Malware or malicious software, is an umbrella term that is used to refer to a range of destructive software programs that can be used to harm computer systems or gain access to sensitive information on the system or perform a variety of other cyber crimes such as altering or hijacking core computing functions and monitoring users’ computer activity without their permission.
Attackers may use a variety of methods to spread malware that infect devices and networks. This can be done through physical means by delivering the malware to a system through an infected USB drive or can spread virtually over the internet through drive-by downloads, which automatically download malicious programs to systems without the user’s approval or knowledge.
Phishing attacks are another common type of social engineering attacks used for malware delivery where emails disguised as legitimate messages contain malicious links or attachments that contains the executable malware. Sophisticated malware attacks often feature the use of a command-and-control server that allows threat actors to communicate with the infected systems, exfiltrate sensitive data and even remotely control the compromised device or server.
Types of malware
Although there are numerous types of malware, the most commonly encountered forms of malware include computer viruses, worms and trojan horse programs. These programs have distinctive features that distinguish each other.
These malicious programs rely on vulnerabilities in the computer software or hardware, which can be exploited, giving the attacker a deeper access into the system or network. When a piece of malware is activated and executes the code it contains, the resulting impact can range from minimal to highly destructive depending upon the skills and interests of the attacker.
Viruses are one of the oldest type of malware encountered. It is a form of malware that is capable of replicating itself and spreading or infecting other computers. Computer virus, like the biological virus, requires a host in order to be activated or execute its payload. Some viruses can overwrite the contents of the original file with malicious code which will render it unusable, however, this makes it easy to identify. In other cases, a virus may inject itself into a file while leaving it operational to make the identification more difficult.
Viruses usually work by attaching itself to data files or existing programs, without the knowledge of the user and executes itself when the user runs or opens the infected program. Computer viruses have usually two phases – an infection phase and an attack phase. The virus will copy itself as widely as possible during the infection phase while in the attack phase, they try to carry out the damage they were designed to make.
Trojans or trojan horse programs got its name from the Trojan horse of ancient Greece, which was a giant wooden horse used by the Greeks to conceal and sneak soldiers into the ancient city of Troy. Computer trojans are similar in that they appear to be a downloadable file or attachment with enticing names, that would make people want to open them. However when the file is opened, the malicious code gets executed in the system.
Trojans are usually delivered through social engineering attacks such as phishing. They are different from viruses, in that they do not really replicate themselves, rather, they create a backdoor that can be used by the attacker to gain unauthorised access to the target computer system. The trojan can open ports and give the attacker remote access to an infected computer. This will make the system susceptible to data theft, more malware installations, data modification, use of webcam or other system tools, monitoring user activity, etc.
Worms are software programs that spreads over computer networks by exploiting vulnerabilities in the system and network. They can spread autonomously, although they may or may not necessarily have a payload. Worms are usually written as stand-alone programs and do not need to be attached to system files or programs. Unlike viruses, they can self replicate independently without relying on the host to execute it.
Once activated, it copies itself to the system and then starts replicating itself to other systems as well, through email address books. When an unsuspecting recipient clicks on the email attachment, the worm copies itself to the new system and starts to spread through the address book of the new system again and the process repeats itself whenever a recipient opens the infected attachment. Using a network in this manner, worms expand extremely quickly. The greatest danger from worms is that they will eventually use all the memory available to a computer or a network.
Spyware, as the name suggests, is a type of malware that is installed on a system that helps the attacker spy or collect information about users without their knowledge. Spyware is also used by people who want to keep a track on the computer activities of loved ones or people personally known to them.
The functions of a spyware are beyond that of simple monitoring. This kind of malware can be used for key-logging (recording/capturing everything the user types on his/her computer system) to gain access to personal data such as login credentials. It can also collect personal information about the victim such as the internet surfing habits or websites visited.
A backdoor is a means of access to a computer program that bypasses usual security mechanisms. Programmers usually create and leave backdoors for troubleshooting or diagnostics. A backdoor works in the background, hiding from the user. It is one of the most dangerous, in that they allow the attacker to perform any action on a compromised system. The attacker can steal sensitive data without the permission as well as create, delete, modify any file or execute various commands.
Ransomware is a type of malware that essentially holds a computer system captive while demanding a ransom. The malware will restrict the user(s) from accessing their computer systems either by encrypting files on the hard drive or locking down the system, then demand a financial payout for such data or system to be decrypted. Usually, messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computerise are displayed, which gets unlocked when the attacker receives the payment. Payment are usually made through cryptocurrencies such as bitcoins. They may also spread like a normal computer worm through a downloaded file or some other vulnerability in a network service.
Adware, short for advertising supported software is a type of program that displays advertisements on the system and also redirects website search requests to advertising pages. These types of malware collect data without the user’s consent that can further be used to provide customised advertisements. They may appear in the form of pop-up ads on websites.