkits are often installed by the attacker as soon as he gains administrator-level access to the target. They work by modifying the kernel of the operating system itself which makes it really hard to detect. Rootkits cause serious damage to the system as it modifies the OS kernel to carry out operations. They are very dangerous and it is advisable to remove them completely from the computer.
A Trojan horse or a Trojan is a type of malicious program that disguises itself as something that is legitimate or useful. The main purpose of a trojan is to gain the trust of the user by disguising itself as a useful program or other utility. This is really deceptive and unsuspicious for the user of such a program. But, from the back-end, it grants an unauthorized control of the computer to the hacker by installing a RAT, Spyware or a Rootkit.
Mode of Operation: A Trojan horse does not depend on the host to carry out its operation. So, unlike a computer virus, it does not tend to attach itself to other files. Trojans are often disguised as video codec, software cracks, keygens and other similar programs downloaded from untrusted sources. So, one has to be careful about those untrusted websites that offer free downloads.
One of the most popular examples is the DNSChanger Trojan that was designed to hijack the DNS servers of the victimized computers. It was distributed by some of the rogue pornographic websites as a video codec needed to view online content. Trojan horses are known to cause a lot of damages such as stealing passwords and login details, electronic money theft, logging keystrokes, modifying or deleting files, monitoring user activity and so on.
The following are some of the countermeasures that you can take to prevent malware attack on your systems:
- Deploy a two-way firewall which manages both inbound as well as outbound traffic.
- Install a good antivirus program and keep it up to date.
- Periodically run full system scans to detect and remove keylogger, spyware, and rootkits.
- Keep up to date on all security software patches. Use automatic updates to keep your Windows patched for latest threats and vulnerabilities.
- Install other security programs such as anti-spyware, anti-keyloggers and anti-rootkit.
- Run with least privilege. Log in as administrator only when required. For lighter activities like browsing the Internet and reading emails login with an account that has limited access.
- Scan unknown programs with an up to date antivirus software before installing them on your system.
- Take periodic backups of your system so that if of data loss or damage from malware you could easily revert back to a previous date of the normal working condition.