Individuals and businesses alike should be perpetually concerned with threats they may face online. Malware is one of the most common issues threatening individuals every day, and those concerned with online safety and security should understand malware threats, along with their classifications and and solutions like antivirus software.
What is malware?
Malware is any kind of software designed to damage, or enable unauthorized access to, computer systems.
Malware is a complex family of web-based threats that can harm individuals and businesses of all sizes. These dangerous pieces of software typically come in the shape of files or code that execute actions and corrupt files stored on your computer or within your network.
Malware is most commonly used to gain control over an endpoint device, steal data or spam unsuspecting individuals. It can be used to serve any nefarious purpose, from stealing sensitive data and personal information (like credit card numbers and banking information) to devastating a company’s entire network.
As the amount of information housed on the internet has exploded, so too has the amount of potential damage these programs can cause. Malware creators and distributors now have more to gain, so it makes sense that the number of malignant programs has mirrored the growth of the benign software market.
There are two reasons why hackers create and use malware: money, and the desire to wreak havoc. Money is the primary motivating factor for the majority of hackers and malware creators, as evidenced by the end goal of most malware — theft — via ransom, data theft or outright monetary theft.
What is malware?
Malware comes in many shapes and sizes, but it all shares the same central purpose: disrupting computer systems. This disruption may refer to damaging files, stealing information, or causing any number of issues with a computer’s functionality.
The idea of malicious programs has existed since the creation of computers, but the first real virus is considered to be the Creeper Worm. Creeper Worm was a self-replicating program written in the early 1970s, designed to copy itself onto other systems and display a harmless message.
While the Creeper Worm was absent of malignant intent, ones to follow were not, which cemented the computer virus’ place in the pantheon of digital infamy. Early malware came in the form of viruses that were carried from computer to computer and injected via code on floppy disks.
The method of transmission has been significantly improved, allowing viruses to travel at the speed of the internet. As technology has advanced and anti-malware programs have improved, malware has kept up by becoming more sophisticated.
A study by security firm Norton found that hackers stole $172 billion from people worldwide in 2017, and malware was a key method of theft. The business of malware can be extremely lucrative, which is why we’ve seen the number of malicious programs explode in the past few years.
Today, millions of malware varieties threaten computers across the world. Luckily, G2 has thousands of reviews of over 150 antivirus software products that can serve as the first step to increasing the security of your endpoint devices.
Types of malware
While millions of different malware programs exist, they typically come in a few recognizable forms. These are a few common ways malware is delivered and executed to harm devices and steal information. Different solutions may be necessary depending on the type of malware you’re defending against or remediating.
Computer viruses are some of the oldest kinds of malware, but remain significant threats to this day. Computer viruses are unique in that they can replicate and spread without the need for an individual threat actor’s control. Viruses can infect single computers or entire networks without proper quarantine and remediation.
Viruses are typically attached to files, applications or downloads that appear to be non-threatening elements. Once downloaded, opened or executed, the virus can piggyback onto programs to corrupt data or expand throughout a network and damage systems across a company.
Worms predate viruses and have infected systems since mainframes were the only computers in existence. Worms are also capable of self-replication and may spread by exploiting flaws in applications or through social engineering.
Once a system is infected, the worm may be capable of inhibiting communication tools or transferring additional malicious software. Worms are also capable of consuming significant system memory to inhibit the functionality of web servers, network servers or individual endpoints.
A trojan is a form of malicious software that disguises itself as a harmless computer program but provides threat actors with the ability to execute any variety of attacks that steal information, disrupt functionality or damage data. The name derives from the fabled ancient Greek Trojan Horse which was used to deceive the guards of Troy and sneak Greek warriors into the city.
Trojans are usually received through email attachments or downloads that appear to be legitimate, but contain malicious code that allows hackers to access systems and execute commands. Trojans are not capable of self-replication or autonomous execution but can be spread internally by tricking users into sharing malicious files.
Rootkits are one of the most insidious types of malware, as they are extremely stealthy and difficult to detect by traditional endpoint protection methods. This malware masks its existence and controls the operating system, preventing its detection even further. Hackers use rootkits to access a system and steal information.
Adware is one of the less damaging forms of malware present today. Adware is used to generate revenue by delivering users unwanted ads through display advertising or pay-per-click functionality.
Adware is more of a pest than a predator in that the largest effect is typically annoyance or inhibited functionality. These malware tools are typically downloaded by end users who then experience an inordinate number of ads in their web browsers or when using web-based applications.
Spyware is a term coined in the mid-1990s to describe malware used to gain access to a user’s systems and monitor their data, files and behavior. Spyware is often used to disable firewall or anti-malware software while consuming CPU activity to increase an endpoint’s vulnerability to attack.
These tools monitor a user’s actions by collecting data viewed in web browsers and documenting local activity. This data may be used by hackers or sold for profit. Spyware may come in the form of keyloggers, which track an individual's keystrokes to steal user credentials and passwords for future malicious action or data theft.
Bots are programs that automatically execute tasks as ordered by the creator of the program that has infected them. The most common malicious uses of bots are in DDoS attacks, where huge numbers of bots (botnets) are deployed to attack servers. Bots can be grouped together once infected with malware and their collective computing power used as a botnet to carry out the hacker’s desired tasks.
Related: Interested in learning more about DDoS attacks?
Fileless malware is a newer form of malicious software that does not rely on files or executables and leaves little to no footprint, making it harder to discover and remediate. Fileless malware operates by hiding within a computer’s memory storage systems to execute events.
The fileless malware is written into a computer’s random access memory (RAM) to spread using non-file computing objects such as encryption keys or APIs. Once a computer is infected, the malware can abuse administration tools, edit user privileges and spread across networks.
Ransomware is an increasingly popular form of malware used to hijack a computer or network, requiring payment to restore access to endpoints and information. Ransomware holds systems hostage by encrypting information and then threatening to delete that information if victims do not pay the ransom.
Ransomware typically infects computer systems through a trojan horse, then spreads throughout a network before seizing control of its endpoints. These malware programs typically require payment in cryptocurrency because of the increased anonymity and difficulty of tracking.
Evolving malware threats
There is an ever-increasing number of malware programs. 2017 saw the creation of 8.4 million new types of malware, to add to the massive number already in circulation. The increased number of threats has been a boon to the cybersecurity industry, as companies scramble to head off potential security breaches by injecting millions of dollars into securing their servers.
State actors are using malware to carry out state-sponsored attacks on digital infrastructure as a political weapon. As the internet of things (IoT) becomes more prevalent and vital infrastructure is connected to the internet, be on the lookout for an uptick in politically motivated attacks. Physical infrastructure, previously considered untouchable by hackers, is now on the firing line as vital industries become connected via the IoT.
As companies move massive amounts of data to the cloud, cloud security becomes paramount. Recently, there have been several large-scale attacks on cloud-housed data by hackers using ransomware. The perpetrators lock down the targeted systems or deny access to important data sets, then demand money to unlock them. Large-scale attacks are increasingly likely as more data migrates to the cloud, unlocking a world of potential for hackers looking for a payday.
Ghost mining is a hacking technique in which a cybercriminal hijacks computing power from other computers to mine cryptocurrencies. Hackers gain access to others’ computers and instruct those computers to carry out cryptocurrency mining tasks for them.
There have been some heavily publicized data breaches in the past couple of years, with the Equifax attack in 2017 being the most widely publicized. We expect this trend to continue in 2018 and beyond as the amount of valuable personal information held online increases.
Protection from malware
Now that you’ve developed a healthy fear of malware, it’s time to talk about steps you can take to protect yourself against the ever-present threat that it represents. New versions of malware are constantly produced and circulated, designed specifically to circumvent those exact anti-malware programs that you’ve installed on the exquisite advice of this writer.
Patching your software and OS with the most current version of available vulnerability patches is a key way to impede potential attacks. The first and most obvious step is to install an anti-malware program on your computer and put up a firewall to shield yourself from at least the most common types of attacks.
You should also install antivirus software for continuous, real-time protection against malware and any other threat that makes its way past your firewall. Frugal users can explore our post ranking the best free antivirus software available today.
As an analyst at G2, Aaron’s research is focused on cloud, application, and network security technologies. As the cybersecurity market continues to explode, Aaron maintains the growing market on G2.com, adding 90+ categories of security technology (and emerging technologies that are added regularly). His exposure to both security vendors and data from security buyers provides a unique perspective that fuels G2’s research reports and content, including pieces focused on trends, market analysis, and acquisitions. In his free time, Aaron enjoys film photography, graphic design, and lizards.