What Does Malware Look Like? Check Out These Real-World Examples



If you’ve taken our advice, you have a powerful antivirus program installed to protect your PC. That tool should fend off any malware attack, be it a bot, a virus, a Trojan, or even ransomware. We also admonish you to stay away from sketchy websites, refrain from clicking dubious links, and generally use caution on the web. But even if you don’t, your antivirus should protect you from the consequences of your errors. That does mean that you’ve probably never seen any sign of a malware attack beyond a “Threat quarantined” notification. You may wonder, just what does malware look like? Would you even recognize a malware program if you saw it?In truth, a lot of malicious programs don’t look like anything at all. A virus, for example, tries its best to hide from view while infecting other files and computers. A bot sits quietly on your computer until it gets orders from the command and control center to spew some spam or participate in a DDoS attack on a major website.Trojans, by contrast, appear to be useful, legitimate programs, putting up a pretty facade to hide background activities like stealing your personal data. And when ransomware demands your attention, it’s bad news. But as noted, your antivirus suppresses these and other malware types.

It’s Surprisingly Easy to Be More Secure Online

In the process of gathering and analyzing new samples for our hands-on malware protection tests, we’ve seen all these variations. We start with thousands of malware-hosting URLs, download their nasty payloads, and put them through their paces. During testing, we play the fool, launching unknown files, clicking through to let them install, and giving them every permission they request. This article showcases some of the oddities we’ve encountered in our latest quest for the best worst test samples.
The Best Antivirus We’ve Tested

Antivirus Isn’t Always LegitimateWhen you choose an antivirus program, be sure you select a known and trusted company, and be sure you make your purchase directly from that company’s website. If you go for a bargain based on an ad in your email or social media, you could wind up with an antivirus that’s malware in disguise.

(Credit: PCMag)

If you find you’ve installed an antivirus from a company you never heard of, it may well be a fake. If it scans incredibly fast, finds tons of threats, and prompts you to pay for removal, that’s another big clue.As you can see in the screenshots above, the fake antivirus may look exactly like the real thing. Even then, sharp-eyed users may spot anomalies. Should you really be installing an antivirus with “2015” in the name? Stick to trusted sources, and you won’t have to worry.The Horror of RansomwareIf a ransomware attack targets your computer, you won’t know until it’s too late. The ransomware stays out of sight, quietly encrypting your important files.

(Credit: PCMag)

Once the dirty work is done, the malware totally demands your attention with its ransom note. The perpetrators promise that if you pay the specified ransom (usually in Bitcoin or some other untraceable currency) you’ll get your files back. Most will follow through, to maintain their reputation as “honest crooks.” But if they take your money and run, you can’t exactly report them to the Better Business Bureau. You really don’t want a direct encounter with ransomware.
The ransomware called Petya, depicted above, doesn’t merely encrypt your files. It displays a convincing replica of a blue-screen error and then fakes a lengthy CHKDSK recovery upon reboot. But it’s not recovering your data—it’s encrypting your disk. When finished, it flashes a garish ASCII-art skull to get your attention. Press any key and you get the bad news, along with instructions for paying the ransom.

(Credit: PCMag)

Screen locker malware doesn’t encrypt your files. It just covers up the desktop and all programs, sometimes with a threat screen, sometimes with a pretty picture. Either way, you can’t use your computer. Often such attacks claim to be from some division of law enforcement, demanding that you pay a fine in untraceable currency. In some cases, you can call such ransomware’s bluff with simple recovery techniques. You’re better off using ransomware protection and avoiding the need for recovery.Foreign Installers Aren’t for YouMalware doesn’t respect national boundaries. Wherever there are people, whatever language they speak, you’ll find malware trying for a foothold. If you happen to get hit with a Trojan meant for China, Ukraine, or Brazil, you should certainly reject the installer, just as folks in China or Brazil may reject a purely English-language install program.

(Credit: PCMag)

This colorful montage pulls together nine of the many foreign-language installers we encountered on our latest hunting trip. Languages include Chinese, French, German, Portuguese, Polish, Russian, Turkish, and even Esperanto! Acting like a proper polyglot fool for testing purposes, we clicked through each installer all the way to the end. You’re smarter than that.Want Some Malware Bundled With Your Order?Sometimes the problem with an installation isn’t the program itself, but the software that’s bundled with it. You may find completely legitimate software—even antivirus programs—bundled with adware, spyware, or other unwanted trash. In a case like that, the security vendor isn’t to blame. A third party created the deceptive bundle. AppEsteem is a young company with a mission to expose these deceptions and to warn legitimate companies when they stray too far toward the dark side of bundling.

(Credit: PCMag)

The installer shown here installs two legitimate security programs, but the main program is a BitTorrent client with unwanted behaviors. The best thing that can happen with this kind of bundling is that you’re forced to install a program you didn’t want.Trojan Horses Open Your Gates to MalwareThe historical Trojan Horse was a literal wooden horse, a “gift” from the Greek army besieging Troy. When the Greeks seemingly gave up and left, the Trojans brought the horse inside the city walls as a victory trophy. Unlike Monty Python’s King Arthur, the Greek troops remembered to hide inside the horse. When nightfall came, they slipped out and opened the city gates, letting in the rest of their army.Modern Trojan Horses are made of bits and bytes, not wood, and they breach your PC’s gates to release malware, not soldiers. But they’re still big trouble. The installers shown in the image below look perfectly legitimate, and the programs they install seem to do what they promise. It’s just that they bring along unwanted passengers.

Recommended by Our Editors

(Credit: PCMag)

In this round of testing, all the obvious Trojans we encountered were foreign, as you can see above, from a French photo filter to a Russian sticker utility. They are functional utilities, but while you’re busy using them you don’t see the malicious software that also got installed. In addition, you may find that once you’ve used the free tool to, say, scan for outmoded drivers, you must pay if you want to fix found problems. This is a model used both by some legitimate programs and by rogue antivirus scareware utilities. Urgency is also common, for example, a promotional price that ends today.Sex SellsWe’ve agreed that you should stay away from programs that aren’t even in your language. What could make you break that promise? How about the possibility of something risqué? It couldn’t hurt to look, right? Wrong. Every time we go hunting for malware, we rope in a few programs that use sexy images to capture your interest.

(Credit: PCMag)

Above are some examples. The pensive figure at the lower left promises, “Meet single men and women in the same city,” while the adjacent picture titled Meow Xiaomei just says, “Cute little Loli.” Ignore them all.Fun and GamesOver the years, every time we’ve slung our net to capture new malware samples, we’ve always reeled in some game-related ones with a dramatic appearance. Many display a highly detailed image of a sword-wielding warrior, a scantily clad sorceress, or some other game character, along with a screenful of information and prompts in Chinese. Yes, they come burdened with adware, but they are quite striking.

(Credit: PCMag)

Running the image above through Google Translate reveals a Login button and a panel exhorting you to “Get a novice card.” Tabs lead to gaming strategy, support, and discussion forums.

(Credit: PCMag)

These game-related artworks show up often, as you can see in this montage. Most of them simply invite you to register or log in (and thereby suffer unwanted advertising). Most come with a moderately clean bill of health from VirusTotal, with no more than 20 of 70 antivirus engines flagging them as unwanted. They’re not useful for our testing, but they certainly provide an aesthetic interlude.Let’s Hope You Don’t See TheseAs you can see, malicious programs, like legitimate programs, run the gamut in appearance from sad-looking and lame to totally professional. With any luck, and with powerful, up-to-date antivirus protection, these images are the only malware you’ll ever see. You should also check out our tips for staying secure online; malware is just one of many threats to your devices and private information.

Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

We will be happy to hear your thoughts

Leave a reply

AnsarSales
Logo
Compare items
  • Total (0)
Compare
0
Shopping cart