Types of malware.
Windows blockers
Windows blockers are malicious programs that, according to the classification, are called Trojan.Winlock.
Windows blockers when the Windows system starts, display a message on top of all windows stating that access to the system is blocked, and in order for this window to disappear, you must send a paid SMS message.
As a reason for blocking, the program could inform that the computer allegedly has an unlicensed operating system or other software installed (other «reasons» are used less often).
There are known cases of distribution of constructors of these malicious programs for a certain amount — anyone could buy them.
Recently, Windows blockers have become more aggressive. SMS messages for unblocking have become significantly more expensive.
Some modifications may not contain the correct unlock code, and, accordingly, the user is left with nothing after sending money to the attackers. These programs are not automatically removed from the system after some time.
Windows blockers have learned to prevent the launch of many programs that can simplify the study of the blocker on an infected system or simply terminate the system when trying to launch such software.
If your system is infected with another modification of Trojan.Winlock, do not redirect money to the attackers! In the event of such an attack, immediately contact the technical support of the antivirus you are using.
Computer virus «worm»
The category of programs Computer virus worm uses network resources for distribution. Worms penetrate the computer, calculate the network addresses of other computers and send their copies to these addresses.
In addition to network addresses, address book data from mail clients is often used. Representatives of this class of malware sometimes create working files on system disks, but may not access computer resources at all (except for RAM).
Viruses are programs that infect other programs — they add their code to them in order to gain control when the infected files are launched. This simple definition allows us to identify the main action performed by a virus — infection. The speed of virus propagation is somewhat lower than that of worms.
Trojan virus
programs that perform actions on the affected computers that are not authorized by the user, i.e., depending on certain conditions, they destroy information on disks, cause the system to «freeze», steal confidential information, etc.
Trojan virus(contrary to popular belief) is not a virus in the traditional sense of the term, i.e. it does not infect other programs or data; Trojan programs are not capable of independently penetrating computers and are distributed by attackers under the guise of «useful» software.
At the same time, the damage they cause can be many times greater than the losses from a traditional virus attack.
Within this classification, we can distinguish several types of malware, especially active in the recent period:
Fake antiviruses
Fall under the category of Trojan programs — Trojan.Fakealert. When launched, these programs look like real antivirus programs, but are not.
Fake antiviruses are designed to lure the user to a specially prepared malicious site, where he must purchase the supposedly full version of the product.
As a rule, fake antiviruses are distributed as attachments to spam letters or through specially prepared malicious sites. In this case, most often the fake antivirus loader is transmitted in this way, which, when launched, downloads components from the attackers' server that make up the main functionality.
The emphasis in this type of malware is on the visual part — the program displays Windows system windows that report that this antivirus is supposedly integrated into the system. The main program window shows the process of scanning the computer and simulates virus detection.
After the user pays money for the supposedly full version of such an antivirus, his troubles do not end — he remains «on the hook», and other malicious objects can be downloaded into the system.
Rukits
These malicious programs hide their presence in the system and also allow other malicious programs, which they download from malicious websites, to operate in a mode hidden from the user and most antiviruses.
For example, Rukits can be part of another virus program or be part of an antivirus.
The most notable malicious programs of this class were the BackDoor.Tdss family (the name is given according to the Dr.Web classification).
In 2009, the company «Doctor Web» promptly released several hot additions to the scanner with a graphical interface, including an updated anti-rootkit module Dr.Web Shield to counteract new rootkit technologies.
Rootkits — one of the latest modifications — are equipped with tools for hiding in the system.
For example, a specially created encrypted virtual disk and a mechanism for bypassing some types of behavioral analyzers.