What is Malware?

Malware, short for "malicious software," refers to a type of computer program designed to infect a legitimate user's computer and inflict harm on it in multiple ways. Malware can infect computers and devices in several ways and comes in a number of forms, just a few of which include viruses, worms, Trojans, spyware and more. Generally, software is considered malware based on the intent of the creator rather than its actual features.

Introduction

Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information. Malware is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network. In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it.

This means that the question of, say, what the difference is between malware and a virus misses the point a bit: a virus is a type of malware, so all viruses are malware (but not every piece of malware is a virus).

Types of Malware

The way malware goes about doing its damage can be helpful in categorizing what kind of malware you're dealing with. The following is a list of common types of malware, but it's hardly exhaustive:

  • Virus - Like their biological namesakes, viruses attach themselves to clean files and infect other clean files. They can spread uncontrollably, damaging a system’s core functionality and deleting or corrupting files. They usually appear as an executable file.
  • Trojans - This kind of malware disguises itself as legitimate software, or is included in legitimate software that has been tampered with. It tends to act discretely and create backdoors in your security to let other malware in.
  • Spyware - No surprise here: spyware is malware designed to spy on you. It hides in the background and takes notes on what you do online, including your passwords, credit card numbers, surfing habits and more.
  • Worms - Worms infect entire networks of devices, either local or across the internet, by using network interfaces. It uses each consecutive infected machine to infect more.
  • Ransomware - Also called scareware, this kind of malware can lock down your computer and threaten to erase everything — unless a ransom is paid to its owner.
  • Adware - Though not always malicious in nature, particularly aggressive advertising software can undermine your security just to serve you ads — which can give a lot of other malware a way in. Plus, let’s face it: pop-ups are really annoying.
  • Botnets - Botnets are networks of infected computers that are made to work together under the control of an attacker.
  • Cryptojacking - is another way attackers can force you to supply them with Bitcoin—only it works without you necessarily knowing. The crypto mining malware infects your computer and uses your CPU cycles to mine Bitcoin for your attacker's profit. The mining software may run in the background on your operating system or even as JavaScript in a browser window.

Any specific piece of malware has both a means of infection and a behavioral category. So, for instance, WannaCry is a ransomware worm. And a particular piece of malware might have different forms with different attack vectors: for instance, the Emotet banking malware has been spotted in the wild as both a trojan and a worm.

A look at the Center for Internet Security's top 10 malware offenders for June of 2018 gives you a good sense of the types of malware out there. By far the most common infection vector is via spam email, which tricks users into activating the malware, Trojan-style. WannaCry and Emotet are the most prevalent malware on the list, but many others, including NanoCore and Gh0st, are what's called Remote Access Trojans or RATs—essentially, rootkits that propagate like Trojans. Cryptocurrency malware like CoinMiner rounds out the list.

How is Malware Delivered?

Cn the past, before the pervasive spread of the World Wide Web, malware and viruses would need to be manually, physically, delivered, via floppy disc or CD Rom.

In many cases, malware is still delivered by using an external device, although nowadays it is most likely to be delivered by a flash drive or USB stick. There are instances of USB sticks being left in car parks outside targeted organizations, in the hope that someone picks one up out of curiosity and plugs it into a computer connected to the network.

However, more common now is malware that is delivered in a phishing email with payloads distributed as an email attachment.

The quality of the spam email attempts vary widely -- some efforts to deliver malware will involve the attackers using minimal effort, perhaps even sending an email containing nothing but a randomly named attachment.

In this instance, the attackers are hoping to chance on someone naive enough to just go ahead and click on email attachments or links without thinking about it -- and that they don't have any sort of malware protection installed.

How to Prevent Malware

With spam and phishing email being the primary vector by which malware infects computers, the best way to prevent malware is make sure your email systems are locked down tight—and your users know how to spot danger. Carefully checking attached documents and restricting potentially dangerous user behavior — as well as just familiarizing users with common phishing scams - can greatly reduce the spread of malware by just using common sense.

When it comes to more technical preventative measures, there are a number of steps you can take, including keeping all your systems patched and updated, keeping an inventory of hardware so you know what you need to protect, and performing continuous vulnerability assessments on your infrastructure. When it comes to ransomware attacks in particular, one way to be prepared is to always make backups of your files, ensuring that you'll never need to pay a ransom to get them back if your hard drive is encrypted.

Receive a FREE Cyber Security Assessment Now
New approaches to cyber insurance use technology to simplify the application and underwriting process. Instead of surveys and questionnaires, we use sophisticated tools to perform online scans that collect thousands of data points about your organization. These scans calculate a cyber security score and are formatted into an easily understood security analysis report for you to review. 
Cyber Armada - indendent cyber insurance broker