Insecure software is a constant threat to individuals and businesses. As cybercrime continues to evolve, understanding what malware is and how it works is essential to protecting your devices and data. In this article, we’ll go over an explanation of what malware is, the different types, and how it spreads. You’ll also learn about tools you can use to protect yourself, such as a malware scanner or malware checker, and discover how fraudulent email messages work and why malware is still a widespread problem.
Malware definition
Malware – short for malicious software – is a collective term for applications or software deliberately designed to damage or compromise an electronic device. It can steal sensitive and confidential information stored on the device or install malicious programs to spy on your online activities and, in some cases, even hold your device hostage.
Malware can infect all types of electronic devices including mobile phones, PCs, tablets, smart TVs and even gaming systems.
Malware – virus
Contrary to popular belief, not all malware is a virus. All viruses are malware, but not all types of malware are viruses. A virus spreads by inserting its code into other files or programs, replicating and then transmitting itself from one infected device to another.
If the malware does not use other programs to copy and spread itself, then it is technically not a virus. A malicious virus can spread not only to other programs on the same device, but also to other devices and users on the same network.
How the malware works
Malware works by infiltrating the system through various methods. The way malware works can vary depending on the type of malware, but its general goal is to compromise the security of your computer or network. Some types of malware corrupt files, others steal data, and some even lock your system until a ransom (ransomware) is paid.
The malware works by using tricks to prevent normal use of the device. A cybercriminal first gains access to your device through one or more different techniques – for example, a fraudulent email, an infected file, a system or software vulnerability, an infected USB flash drive, or a malicious website.
It will then take advantage of the situation by launching further cyber attacks, obtaining account credentials, collecting personal information for sale, selling access to computing resources, or extorting payments from victims.
Who can fall victim to malware?
Anyone can fall victim to a malware attack. Some people may be able to recognise certain ways in which cybercriminals try to target victims with malware, for example they may be able to recognise a phishing email. However, cybercriminals are sophisticated and are constantly evolving their methods to keep up with technology and security improvements.
Malware attacks also look and act differently depending on the type of malware. Someone who is the victim of a rootkit cyberattack, for example, may not even be aware of it because this type of malware is designed to hide for as long as possible and go unnoticed.
How malware spreads
Cybercriminals use several tactics to spread malware. A common method is email attachments or links, often called malwareemail scams. It is also through these scams that various types of viruses are often spread, which can infect a device and cause significant damage. Scam emails are designed to trick you into downloading or opening a malicious file.
Examples of these attacks are fake invoices, suspicious links or spoofed email addresses pretending to be from legitimate companies. Some examples of malware emails may look innocent at first glance, but when clicked can trigger an infection.
Another method involves compromised websites. To scan URLs and determine whether a website has been infected with malware, a website scanning tool – a malware website checker – can be used. Malicious websites often prompt users to download harmful software disguised as software updates or media files. Malware can also spread through networks, external drives, or unsecured downloads. Below you will find a complete list of the most common ways malware is spread.
- Email: if your email has been infected, malware can trick your computer into sending emails with infected attachments or links to malicious websites. When the recipient opens the attachment or clicks on the link, the computer virus is installed on their computer and the cycle repeats.
- Physical media: hackers can upload malware to USB flash drives and wait for unsuspecting victims to plug them into their computers. The virus is thus transferred from one computer to another. This technique is often used in corporate espionage.
- Pop-up alerts: these include fake security alerts that trick you into downloading fake security software, which in some cases may be additional malware.
- Vulnerabilities: a security flaw in the software could allow malware to gain unauthorised access to your computer, hardware or network.
- Drive-by downloads: the unintentional downloading of software with or without the end user’s knowledge.
- Elevated privileges: an attacker gains elevated access to a computer or network and then uses it to attack.
- Homogeneity: if all systems use the same operating system and are connected to the same network, the risk of successfully spreading the worm to other computers increases.
- Mixed threats: malware packages that combine features of multiple types of unwanted software, making them difficult to detect and stop because they can exploit different vulnerabilities.
Types of malware
It’s important to know the different types of malware attacks so you can protect yourself from being attacked.
1. Adware
Adware, short for “advertising-supported software”, displays unwanted and sometimes harmful advertising on a computer or mobile device screen, redirects search results to advertising websites and captures user data that can be sold to advertisers without the user’s consent. Not all adware is malware, some is legitimate and safe to use.
Users can often control the frequency of adware or what types of downloads they allow by managing pop-up controls and preferences in their web browsers or by using an ad blocker.
Fireball made headlines in 2017 when an Israeli software company found it infected 250 million computers and a fifth of corporate networks worldwide. When Fireball affects your computer, it takes control of your browser. It turns your homepage into a fake search engine – Trotus – and inserts annoying adverts into every web page you visit. It will also prevent you from editing your browser settings.
2. Spyware
Spyware is a form of malicious software that hides on your device, monitors activity and steals sensitive information such as financial data, account information, login credentials and more. Spyware can spread by exploiting software vulnerabilities or can be secretly added to legitimate software.
CoolWebSearch – exploited a security flaw in Internet Explorer to change its settings and send browsing data to its author.
Gator – this program, which usually comes with file-sharing software, monitors user preferences and activity while surfing the Internet and uses this information to serve specific ads.
3. Ransomware and crypto-malware
Ransomware is malicious software designed to lock users out of their system or prevent them from accessing data until they pay a ransom. Crypto-malware is a type of ransomware that encrypts a user’s files and requires payment by a certain deadline and often through digital currency such as Bitcoin. Ransomware has been a persistent threat to organizations in a variety of industries for many years.
CryptoLocker is a form of malware used by cyber criminals to gain access to files on a system and encrypt them. Cybercriminals used social engineering tactics to trick employees into downloading the ransomware onto their computers, thereby infecting the network. Once downloaded, CryptoLocker displayed a ransom message offering to decrypt the data if paid in cash or Bitcoins by a set deadline.
4. Trojan horses
The Trojan disguises itself as legitimate software to trick you into running malware on your computer. Because it looks trustworthy, users download it, unknowingly allowing the malware to enter their device. Trojans themselves are the door. Unlike worms, they need a host to operate. Once a Trojan is installed on a device, hackers can use it to delete, modify or capture data, harvest data from the device as part of a botnet, spy on the device or gain access to the network.
The TrickBot malware – first identified in 2016, is a Trojan developed and operated by sophisticated cybercrime actors. Originally designed as a Trojan to steal financial data, TrickBot has evolved into a multi-stage malware that provides a complete suite of tools to carry out a range of illicit cyber activities.
5. Worms
One of the most common types of malware, worms, spread across computer networks by exploiting operating system vulnerabilities. A worm is a stand-alone program that replicates itself and infects other computers without requiring action from anyone. Because worms can spread quickly, they are often used to execute a payload – a piece of code designed to damage a system. It can delete a file on the host system, encrypt data for a ransomware attack, steal information and create botnets.
SQL Slammer was a well-known computer worm that did not use traditional distribution methods. Instead, it generated random IP addresses and distributed itself to them, searching for those that were not protected by antivirus software. Shortly after its attack in 2003, the result was more than 75,000 infected computers that unwittingly engaged in DDoS attacks on several major websites.
6. Viruses
A virus is a piece of code that is inserted into an application and executes when it runs. Once it enters the network, it can be used to steal sensitive data, launch DDoS attacks or carry out ransomware attacks. Viruses, which are usually spread through infected websites, file sharing or downloading email attachments, are dormant until the infected host file or program is activated. When this happens, viruses can replicate and spread through systems.
Stuxnet – Stuxnet appeared in 2010 and is widely believed to have been developed by the US and Israeli governments to disrupt Iran’s nuclear programme. Spread via a USB stick, it targeted Siemens industrial control systems, causing centrifuges to fail and self-destruct at record speed. Stuxnet is believed to have infected more than 20,000 computers and destroyed a fifth of Iran’s nuclear centrifuges – setting back Iran’s programme by several years.
7. Keyloggers
A keylogger is a type of spyware that monitors user activity. Keyloggers can be used for legitimate purposes – for example, families using them to monitor their children’s online activities, or organisations using them to monitor employee activities. However, if keyloggers are installed for malicious purposes, they can be used to steal password data, banking information and other sensitive information. Keyloggers can be inserted into a system through phishing, social engineering or malicious file downloads.
In 2017, a University of Iowa student was arrested for installing keyloggers on employee computers to steal login credentials to edit and change grades. The student was found guilty and sentenced to four months in prison.
8. Bots and botnets
A bot is a computer that has been infected with malware so that a hacker can control it remotely. The bot – sometimes called a zombie computer – can then be used for further attacks or become part of a collection of bots called a botnet. Botnets can involve millions of devices because they spread without detection. Botnets assist hackers in many malicious activities, including DDoS attacks, sending spam and phishing messages, and spreading other types of malware.
Andromeda malware – The Andromeda botnet has been linked to 80 different types of malware. It grew to such proportions that at one point it was infecting a million new computers a month, spreading via social media, instant messaging, unsolicited emails, exploit kits and more. The operation was taken down in 2017 by the FBI, Europol’s European Cybercrime Centre and other institutions – but many computers continued to be infected.
9. Hybrids
Today, most malicious software is a combination of different types. It contains parts of Trojans and worms and occasionally a virus. Usually, the malicious program appears to the end user as a Trojan, but once launched, it attacks other victims over the network as a worm.
In 2001, a malware developer calling himself “Lion” released a hybrid malware – a combination of a worm and a rootkit. Rootkits allow hackers to manipulate operating system files, while worms are powerful vectors for quickly spreading pieces of code. This malicious combination has wreaked havoc: it has caused damage to more than 10,000 Linux systems. The malware combining worm and rootkit was explicitly designed to exploit vulnerabilities in Linux systems.
10. Malware without files
Fileless malware is a type of malware that uses legitimate programs to infect your computer. It does not rely on files and leaves no trace, making it difficult to detect and remove. Fileless malware emerged in 2017 as a major type of attack, but many of these attack methods have been known for longer.
Without being stored in a file or installed directly on the computer, fileless infections go directly into memory and the malicious content never touches the hard drive. Increasingly, cybercriminals are turning to fileless malware as an effective alternative form of attack that is harder for traditional antivirus programs to detect due to the small footprint and lack of files to scan.
Frodo, Number of the Beast and The Dark Avenger were the first examples of this type of malware.
What malware can cause – symptoms
If you notice any of the following signs, there may be malware on your device:
- Slow system performance: this may indicate that malicious code is consuming system resources. High CPU usage or overheating may also indicate background malware activity.
- Annoying ads and pop-ups:unwanted ads that appear on your screen are often the work of adware. These ads are not only annoying, but can also serve as gateways to other types of malicious code.
- System crashes and freezes: If you’re experiencing frequent system crashes or the dreaded “blue screen of death” (BSOD), it’s likely that malware is interfering with system processes and causing instability.
- Unexpected use of disk space: a sudden decrease in available disk space may indicate that malware is downloading malicious files to your hard drive without your permission.
- Unusual activity on the Internet:Watch out for unexpected spikes in data usage or connections to unknown external IP addresses. These may be indications that malware, such as Trojan horses or botnets, are communicating with the Command and Control (C&C) server.
- Changed browser settings: changes to your home page, default search engine or new browser extensions appearing without your knowledge may indicate malware that is hijacking your browser.
- Disabled security software: If you find that your antivirus or other security measures are disabled and you can’t activate them, it may be malware designed to weaken your defences.
- Ransom notes or blocked files: encrypted files with accompanying notes demanding payment of a ransom are a hallmark of ransomware, a particularly nasty type of malware.
- Subtle signs: some advanced types of malware can work without showing any obvious signs, quickly draining your device’s battery, sending emails on your behalf or displaying intermittent error messages.
It is very important to note that these symptoms are not definitive proof of malware infection. Alternative explanations may be at play, such as software incompatibility or hardware problems.If you suspect your system is infected, follow these three basic steps to remove the malware:
- Install the software cybersecurity software: Download and install trusted security software that can detect and remove malware.
- Run a system scan: run a full system scan using the security software.
- Change your passwords:Reset all passwords, including passwords for email, social media and bank accounts. It is also recommended to use multi-factor authentication, which adds an extra layer of security.
Malware – protecting and preventing attacks
By following these tips and deploying the right technology, you can improve your defences against malware threats, whether it’s for individual or organisational use.
- Don’t click on suspicious links: whether it’s an email, a text message or a pop-up window, always be wary of links from untrusted sources.
- Software updates: always keep your software up-to-date, including security software, to protect yourself from the latest types of malware.
- Official app stores: download apps from official stores and check reviews and ratings before installing.
- Regular backups: back up important data often. This can be invaluable in the event of a ransomware attack.
- Only secure sites: Only visit secure websites whose web address begins with https://. (The letter S stands for secured.)
How to remove malware
Follow these six steps to remove infectious software on your computer.
Step 1: Disconnect from the Internet
Disconnecting from the internet will prevent more of your data from being sent to the malware server or the malware from spreading further.
Step 2: Go to safe mode
If the malware is set to load automatically, this will prevent it from loading, making it easier to remove.
To enter safe mode:
- Restart your computer.
- When the login screen appears, hold down the Shift key and select Power → Restart.
- After restarting your computer, on the “Select an option” screen, select Troubleshooting → Advanced Options → Startup Settings.
- In the next window, click Restart and wait for the next screen to appear.
- A menu will appear with numbered launch options. Select number 4 or F4 to start the computer in safe mode.
Step 3: Check the activity monitor for malicious apps
If you know you’ve installed a suspicious update or app, close the app if it’s running.
The Activity Monitor displays the processes that are running on your computer, so you can see how they affect your computer’s activity and performance.
Check for malicious applications:
- Open the Resource Monitor application.
- Find the task
- Select “End Process”
Step 4: Run the malware scanner
Fortunately, malware scanners can remove many standard infections. However, remember that if you already have an antivirus program active on your computer, you should use a different scanner for this malware scan, as your current antivirus software may not initially detect malware.
Step 5: Fix your web browser
The malware is likely to change the home page of your web browser and re-infect your computer. Check your homepage and connection settings using the steps below for common browsers.
Verify your home page in Chrome:
- In the top right corner of Chrome, click “More” and then “Settings”.
- Select the drop-down menu under “Search engine”.
- Check your default homepage.
Step 6: Clear the cache
After verifying the home page settings, it is necessary to clear the browser cache. Follow these steps to learn how to clear your Chrome and Internet Explorer cache.
Clear the cache in Chrome:
- Search for History
- Select “Delete browsing data”.
- In the Time Range drop-down menu, select the “All Time” option.
- Select the “Delete data” option.
