The Common Types of Computer Infections

What is Mac Specific Malware?

Also known as: Mac virus

Mac specific malware is a type of malicious application that is targeted at Mac computers running MacOS operating system. A term Mac virus is commonly used but it's not technically correct. At the moment there are no Mac (or Windows) viruses in the wild. In theory a computer virus is malicious program that can self replicate when launched. In the early development of operating systems viruses caused a lot of damage, but nowadays computer viruses are totally extinct and are replaced by malware. While Mac malware and adware are not very widely spread nowadays more and more cyber criminals are starting to create malicious applications specifically targeted at Mac computers. Categories for Mac specific malware are the same as for Windows or Linux based operating systems, they range from potentially unwanted applications (relatively low harm) to trojans and ransomware (high risk infections). The market share of MacOS based computers is rising every year so cyber criminals are starting to search for alternative income sources and some of them are starting to attack Mac computers.

The most widely spread infections specifically designed for Mac computers comes in a form of potentially unwanted applications. Deceptive marketers are creating fake virus warning pop-up ads and fake flash player updates with an intention of tricking Mac users into downloading their unwanted applications. After the installation such apps scan user's computer and display exaggerated results stating that junk files and operating system cache files are high risk error, thus tricking Mac users into making unnecessary purchases.

Screenshot of a deceptive free software installer that is used in adware and potentially unwanted application distribution:

installer distributing mac specific malware

Another common form of Mac infections is adware. This type of infection usually infects user's computers using a deceptive marketing called bundling, Mac users install adware applications together with some free software downloaded from the Internet. After successful infiltration adware type applications generate intrusive pop-up and banner ads when browsing the Internet. Other types of adware redirect user's Internet searches through some unwanted websites.

Other Mac specific malware include Trojans, ransomware and cryptocurrency miners. Trojans aim to steal sensitive users data, ransomware aim to encrypt user's files and ask for a ransom in order to decrypt them and Cryptocurrency miners stealthily lurk on user's computer while exploiting computer's resources to mine crypto currency for the cyber criminals. These types of infections are not widely distributed but as Mac computers become more popular malware developers are increasingly targeting MacOS operating system.

Mac Specific malware symptoms:

  • A program that you have not installed appeared on your desktop.
  • Unwanted pop-up ads appear when browsing the Internet.
  • Mac became slower than normal.
  • Computer's CPU fan is working on it's highest capacity even when not doing heavy work on the computer.
  • When searching the Internet through Google, Internet searches are automatically redirected to Yahoo or Bing search engine.

Distribution:

When it comes to malware distribution most commonly cyber criminals are using various social engineering techniques to spread their malicious applications. For example in a case of potentially unwanted applications, deceptive marketers use fake pop-up ads to spread their applications. In a case of adware - users usually install adware applications when tricked by fake flash player installers. Trojans and cryptocurrency miners are distributed using software crack downloads and hacked websites.

How to avoid installation of Mac specific malware?

To avoid installing malicious software Mac users should practice safe Internet browsing habits, this would include downloading software only from trusted sources (developer's website or official app store), not trusting online pop-up ads that claim about found infections or offer to download flash player updates. Mac users should stay away from downloading software cracks or game cheats. Using P2P services such as torrents also puts your computer security at risk. When downloading free software you should always pay close attention to the installation steps as they could hide installation of additional (most commonly unwanted) applications.

Most recent Mac Malware:

Most widespread Mac Malware:

What is Adware?

Also Known As: Unwanted ads or pop-up virus

'Adware' is a term used to describe a program that displays intrusive ads and is considered privacy invasive. Today, the Internet is rife with potentially unwanted applications that install with free downloads. Most free software download websites use download clients - small programs offering the installation of advertised browser plug-ins (usually adware) with the chosen freeware. Thus, reckless downloading of free software can lead to unwanted adware infections.

There are several types of adware: some may hijack users' Internet browser settings by adding various redirects; others may deliver unwanted pop-up ads. Some adware programs do not show any visible signs of infiltration, however, they are able to track users' Internet browsing habits by recording IP addresses, unique identifier numbers, operating systems, browser information, URLs visited, pages viewed, search queries entered, and other information. Moreover, most adware programs are badly programmed, and thus can disrupt the normal functioning of users' operating systems.

Adware Symptoms:

Slow web browser performance, annoying ads (searches, banners, text links, transitional, interstitial, and full page advertisements), browser redirects.

adware infections generating intrusive online ads

Screenshot of adware generating intrusive pop-up and banner ads:

adware generating pop-up ads sample 1 adware generating pop-up ads sample 2 adware generating pop-up ads sample 3 adware generating pop-up ads sample 4

Adware generating banner ads:

adware generating banner ads sample 1 adware generating banner ads sample 2 adware generating banner ads sample 3 adware generating banner ads sample 4

Distribution:

Adware is often included within freeware or shareware programs, and the installation of potentially unwanted applications can be caused by deceptive free software download clients and installers. Adware is also installed via fake Flash Player, Java, or Internet browser updates. Potentially unwanted programs are distributed by the use of misleading banners and other online ads.

Screenshots of free software installers used to propagate adware:

free software installer used to propagate adware sample 1 free software installer used to propagate adware sample 2 free software installer used to propagate adware sample 3 free software installer used to propagate adware sample 4

How to avoid adware infections?

To avoid installation of adware, Internet users should express great caution when downloading and installing free software. If your download is managed by a download client, be sure to opt-out of installation of any advertised browser plug-ins by clicking on a 'Decline' button. When installing previously downloaded freeware, always choose 'Advanced' or 'Custom' installation options, rather than 'Quick' or 'Typical', since choosing the default options can lead to unwanted installation of bundled adware.

Most Recent Adware Infections:

Most widespread Adware:

What is a Fake Antivirus?

Also Known As: Rogue security software or Scareware

Fake Antivirus (also known as Scareware) is a term used to describe rogue security programs which imitate computer security scans and report non existent security infections to scare PC users into purchasing useless license keys. While such programs may appear beneficial on the surface, in fact they are misleading with the aim of tricking computer users into believing that their operating system is infected with high risk malware. Cyber criminals responsible for creating these bogus programs, design professional-looking user interfaces and security warning messages to make their fake antivirus programs appear trustworthy.

After successful infiltration, rogue antivirus programs disable the operating system's Task Manager, block execution of installed programs, and configure themselves to start automatically on system startup. PC users should realise that paying for a fake antivirus program is equivalent to sending money to Cyber criminals. Moreover, by paying for these rogue programs, users risk divulging their banking or credit card information, thus leading to potential further thefts from their accounts. Users who have already purchased such bogus antivirus software should contact their credit card company and dispute the charges, explaining that they have been tricked into buying a fake antivirus program. While the main function of fake antivirus programs is to encourage users to visit websites where they will be advised to pay for nonexistent security threat removal, these rogue programs are also capable of launching additional malicious programs, stealing personal information, and corrupting stored files.

fake antivirus program sample 1 fake antivirus program sample 2 fake antivirus program sample 3 fake antivirus program sample 4

Fake Antivirus Symptoms:

Constant security warning popup messages in the task bar, reminders to purchase a full version to remove supposedly identified 'security infections', poor computer performance, blocked execution of installed programs, blocked Internet access.

Screenshots of rogue antivirus programs generating fake security warning messages:

rogue antivirus program generating fake security warning messages sample 1 rogue antivirus program generating fake security warning messages sample 2 rogue antivirus program generating fake security warning messages sample 3 rogue antivirus program generating fake security warning messages sample 4

Distribution:

Cyber criminals use various methods to distribute rogue antivirus programs. Some of the most widely used are malicious websites, infected email messages, and fake online security scanners.

Other fake antivirus distribution methods:

  • Search engine results poisoning
  • Exploit payloads
  • Fake antivirus downloads by other malware
  • Fake Windows security updates
  • Fake Facebook apps

Screenshots of a fake online security scanners and messages used to proliferate rogue antivirus programs:

fake online security scanner sample 1 fake online security scanner sample 2 fake online security alert sample 1 fake online security alert sample 2

How to protect your computer from fake antivirus programs?

Always keep your operating system and all the installed programs (Java, Flash, etc.) up-to-date and be sure your firewall is turned on. Use legitimate antivirus and anti-spyware programs. Express caution when clicking links in email messages or on social networking websites. Never trust online pop-ups that state your computer is infected with malware, and then offer installation of security software that could supposedly eliminate 'identified' security threats - these online messages are used by Cyber criminals to spread fake security scanners.

Most recent Fake Antiviruses:

Most widespread Fake Antiviruses:

What is Ransomware?

Also Known As: Police Trojan, Computer-locking malware, crypto virus, file encrypter

Ransomware is malicious software that locks users' desktops and demands the payment of a sum of money (the ransom) to unlock it. There are two major types of ransomware infections. The first exploits the names of authorities (for example, the FBI) and makes fake accusations of various law infringements (for example, for downloading pirated software, watching prohibited pornography, etc.) in order to trick computer users into paying a fine for supposed law infringements.

Cyber criminals responsible for creating these rogue programs, employ users' computer IP information to present their victims with a localized variant of a screen blocking message. Ransomware infections are distributed via exploit kits - malicious programs that infiltrate users' operating systems by exploiting security vulnerabilities in outdated software.

Another type of ransomware infection only effect users' Internet browsers (Internet Explorer, Mozilla Firefox, Google Chrome, and Safari), and is known as Browlock. This type of ransomware uses Java script to block users' attempts to close their Internet browsers.

Computer users should be aware that none of the legal authorities around the world use computer screen blocking messages to collect fines for law violations.

Screenshots of ransomware infections exploiting the names of various authorities:

ransomware exploiting the names of authorities sample 1 ransomware exploiting the names of authorities sample 2 ransomware exploiting the names of authorities sample 3 ransomware exploiting the names of authorities sample 4

The second major type of ransomware infections are especially malicious, since they not only block users' desktops, but also encrypt data. This type of ransomware clearly states that it is an infection and demands payment of a ransom to decrypt users' files. This type of ransomware is relatively simple to remove, however, in the case of Cryptolocker, it is not possible to decrypt the files without the private RSA key. PC users who are dealing with this type of ransomware are advised to restore their encrypted files from a backup.

Screenshots of ransomware that encrypts users' files:

crypto ransomware sample 1 - ctb locker crypto ransomware sample 2 - cryptofortress crypto ransomware sample 3 - cryptowall crypto ransomware sample 4 - threat finder

Ransomware Symptoms:

A completely blocked desktop with a message demanding paying of a ransom in order to unblock the computer (or decrypt files) and avoid criminal charges.

Distribution:

Cyber criminals often use exploit kits to infiltrate users' operating systems and execute the desktop blocking message. Exploit packs contain multiple exploits of different types, and if an operating system and installed software is not fully patched, causes the browser to download ransomware infections. Commonly, exploit kits are planted on malicious or hacked websites. Recent research shows that Cyber criminals are also proliferating ransomware infections through ad networks (which specialize in advertising on pornographic websites) and spam campaigns.

How to avoid ransomware infections?

To protect computers from ransomware infections, users are advised keep their operating system and installed software up-to-date. Use legitimate antivirus and anti-spyware programs and do not click on links or open email attachments from untrusted sources. Avoid visiting pornographic websites and do not download files from P2P networks.

Most recent ransomware Infections:

Most widespread ransomware:

What is a Browser Hijacker?

Also Known As: Redirect Virus or Hijackware

A browser hijacker is a program that infiltrates users' computers and modifies Internet browser settings. Most commonly, browser hijackers modify users' homepage and default search engine settings and can interfere with the proper operation of the Internet browser itself. The main purpose of these bogus programs is to generate revenue from deceptive ads or sponsored Internet search results presented within the websites they promote. The most common forms of browser hijackers are browser extensions, toolbars, and helper applications. Browser hijackers infiltrate users' Internet browsers through drive-by downloads, infected email messages, or by installation of free software downloaded from the Internet.

Computer users should realise that, today, most free software download websites use download clients - small programs used to monetize their free services by offering installation of advertised browser plug-ins (usually browser hijackers in the form of toolbars). By not paying close attention to the downloading steps, users can inadvertently install various browser hijackers. Some of the adware capable of modifying browser settings is bundled with rogue browser helper objects able to block users' attempts to change their homage and default search engine settings.

Recent research shows that most browser hijackers redirect Internet users to deceptive Internet search engines. These engines return erroneous results with little or no relevance to the original search terms; the actions are performed to generate revenue from user clicks on sponsored search results - clicks that lead to sales-focused or malicious websites. Moreover, these bogus programs are known to track users' Internet surfing habits by recording various personal information (IP addresses, web sites visited, search terms entered, etc.), and such behavior can lead to privacy issues or even identity theft.

Screenshots of browser hijackers that change browser's homepage and default search engine settings:

browser hijacker sample 1 browser hijacker sample 2 browser hijacker sample 3 browser hijacker sample 4

Browser Hijacker Symptoms:

  • Modified homepage and default search engine settings
  • Blocked attempts to change browser settings
  • Pop-up and banner ads in legitimate websites such as Google or Wikipedia
  • Poor computer performance

Screenshots of deceptive free software installers used in browser hijackers distribution:

free software installer used in browser hijacker distribution sample 1 free software installer used in browser hijacker distribution sample 2 free software installer used in browser hijacker distribution sample 3 free software installer used in browser hijacker distribution sample 4

Distribution:

Most commonly, browser hijackers are distributed using a deceptive software marketing method called bundling - they install with free software downloaded from the Internet. Adware capable of modifying browser settings is also known to be distributed using fake Java and browser update downloads.

How to avoid browser hijacker infections?

Always read the terms of use and privacy policy for any software that you download, and be especially careful when downloading free software. Do not click on pop-up ads that offer installation of free and 'useful' programs. Be very attentive when downloading and installing freeware: avoid installation of 'bundled' browser extensions by clicking on a 'decline' button; when installing free programs, use the 'advanced' or 'custom' installation options; and opt-out of installation of any bundled toolbars. In addition to these measures, ensure you keep your Internet browsers updated.

Most recent Browser Hijackers:

Most widespread Browser Hijackers:

What is a Trojan?

Also Known As: Email virus, spyware or DDos virus

A trojan (trojan horse) is a malware infections that is presented as a legitimate software. The name of this malware type originates from a story of Trojan War where Greeks constructed a wooden horse and hid their warriors inside. Trojans pulled the horse into their city as a victory trophy, soon after Greek warriors sneaked out of the wooden horse and opened the gate of Troy city allowing the Greek army to win the Trojan War. Similar to this story Cyber criminals make their malicious software appear as a legitimate program, for example a flash player. After computer users download and install what they think is a legitimate program they end up infecting their computers with a malicious code.

Cyber criminals are using various techniques to infect computer users. When it comes to Trojans most commonly Cyber criminals use email spam campaigns to distribute their malicious software.

Screenshot of a rogue email attachment that is used in Trojan distribution:

email attachment distributing trojans

They send tens of thousands of emails pretending to be an invoice from a well known company. Such emails most commonly come with legitimate looking but malicious attachments. Users who fall for such trickery and open the attachment get their computers infected with a Trojan. As with real life criminal activity, Cyber criminals are distributing Trojans to gain monetary benefits. After infecting a computer Trojan can steal user's data (including sensitive banking information), control user's computer, download and execute additional malware on victim's computer. Generally Trojans can be split into several categories:

Backdoor Trojans - after infecting victim's computer, it creates a backdoor that allows Cyber criminals full access to user's computer. This type of Trojans are commonly used to steal user's Internet browsing data, infect victim's computers with additional malware and perform other malicious tasks.

Downloader Trojans - after infecting a computer it is used to download additional malware, for example this type of Trojan can download and execute a ransomware infection that encrypts user's files and asks for a ransom in order to decrypt them.

Infostealer Trojans - Trojans who fall under this category are designed to stealthily operate on user's computer without showing any signs of its presence. As the name implies this type of Trojans steal user's data, this can include banking information, social networking passwords, and any other sensitive information that can be used for stealing/making money in the future.

DDoS Trojans - Some Trojans are not interested in your personal data or infecting your computer with additional malware. DDoS trojans adds victim's computer to a botnet. When cyber criminals have a big enough botnet (hundreds or thousands of zombie computers) they can perform DDoS attacks on various websites or online services.

Trojan infection Symptoms:

Note that Trojan infections are designed to be stealthy - most commonly there are no symptoms on an infected computer.

  • You see unfamiliar processes in your Tasks Manager.
  • Your computer became slower that unusual.
  • Your friends or colleagues receive emails/messages from you but you haven't sent them yourself.

Distribution:

Trojans can come in many forms. You computer can become infected with a Trojan after downloading legitimate looking software from some questionable website. Using services such as torrents. Downloading various software cracks or opening attachments from recently received emails.

How to avoid Trojan infections?

To avoid getting your computer infected by Trojans you should be very careful when downloading software - the only safe place to download applications is their developer website or official app store. Be very careful when opening attachments in your email inbox - even legitimate looking emails can be a part of social engineering created by Cyber criminals. Avoid using P2P services such as torrents and never use software cracks or game cheats - these are very common places where cyber criminals distribute their malicious software.

Most recent Trojans:

Most widespread Trojans:

What is a Potentially Unwanted Application?

Also Known As: PUP (potentially unwanted program) or PUA

Potentially unwanted applications (also know as PUA or PUP - potentially unwanted programs) are applications that install on user's computer without proper consent. Programs that fall under this category are usually utility applications, various driver updaters, registry scanners and similar software. They install on user's computer using a deceptive marketing method called bundling. For example computer users downloads a flash player update and after a couple of minutes a new program pops up stating that various registry issues were found. After installation these programs tend to interfere with normal computer usage, they commonly add themselves to operating system's startup list and they tend to show various warning pop-ups and perform computer scans.

The main purpose of such applications is to trick computer users into believing that their computers are at risk (for example because of outdated drivers, or registry errors) and then to push them into purchasing a premium version of some application to fix the detected issues.

Screenshot of a typical potentially unwanted application:

potentially unwanted application example

While usually potentially unwanted applications doesn't cause any serious threats to user's sensitive data the main issue with them is the fact that computer users can be tricked into purchasing a totally useless software. Note that registry issues or outdated drivers can't be viewed as a serious issues and applications that use various threatening graphs and colours to state otherwise are just exaggerating the situation to push computer users into making an unnecessary purchase.

Screenshot of a typical potentially unwanted application:

Potentially unwanted application symptoms:

  • A program that you didn't install appeared on your desktop.
  • An unfamiliar process appeared in your Tasks Manager.
  • Various warning pop-ups are visible on your desktop.
  • An unfamiliar program is starting that it found numerous registry issues and is asking for a payment to remove them.

Distribution:

Potentially unwanted applications are usually distributed using a deceptive marketing method called bundling. In this scenario user is presented with a pop-up ad that is claiming that one's flash player is out of date. Then user is offered to download an update. The installer of the flash player is modified and the installation of various potentially unwanted application are hidden in the setup steps. Users tend to click "next" without attentively reading all the text in the modified setup. This ends up in a situation when apart from a flash player various unwanted applications are installed on user's computer.

Another common distribution channel is fake online virus scanners. In this case users are presented with a pop-up ad that imitates a computer scan. After a quick scan such pop-ups claim to have found various malware on user's computer and then insist of downloading some program that would supposedly eliminate the detected viruses. In reality none of websites can perform a computer virus scan - this is a trick used to fool computer users into downloading potentially unwanted applications.

How to avoid installation of potentially unwanted applications?

To avoid installing unwanted applications users should educate themselves on safe Internet browsing habits. In the majority of cases unwanted applications are distributed using social engineering tactics and trickery. One should download flash player, it's updates and other legitimate applications only from trusted sources (usually their developer's websites). Never trust online virus scans and other similar pop-ups that state about computer infections. When installing free software always pay close attention to the installation steps and click on all advanced or custom installation options - they can reveal installation of any additional unwanted software.

Most recent Potentially unwanted applications:

Most widespread Potentially unwanted applications:

What is Phishing/Scam?

Also Known As: password stealer, pop-up scam, tech support scam

Phishing and various online scams is a big business for cyber criminals. The word phishing originates from a word fishing, the similarities between these two words are made because in both of these activities a bait is used. When it comes to fishing a bait is used to trick a fish and in the case of phishing cyber criminals are using some kind of a bait to trick computer users into giving away their sensitive information (such as passwords or banking information). Most common form of phishing is spam email campaigns where thousands of emails are send with false information claiming for example that user's PayPal password has expired or that their Apple ID is used to make purchases.

Example of phishing email letter

The links in such bogus emails lead to cyber criminal websites that are cloned from the original ones and users are then tricked into entering their sensitive information. Later on cyber criminals use the collected data to steal money or perform other fraudulent activities. Note that emails are not the only channel used in phishing attacks, cyber criminals are known to use text messages and phone calls to lure potential victims into giving away their personal information.

Online scams come in many forms. The most popular one is called tech support scam. In this case cyber criminals create a website with various warning messages claiming that user's computer is infected and blocked, the only offered solution is to call some phone number supposedly from Microsoft or Apple. If a potential victim falls for the fake warning pop-ups and calls the presented number they are further threatened to purchase pricey virus cleaning services.

Example of fake tech support scam

Another popular form of online scams are fake emails that claim to have some compromising videos or photos of the user and demand to pay a ransom in Bitcoins in order to remove the supposedly present sensitive material. Such emails usually claim that a hacker had planted spyware on user's computer and that a video of a user watching pornography was recorder. In reality cyber criminals don't have any compromising material but they are sending thousands of such bogus emails and some of the users that receive them tend to believe the false information and pay the money.

Example of phishing via fake lottery

Note that these are just a couple of phishing and online scam examples, cyber criminals are always innovating and looking for new ways to steal sensitive information. When browsing the Internet always be careful when entering your personal information, when in comes to phishing and scams the best advice is to be skeptical, if something seems too good to be true, it probably is.

Phishing/Scam symptoms:

  • You received an email that is too good to be true (claiming that you won a lottery even when you didn't buy any lottery tickets).
  • A pop-up appeared claiming that your computer is infected with viruses.
  • You received an email claiming that a hacker has recorded you watching pornography.
  • You received a call claiming your PC or Mac is infected with viruses and needs cleaning.

Distribution:

Phishing attacks are most commonly executed through email spam campaigns. Cyber criminals are using various themes to lure their potential victims into giving away their information. Fake emails designed to steal sensitive information range from lottery winnings to expired passwords. In the case of online scams cyber criminals are using misspelled domain names to trick users into visiting their fake websites. Another popular way of generating traffic to rogue websites is search engine poisoning techniques and usage of various shady ad networks.

How to avoid becoming a victim of phishing and online scams?

If you received an email claiming that you won a lottery or that you need to fill some personal information for your bank you should be very skeptical about such emails. Cyber criminals are using catchy subject lines and legitimate looking emails to trick computer users into becoming their next victims. Common sense and the usage of an antivirus software can significantly lower the chances of becoming a phishing email victim.

To avoid online scams such as tech support scams Internet users should always keep their Internet browsers and operating system up-to-date. Modern Internet browsers have built-in scam prevention filters and they can protect you from visiting a dangerous website. As a second layer of protection you should use a reputable antivirus program. The last and most important thing is to educate yourself on safe Internet browsing. Note that no online websites are capable of detecting malware present on your computer, all such claims are a scam.

Most recent Scams:

Most widespread Scams: