Malware is the term used to describe "malicious software" and can be applied to a wide range of destructive applications. This article discusses the most common categories of malware and how they are used to exploit or destroy systems.
Types of Malware
- Viruses - We usually think of malware and viruses and being the same thing, but that's not the case. Rather, a virus is a single category of malware. Viruses infect files and spread by infecting other files (like a biological virus does). In most cases, viruses destroy data and corrupt files. Traditional viruses have little use in modern cybercrime and are one of the least common types of malware today - except in ransomware, which we'll discuss soon.
- Worms - A worm is similar to a virus, except that worms self-replicate and spread across networks. Worms can infect entire networks from a single file download or remote vulnerability exploit and can devastate business networks. Worms often use other exploits to spread through networks, quickly compromising targets on a large scale. Today, we often see worms (or worm-like actions) used in more advanced ransomware and banking attacks.
- Trojans - Trojans are pieces of software that appear to be legitimate, but in fact, hide other malware. Users are commonly tricked into downloading software, often via email, and executing the program which then infects their system. Trojans are often equipped with other spyware such as remote access tools, allowing for attackers to steal data or otherwise remotely access the victims computer. These are called Remote Access Trojans - or RATs.
- Ransomware - We discuss ransomware in another article at length, however ransomware has become it's own class of malware due to its use of multiple attacks methods as well as its prevalence. Ransomware often infects networks through file downloads, much like a Trojan, and usually spreads across networks like a worm would. Ransomware also acts like a virus, in that system files are modified/encrypted and rendered useless without the decryption key.
- Adware & Scareware - Adware is mostly a nuisance, but it can certainly affect business operations. Adware is software that displays advertising and other sales materials in your browser, as popups, or as applications. They are usually installed like any other malware or as browser plugins. Attackers also use this technique to trick users into believing their systems are hacked and that the only way to fix it is by purchasing more software (often with more malware) - this technique is called scareware.
- Spyware - Spyware is malware that attempts to steal your data or provide remote access to your networks. This is similar to the discussion about Trojans. Trojans often include spyware (e.g. remote access technologies) to increase their malicious usefulness. Spyware tools can include keyloggers, remote access tools, web scrapers, and much more.
Malware is simply computer software that has been designed with malicious intent. Like legitimate software, there are a variety of applications that are very similar in the marketplace. Further, there are different versions of legitimate software with varying features and capabilities. This also applies to malware and is what we call "variants."
This is one of the challenges with malware detection. It's not possible to get a single "signature" that identifies all malware, even malware within the same version or variant. Some modern malware can also rebuild itself, thereby giving itself a new signature and making detection extremely difficult. This is called polymorphic malware.
Identifying the specific variant of malware is often required to determine how to remove the infection and to determine the damage that could have been done. This is part of what forensic analysts do when cleaning up from malware attacks.
Preventing malware infections is not an easy task. In fact, even security professionals fall victim to malware on occasion. However there are things you can do to beat the odds of successful malware attacks affecting your network.
- Modern Anti-malware Software - Seek out and install modern malware software - not the one that came pre-installed with your computer or the free versions. For business, we recommend using software that incorporates "application white-listing" like CarbonBlack and Panda Adaptive Defense. We also recommend considering software that uses advanced AI and machine learning technologies, such as Cylance. (Note: There are other worthy vendors on the market.)
- Safe Downloading Practice - Only download software from known sources. Never download software from suspicious websites or emails from people you don't know. While this may seem like common sense, downloading malware from email is still one of the biggest attack vectors for malware infections.
- Keep Software Updated - Malware often uses out-of-date and vulnerable software to spread. It's important to keep your operating system, browsers, office tools, and other software updated.
- Don't Expose Risk Services - Do not leave services, such as Microsoft Remote Desktop or VNS exposed to the open internet. These services are scanned for continuously by attackers and used to infect networks.
Preventing malware is one of the toughest challenges in cybersecurity. Continue reading about ransomware to learn more about how to protect your business. As always, please reach out to us if you have any questions!