The Ultimate Guide to Understanding Malware – Everything You Need to Know
August 22, 2023
Malware is one of the biggest threats to your computer, tablet or mobile device. It includes everything from traditional viruses and worms to Trojan horses, ransomware, spyware and more.
Like the flu, malware can damage or corrupt devices, systems and files. It can steal or encrypt data, alter or hijack core computer functions and monitor end users’ activity without their knowledge.
The first thing that comes to mind when you hear the word malware is danger. But what is malware? And how it can affect your computer.
Malware is any software purposefully created to disrupt a computer, server, client, or computer network, leak confidential information, gain unauthorized access to data or systems, prevent access to data, or inadvertently compromise a user’s privacy and security online.
Ransomware is malware that encrypts a victim’s files and displays a message asking the user to pay a ransom to unlock the data.
This attack often uses human, system, network, and software vulnerabilities to infect a computer, printer, mobile device, point-of-sale (POS) terminal, or other endpoint.
Cybercriminals often use ransomware to target organizations with large amounts of sensitive information, such as businesses that store financial records, healthcare institutions, schools, and government agencies.
However, attackers also target individual computers, including small and medium-sized enterprises (SMEs). Ransomware attacks are most frequent in affluent countries and regions due to higher wealth and personal computer adoption rates.
After infecting a target, ransomware operators typically focus on gaining access to other systems and domains (called lateral movement). This allows them to identify more valuable information, such as login credentials, customer personal information, or intellectual property, and exfiltrate it.
While cybercriminals have developed many ransomware variants, most of them operate in similar ways. Attackers will usually distribute the malicious code via email in a phishing scam or by using an exploit kit to gain initial access to a network.
Once the ransomware is installed, it will search for vulnerable endpoints and infect them with the appropriate payload, which may include Trojans or spyware, to gather additional information.
When we think of viruses, we usually picture them as harmful software programs that can damage or even destroy a computer. Some viruses may encrypt or delete files, others crash the system entirely, and others steal your data from your computer.
Some viruses spread from computer to computer by attaching themselves to other files, while others use spam emails with viral attachments to apply. Like the flu virus, most computer viruses are tiny organisms composed of a protein shell with genetic material inside.
A virus must invade a host cell (such as bacteria, animal or human) to reproduce. Once a virus enters a host, it takes over the cell’s machinery and forces it to make more viruses.
Most computer viruses infect other files by attaching themselves to system files, such as the ones that manage the hard drive’s read/write operations. Once the viruses are in place, they replicate and mutate into more malicious versions of themselves.
Computer viruses that mutate are called polymorphic viruses. Polymorphic viruses can change their coding to avoid detection by antivirus and other security products that rely on signature-based detection.
Viruses get their name from the way they replicate and infect other files. Unlike worms, which spread through unprotected networks by copying themselves on disks and drives, most viruses require user action (such as downloading a file from the internet or opening an email attachment) to transmit from one machine to another.
Trojans are malware programs that infiltrate computers and steal data, like the giant wooden horse of ancient Greek mythology. They also hide additional malware, which can, in turn, damage a device. They get their name from the tale of Odysseus and the city of Troy.
In the legend, the enemies of Troy built a huge wooden horse that they pretended to present to the inhabitants of Troy as a gift. Inside the horse hid a legion of soldiers who climbed out and demolished the city.
The first Trojan program was created in 1974 by John Walker (not the Marvel character) with a game called ANIMAL. It appeared to be a simple twenty questions game, but behind the scenes, it copied itself into shared directories of computers so that it could spread quickly through computer networks.
It was considered the first Trojan because it fits the definition of a Trojan program: software that appears to do one thing but performs another malicious function. Today, Trojans can be downloaded from websites or in attachments to emails.
They can also “piggyback” on supposedly free programs such as codec packs or cracked versions of programs. They can monitor your keystrokes, install additional malware, and even slow down a device.
The best way to protect your computer from Trojans is to avoid using dubious sources for downloads and think before you click on an email attachment.
Spyware is like a virtual stalker collecting your personal information, often without knowing it. It’s also one of the most dangerous types of malware.
Spyware secretly monitors your device’s activities, recording text you type, apps you use, sites visited and docs downloaded. It can also access a device’s mic and camera to listen and watch you surreptitiously.
Its goal is to steal and relay data — such as your internet surfing habits, login info and financial credentials — to a cyber criminal for illicit profit or gain. Spying software can be distributed in various ways, including so-called watering hole attacks that exploit popular websites’ vulnerabilities.
For example, a 2013 attack on PhoneDevSDK, a website for iOS developers, included code that redirected visitors to a site hosting spyware.
Other methods involve hiding malicious code inside free software made to appear helpful or in an email attachment disguised as coming from a trustworthy source.
Symptoms of spyware infection can range from annoying pop-ups to degraded system performance. It can eat up CPU capacity, disk usage and network traffic and cause applications to freeze or devices to crash.
Eventually, it can make your computer unusable and leave you limited options. Spyware can collect a wide array of personal information, from your email passwords and credit card details to your online activity and physical location.
It can also disrupt a device’s functionality by installing additional software, rerouting the browser homepage and pushing pop-up ads.