What does malware mean

What Is Malware?

Malware is intrusive software that is designed to damage and destroy computers and computer systems. Malware is a contraction for “malicious software.” Examples of common malware includes viruses, worms, Trojan viruses, spyware, adware, and ransomware.

Contact Cisco

What is Malware?

Malware, short for “malicious software,” refers to any intrusive software developed by cybercriminals (often called “hackers”) to steal data and damage or destroy computers and computer systems. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware. Recent malware attacks have exfiltrated data in mass amounts.

How do I protect my network against malware?

Typically, businesses focus on preventative tools to stop breaches. By securing the perimeter, businesses assume they are safe. Some advanced malware, however, will eventually make their way into your network. As a result, it is crucial to deploy technologies that continually monitor and detect malware that has evaded perimeter defenses. Sufficient advanced malware protection requires multiple layers of safeguards along with high-level network visibility and intelligence.

How do I detect and respond to malware?

Malware will inevitably penetrate your network. You must have defenses that provide significant visibility and breach detection. In order to remove malware, you must be able to identify malicious actors quickly. This requires constant network scanning. Once the threat is identified, you must remove the malware from your network. Today’s antivirus products are not enough to protect against advanced cyber threats. Learn how to update your antivirus strategy.

What is malware?

Overview

Malware is malicious software, including any software that acts against the interest of the user. Malware can affect not only the infected computer or device but potentially any other device the infected device can communicate with.

Malware spans everything from the simplest computer worms and trojans to the most complex computer viruses. Malware, viruses, and malicious code are relatives but not the same, so only one kind of antivirus software or anti-malware software may not prevent all threats. It can exist on desktop computers, laptops, and mobile devices—and depending on which operating system a device uses (Windows, Android, iOS, or Apple MacOS) malware can attack and present differently. No device is always immune, and most devices—whether they are professional or personal—can benefit from malware protection.

Effective IT security can reduce your organization’s exposure to malware attacks. Common cybersecurity practices include patch management to close vulnerabilities on your systems and access control to limit the harm from malware. Additionally, frequent backups of your data isolated from your main production systems will allow you to quickly and safely recover from a malware infection.

Why is malware important in cybersecurity?

Imagine you work in an average office. You come in one morning, set down your coffee and turn on your computer. Then everything starts to go wrong.

Instead of your desktop, you see a blood-red screen with a padlock and a countdown clock. «Your files have been encrypted,» it says. «If you don’t pay in 7 days, you won’t be able to recover your files.» You look around. One by one, your coworkers are discovering the same message on all of their computers. Every computer.

This scenario played out in workplaces around the world in May 2017, as the WannaCry malware attacked businesses, government offices, and even critical public services such as hospitals.

Not all malware announces itself in a dramatic fashion. You might be running malware you don’t even know is there, but which is slowing down your system or violating your privacy. Cybercriminals often design these programs to evade detection and only perform noticeable activities under precise conditions.

You might not be able to stop malware, but you can lower the odds of it disrupting your operations by staying informed and maintaining sensible security practices.

Types of malware

To better understand what malware can do and how to reduce your risks, it’s helpful to break the common types of malware into categories. These types of malware can infiltrate anything from an Android mobile device to an Apple laptop, if you are not careful.

Malware needs a way to spread, as well as code to achieve its intended goal. You can think of this as a delivery system and a payload. Below is a basic summary of that structure, and more detailed explanations follow.

Delivery systems

Trojan horse: Tricks a user into installing it

Worm: Copies itself

May be combined with:

Exploit: Uses a software vulnerability to gain access to a system and sensitive data

Phishing: Tricks a user into providing information that can be used to gain access

Rootkit or bootkit: Gains administrative access to evade detection and obtain more control

Payloads

Adware: Displays unwanted advertising

Botnet: Places a device under outside control

Cryptocurrency miner: Uses compute power for cryptocurrency work

Ransomware: Demands money

Spyware: Secretly gathers data through a keylogger or other means

Other damage: Data destruction, vandalism, sabotage

Trojan horses

Trojan horses, commonly called Trojans, propagate through social engineering. By making itself look like something else, a Trojan persuades unwitting users to install it. One common strategy is for an attacker to convince a user to open a file or web link that installs malware. For example, Trojans like scareware can persuade the user to think that a particular program will help protect their computer, when in fact the program does the opposite.

In other instances, a user might install an application that seems beneficial—like a nifty browser toolbar or a fun emoji keyboard—but that also contains malware. Another Trojan technique involves writing auto-installing malware onto a USB memory stick (or a USB drive), and giving the memory stick to an unsuspecting user. Remote Access Trojans (RAT) malware allows cybercriminals to control your device remotely after infiltrating.

Worms

Worms wriggle into places they aren’t wanted. The first experimental computer worms, which simply made copies of themselves, came about in the 1970s. More damaging worms appeared in the 1980s and became the first widely known computer viruses, spreading from PC to PC via floppy disks and corrupting files they had access to. As the internet became widespread, malware developers and hackers designed worms to copy themselves across networks, making them an early threat to internet-connected organizations and users.

Exploits

An exploit is a vulnerability in software that could be unlawfully used to make the software do something outside of what it was designed to do. A piece of malware might use an exploit to enter a system or to move from one part of a system to another. Many exploits rely on known vulnerabilities (also referred to as CVEs), counting on the fact that not all users keep their systems up to date with security patches. Less commonly, a zero day exploit takes advantage of a critical vulnerability that hasn’t been fixed by a software maintainer.

Phishing

Phishing is a form of social engineering in which an attacker tries to trick someone into handing over sensitive information or personal data through a fraudulent request, such as a spoof email or a scam offer. As a strategy to obtain passwords and login credentials, phishing attacks are sometimes a precursor to a malware attack.

Rootkits and bootkits

A rootkit is a set of software tools designed to gain full control over a system and then cover its tracks. Rootkits effectively replace a system’s normal administrative controls. A bootkit is an advanced kind of rootkit that infects a system at the kernel level, so it has even more control and is even harder to detect.

Adware and spyware

Adware clutters your device with unwanted advertising, such as pop-ups in your web browser. Its close cousin spyware gathers your information and transmits it somewhere else. Spyware can range from trackers that monitor your internet activity to sophisticated espionage tools. Spyware can include keystroke loggers, or keyloggers, which record whatever a user types. In addition to violating your privacy, spyware and adware can slow your system and clog your network.

Botnets

Botnet malware turns the control of a device over to an outside party, making the device part of a large network of infected devices. Botnets are commonly used to conduct distributed denial of service (DDoS) attacks, send spam, or mine cryptocurrency. Any unsecured device on a network could be vulnerable to an infection. Botnets typically have means to grow their network of devices and are complex enough to conduct multiple malicious activities simultaneously or in sequence. For example, the Mirai malware attack of 2016 used internet-connected cameras and home routers to form a massive DDoS botnet.

Ransomware

Ransomware is malware that demands payment for something. Many common kinds of ransomware encrypt files on a user’s system and demand a ransom in Bitcoin in exchange for a decryption key. Ransomware became prominent in the mid-2000s. Since then, ransomware attacks continue to be one of the most serious and widespread computer security threats.

Other damage

Sometimes the malware developer’s or operator’s goal is to destroy data or break something. Long before ransomware was a problem, one of the first malware programs to gain mass media attention was the Michelangelo virus in 1992. It attempted to overwrite an infected PC’s disk drive on a specific date, March 6. Years later, in 2000, the ILOVEYOU virus spread from user to user in the form of a Visual Basic script sent as an email attachment. When executed, it erased various files and emailed a copy of itself to everyone in the user’s address book.

Those viruses seem quaint by the standards of modern malware. Consider the example of Stuxnet. In 2010, the security community discovered a puzzling and highly sophisticated worm designed to tamper with a specific kind of industrial equipment. Many security experts now believe Stuxnet was engineered by the United States and Israeli governments to sabotage Iran’s nuclear weapons program. (No government officially claimed responsibility.) If so, it’s an example of an emerging kind of malware: A state-sponsored cyberattack.

How can you defend yourself against malware?

The best way to defend against malware is to not get infected in the first place. While antivirus or anti-malware software can help, there are many other steps you can take today to improve your resilience.

Reducing your attack surface

Minimize the systems, applications, and ports that are exposed to the internet.

User education

Users should learn to be suspicious of links and attachments in emails, even ones that look authentic. This education could also explain how insider threats can lead to malware attacks.

Detection

The earlier you detect a malware infection, the sooner you can remediate the infected system. Keep in mind that some malware is designed to hide. Antivirus or anti-malware tools require regular updates to their detection signatures, and it’s a good practice to have multiple malware detection methods in place.

Patch management

Since software maintainers make it a practice to patch security holes as soon as possible, running current software reduces your risk of a malware infection. Effective patch management means ensuring that all your systems across your organization get timely security patches. Check for updates frequently and apply them to protect against known exploits.

Access control

Administrative control should be limited to trusted applications and users who really need it. That way if malware attacks your computer, it will have a harder time infecting the core functions of your system. Review your administrative controls on a regular basis.

Data backup and encryption

Proper data security can make an enormous difference during a malware attack. If the worst case scenario happens and malware enters your system, you’ll be able to fail over to a clean backup made before the infection. In simple terms, this means keeping backup data isolated, so malware can’t damage or erase it. It’s also good practice to keep data encrypted, so any data the malware exfiltrates is effectively useless. In practice, this can require a combination of strategies that will vary depending on the size and complexity of your organization. For large organizations, a software-defined storage solution in a hybrid cloud environment offers a wide amount of flexibility in backup and encryption options.

All computer systems have vulnerabilities and malware developers are persistent in finding and exploiting them. This makes malware security a subject that never stops evolving.

Red Hat’s technology guide for IT security has more information about how to establish security policy, process, and procedures.

What Does Malware Mean

Malware refers to any malicious software that is intended to cause damage or operational disruption to the host computer. It may also be used to steal personal or professional information by bypassing access controls in the host computer.

There are many different types of malware in existence. Some of the common forms of malware are worms, viruses, trojans, spyware, adware, and rootkits, etc., which can attack and damage, disable, or disrupt host computers and networks.

Zero-day Malware

Zero-day malware is designed by hackers who have taken advantage of a previously unknown vulnerability in the host systems or applications.

Hackers design zero-day malware to target a specific security flaw (zero-day vulnerability) in a software application or host system and then use that malware to compromise the host system or cause unusual behaviors to occur on the software.

The infamous WannaCry attack which disrupted several organizations and forced many to shut down operations is an ideal example of the security risks posed by zero-day malware.

Malware Can Disrupt IT Operations

Malware not only pose a variety of security risks to computer assets, such as disrupting computer operations, gathering sensitive information, etc., they can also disrupt entire IT operations of an organization.

New variants. New tactics. Malware is still dominating the world of IT and cybersecurity. Not only have we seen an increase in malware attacks on organizations demanding more money, but the level of sophistication in that malware has also increased, as well.

BYOD (Bring Your Own Device) policies implemented by organizations are exposing the IT infrastructure to new and more powerful types of malware. The traditional security solutions used by IT organizations were designed to protect the computers and network of that organization, not the personal smartphones and tablets that employees bring to the workplace today.

With BYOD and malware attacks both increasing, there is a dire need for organizations to address security with advanced tools. Managing BYOD devices is not an easy task. A standalone security solution won’t be sufficient in this scenario since the security perimeters tend to be undefinable and ever-changing in case of BYOD. This is where Comodo Advanced Endpoint Protection comes into play by providing centralized security measures with additional layers of protection at endpoints.

Comodo Advanced Endpoint Protection comes with antimalware, antivirus, firewall, Host Intrusion Prevention System (HIPS) software package and containment engine that prevents malware attacks by examining and sandboxing suspicious apps and processes. It helps IT admins to maintain greater control over all endpoints and also helps block threats effectively.

Comodo Advanced Endpoint Protection is the only endpoint security solution that provides hour-zero auto-containment technology by isolating all unknown file types including zero-day malware while keeping confidentiality, integrity, and availability in context, all without compromising performance or productivity.

What are the different types of malware?

What does malware mean?

The word ‘malware’ is a contraction of ‘malicious software’. Malware is intrusive software that is intentionally designed to cause damage to computers and computer systems. By contrast, software that causes unintentional damage is usually referred to as a software bug.

People sometimes ask about the difference between a virus and malware. The difference is that malware is an umbrella term for a range of online threats, including viruses, spyware, adware, ransomware, and other types of harmful software. A computer virus is simply one type of malware.

Malware may be introduced to a network through phishing, malicious attachments, malicious downloads, social engineering, or flash drives. In this overview, we look at common malware types.

Types of malware

It’s important to understand the different types of malware attacks to help protect yourself from being compromised. While some malware categories are well-known (at least by name), others are less so:

Adware

Users can often affect the frequency of adware or what kinds of downloads they allow by managing the pop-up controls and preferences within their internet browsers or using an ad blocker.

Adware examples:

Spyware

Spyware is a form of malware that hides on your device, monitors activity, and steals sensitive information like financial data, account information, logins, and more. Spyware can spread by exploiting software vulnerabilities or else be bundled with legitimate software or in Trojans.

Spyware examples:

Ransomware and crypto-malware

Ransomware examples:

Trojans

A Trojan (or Trojan Horse) disguises itself as legitimate software to trick you into executing malicious software on your computer. Because it looks trustworthy, users download it, inadvertently allowing malware onto their device. Trojans themselves are a doorway. Unlike a worm, they need a host to work. Once a Trojan is installed on a device, hackers can use it to delete, modify or capture data, harvest your device as part of a botnet, spy on your device, or gain access to your network.

Trojan examples:

Worms

One of the most common types of malware, worms, spread over computer networks by exploiting operating system vulnerabilities. A worm is a standalone program that replicates itself to infect other computers without requiring action from anyone. Since they can spread fast, worms are often used to execute a payload—a piece of code created to damage a system. Payloads can delete files on a host system, encrypt data for a ransomware attack, steal information, delete files, and create botnets.

Worm example:

Viruses

A virus is a piece of code that inserts itself into an application and executes when the app is run. Once inside a network, a virus may be used to steal sensitive data, launch DDoS attacks, or conduct ransomware attacks. Usually spread via infected websites, file sharing, or email attachment downloads, a virus will lie dormant until the infected host file or program is activated. Once that happens, the virus can replicate itself and spread through your systems.

Virus example:

Keyloggers

A keylogger is a type of spyware that monitors user activity. Keyloggers can be used for legitimate purposes – for example, families who use them to keep track of their children’s online activity or organizations which use them to monitor employee activity. However, when installed for malicious purposes, keyloggers can be used to steal password data, banking information, and other sensitive information. Keyloggers can be inserted into a system through phishing, social engineering, or malicious downloads.

Keylogger example:

Bots and botnets

A bot is a computer that has been infected with malware so it can be controlled remotely by a hacker. The bot – sometimes called a zombie computer – can then be used to launch more attacks or become part of a collection of bots called a botnet. Botnets can include millions of devices as they spread undetected. Botnets help hackers with numerous malicious activities, including DDoS attacks, sending spam and phishing messages, and spreading other types of malware.

Botnet examples:

PUP malware

PUPs – which stands for ‘potentially unwanted programs’ – are programs that may include advertising, toolbars, and pop-ups that are unrelated to the software you downloaded. Strictly speaking, PUPs are not always malware – PUP developers point out that their programs are downloaded with their users’ consent, unlike malware. But it is widely recognized that people mainly download PUPs because they have failed to realize that they have agreed to do so.

PUPs are often bundled with other more legitimate pieces of software. Most people end up with a PUP because they have downloaded a new program and didn’t read the small print when installing it – and therefore didn’t realize they were opting in for additional programs that serve no real purpose.

PUP malware example:

Hybrids

Today, most malware is a combination of different types of malicious software, often including parts of Trojans and worms and occasionally a virus. Usually, the malware program appears to the end-user as a Trojan, but once executed, it attacks other victims over the network like a worm.

Hybrid malware example:

Fileless malware

Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove. Fileless malware emerged in 2017 as a mainstream type of attack, but many of these attack methods have been around for a while.

Without being stored in a file or installed directly on a machine, fileless infections go straight into memory, and the malicious content never touches the hard drive. Cybercriminals have increasingly turned to fileless malware as an effective alternative form of attack, making it more difficult for traditional antivirus to detect because of the low footprint and the absence of files to scan.

Fileless malware examples:

Logic bombs

Logic bombs are a type of malware that will only activate when triggered, such as on a specific date and time or on the 20th log-on to an account. Viruses and worms often contain logic bombs to deliver their payload (i.e., malicious code) at a pre-defined time or when another condition is met. The damage caused by logic bombs varies from changing bytes of data to making hard drives unreadable.

Logic bomb example:

How does malware spread?

The most common ways in which malware threats can spread include:

Signs of a malware infection

If you’ve noticed any of the following, you may have malware on your device:

Use antivirus to protect you from malware threats:

The best way to protect yourself from a malware attack and potentially unwanted programs is through using a comprehensive antivirus. Kaspersky Total Security provides 24/7 protection against hackers, viruses, and malware – helping to keep your data and devices secure.

What are the different types of malware?

What does malware mean?

The word ‘malware’ is a contraction of ‘malicious software’. Malware is intrusive software that is intentionally designed to cause damage to computers and computer systems. By contrast, software that causes unintentional damage is usually referred to as a software bug.

People sometimes ask about the difference between a virus and malware. The difference is that malware is an umbrella term for a range of online threats, including viruses, spyware, adware, ransomware, and other types of harmful software. A computer virus is simply one type of malware.

Malware may be introduced to a network through phishing, malicious attachments, malicious downloads, social engineering, or flash drives. In this overview, we look at common malware types.

Types of malware

It’s important to understand the different types of malware attacks to help protect yourself from being compromised. While some malware categories are well-known (at least by name), others are less so:

Adware

Adware, a contraction of ‘advertising-supported software’, displays unwanted and sometimes malicious advertising on a computer screen or mobile device, redirects search results to advertising websites, and captures user data that can be sold to advertisers without the user’s consent. Not all adware is malware, some is legitimate and safe to use.

Users can often affect the frequency of adware or what kinds of downloads they allow by managing the pop-up controls and preferences within their internet browsers or using an ad blocker.

Adware examples:

Spyware

Spyware is a form of malware that hides on your device, monitors activity, and steals sensitive information like financial data, account information, logins, and more. Spyware can spread by exploiting software vulnerabilities or else be bundled with legitimate software or in Trojans.

Spyware examples:

Ransomware and crypto-malware

Ransomware is malware designed to lock users out of their system or deny access to data until a ransom is paid. Crypto-malware is a type of ransomware that encrypts user files and requires payment by a specific deadline and often through a digital currency such as Bitcoin. Ransomware has been a persistent threat for organizations across industries for many years now. As more businesses embrace digital transformation, the likelihood of being targeted in a ransomware attack has grown considerably.

Ransomware examples:

Trojans

A Trojan (or Trojan Horse) disguises itself as legitimate software to trick you into executing malicious software on your computer. Because it looks trustworthy, users download it, inadvertently allowing malware onto their device. Trojans themselves are a doorway. Unlike a worm, they need a host to work. Once a Trojan is installed on a device, hackers can use it to delete, modify or capture data, harvest your device as part of a botnet, spy on your device, or gain access to your network.

Trojan examples:

Worms

One of the most common types of malware, worms, spread over computer networks by exploiting operating system vulnerabilities. A worm is a standalone program that replicates itself to infect other computers without requiring action from anyone. Since they can spread fast, worms are often used to execute a payload—a piece of code created to damage a system. Payloads can delete files on a host system, encrypt data for a ransomware attack, steal information, delete files, and create botnets.

Worm example:

Viruses

A virus is a piece of code that inserts itself into an application and executes when the app is run. Once inside a network, a virus may be used to steal sensitive data, launch DDoS attacks, or conduct ransomware attacks. Usually spread via infected websites, file sharing, or email attachment downloads, a virus will lie dormant until the infected host file or program is activated. Once that happens, the virus can replicate itself and spread through your systems.

Virus example:

Keyloggers

A keylogger is a type of spyware that monitors user activity. Keyloggers can be used for legitimate purposes – for example, families who use them to keep track of their children’s online activity or organizations which use them to monitor employee activity. However, when installed for malicious purposes, keyloggers can be used to steal password data, banking information, and other sensitive information. Keyloggers can be inserted into a system through phishing, social engineering, or malicious downloads.

Keylogger example:

Bots and botnets

A bot is a computer that has been infected with malware so it can be controlled remotely by a hacker. The bot – sometimes called a zombie computer – can then be used to launch more attacks or become part of a collection of bots called a botnet. Botnets can include millions of devices as they spread undetected. Botnets help hackers with numerous malicious activities, including DDoS attacks, sending spam and phishing messages, and spreading other types of malware.

Botnet examples:

PUP malware

PUPs – which stands for ‘potentially unwanted programs’ – are programs that may include advertising, toolbars, and pop-ups that are unrelated to the software you downloaded. Strictly speaking, PUPs are not always malware – PUP developers point out that their programs are downloaded with their users’ consent, unlike malware. But it is widely recognized that people mainly download PUPs because they have failed to realize that they have agreed to do so.

PUPs are often bundled with other more legitimate pieces of software. Most people end up with a PUP because they have downloaded a new program and didn’t read the small print when installing it – and therefore didn’t realize they were opting in for additional programs that serve no real purpose.

PUP malware example:

Hybrids

Today, most malware is a combination of different types of malicious software, often including parts of Trojans and worms and occasionally a virus. Usually, the malware program appears to the end-user as a Trojan, but once executed, it attacks other victims over the network like a worm.

Hybrid malware example:

Fileless malware

Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove. Fileless malware emerged in 2017 as a mainstream type of attack, but many of these attack methods have been around for a while.

Without being stored in a file or installed directly on a machine, fileless infections go straight into memory, and the malicious content never touches the hard drive. Cybercriminals have increasingly turned to fileless malware as an effective alternative form of attack, making it more difficult for traditional antivirus to detect because of the low footprint and the absence of files to scan.

Fileless malware examples:

Logic bombs

Logic bombs are a type of malware that will only activate when triggered, such as on a specific date and time or on the 20th log-on to an account. Viruses and worms often contain logic bombs to deliver their payload (i.e., malicious code) at a pre-defined time or when another condition is met. The damage caused by logic bombs varies from changing bytes of data to making hard drives unreadable.

Logic bomb example:

How does malware spread?

The most common ways in which malware threats can spread include:

Signs of a malware infection

If you’ve noticed any of the following, you may have malware on your device:

Use antivirus to protect you from malware threats:

The best way to protect yourself from a malware attack and potentially unwanted programs is through using a comprehensive antivirus. Kaspersky Total Security provides 24/7 protection against hackers, viruses, and malware – helping to keep your data and devices secure.