Hopefully, by now, you have powerful antivirus software installed to protect your PC. Despite “virus” in the name, your antivirus should defend against every kind of malware attack, be it a bot, a Trojan, or ransomware. Perhaps you also avoid sketchy websites, leave dubious links alone, and think twice before responding to possible scams. But even if you don’t, your antivirus software should keep you safe. The closest you’ll come to seeing malware in action is the notification when your antivirus thwarts an attack. You may wonder, just what does malware look like? Would you even recognize a malicious program if you saw it?
In truth, a lot of malware doesn’t look like anything at all. A virus, for example, tries its best to hide from view while infecting other files and computers. A bot sits quietly on your computer until it gets orders to spew some spam or participate in a DDoS attack.
Trojans, by contrast, appear to be useful, legitimate programs, putting up a pretty facade to hide background activities like stealing your personal data. And when ransomware demands your attention, it’s bad news. But as noted, your antivirus suppresses these and other malware types.
In the process of gathering and analyzing new samples for my hands-on malware protection tests, I’ve seen all these variations. I start with literally thousands of malware-hosting URLs, download their nasty payloads, and put them through their paces. During testing, I play the fool, launching unknown files, clicking through to let them install, and giving them every permission they request. This article showcases some of the oddities I’ve encountered in my latest quest for the best worst test samples.
The Best Antivirus Software We’ve Tested
If You Can’t Understand It, Don’t Install It
Malware doesn’t respect national boundaries. Wherever there are people, whatever language they speak, you’ll find malware trying for a foothold. If you happen to get hit with a Trojan meant for China or Brazil, you should certainly reject the installer, just as folks in China or Brazil may reject a purely English-language install program.
(Credit: PCMag)
This montage pulls together seven of the many foreign-language installers I encountered on my latest hunting trip. These included apps written for speakers of Czech, French, German, Portuguese, Polish, Russian, Hebrew, and even Hungarian! Acting like a proper polyglot fool for testing purposes, I clicked through each installer to the end. You’re smarter than that.
Portuguese, Russian, and German dominate the collection, but only because I kept the Chinese-language malware separate from the rest. I encountered almost as many malware apps in Chinese as in all the other non-English languages combined. That makes sense, given the vast number of Chinese-speaking people in this world, but if you’re not one of them, please ignore these.
(Credit: PCMag)
When Legit Software Sneaks in Something Not So Legit
Sometimes the installer for a perfectly safe game or utility bundles problematic software. You may find completely legitimate software—even antivirus programs—bundled with adware, spyware, or other unwanted trash. In a case like that, the antivirus vendor isn’t to blame, as a third party created the deceptive bundle. AppEsteem is a young company with a mission to expose these deceptions and to warn legitimate companies when they stray too far toward the dark side of bundling.
(Credit: PCMag)
Chances are, the bundled security apps shown above are legitimate. After all, anybody can link to the web page for a free security app. And it lends an air of legitimacy to the possibly dangerous app doing the bundling. The best thing that can happen with this kind of bundling is that you wind up installing a legitimate program you didn’t request.
Trojans: When “Useful” Software Turns Against You
The historical Trojan Horse was a literal wooden horse, a “gift” from the Greek army besieging Troy. When the Greeks seemingly gave up, leaving behind their gift, the Trojans brought the horse inside the city walls as a victory trophy. When nightfall came, they slipped out and opened the city gates, letting in the rest of their army.
Modern Trojan Horses are made of bits and bytes, not wood, and they breach your PC’s gates to release malware, not soldiers. But they’re still big trouble. The installers shown in the image below look perfectly legitimate, and the programs they install seem to do what they promise. It’s just that they can bring along unwanted passengers.
(Credit: PCMag)
These are functional utilities, but while you’re busy using them, you don’t see the malicious software that also got installed. In addition, you may find that once you’ve used the free tool to, say, scan for outmoded drivers, you must pay if you want to fix any problems the app found. This model is used by both legitimate programs and rogue antivirus scareware utilities. Urgency is also common, for example, a promotional price that ends today.
Fake Antivirus Is One of the Oldest Tricks in the Book
When choosing an antivirus program, be sure to select a known, trusted company and make your purchase directly from its website. If you go for a bargain based on an ad in your email or social media, you could wind up with an antivirus that’s malware in disguise.
(Credit: PCMag)
If you find you’ve installed an antivirus from a company you’ve never heard of, it may well be a fake. If it scans incredibly fast, finds tons of threats, and prompts you to pay for removal, that’s another big clue.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
As you can see in the screenshots above, the fake antivirus may look exactly like the real thing. Even then, sharp-eyed users may spot anomalies. Stick to trusted sources, and you won’t have to worry.
Ransomware Doesn’t Warn You—Until It’s Too Late
If a ransomware attack targets your computer, you won’t know until it’s too late. The ransomware stays out of sight, quietly encrypting your important files.
(Credit: PCMag)
Once the dirty work is done, the malware demands your attention with its ransom note, sometimes even setting it as your desktop background. The perpetrators promise that if you pay the specified ransom (usually in bitcoin or some other untraceable currency), you’ll get your files back. Most will follow through to maintain their reputation as “honest crooks.” But if they take your money and run, you can’t exactly report them to the Better Business Bureau. You really don’t want a direct encounter with ransomware.
The ransomware called Petya, depicted above, doesn’t merely encrypt your files. It displays a convincing replica of a blue-screen error and then fakes a lengthy CHKDSK recovery upon reboot. But it’s not recovering your data—it’s encrypting your entire disk drive. When finished, it flashes a garish ASCII-art skull to get your attention. Press any key, and you get the bad news, along with instructions for paying the ransom.
Recommended by Our Editors
Screen locker malware doesn’t encrypt your files. It just covers up the desktop and all programs, sometimes with a threat screen, sometimes with a pretty picture. Either way, you can’t use your computer. Often, such attacks claim to be from a law enforcement division and demand that you pay a fine in untraceable currency. In some cases, you can call such ransomware’s bluff with simple recovery techniques. You’re better off using ransomware protection and avoiding the need for recovery.
The Oldest Clickbait Trick Still Works
We’ve agreed that you should avoid programs that aren’t even in your language. What could make you break that promise? How about the possibility of some risqué pictures? It couldn’t hurt to take a little peek, right? Wrong. Every time I go hunting for malware, I rope in programs that use sexy images to capture unsuspecting victims.
(Credit: PCMag)
Above are some examples. The fox-eared cutie at top right has a Quick Installation button and a checkbox to confirm the license agreement. As for the long-legged model at bottom left, she says, “The game has been discontinued. I recommend the following new games for you.” It’s not exactly sexy dialogue, I’ll admit.
That “Game” Might Be Doing More Than Entertaining You
Over the years, every time I’ve slung my net to capture new malware samples, I’ve always reeled in some game-related ones. While the unsuspecting victim plays an actual game (or wrangles with error messages), the underlying malware goes to work, perhaps stealing personal data or turning your computer into a botnet. Sometimes the malware masquerades as a popular game, such as Fortnite or Roblox. Whether familiar or not, the malware’s damage far outweighs the transient entertainment value of any game.
(Credit: PCMag)
I’ve already said, if you launch a program and it’s not in your language, it’s not for you. However, one type of foreign-language malware deserves special mention because of its aesthetics. Always rendered in Chinese, these game apps feature highly detailed images of a sword-wielding warrior, a scantily clad sorceress, or other fantasy characters. Yes, they come burdened with adware, but they are quite striking.
Most of these elaborate screens include username and password fields for signing in to the game, as well as exhortations to “resist bad games and put an end to piracy” or similar messages.
In past years, I’ve found that most of these come with a clean bill of health from VirusTotal, with no more than 20 of 70 antivirus engines flagging them as unwanted. This time around, most of them were rated dangerous by VirusTotal, and I even selected several for my test malware collection.
With Any Luck, You’ll Never See This in Real Life
As you can see, malicious programs, like legitimate programs, run the gamut in appearance from sad-looking and lame to totally professional. With any luck, and with powerful, up-to-date antivirus protection, these images are the only malware you’ll ever see. You should also check out our tips for staying secure online; malware is just one of many threats to your devices and private information.
About Our Expert
Neil J. Rubenking
Principal Writer, Security
Experience
When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.
Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my “User to User” and “Ask Neil” columns, which began in 1990 and ran for almost 20 years. Along the way, I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.
In the early 2000s, I turned my focus to security and the growing antivirus industry. After years of working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.
Latest By Neil J. Rubenking
Read Full Bio
