The Implications of an Infection

by Albin on June 18th, 2009 in Researcher Comments.

The” average Joe” probably sees the word "virus" as a generic term for all current threats out there in the wild. The reality is much different. There are a lot of categories which must be mentioned in this context.  The word "virus" should not be used as a catchall term for malicious infections. A virus is actually a malicious file which has the ability to infect/add malicious code to other files; we currently see a downward trend of this type of infections. A user faces a higher probability of being affected by Trojans.  Trojans work “independently” and may:

* Run as a process in the background all the time without the user's consent.

* Open up backdoors (Ports).

* Download additional payload (new malicious files).

* Collect confidential information.

* Make changes in Windows Registry, to start up automatically after reboot.

* Hide behind legitimate applications to avoid visibility.

Trojans will not infect/add malicious code to other existing files on the system.

Lavasoft Malware Labs currently uses a group of descriptions to diverge between infection types:

Malware, Adware, Spyware, Fraud Tool, Toolbar, Virus, Monitoring Tool, Vulnerability, Dialer, Worm and Exploit.

Our various descriptions are used to make users aware of the type of infections they may have on their systems.

Anti-spyware products are nowadays both a First Line of Defense (FLoD) and Second Line of Defense (SLoD) for the groups mentioned above, besides providing virus detection. Anti-virus products mainly focus on a FLoD for viruses and malware but also use a SLoD to take care of “some” of the remediation. FLoD (RP) prevents an infection from taking place. The SLoD (the scanner) is able to scan the hard drive and find malicious files and make a “nice” clean-up of the system (Windows Registry, links, folders, host file, cookies, etc.). The SLoD is useful if users execute previously undetected malware on their system. It’s obviously recommended to have both anti-virus and anti-spyware protection installed on your OS for optimal safety.

Remember, if you get infected by a worm or adware application, it’s not a VIRUS!

Albin

Lavasoft Malware Labs