Halloween traditions are, in part, a way of dealing with fears of threats that were once very real (mostly disease and early death) by bringing them out into the open. In that spirit, we're taking a look at some of the some of the top malware threats to computers some of which are obvious, and some less so.
Strictly speaking, malware is software that does actual harm to the user when a computer is infected. Viruses, worms, Trojan horses, spyware and scareware are all different kinds of malware.
"For me, the scariest malware is the sort that you don't notice on your computer and that allows a remote hacker to gain access to your PC," said Graham Cluley, a security expert with Sophos Labs in England.
Many worms and remote-access Trojans (RATs for short ) the Conficker worm may be the most famous operate in just that way. Most infected users don't even know their computers have been compromised and herded into "botnets ," vast armies of "zombie" PCs silently pumping out spam, scareware and malware.
Another issue is that the old vectors for malware infection, such as emails from unknown parties, aren't as common now as they once were. Potential victims have gotten smarter about them.
What's more prevalent today is the "drive-by download ." In drive-bys, an advertisement on a webpage, or the webpage itself, carries a hidden, malicious payload, and infects a user's computer through the Web browser. There's no clicking needed just looking at an infected page once is enough.
The malicious site's webmaster might not even know his site is spreading malware, as loaded ads can be pulled in from third-party sites, or the site's page server may have itself been infected.
"The biggest thing I lose sleep over are drive-by downloads in general," said John Harrison, group product manager at Symantec's security technology and response group. "A single click on a URL can take you to a [malicious] site and you have no idea."
Often, Harrison said, users don't even notice anything until their machines start slowing down, and by then the situation is usually pretty dire.
"When your machine starts slowing down, that's at the 100th piece of malware," said Harrison.
Sean Sullivan, security advisor at Helsinki, Finland's F-Secure Labs, noted that using a Mac instead of a Windows PC isn't going to keep you safe anymore.
For years, Mac systems were relatively free of malware because the user base was so small that virus writers didn't bother to target Macs. But that's changing as Macs become more popular. The appearance of the sophisticated Mac Defender scareware scam earlier this year showed that cybercriminals now think there's money in Mac malware.
"It's scary in the sense that should another gang have the opportunity, they will take it," Sullivan said.
Another issue is that many people still think malware is designed to damage systems. But that hasn't been true for a long time, Harrison said.
"They want your system up and running, so the botnets can work," he said.
"Humans are always scarier than the malware they write," Cluley said. "So any malicious code which gives a stranger access to your computer is going to be much more of a worry than malware that doesn't.
"Computer code is, at the very least, predictable," Cluley continued. "It can be analyzed and you can determine what it is designed to do. We can't disassemble people."
Click "next" on the upper right corner of this page to see the 10 scariest pieces of malware of all time.
What made Stuxnet so frightening was not the malware itself. Predictions had been circulating for years that someone would write malware to attack industrial infrastructure systems.
No, the scary part was Stuxnet's sophistication and the fact that the authors were able to target it as well as they did. Stuxnet knocked down at least one nuclear facility in Iran, possibly two, without damaging any other systems anywhere in the world.
The Stuxnet source code isn't available, so any hacker wanting to duplicate it would have to start from scratch. But the fact that someone there is some evidence that the hacker or hackers were based the United States could write this kind of malware at all means that equally powerful digital weapons could just as easily be used to attack the U.S.
Stuxnet's "little brother," discovered in October 2011 , looks as if it was written by the same people as Stuxnet, though nobody can be absolutely sure.
Duqu sends data about the infected host to a potential attacker, possibly so the attacker can design a Stuxnet-like industrial-process shutdown (Stuxnet was be tailored to attack very specific types of equipment), or possibly as a source of information for use in espionage. But the existence of this malware (it might be called a class of spyware) implies that whoever went after the Iranian nuclear program is still working.
What made the Conficker worm so scary and dangerous was that it was a kind of multipurpose botnet creator, more sophisticated than most, combining several techniques to avoid detection and resist removal. Conficker, which first appeared in 2008, was designed to copy itself and sit on a system until it was told to do something by a remote controller and that something could have been anything.
Conficker was finally stopped after a joint effort by the anti-virus industry and Microsoft, but a similar piece of malware could arise at any time. As for Conficker itself, there are millions of machines still infected with it, and their users probably aren't even aware of it.
Mobile devices haven't been safe from malware. The rise of "quick response," or QR, codes those black-and-white boxes of strange checked patterns you see in ads and smartphones to "read" them has opened up a whole new world for malware writers.
Malicious QR codes , sometimes pasted over legitimate ones on subway and street ads, whisk you to websites that drop malware onto your phone, stealing your information or spamming everyone on your contact list.
First appearing in 2007, ZeuS is a powerful "banking Trojan " that steals online banking information via a keylogger, though it could be adapted to steal just about anything else. Initially, ZeuS infected computers through malicious emails, but as people got wise to that method, it moved to drive-by downloads.
Zeus burrows into Web browsers and sends online-banking login information to a far-off cybercriminal, who then cleans out the victims' accounts and transfers their money overseas. In October 2010, the FBI broke up a ring that used ZeuS, which is still sold in underground hacker bazaars, to steal an estimated $70 million.
Development of ZeuS seems to have stopped, as the author is rumored to have retired, but a version of the software kit lives on in another banking Trojan, SpyEye.
Government-sponsored malware and spyware isn't directed only at foreign powers; sometimes it can be used against a country's citizens as well. In October 2011, a German hacker group described a piece of spyware that appeared on one member's computer and was siphoning data and offering a backdoor into his system.
Several German state governments quickly admitted to using the spyware to keep an eye on criminal and terrorism suspects, though the German federal government denied doing so. But the real problem was that R2D2 , so called because of a line in its code, did more than listen in; it could also allow software to be operated remotely on an infected computer.
Kaspersky Labs calls TDSS "the most sophisticated threat today," and another researcher called it "pretty much indestructible."
TDSS is a "rootkit," a type of malware which normally burrows deep into a machine's operating system, but TDSS goes even further. It creates and copies itself to a hidden partition on the infected computer's hard drive, making it nearly impossible to detect and erase. Newer versions even infect a PC's Master Boot Record, meaning it loads before the operating system does.
Once up and running, TDSS uses a variety of methods to elude detection, including disabling anti-virus updates and encrypting communications with its command-and-control center. From that server, it downloads download dozens of other malware programs at a time and detects and eliminates competing programs (it has a method of deleting ZeuS, for example).
Like a lot of malware, browser exploit packs aren't single pieces of software as much as kits for building them. That lowers the barriers to entry you no longer need the same amount of coding skill to build malware. Most of these kits work on PDF, Java and Internet Explorer vulnerabilities , but those are by no means the only ones.
Mac Defender made big news in the first half of the 2011 because it was the first large-scale threat to Macs in years. Strictly speaking, it was "scareware" fake anti-virus software designed to scare a user into sending the authors of the program money.
When a Mac user clicked on certain images in Google search results, MacDefender would quickly install itself and then pop up a window claiming that the computer was infected with a virus and that the user need to pay for a full version of the program to get rid of the infection.
If the user didn't pay up, MacDefender would hijack the browser and send it to porn sites. If he did pay, it would take his money, then send his credit-card information to other cybercriminals.
Proxy servers provide a great way to access the Internet without leaving your own computer vulnerable or traceable. Many criminals figured out the same thing, so they invented the Trojan proxy server, which is usually an email proxy server secretly installed on a victim's computer.
The infected computer becomes a vector for spam , though it could also be used as a base for attacking other systems. Anyone who traces the email (or whatever else) back to its origin will get the IP address of the infected machine, while the real criminals escape.