Malware: How does it spread and what tools can stop it?

Author: Michaela Kojnoková

Digitization

20. 12. 2024 20 reading minutes

Insecure software is a constant threat to individuals and businesses. As cybercrime continues to evolve, understanding what malware is and how it works is essential to protecting your devices and data. In this article, we’ll go over an explanation of what malware is, the different types, and how it spreads. You’ll also learn about tools you can use to protect yourself, such as a malware scanner or malware checker, and discover how fraudulent email messages work and why malware is still a widespread problem.

Malware definition

Malware – short for malicious software – is an umbrella term for applications or software deliberately designed to damage or contaminate an electronic device. It can steal sensitive and confidential information stored on your device or install malicious software to spy on your online activities and possibly even hold your device hostage.

Malware can infect all types of electronic devices including mobile phones, PCs, tablets, smart TVs and even gaming systems.

Malware – virus

Contrary to popular belief, not all malware is a virus. All viruses are malware, but not all types of malware are viruses. A virus spreads by inserting its code into other files or programs, replicating and then transmitting itself from one infected device to another.

If the malware does not use other programs to copy and spread itself, then it is technically not a virus. A malicious virus can spread not only to other programs on the same device, but also to other devices and users on the same network.

How the malware works

Malware works by infiltrating the system through various methods. The way malware works can vary depending on the type of malware, but its general goal is to compromise the security of your computer or network. Some types of malware corrupt files, others steal data, and some even lock your system until a ransom (ransomware) is paid.

The malware works by using tricks to prevent normal use of the device. A cybercriminal first gains access to your device through one or more different techniques – for example, a fraudulent email, an infected file, a system or software vulnerability, an infected USB flash drive, or a malicious website.

It will then take advantage of the situation by launching further cyber attacks, obtaining account credentials, collecting personal information for sale, selling access to computing resources, or extorting payments from victims.

Who can fall victim to malware?

Anyone can fall victim to a malware attack. Some people may be able to recognise certain ways in which cybercriminals try to target victims with malware, for example they may be able to recognise a phishing email. However, cybercriminals are sophisticated and are constantly evolving their methods to keep up with technology and security improvements.

Malware attacks also look and act differently depending on the type of malware. Someone who is the victim of a rootkit cyberattack, for example, may not even be aware of it because this type of malware is designed to hide for as long as possible and go unnoticed.

How malware spreads

Cybercriminals use several tactics to spread malware. A common method is email attachments or links, often called malwareemail scams. It is also through these scams that various types of viruses are often spread, which can infect a device and cause significant damage. Scam emails are designed to trick you into downloading or opening a malicious file.

Examples of these attacks are fake invoices, suspicious links or spoofed email addresses pretending to be from legitimate companies. Some examples of malware emails may look innocent at first glance, but when clicked can trigger an infection.

Another method is compromised websites. A website scanning tool can be used to scan URLs and determine if a website has been infected with malware – malware website checker. Malicious websites often prompt you to download malware that is disguised as software updates or media files. Malware can also spread via networks, external drives or unsecured downloads. See below for a complete list of the most common ways that malware spreads.

• Email: if your email has been infected, malware can trick your computer into sending emails with infected attachments or links to malicious websites. When the recipient opens the attachment or clicks on the link, the computer virus is installed on their computer and the cycle repeats.
• Physical media: hackers can upload malware to USB flash drives and wait for unsuspecting victims to plug them into their computers. The virus is thus transferred from one computer to another. This technique is often used in corporate espionage.
• Pop-up alerts: these include fake security alerts that trick you into downloading fake security software, which in some cases may be additional malware.
• Vulnerabilities: a security flaw in the software could allow malware to gain unauthorised access to your computer, hardware or network.
• Drive-by downloads: the unintentional downloading of software with or without the end user’s knowledge.
• Elevated privileges: an attacker gains elevated access to a computer or network and then uses it to attack.
• Homogeneity: if all systems use the same operating system and are connected to the same network, the risk of successfully spreading the worm to other computers increases.
• Mixed threats: malware packages that combine features of multiple types of unwanted software, making them difficult to detect and stop because they can exploit different vulnerabilities.

Types of malware

It’s important to know the different types of malware attacks so you can protect yourself from being attacked.

1. Adware

Adware, short for “advertising-supported software”, displays unwanted and sometimes harmful advertising on a computer or mobile device screen, redirects search results to advertising websites and captures user data that can be sold to advertisers without the user’s consent. Not all adware is malware, some is legitimate and safe to use.
Users can often control the frequency of adware or what types of downloads they allow by managing pop-up controls and preferences in their web browsers or by using an ad blocker.

2. Spyware

Spyware is a form of malicious software that hides on your device, monitors activity and steals sensitive information such as financial data, account information, login credentials and more. Spyware can spread by exploiting software vulnerabilities or can be secretly added to legitimate software.

3. Ransomware and crypto-malware

Ransomware is malicious software designed to lock users out of their system or prevent them from accessing data until they pay a ransom. Crypto-malware is a type of ransomware that encrypts a user’s files and requires payment by a certain deadline and often through digital currency such as Bitcoin. Ransomware has been a persistent threat to organizations in a variety of industries for many years.

4. Trojan horses

The Trojan disguises itself as legitimate software to trick you into running malware on your computer. Because it looks trustworthy, users download it, unknowingly allowing the malware to enter their device. Trojans themselves are the door. Unlike worms, they need a host to operate. Once a Trojan is installed on a device, hackers can use it to delete, modify or capture data, harvest data from the device as part of a botnet, spy on the device or gain access to the network.

5. Worms

One of the most common types of malware, worms, spread across computer networks by exploiting operating system vulnerabilities. A worm is a stand-alone program that replicates itself and infects other computers without requiring action from anyone. Because worms can spread quickly, they are often used to execute a payload – a piece of code designed to damage a system. It can delete a file on the host system, encrypt data for a ransomware attack, steal information and create botnets.

6. Viruses

A virus is a piece of code that is inserted into an application and executes when it runs. Once it enters the network, it can be used to steal sensitive data, launch DDoS attacks or carry out ransomware attacks. Viruses, which are usually spread through infected websites, file sharing or downloading email attachments, are dormant until the infected host file or program is activated. When this happens, viruses can replicate and spread through systems.

7. Keyloggers

A keylogger is a type of spyware that monitors user activity. Keyloggers can be used for legitimate purposes – for example, families using them to monitor their children’s online activities, or organisations using them to monitor employee activities. However, if keyloggers are installed for malicious purposes, they can be used to steal password data, banking information and other sensitive information. Keyloggers can be inserted into a system through phishing, social engineering or malicious file downloads.

8. Bots and botnets

A bot is a computer that has been infected with malware so that a hacker can control it remotely. The bot – sometimes called a zombie computer – can then be used for further attacks or become part of a collection of bots called a botnet. Botnets can involve millions of devices because they spread without detection. Botnets assist hackers in many malicious activities, including DDoS attacks, sending spam and phishing messages, and spreading other types of malware.

9. Hybrids

Today, most malicious software is a combination of different types. It contains parts of Trojans and worms and occasionally a virus. Usually, the malicious program appears to the end user as a Trojan, but once launched, it attacks other victims over the network as a worm.

10. Malware without files

Fileless malware is a type of malware that uses legitimate programs to infect your computer. It does not rely on files and leaves no trace, making it difficult to detect and remove. Fileless malware emerged in 2017 as a major type of attack, but many of these attack methods have been known for longer.

Without being stored in a file or installed directly on the computer, fileless infections go directly into memory and the malicious content never touches the hard drive. Increasingly, cybercriminals are turning to fileless malware as an effective alternative form of attack that is harder for traditional antivirus programs to detect due to the small footprint and lack of files to scan.

What malware can cause – symptoms

If you notice any of the following signs, there may be malware on your device:

1. Slow system performance: this may indicate that malicious code is consuming system resources. High CPU usage or overheating may also indicate background malware activity.
2. Annoying ads and pop-ups:unwanted ads that appear on your screen are often the work of adware. These ads are not only annoying, but can also serve as gateways to other types of malicious code.
3. System crashes and freezes: If you’re experiencing frequent system crashes or the dreaded “blue screen of death” (BSOD), it’s likely that malware is interfering with system processes and causing instability.
4. Unexpected use of disk space: a sudden decrease in available disk space may indicate that malware is downloading malicious files to your hard drive without your permission.
5. Unusual activity on the Internet:Watch out for unexpected spikes in data usage or connections to unknown external IP addresses. These may be indications that malware, such as Trojan horses or botnets, are communicating with the Command and Control (C&C) server.
6. Changed browser settings: changes to your home page, default search engine or new browser extensions appearing without your knowledge may indicate malware that is hijacking your browser.
7. Disabled security software: If you find that your antivirus or other security measures are disabled and you can’t activate them, it may be malware designed to weaken your defences.
8. Ransom notes or blocked files: encrypted files with accompanying notes demanding payment of a ransom are a hallmark of ransomware, a particularly nasty type of malware.
9. Subtle signs: some advanced types of malware can work without showing any obvious signs, quickly draining your device’s battery, sending emails on your behalf or displaying intermittent error messages.

It is very important to note that these symptoms are not definitive proof of malware infection. Alternative explanations may be at play, such as software incompatibility or hardware problems.If you suspect your system is infected, follow these three basic steps to remove the malware:

1. Install the software cybersecurity software: Download and install trusted security software that can detect and remove malware.
2. Run a system scan: run a full system scan using the security software.
3. Change your passwords:Reset all passwords, including passwords for email, social media and bank accounts. It is also recommended to use multi-factor authentication, which adds an extra layer of security.

Malware – protecting and preventing attacks

By following these tips and deploying the right technology, you can improve your defences against malware threats, whether it’s for individual or organisational use.

• Don’t click on suspicious links: whether it’s an email, a text message or a pop-up window, always be wary of links from untrusted sources.
• Software updates: always keep your software up-to-date, including security software, to protect yourself from the latest types of malware.
• Official app stores: download apps from official stores and check reviews and ratings before installing.
• Regular backups: back up important data often. This can be invaluable in the event of a ransomware attack.
• Only secure sites: Only visit secure websites whose web address begins with https://. (The letter S stands for secured.)

How to remove malware

Follow these six steps to remove infectious software on your computer.

Step 1: Disconnect from the Internet

Disconnecting from the internet will prevent more of your data from being sent to the malware server or the malware from spreading further.

Step 2: Go to safe mode

If the malware is set to load automatically, this will prevent it from loading, making it easier to remove.

To enter safe mode:

1. Restart your computer.
2. When the login screen appears, hold down the Shift key and select Power → Restart.
3. After restarting your computer, on the “Select an option” screen, select Troubleshooting → Advanced Options → Startup Settings.
4. In the next window, click Restart and wait for the next screen to appear.
5. A menu will appear with numbered launch options. Select number 4 or F4 to start the computer in safe mode.

Step 3: Check the activity monitor for malicious apps

If you know you’ve installed a suspicious update or app, close the app if it’s running.

The Activity Monitor displays the processes that are running on your computer, so you can see how they affect your computer’s activity and performance.

Check for malicious applications:

1. Open the Resource Monitor application.
2. Find the task
3. Select “End Process”

Step 4: Run the malware scanner

Fortunately, malware scanners can remove many standard infections. However, remember that if you already have an antivirus program active on your computer, you should use a different scanner for this malware scan, as your current antivirus software may not initially detect malware.

Step 5: Fix your web browser

The malware is likely to change the home page of your web browser and re-infect your computer. Check your homepage and connection settings using the steps below for common browsers.

Verify your home page in Chrome:

1. In the top right corner of Chrome, click “More” and then “Settings”.
2. Select the drop-down menu under “Search engine”.
3. Check your default homepage.

Step 6: Clear the cache

After verifying the home page settings, it is necessary to clear the browser cache. Follow these steps to learn how to clear your Chrome and Internet Explorer cache.

Clear the cache in Chrome:

1. Search for History
2. Select “Delete browsing data”.
3. In the Time Range drop-down menu, select the “All Time” option.
4. Select the “Delete data” option.

Malware evolves – your protection must too

Understanding the diverse world of malware, device infection methods, and prevention strategies serves as an effective way to protect our devices, networks, and sensitive information. As malware continues to evolve and adapt to new technologies and connectivity options, it is essential to be informed and vigilant in protecting our digital lives. By using robust security measures and best practices, we can minimize the risk of malware infection and ensure the continued safety of our valuable data and devices.

FAQ questions and answers about malware

What is malware?

Malware, short for “malicious software”, is any software designed to damage, disrupt or misuse computer systems, networks or devices. It can include viruses, Trojan horses, worms, ransomware and spyware.

What are the different types of malware?

There are several types of malware, including:

• Viruses: programs that spread by attaching themselves to legitimate files and reproducing themselves.
• Trojan: Software that masquerades as a useful program but carries out malicious activities.
• Worms: standalone programs that spread over networks and exploit vulnerabilities.
• Ransomware: Malware that encrypts a victim’s files and demands a ransom to restore them.
• Spyware: Software that secretly collects information about the user without the user’s knowledge.

How does malware spread?

Malware can spread in a variety of ways, including:

• Downloads from unsafe or unknown websites.
• Opening infected email attachments or clicking on malicious links.
• Using infected USB devices.
• Vulnerabilities in software and operating systems.

What are the symptoms of malware infection?

Symptoms may include:

• Slowing down your computer or device.
• Unusual behaviour of programs.
• Displaying unwanted ads.
• Changes to your browser settings or homepage.
• Unauthorised access to accounts.

How to protect yourself from malware?

To protect against malware you can:

• Use anti-virus software and update it regularly.
• Do not open unknown emails and attachments.
• Avoid clicking on suspicious links.
• Regularly update the operating system and applications.
• Back up important files.

What should I do if my computer has become infected with malware?

If you suspect an infection, you should:

• Disconnect the device from the internet.
• Run an antivirus scanner and remove the malware detected.
• Back up important files if possible.
• Consider restoring the system to a previous state or reinstalling the operating system.

Can malware compromise my personal data?

Yes, some types of malware, such as spyware or ransomware, can compromise your personal information such as passwords, banking information and other sensitive data. That’s why it’s important to be vigilant and protect your devices.

Share article

Malware: How does it spread and what tools can stop it?

Michaela Kojnoková

Po štúdiu informatiky na ŽU a TUKE som sa najviac ponorila do oblasti automatizácie testovania. Okrem toho sa venujem tvorbe webov, databázam, dátovej analytike, umelej inteligencii a strojovému učeniu. Mám rada cestovanie, šport a najviac si užívam čas strávený v prírode s mojimi blízkymi.