The term malware is a contraction of malicious software.
Simply put, malware is any piece of software that is designed with the intent to damage, disrupt or gain unauthorised access to your device and inflict harm to data and/or people in multiple ways.
It is one of the biggest threats on the internet.
And it comes in a bewildering variety of forms, each with its own method of delivery (attack vector). Every day, the AV-TEST Institute registers over 350,000 new malicious programs (malware) and potentially unwanted applications (PUA).
What's more, cyber criminals have increasingly turned to fileless malware as an effective alternative form of attack making it all the more difficult for traditional antivirus (AV) to detect because of the low footprint and the absence of files to scan.
So, it's crucial that users know how to recognise the different types of malware in order to help protect yourself, and your business systems, from being compromised. While some are well-known (at least by name), others are less well understood.
» Find out what each type of malware is capable of, how it finds its way into your network and what you can do to avoid falling victim to these types of cyber attacks...
Worms are spread via software vulnerabilities or phishing attacks. Once a worm has installed itself into your computer’s memory, it starts to infect the whole machine and in some cases... your whole network.
Depending on the type of worm and your security measures, they can do serious damage. These parasitic nasties can...
- Modify and delete files
- Inject malicious software onto computers
- Replicate themselves over and over to deplete system resources
- Steal your data
- Install a convenient backdoor for hackers
They can infect large numbers of computers fast, consuming bandwidth and overloading your web server as they go.
Unlike worms, viruses need an already-infected active operating system or program to work. Viruses are typically attached to an executable file or a word document.
Most people are probably aware that a .exe file extension could lead to issues if it’s not from a trusted source. But there are hundreds of other file extensions that denote an executable file.
Usually spread via infected websites, file sharing, or email attachment downloads, a virus will lie dormant until the infected host file or program is activated. Once that happens, the virus is able to replicate itself and spread through your systems.
For computer viruses, your contact list is the equivalent of a packed train for the common cold. It hijacks your applications and uses your own apps to sneeze all over everyone… sending out infected files to your colleagues, friends and clients. Because it looks like it’s coming from a trustworthy source (you!), it has a much higher chance of spreading.
3. Bots & Botnets
A bot is a computer that’s been infected with malware so it can be controlled remotely by a hacker.
That bot (aka a zombie computer), can then be used to launch more attacks or to become part of a collection of bots (aka a botnet).
Botnets are popular with hacker show-offs (the more bots you collect, the mightier a hacker you are) and cyber criminals spreading ransomware. Botnets can include millions of devices as they spread undetected.
Botnets help hackers with all manner of malicious activities, including:
- DDoS attacks
- Keylogging, screenshots and webcam access
- Spreading other types of malware
- Sending spam and phishing messages
4. Trojan Horses
Just as it sounds, a Trojan Horse is a malicious program that disguises itself as a legitimate file. Because it looks trustworthy, users download it and... hey presto, in storms the enemy.
Trojans themselves are a doorway. Unlike a worm, they need a host to work. Once you’ve got the Trojan on your device, hackers can use it to...
- Delete, modify and capture data
- Harvest your device as part of a botnet
- Spy on your device
- Gain access to your network
Ransomware denies or restricts access to your own files. Then it demands payment (usually with crypto-currencies) in return for letting you back in.
In May 2017, a ransomware attack spread across 150 countries and compromised over 200k computers within just one day. Aptly named WannaCry, the attack caused damage estimated in the hundreds of millions to billions of dollars.
WannaCry affected MS Operating systems that did not have the latest patch installed for a known vulnerability. To reduce the risk of ransomware attacks…
- Always keep your Operating System up to date
- Keep your Anti-Virus software up to date
- Back-up your most important files
- Don't open attachments from unknown sources (WannaCry was spread via a .js attachment)
6. Adware & Scams
Adware is one of the better-known types of malware. It serves pop-ups and display ads that often have no relevance to you.
Some users will put up with certain types of adware in return for free software (games for example). But not all adware is equal. At best, it’s annoying and slows down your machine. At worst, the ads link to sites where malicious downloads await unsuspecting users. Adware can also deliver Spyware and is often easily hacked, making devices that have it installed a soft target for hackers, phishers and scammers.
Spyware secretly records your online activity, harvesting your data and collecting personal information such as usernames, passwords and surfing habits.
Spyware is a common threat, usually distributed as freeware or shareware that has an appealing function on the front end with a covert mission running in the background that you might never notice. It’s often used to carry out identity theft and credit card fraud.
Once on your computer, spyware relays your data to advertisers or cyber criminals. Some spyware installs additional malware that make changes to your settings.
8. Spam & Phishing
Phishing is a type of social engineering attack, rather than a type of malware. But is a common method of cyber attack. Phishing is successful since the emails sent, text messages and web links created look like they’re from trusted sources. They’re sent by criminals to fraudulently acquire personal and financial information.
Some are highly sophisticated and can fool even your most savvy users. Especially in cases where a known contact’s email account has been compromised and it appears you’re getting an instruction from your boss or IT colleagues. Others are less sophisticated and simply spam as many emails as they can with a message about ‘checking your bank account details’.
Warning signs of malware infection
If you’ve noticed any of the following, you may have malware on your device:
- A slow, crashing or freezing computer
- Blue screen of death (BSOD)
- Programmes opening and closing automatically or altering themselves
- Lack of storage space
- Increased pop-ups, toolbars and other unwanted programs
- Emails and messages being sent without you prompting them
Attackers have many methods and techniques to disrupt and compromise users, networks and systems. Basic security practices such as regular user awareness training and patch management will place you in a far better position to create actionable steps to mitigate unwanted threats and make a real difference to your overall cyber security improvement programme.
Solving the problem of 'Fileless' Malware
Fileless malware is any malicious code that does not require using executable files on the endpoints's file system besides those that are already there.
Typically, this malware is injected into some running process and executes only in RAM making it difficult for traditional antivirus (AV) to prevent adversaries compromising endpoints because of the low footprint and the absence of files to scan.
SentinelOne's Next-Generation endpoint protection platform (EPP) is able to detect and block unknown malware - file AND memory based by looking at the behaviour of processes executing on the endpoint rather than only inspecting the files on the machine - once a malicious pattern is identified and scored, it triggers an immediate set of responses ending the attack before it begins.
› Certified AV replacement
The independent anti-virus research institute (AV-TEST) has awarded SentinelOne EPP the Approved Corporate Endpoint Protection certification for both Windows and OS X, which validates its effectiveness for detecting both advanced malware and blocking known threats - the only next generation endpoint protection vendor to obtain this certification on both platforms.
- How to create strong passwords you can remember
- Is ransomware the biggest threat to your IT security?
- Top 20 CIS Critical Security Controls (Part 1): What are they?
- Slow antivirus? Solving the problem of the weekly AV scan
- Pros and cons of outsourcing your cyber security: In-house of Managed SOC?
- The 8 Most common types of cyber attacks explained
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK's leading organisations.