Malware is a piece of bad news wrapped up in software. That’s the long and short of it. Malicious software coded with the intent of causing harm to a user, a system, or a network is nothing new, but what’s scary is its continuing evolution into new and invisible forms of threats.
To combat cyber threats in an enterprise, you need a solid foundation of important topics like what malware is, how it spreads, and all its variants that lurk out there in the wild.
This brief guide covers all the basics you need to know about the malicious program.
Table of Contents
What is Malware?
Malware definition is simply a malicious code. It is a software that is developed with malicious intent, or whose effect is malicious.
While the effects of such computer viruses often are harmful to users, they are devastating for companies.
The spectrum of malware is wide — and getting wider by the minute.
History of Malware
As you can imagine, the history of malware goes a long way. The term malware may have been introduced by Yisrael Rada in 1990, but these kinds of threats had been in existence decades before, referred to as computer viruses.
Let’s take a look at some common malware.
Here is a quick look at some of the common malware terms and abbreviations that you will see when discussing computer viruses.
Ways of Spread
Drive-by download: The unintended download of computer software from a website via the Internet. User’s get infected by the download that happens without the knowledge, or without the understanding of the consequences.
Homogeneity: A setup where all the systems are running on the same operating system and connected to the same network.
Vulnerability: A security defect in software that can be attacked by malware.
Backdoor: An opening or break left in the operating systems, hardware, network or cybersecurity by design.
Types of Malware Attacks
0-Day: A zero-day vulnerability is an undisclosed flaw that hackers can exploit. It’s called 0-day because it is not publicly reported or announced before becoming active.
Exploit: A threat made real via a successful attack on an existing vulnerability.
Privilege escalation: Another type of malware attacks is privilege escalation. A situation where the attacker gets escalated access to the restricted data.
Evasion: Evasion is another type of malware attack. The techniques malware maker design to avoid detection and analysis of their malware by security systems.
Blended threat: A malware package that combines the characteristics of multiple kinds of the malicious program like Trojans, viruses worms, seeking to exploit more than one system vulnerability.
Other Important Terms
Botnet: A number of Internet-connected devices that are running one or more bots. Botnets are used to perform distributed denial of service attacks, send spam, and steal data.
Containment: The process of stopping the spread of malware, and preventing further damage to hosts.
Endpoint: A security approach to the protection of computer networks that are remotely bridged to client devices.
Payload: The part of the malware program that actually does the damage.
Privilege: In computing, privilege means access to modify a system.
Signature: Signs that are specific to either a certain type of behavior or a specific item of malware.
Threat: In computing security, a computer or network is deemed under threat when it harbors persistent software vulnerabilities, thereby increasing the possibility or certainty of a malicious attack
Track: Evidence of an intrusion into a system or a network.
Zombie: The operating systems connected to the Internet that has been compromised by a hacker, computer virus. It can be used to perform malicious tasks.
Different Types of Malware
Running into the word that starts with mal is a literal sign that something is bad. In general, most experts view the term malware as a contraction of two words — malicious software.
So much so that viruses are now just the tip of the iceberg.
Recent study data say that the majority of the malicious programs out there in the wild today are Trojans and computer worms, with viruses having declined in numbers. A 2011 study had Trojan horses amount to 69.99% of all malware tracked, while viruses only made up 16.82%. This is a number that has clearly gone up.
A more recent study in 2017 found that malware aimed at mobile devices like smartphones and tablets is increasing at an alarming rate, and even coming pre-installed on devices.
But what are the various types of malware, and how exactly are they classified?
Let’s see how attackers install and deploy these malware types.
The primary characteristic that a piece of software must possess to qualify as a virus is an urge to reproduce that is programmed into it. This mechanism means that this type of malware will distribute copies of itself, using any means to spread.
They hide within computer files, and the computer must run that file (execute that code, in other words) for a virus to do its dirty functions.
1a. System or boot infectors
A virus can infect a system as a resident virus by installing itself as part of the operating system.
2a. File infectors
Many viruses sneak up into ordinary executable files like .EXE and .COM in order to up their chances of being run by a user. Programs including batch files and script files like .BAT, .JS. .VB, and .SCR extension is susceptible.
3a. Macro viruses
These kinds of viruses are the ones that run inside specific application files that allow macro programs in order to extend the capabilities of a given software.
Some infamous examples of viruses over the years are the Concept virus, the Chernobyl virus (also known as CIH), the Anna Kournikova virus, Brain and RavMonE.exe.
The second of the two kinds of infectious malware. A worm is a standalone software that replicates without targeting and infecting specific files that are already present on a computer. They usually target the operating system files and work until the drive they are in becomes empty.
Basically, whereas viruses add themselves inside existing files, worms carry themselves in their own containers.
Computer worms usually show up via email and instant messages. They use a computer network to spread.
Examples include Melissa, Morris, Mydoom, Sasser, Blaster, and Mylife.
3. Trojan Horses
A Trojan is a malicious program that misrepresents itself to appear as a legitimate program. The term is derived from the Ancient Greek story of the wooden horse that was used to invade the city of Troy by stealth — these are just as deadly on computers.
Trojan horse payload is usually a backdoor that allows attackers to gain access to the infected computer. Trojans also give cybercriminals access to the personal information of a user like IP addresses, passwords and banking details.
Trojan horse is now considered to be the most dangerous of all malicious program, particularly the ones that are designed to gain access and steal sensitive information from the victim’s computer.
Example – Notable examples also include Trojan developed by government agencies like the FBI, NSA, and GCHQ. Names like Magic Lantern, FinFisher, WARRIOR PRIDE, Netbus, Beast, Blackhole exploit kit, Gh0st RAT, Tiny Banker Trojan, Clickbot.A, Zeus, and Android Trojan Shedun.
A rootkit is a collection of software specifically designed to permit malicious program that gathers sensitive information, into your system.
These software work like a back door for different types of malware to enter and gain access, and are now being used extensively by hackers to infect systems.
The root access in other words.
Detecting and removing a rootkit is difficult — more so in cases where the rootkit resides inside the kernel of an operating system. Reinstalling the operating systems is often the only solution to protect your PC.
Example – The first malicious rootkit to gain notoriety on Windows was NTRootkit in 1999, but the most popular is the Sony BMG copy protection rootkit scandal.
The most devastating type of malicious programs, by some counts. Definitely one of the most advanced and constantly on the rise these days. Ransomware blocks access to the data of a victim, threatening to either publish it or delete it until a ransom is paid. Worse yet, there is no guarantee that paying a ransom will return access to the data, or prevent it from deletion. Usually, ransomware uses phishing to spread.
This manner of digital extortion has been in play since the late 80s, it returned to prominence in late 2013 with the advent of digital currency that is used to collect the ransom money.
Software that records all the data that is typed using a keyboard. Keyloggers usually are not capable of recording information that is entered using virtual keyboards and other input devices, but physical keyboards are at risk with this type of malware.
Keyloggers store the gathered data and send it to the attacker, who can then extract sensitive data like username and passwords as well as credit card details.
Grayware is a recently coined term that came into use around 2004. It is used to describe unwanted applications and files that though are not classified as a malicious program, can worsen the performance of computers and lead to security risks.
Grayware alludes to both adware and spyware. Almost all commercially available security software can detect these potentially unwanted programs.
Although ad-supported software is now much more common types and known as adware in some circles, the word has been linked to malicious program for quite some time. While adware can refer to any program that is supported by advertising, malicious adware usually shows advertisements in the form of popups and windows.
It is perhaps the most lucrative and least harmful malware, designed with the specific purpose of displaying advertisements on your computer.
Spyware, as the name gives away, is software that constantly spies on you. Its main purpose is to keep track of your Internet activity in order to send adware. Spyware is also used to gather sensitive information about an organization without their knowledge, and send that data to another entity, without consent of the victim.
Hackers can gain full access to your computer using the malicious program. They can steal your sensitive files like images and personal videos. They can deploy keyloggers that could steal your confidential information like bank login details and credit card information. Or simply hackers could use your PC to deploy an attack.
All malicious program is created to harm the users. While some of them are just to annoy users and track their activity, others could cause significant damage. Some of the most dangerous malware are Ransomware, Rootkits, and Trojan horse.
Yes, malware is a malicious program. Every software that is created with malicious intent is malware. Viruses are designed to delete and corrupt the user’s data. Thus they are malicious.
The malicious program uses various means to spread. Some of the major methods are drive-by download, homogeneity, vulnerability, and backdoor.