• Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
  • Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
BLOG

25 Common Types of Malware & How To Identify Them

02/16/2022

Viruses, worms, ransomware — even the least tech-savvy among us know what these are, and want to avoid them if at all possible. What do they all have in common (besides the fact that they can lock up your devices and attempt to steal your data)? They all fall under the malware umbrella.

What is Malware?

Malware is any software designed to cause harm to a device, system, network, or data. Unlike software bugs, which cause damage by mistake, malware is intentionally created to cause damage. Malware has been around longer than the modern Internet; the first viruses were written in the 1970s and a decade later viruses were spread via floppy disks to personal computers.

Since then, the malware family has expanded considerably and can do quite a bit more damage, not just to a personal computer but to an entire organization. Below are several types of malware and some of the traits that will help you identify each.

Types of Malware

1. Viruses

The virus is a self-replicating program, usually hiding in the code of a host program. When “infecting” a computer, the virus replicates itself and inserts its own code into another program.

Viruses are the oldest form of malware, as mentioned above. The theory behind the computer virus was first written about in 1949, and the Creeper Virus was first detected on ARPANET in 1971. (Its goal: displaying a message: “I’m the creeper, catch me if you can!”) While the first viruses were written as experiments or pranks, viruses later became malicious and are now used to make a profit, sabotage systems, expose or exploit security vulnerabilities.

Viruses are spread in several ways. They might be sent through phishing scams, or downloaded from suspicious websites. Modern-day viruses perform several functions, from creating system failure to keylogging, to skimming information.

2. Worms

Like viruses, worms self-replicate, using networks to spread and duplicate, often without any human help. Worms rely on vulnerabilities within computers to spread and access new machines, scanning for new hosts and replicating as they move from device to device.

Worms don’t necessarily corrupt data, but they do take up bandwidth and increase network traffic. Most worms are designed only to spread but some contain malicious code, known as a payload. The WannaCry worm is an example of that; WannaCry was a worm that carried ransomware with it as it exploited the EternalBlue vulnerability.

3. Trojan Horses

Like the famous ancient Greek wooden horse that looked like a gift of peace, but contained Greek soldiers bent on conquering the city of Troy, a trojan horse is a malicious program pretending to be a legitimate piece of software. A user might click on an attachment in a phishing email; when the file is opened, the trojan will install, bringing its payload, which can be a variety of malicious software. Many trojans, however, create backdoors into a system.

4. Backdoor

A backdoor lets criminals get into a system while bypassing normal authentication processes; they’re often used to give bad actors remote access to a device or a network. While many backdoors are covert, some are legitimate and well known; manufacturers may create backdoors to help users get into locked systems.

5. Ransomware

Ransomware is very popular among cybercriminals. Ransomware attacks have been on the rise lately and there have been several high-profile ransomware attacks in the last year. Ransomware is malware designed to deny the user of a device or system access to their own network, hardware, and data access until a ransom is paid, usually in a cryptocurrency.

This can be damaging for several reasons: ransomware attacks can cause a prolonged lack of productivity, data leaks, theft of sensitive data, and sometimes, the exposure of private information on the public Internet.

6. Spyware

Spyware is malware that, well, spies on a victim. Spyware gathers information about a person or organization and sends the information back to the attacker. Sometimes spyware installs software or changes the user’s settings on a device. The goal is most often financial; spyware often captures bank and credit card information as well as other valuable data. The good news about spyware is that once you’re aware of it, it’s often easy to remove. It is in fact, a form of grayware.

7. Grayware

Grayware isn’t exactly malware but it’s worth mentioning. Grayware is not actively malicious in itself; it’s software that falls in a gray area. It’s unwanted and tends to slow down a computer. While the grayware itself is often irritating at most, the fact that it’s able to gain access to the computer is a greater concern. If grayware can get onto your computer, your organization has holes in your security that need to be remediated.

8. Adware

Adware is a type of grayware and, as its name suggests, its purpose is to display advertisements on your screen, generating revenue for the owner of the ad. Often better known as popups, Adware rides in on a trojan horse and installs itself on your computer or phone. It doesn’t do much harm, but it’s annoying and can slow down your device.

9. Keyloggers

Keystroke loggers, or keyloggers, are malware that covertly monitors and records the keystrokes typed on a specific computer’s keyboard or smartphone. The program then sends the information to its owner, who can view whatever has been typed. Although there are some legitimate uses of keyloggers (tracking technology misuse at work, for example) most keyloggers are used to divulge information like payment details and passwords.

10. Rootkits

Rootkits are a set of software tools that allow an attacker to gain access to and control a device, usually without being detected. Once a rootkit has been installed, the attacker can remotely execute files and change system configurations on the host machine. Rootkit installation can be automated or an attacker can install it with administrator access, and this fact — as well as the fact that rootkits use other programs to mask their presence — can make it difficult to detect and remove a rootkit.

11. Fileless Malware

Fileless malware is another type of attack that’s hard to track, because it has no files, instead of using legitimate programs to infect a computer or network. Because it exists as just a computer memory-based artifact in a machine’s RAM, it leaves no footprint for security teams to follow.

Usually delivered via phishing campaigns, fileless attacks slip around anti-malware software but can be stopped when a system is rebooted.

12. Malvertising

Malicious advertising or malvertisting uses ads to spread malware. Malicious ads are often placed on legitimate sites. When they’re clicked on, the user downloads the malware.

13. Bots

When a computer is infected with malware that allows it to be remotely controlled by an attacker, it becomes a bot or zombie. That computer is then used by an attacker to launch more cyberattacks.

14. Botnets

Botnets are a collection of bots, frequently controlled by the same attacker. Botnets are often used in distributed denial of service (DDoS) attacks, spreading ransomware, and spreading other types of malware.

15. Hijackware

Hijackware is malware that infects a web browser that takes control of a browser’s settings to redirect the user to websites or advertisements. Also known as browser hijacking, hijackware can also change a user’s homepage or install new toolbars in the browser.

16. Crimeware

Crimeware is malware designed to automate cybercrime, usually identity theft, although it can also be used to steal money or proprietary information.

17. Mobile Malware

Sometimes mobile apps are not what they seem. Malicious apps can steal user information, attempt to extort users, gain access to corporate networks, force users to view unwanted ads, or install a backdoor on the device.

18. Social Engineering and Phishing

These aren’t malware, but they should be mentioned because, without social engineering attacks and phishing campaigns, most malware wouldn’t be delivered. Social engineering is an attack targeting people, often specific people. Phishing occurs when an attacker sends a message that seems legitimate but is the vehicle for malware, or induces a user to visit a malicious website.

19. RAM Scrapers

RAM scrapers harvest the data temporarily stored in memory or RAM. This type of malware is often used to attack point-of-sale (POS) systems like cash registers because they can store unencrypted credit card numbers for a brief period of time before encrypting them.

20. Web skimmers

Much like scrapers, web skimmers often target payment information and POS systems. Web skimmers are usually a piece of malicious code inserted into a payment page that skims and stores payment information, then sends it back to the attacker.

21. Rogue Security Software

Rogue security software is also called scareware. It tricks users into believing there is a virus on their computer and tries to convince them to pay for a fake malware removal tool. That tool, unfortunately, actually installs malware on their computer.

23. Cryptojacking

Cryptojacking is a type of attack that steals the computing power of a victim’s device in order to mine cryptocurrency.

24. Exotics

In order to thwart security teams, some attackers are using exotic and obscure programming languages to write malware. These languages help the malware circumnavigate some of the programs written to detect it.

25. Hybrid malware

Malware is rarely only one type or another. Today most malware is a combination of existing malware attacks, often, a mix of trojan horses (to get the malware into a system), worms (to help it replicate), and ransomware (so the attacker can profit).

How can SecurityScorecard help?

The threat landscape is constantly evolving and changing. SecurityScorecard’s easy-to-read A-F rating scale makes it easier to scan for threats and vulnerabilities that might be exploited by an attacker.

SecurityScorecard’s ratings provide visibility into ten different groups of risk factors, including IP reputation, endpoint security, network security, web application security, DNS health, patching cadence, hacker chatter, leaked credentials, and social engineering. Since we continuously monitor for risks and send actionable alerts, IT departments can respond in real-time to new risks.

Return to Blog
Join us in making the world a safer place.
FREE ACCOUNT SIGN UP
Products
Solutions
Customers
Marketplace
Partners
Resources
Company
Trust Portal
Security Ratings
Login
Blog
Contact
Careers

SecurityScorecard
Tower 49
12 E 49th St
Suite 15-100
New York, NY 10017

[email protected]

United States: (800) 682-1701
International: +1(646) 809-2166
Social-linkedin Social-facebook Twitter Instagram Youtube