A few weeks ago, I experienced something very creepy on my laptop. Whenever there was a slight period of inactivity or even creepier, when I stepped away from the screen, my laptop would automatically start performing strange, unexplained actions. A new tab would open, weird text would be typed on it, and the list of available Wi-Fi networks would often be explored. I’d frantically close the strange tabs, disconnect the Wi-Fi, or restart my laptop.
At first, I debated whether this was a cyber-attack or paranormal activity. Still, when I was sure of the former, I instantly ran a full scan using one of the best antivirus software for Windows 11. Curious about what exactly affected my device, I spent the next few hours diving deep into all kinds of computer malware. Spoiler alert: it was a RAT (Remote Access Trojan). More on that in a bit.
7 ways to tell if your Windows laptop has malware
Red flags your laptop is compromised
What is computer malware?
The superset of every computer infection
Since we began using PCs in our cozy little computer rooms, we’ve heard terms such as malware, viruses, spyware, and adware. But what exactly are they, and how do they differ? Malware is an umbrella term for malicious software that infects a device or network. It’s the broadest category; everything else — spyware, virus, adware, etc. — is a subset of malware. Malware sneaks onto your device through a wide, inescapable range of means, such as an online ad you click on, a questionable email attachment, a USB, or any downloadable file on the internet disguised as being legitimate.
While being careful about where you click is crucial for maintaining good online hygiene, some malware makes its way onto your system anyway. 0-day vulnerabilities, for instance, are some of the scariest vulnerabilities in software. Regardless of how robust software is, there’s always a chance that it contains a bug or flaw that can be exploited. 0-days are named as such because they give the software developer zero days to fix the flaw, as they’re not aware of it prior to the attack.
Heartbleed is an example of a very famous and deadly 0-day attack from 2014. It bypassed the OpenSSL security layer and put confidential info, such as passwords and credit card details, at risk. The name comes from an OpenSSL feature called Heartbeat, a quick confirmation between a device and a website to ensure the two are still connected.
The Heartbleed bug exploited Heartbeat to divulge 64KB of the OpenSSL process's memory on the server. Log4Shell in the Java-based logging service Log4J was another famous vulnerability. First reported in 2021, it allowed a hacker to perform RCE (Remote Code Execution) on the target device and inject harmful code into the logs.
The ubiquitousness of Log4J and the ease with which it could be exploited made Log4Shell a prevalent vulnerability. A virus, often incorrectly used interchangeably with malware, is one specific type of malware. A virus clings onto a file or program and activates as soon as the user acts on it. A virus also copies itself and grows, but self-replication isn’t necessarily a feature of all kinds of malware.
Spyware is also malware that watches users' activity, collects their private information, and sends it to a third party to cause potential harm. Adware is another kind of malware that manifests in a sudden influx of ads and unexplained redirection to sites to show you even more ads. All this is to unethically generate ad revenue from the victim.
The symptoms of computer malware largely depend on the specific type your device is infected with. Still, some of the most identifiable ones include strange behavior like what I described above, unknown software popping up, the dreaded BSOD (Blue Screen of Death), or unexplained slowing down of your device.
3 reasons you get more viruses on Windows than on Mac or Linux
Windows has some great security features, but it is more prone to getting viruses. Here are the reasons why
Different types of malware
This isn’t a comprehensive list of all kinds of computer malware. Also, a handful of malware has become obsolete due to modern UEFI systems and secure boot features, which result in overall improved OS security.
Ransomware
Ransomware is malware that encrypts your computer files and renders them completely inaccessible. In exchange for decryption, the hacker demands ransom from the victim. In some cases of ransomware, you may find your computer locked, too. Large companies and organizations are at the highest risk of this kind of attack since they hold confidential data on their devices.
WannaCry was a popular ransomware attack launched in 2017 that specifically infected Windows devices and held their encrypted data hostage until a ransom in Bitcoin was received. WannaKey was the response to this attack, which could recover the encryption keys as long as the victim's device hadn’t been rebooted since the attack. If the device had undergone a reboot, the RAM would have been cleared, and recovery wasn’t possible.
Marcus 'MalwareTech' Hutchins emerged as one of the security researchers who reverse-engineered the malware’s code, discovering a domain name that, when registered, appeared to act as a kill switch that prevented it from spreading further.
Worm
Worms work somewhat like regular viruses, which can also self-replicate and grow. A worm usually makes its way onto your device via security vulnerabilities. Then, it makes your device the host and chooses other devices to attack. Stuxnet is a popular computer worm from 2005 allegedly developed as a joint effort by the US and Israel against Iran. The aim was to harm Iran’s nuclear program, and the project was successful at destroying several centrifuges in Iran’s uranium enrichment facilities. Stuxnet chained together multiple 0-day vulnerabilities to work.
RAT
RAT, or Remote Access Trojan, refers to the horse that the Greeks used to sneakily enter the city of Troy during the Trojan War. RAT is malware that enters your system as slyly as the horse and allows the hacker to remotely access it. They can control your mouse, look through your webcam, use your keyboard, and then use all this control to steal your information. A RAT often deliberately stays discreet to carefully track your sensitive data over time and execute an attack when ready.
Keylogger
A type of spyware that can be considered a subset of RAT, keylogger, is for specifically tracking your key presses. It records your most precious info, such as credit card details and passwords, and sends them to the spyware author. Like any malware, keyloggers can enter your system through multiple methods, such as a questionable file you download or an email sent by a malicious party.
Rootkit
A rootkit is a type of stealthy malware that allows a threat actor to remotely control your device. However, rootkits are extra harmful because they are designed to work extremely stealthily. They focus on concealing themselves and escaping your antivirus software so they can provide your device’s access to the threat actor for as long as possible.
A rootkit is terrifying because it typically goes straight to your device’s OS. Usually, the safest way to get rid of one is to do a complete Windows reinstall, not only because OS-level integration makes it harder to get rid of but also because you can never be too sure about which nook and cranny a rootkit has concealed itself in.
Polymorphic virus
This one is the chameleon of computer viruses. A polymorphic virus can make numerous iterations of itself by slightly changing its code to escape detection by antivirus software. It can rewrite and tweak its code to evade signature detection and heuristic analysis from antivirus software. Its ability to bypass security measures makes it a tough one to tackle. It can change various features, such as appearance, file name, and location.
It may also encrypt portions of its payload and change the encryption mechanism used. Traditional cybersecurity software is better with specific patterns and routines (or rudimentary signature recognition), which makes catching a polymorphic virus's rapidly changing nature even harder.
Overwrite virus
This virus sounds like my worst nightmare. An overwrite virus replaces the content of your files by overwriting it with its malicious code. The original content is permanently deleted, and there’s nothing you can do to retrieve it. The scariest feature of this virus is that it does its job exceptionally sneakily. To escape detection, it ensures the replaced content matches the original file size. This virus also affects your computer’s overall performance by introducing slowdowns and crashes.
I must add that viruses such as these have become less common with the introduction of other, more “useful” ones, such as ransomware. Compared to malware, where the attacker can make a financial gain from the victim, malware with no monetary gain pales in comparison.
Take good care of your device
Never forget that safety is better than cure. If you want to protect your computer against this list of horrendous stuff, take early measures to prevent it. Install antivirus software and make sure to update it regularly. There is also some good antivirus software for macOS folks.
Be very careful about your clicks. Don’t click on shady email attachments or ads you’re unsure about. Similarly, only download from websites that you fully trust. Whenever you connect an SSD or USB to your computer, run an antivirus scan to ensure it’s not infecting your device. Here are some additional security tools for your computer.
The built-in Windows antivirus is also pretty decent. If you’re taking other security measures and being careful about what you click on, performing regular full Windows scans should be enough.
8 fun but benign computer viruses
Not all viruses were created to steal credit card information