Viruses, worms, ransomware — even the least tech-savvy among us know what these are, and want to avoid them if at all possible. What do they all have in common (besides the fact that they can lock up your devices and attempt to steal your data)? They all fall under the malware umbrella.
What is Malware?
Malware is any software designed to cause harm to a device, system, network, or data. Unlike software bugs, which cause damage by mistake, malware is intentionally created to cause damage. Malware has been around longer than the modern Internet; the first viruses were written in the 1970s and a decade later viruses were spread via floppy disks to personal computers.
Since then, the malware family has expanded considerably and can do quite a bit more damage, not just to a personal computer but to an entire organization. Below are several types of malware and some of the traits that will help you identify each.
Types of Malware
The virus is a self-replicating program, usually hiding in the code of a host program. When “infecting” a computer, the virus replicates itself and inserts its own code into another program.
Viruses are the oldest form of malware, as mentioned above. The theory behind the computer virus was first written about in 1949, and the Creeper Virus was first detected on ARPANET in 1971. (Its goal: displaying a message: "I'm the creeper, catch me if you can!") While the first viruses were written as experiments or pranks, viruses later became malicious and are now used to make a profit, sabotage systems, expose or exploit security vulnerabilities.
Viruses are spread in several ways. They might be sent through phishing scams, or downloaded from suspicious websites. Modern-day viruses perform several functions, from creating system failure to keylogging, to skimming information.
Like viruses, worms self-replicate, using networks to spread and duplicate, often without any human help. Worms rely on vulnerabilities within computers to spread and access new machines, scanning for new hosts and replicating as they move from device to device.
Worms don’t necessarily corrupt data, but they do take up bandwidth and increase network traffic. Most worms are designed only to spread but some contain malicious code, known as a payload. The WannaCry worm is an example of that; WannaCry was a worm that carried ransomware with it as it exploited the EternalBlue vulnerability.
3. Trojan Horses
Like the famous ancient Greek wooden horse that looked like a gift of peace, but contained Greek soldiers bent on conquering the city of Troy, a trojan horse is a malicious program pretending to be a legitimate piece of software. A user might click on an attachment in a phishing email; when the file is opened, the trojan will install, bringing its payload, which can be a variety of malicious software. Many trojans, however, create backdoors into a system.
A backdoor lets criminals get into a system while bypassing normal authentication processes; they’re often used to give bad actors remote access to a device or a network. While many backdoors are covert, some are legitimate and well known; manufacturers may create backdoors to help users get into locked systems.
Ransomware is very popular among cybercriminals. Ransomware attacks have been on the rise lately and there have been several high-profile ransomware attacks in the last year. Ransomware is malware designed to deny the user of a device or system access to their own network, hardware, and data access until a ransom is paid, usually in a cryptocurrency.
This can be damaging for several reasons: ransomware attacks can cause a prolonged lack of productivity, data leaks, theft of sensitive data, and sometimes, the exposure of private information on the public Internet.
Spyware is malware that, well, spies on a victim. Spyware gathers information about a person or organization and sends the information back to the attacker. Sometimes spyware installs software or changes the user’s settings on a device. The goal is most often financial; spyware often captures bank and credit card information as well as other valuable data. The good news about spyware is that once you’re aware of it, it’s often easy to remove. It is in fact, a form of grayware.
Grayware isn’t exactly malware but it’s worth mentioning. Grayware is not actively malicious in itself; it’s software that falls in a gray area. It’s unwanted and tends to slow down a computer. While the grayware itself is often irritating at most, the fact that it’s able to gain access to the computer is a greater concern. If grayware can get onto your computer, your organization has holes in your security that need to be remediated.
Adware is a type of grayware and, as its name suggests, its purpose is to display advertisements on your screen, generating revenue for the owner of the ad. Often better known as popups, Adware rides in on a trojan horse and installs itself on your computer or phone. It doesn’t do much harm, but it’s annoying and can slow down your device.
Keystroke loggers, or keyloggers, are malware that covertly monitors and records the keystrokes typed on a specific computer's keyboard or smartphone. The program then sends the information to its owner, who can view whatever has been typed. Although there are some legitimate uses of keyloggers (tracking technology misuse at work, for example) most keyloggers are used to divulge information like payment details and passwords.
Rootkits are a set of software tools that allow an attacker to gain access to and control a device, usually without being detected. Once a rootkit has been installed, the attacker can remotely execute files and change system configurations on the host machine. Rootkit installation can be automated or an attacker can install it with administrator access, and this fact — as well as the fact that rootkits use other programs to mask their presence — can make it difficult to detect and remove a rootkit.
11. Fileless Malware
Fileless malware is another type of attack that’s hard to track, because it has no files, instead of using legitimate programs to infect a computer or network. Because it exists as just a computer memory-based artifact in a machine’s RAM, it leaves no footprint for security teams to follow.
Usually delivered via phishing campaigns, fileless attacks slip around anti-malware software but can be stopped when a system is rebooted.
Malicious advertising or malvertisting uses ads to spread malware. Malicious ads are often placed on legitimate sites. When they’re clicked on, the user downloads the malware.
When a computer is infected with malware that allows it to be remotely controlled by an attacker, it becomes a bot or zombie. That computer is then used by an attacker to launch more cyberattacks.
Botnets are a collection of bots, frequently controlled by the same attacker. Botnets are often used in distributed denial of service (DDoS) attacks, spreading ransomware, and spreading other types of malware.
Hijackware is malware that infects a web browser that takes control of a browser's settings to redirect the user to websites or advertisements. Also known as browser hijacking, hijackware can also change a user’s homepage or install new toolbars in the browser.
Crimeware is malware designed to automate cybercrime, usually identity theft, although it can also be used to steal money or proprietary information.
17. Mobile Malware
Sometimes mobile apps are not what they seem. Malicious apps can steal user information, attempt to extort users, gain access to corporate networks, force users to view unwanted ads, or install a backdoor on the device.
18. Social Engineering and Phishing
These aren’t malware, but they should be mentioned because, without social engineering attacks and phishing campaigns, most malware wouldn’t be delivered. Social engineering is an attack targeting people, often specific people. Phishing occurs when an attacker sends a message that seems legitimate but is the vehicle for malware, or induces a user to visit a malicious website.
19. RAM Scrapers
RAM scrapers harvest the data temporarily stored in memory or RAM. This type of malware is often used to attack point-of-sale (POS) systems like cash registers because they can store unencrypted credit card numbers for a brief period of time before encrypting them.
20. Web skimmers
Much like scrapers, web skimmers often target payment information and POS systems. Web skimmers are usually a piece of malicious code inserted into a payment page that skims and stores payment information, then sends it back to the attacker.
21. Rogue Security Software
Rogue security software is also called scareware. It tricks users into believing there is a virus on their computer and tries to convince them to pay for a fake malware removal tool. That tool, unfortunately, actually installs malware on their computer.
Cryptojacking is a type of attack that steals the computing power of a victim’s device in order to mine cryptocurrency.
In order to thwart security teams, some attackers are using exotic and obscure programming languages to write malware. These languages help the malware circumnavigate some of the programs written to detect it.
25. Hybrid malware
Malware is rarely only one type or another. Today most malware is a combination of existing malware attacks, often, a mix of trojan horses (to get the malware into a system), worms (to help it replicate), and ransomware (so the attacker can profit).
How can SecurityScorecard help?
The threat landscape is constantly evolving and changing. SecurityScorecard’s easy-to-read A-F rating scale makes it easier to scan for threats and vulnerabilities that might be exploited by an attacker.
SecurityScorecard’s ratings provide visibility into ten different groups of risk factors, including IP reputation, endpoint security, network security, web application security, DNS health, patching cadence, hacker chatter, leaked credentials, and social engineering. Since we continuously monitor for risks and send actionable alerts, IT departments can respond in real-time to new risks.