What is Malware? The Complete Guide to Malware
You’re probably most familiar with malware from its regular appearances in the news, typically in relation to big organisations falling victim to it. Just this year, Europe’s largest forensic provider, Eurofins, paid an undisclosed fee to access their system following a malware attack.
But do you really know what malware is? Join us as we dig into what malware is, the types of malware, how to spot malware and how to prevent malware on your home or work network.
What is Malware?
Malware (a contraction of malicious software) is a term used to describe any kind of software that does unwanted things on your computer or device.
These nasties can include slowing your CPU, performing tasks of their own or locking your computer down and demanding a ransom. Some are also capable of tracking your activities and stealing your sensitive data, such as passwords and files.
What are the Types of Malware?
Some variations of malware are:
Computer viruses, like their biological namesake, are able to self replicate and infect multiple devices without intervention.
Viruses can do this in a number of ways, like attaching themselves to files and applications. Viruses are also capable of damaging computers by committing certain actions and can be used to steal information, create botnets (see below), display ads, and more.
Worms are a particularly common form of malware that spread via vulnerabilities in operating systems. The most common way that a worm does its damage is by overloading web servers and using up bandwidth.
They are also capable of carrying ‘payloads’, which are bits of code included to commit certain actions, such as creating botnets, stealing data or deleting files.
Worms are quite similar to viruses. However, there are a number of differences. The main distinguishing factor is that while viruses require user action to spread (running a program, opening a file, using a USB stick), worms often spread by mass-mailing themselves to contacts or similar.
Ransomware has seen plenty of exposure in recent years, owing largely to the massive ‘Wannacry’ attack. This type of malware can literally hold a device and its contents hostage while demanding a ransom for the release of your data.
Ransomware does this by encrypting a hard drive and displaying a message demanding the user pays a ransom to unlock the device. Ransomware often spreads just like worms, usually arriving in the form of a network vulnerability or downloaded file.
As the name suggests, this form of malware is designed to display unwanted advertisements, this includes pop-up ads and ads shown in software.
Many free or compromised versions of software come bundled with adware, as it is used to generate revenue for advertisers. Often, adware is backed up by spyware (see below) or other malware to track your activities and steal your data, making it more dangerous than it might seem.
This is malware that secretly monitors, records and sends your activities to a server or malicious attacker.
The types of information typically gathered by spyware include websites visited, system information, location and login credentials. Sometimes spyware has the capability to modify network, system and application security settings too.
Perhaps the most common types of spyware are keyloggers. They can infect a device and track your keyboard activity, sending copies of your usernames, passwords, bank details and more to criminals. For more, read our complete guide to keyloggers.
Browser jacking malware is closely related to adware. It modifies your browser, ads toolbars, search engine & homepages and can add desktop shortcuts.
This malware can also redirect you to malicious sites and download adware and spyware.
A rootkit is designed to remotely control or access a computer without the user’s knowledge. Once a rootkit is installed, its malicious owner can execute software, steal data, modify the system or change software (including any software that might have been able to detect the malware). In short, rootkit malware gives somebody else complete control.
This level of secrecy means you may not be able to find or remove a rootkit using typical security software. Consequently, detection and removal rely on manual methods such as monitoring for irregular behaviour.
Trojan malware gets its name from the Greek tale of the Trojan horse. Trojans are programs that are disguised as legitimate files or software in an attempt to trick users into downloading malware.
Once a Trojan is installed, it enables a malicious party to remotely control the device. When the attacker has access to an infected computer, they are able to monitor user activity, change files and settings, steal data or install more malware.
Bots are generally created to perform non-malicious tasks automatically. However, they are increasingly being used for more malicious purposes. Specifically, bots are being deployed in botnets, as spambots, web spiders scraping server data, and distributing malware on download sites.
Bots are the reason CAPTCHA tests exist, as they cannot usually pass this test without human input.
How to Spot Malware
Your first port of call in spotting malware should be your antivirus software. Running an up-to-date version of an antivirus scanner on a regular basis is vital in finding malware.
However, malware can appear between these scans, and can even evade them, so keep an eye out for the following symptoms:
- Files changing, moving, or being deleted
- Slow computer or network speeds
- Increased system resource usage
- Programs running, turning off or reconfiguring themselves (malware particularly likes to reconfigure antivirus software and firewalls)
- Strange files or programs appearing
- Messages or emails being sent automatically without you sending them
- Any other strange behaviour you do not expect to see from your device
How to Prevent Malware
Again, the simplest way to deal with malware is usually through your up-to-date antivirus software.
Ensure you have a comprehensive tool that can detect, quarantine and remove many types of malware, and is able to deal with viruses, adware, spyware, trojans and worms.
In addition to antivirus software, you should also ensure your firewall and your operating system are kept up to date, with all updates and patches installed.
Whilst technological solutions are important, they only go part of the way to protecting a business or individual against malware attacks.
Regular engagement with cyber security courses can help you and your workforce to identify and mitigate the threats of malware to your system, and should be considered an essential part of the modern working environment.
Here are some of Bob’s Top Tips:
- Don’t engage with emails from unknown sources
- Be careful with physical media; don’t plug in flash drives or discs from unknown sources
- Only download software and open attachments from trustworthy and reputable sources
- Don’t open attachments from personal emails on work computers as you are creating a potential security threat for your organisation
- Don’t just ignore emails you suspect to contain viruses, always contact your IT department as they can then inform the rest of your organisation
- Keep your operating system, antivirus software and browser up to date
- If a link or email looks dodgy, don’t click it!