Types of infections

Many people have at least one form of computer infection in their computer and don't even know it!

The list is long so grab your favorite beverage, sit back and read about the many types of infections.

Most people who spend any amount of time on the internet have some form of an infection on their computers and don't know it. Computer will slow down over time for normal reasons if the user does not perform basic functions to keep it up to speed. This is called "cluttering". The computer, regardless of what brand name it is collects then stores all types of information. After some time it slows the computer down. Contrary to popular belief even an Apple computer will get infected. Infections obviously come from questionable websites as well as legitimate websites also. When the user downloads lets say a recipe any type of infection could be within the download stream. Be it adware, malware, bloatware or even a severe type of virus. People can get their computer infected from pretty much any source nowadays. Commercially available anti malware & anti virus software is a good thing to have installed on your computer but infections can easily bypass these programs as many computer owners have experienced. If you think you are infected then you probably are because you know your computer better than anyone. By taking your computer to a professional you can avoid the heartaches as well as headaches associated with stolen credit card information, your bank account getting drained or your identity.    

 Space-filler virus.

Rare but hard to detect and remove. This virus situates itself in the spaces within a file rather than attaching itself to the file like common viruses. However with the growth and expanding use of Windows Portable Executable files this virus is becoming more common.

 Overwrite virus.

For the computer owner this virus is the most frustrating virus there is. It will delete the contents of any file it infects. The only known way to remove the virus is to delete the file infected therefore losing the contents of that file. This virus is spread via e-mail. In the 2000's it was common but not as much today however it is still around. 

 Polymorphic virus.

This is one of the more difficult ones to detect and kill. That includes using commercial anti-virus programs many consumers buy. When this virus is detected it takes months to create a detection routine in order to get rid of it. This infection utilizes encryption.  Polymorphic viruses rely on mutation engines to alter their decryption routines every time they infect a machine. This way, traditional security solutions may not easily catch them because they do not use a static, unchanging code. The use of complex mutation engines that generate billions of decryption routines make them even more difficult to detect.

 Multipartite virus.

This virus spreads in multiple ways and takes different actions once inside your system. It attacks the boot sector as well as the executable file system making it difficult to get rid of. In many instances, it will be detected in the file sector but will come back because it also attaches itself to the boot sector.

 Resident virus.

This virus will install itself in a computer. Even when the original infection source has been removed it will return because it has made it's home in your computer. This virus will also attach itself to your anti virus software (even the premium ones you pay for) and will split itself into two versions, a fast and slow version. The fast one does as much damage as it can while the slow one spends time creating havoc in your system. 

 Direct action virus. 

This virus attacks or start to work immediately. It can include non violent or even violent threats that targets groups, people, businesses. A good example is the Stuxnet Virus launched against the government of Iran by the United States Cyber Command.

 Boot sector virus.

This virus infects the boot record hence it's name. They are hard to remove especially if the virus encrypts the boot sector! They are found on flash drives and in e-mail attachments most commonly. This virus had it's heyday in the 1990's but can still be found today.

Software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer's consent, or that asserts control over a device without the consumer's knowledge.

Programs that hide the existence of malware by intercepting (i.e., "Hooking") and modifying operating system API calls that supply system information. Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower to include a hypervisor, master boot record, or the system firmware. Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits have been seen for Windows, Linux, and Mac OS X systems.

Potentially Unwanted Programs (PUPS) or Applications
Software that a user may perceive as unwanted. This may include adware, spyware, or browser hijackers. Such software may use an implementation that can compromise privacy or weaken the computer's security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, in some cases without providing a clear opt-out method.

Point of Sale (POS) Malware
A type of malicious software that is used by cybercriminals to target point of sale (POS) terminals with the intent to obtain credit card and debit card information by reading the device memory from the retail checkout point of sale system. POS malware is released by hackers to process and steal transaction payment data. The card information, which is usually encrypted and sent to the payment authorization, is not encrypted by POS malware but sent to the cybercriminal.

The part of the data transmission that could also contain malware such as worms or viruses that perform the malicious action: deleting data, sending spam, or encrypting data. While packet headers indicate source and destination, actual packet data is referred to as the "payload."

Malicious Mobile Code
Software with malicious intent that is transmitted from a remote host to a local host and then executed on the local host, typically without the user’s explicit instruction. Popular languages for malicious mobile code include Java, ActiveX, JavaScript, and VBScript.

Malicious Crypto Miners
Software that uses system resources to solve large mathematical calculations that result in some amount of cryptocurrency being awarded to the solvers. There are two ways that mining can be performed: either with a standalone miner or by leveraging mining pools. Mining software relies on both CPU resources and electricity. Once a system has a miner dropped on it and it starts mining, nothing else is needed from an adversary perspective. The miner generates revenue consistently until it is removed.

The action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keylogger can be either software or hardware.


A piece of software, a command, or a methodology that attacks a particular security vulnerability. Exploits are not always malicious in intent—they are sometimes used only as a way of demonstrating that a vulnerability exists. However, they are a common component of malware.

Denial of Service (DOS) Attacks
Malicious attempts by one or more people to cause the victim, site, or node to deny service to its customers.

A class of malware designed specifically to automate cybercrime. Crimeware (distinct from spyware and adware) is designed to perpetrate identity theft through social engineering or technical stealth in order to access a computer user's financial and retail accounts for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the cyberthief. Alternatively, crimeware may steal confidential or sensitive corporate information.

Browser Hijacker
Software that modifies a web browser's settings without a user's permission to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own. These are generally used to force hits to a particular website, increasing its advertising revenue. This software often comes in the form of a browser toolbar and is received through an email attachment or file download.

A malware variant that modifies the boot sectors of a hard drive, including the Master Boot Record (MBR) and Volume Boot Record (VBR). Adversaries may use bootkits to persist on systems at a layer below the operating system, which may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.

An undocumented way of accessing a system, bypassing the normal authentication mechanisms. Some backdoors are placed in the software by the original programmer and others are placed on systems through a system compromise, such as a virus or worm. Usually, attackers use backdoors for easier and continued access to a system after it has been compromised.

Software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis if the user clicks on the advertisement.

Advanced Persistent Threats (APT)
A set of stealthy and continuous computer hacking processes, often orchestrated by a person or persons targeting a specific entity. An APT usually targets either private organizations, states, or both for business or political motives. APT processes require a high degree of covertness over a long period of time. The "advanced" process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The "persistent" process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The "threat" process indicates human involvement in orchestrating the attack.

Advanced botnets may take advantage of common internet of things (IOT) devices such as home electronics or appliances to increase automated attacks. Crypto mining is a common use of these bots for nefarious purposes.
In addition to the worm-like ability to self-propagate, bots can include the ability to log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch Denial of Service (DOS) Attacks, relay spam, and open backdoors on the infected host. Bots have all the advantages of worms, but are generally much more versatile in their infection vector and are often modified within hours of publication of a new exploit. They have been known to exploit backdoors opened by worms and viruses, which allows them to access networks that have good perimeter control. Bots rarely announce their presence with high scan rates that damage network infrastructure; instead, they infect networks in a way that escapes immediate notice.
Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or "botnet." With a botnet, attackers can launch broad-based, "remote-control," flood-type attacks against their target(s).
"Bot" is derived from the word "robot" and is an automated process that interacts with other network services. Bots often automate tasks and provide information or services that would otherwise be conducted by a human being. A typical use of bots is to gather information, such as web crawlers, or interact automatically with Instant Messaging (IM), Internet Relay Chat (IRC), or other web interfaces. They may also be used to interact dynamically with websites.

A Trojan is another type of malware named after the wooden horse that the Greeks used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create backdoors to give malicious users access to the system. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.

Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided. More advanced worms leverage encryption, wipers, and ransomware technologies to harm their targets.

A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software and causing denial-of-service (DoS) conditions. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed, the viral code is executed as well. Normally, the host program keeps functioning after it is infected by the virus. However, some viruses overwrite other programs with copies of themselves, which destroys the host program altogether. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected email attachments.

Ransomware is a type of malicious software that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, which encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.

Classes of Malicious Software
Two of the most common types of malware are viruses and worms. These types of programs are able to self-replicate and can spread copies of themselves, which might even be modified copies. To be classified as a virus or worm, malware must have the ability to propagate. The difference is that a worm operates more or less independently of other files, whereas a virus depends on a host program to spread itself.

The widget above from Kapersky Labs is a REAL TIME threat map showing infections and attacks using the internet. 

If you know you have an infection or think you do bring your computer to Mike's PC Service and let us get rid of it for you. Your personal information & identity might be at risk!