Malware, short for malicious software, is any unwanted software that is designed to disrupt, damage, or gain illegal access to computer systems and networks. Malware may take many different forms, such as viruses, worms, Trojans, ransomware, spyware, adware, and many other types.
Malware typically enters computer systems through malicious emails, attachments, downloads, links, and ads, often taking advantage of unpatched vulnerabilities and inadequate security defenses. We’ll discuss 19 different types of malware in-depth, including examples of cyber attacks that used them and the steps you need to take to protect against each, followed by some general malware protections for businesses and individuals. Below is a chart summarizing each malware type, with a link to a deeper discussion below.
If you’ve been hit by malware and are looking for help, see How to Remove Malware: Removal Steps for Windows & Mac.
|Downloads or displays advertisements to the user interface
|Install an antivirus solution, ad and popup blockers
|Remote access to the victim’s device
|Sony BMG, DoublePulsar, ShadowPad
|AV software, network security
|Bots and Botnets
|Infected device containing malicious software
|installing anti-malware software, using firewalls, keeping software up-to-date, using strong passwords
|AKA “hijackware,” noticeably changes the behavior of your web browser.
|Carefully installing new software and even new antivirus software
|Flaws in segments of code
|Y2K, but 20,000+ new bugs annually
|Consistent updates of your software
|Criminal operation that does not involve the collection of a ransom
|Because crimeware is an umbrella term for most malware types, examples are endless
|Using a combination of antivirus, anti-spyware, firewalls, and threat detection technology
|Resides in system memory or uses legitimate system tools after it tricks users into downloading an illegitimate document
|Frodo, Number of the Beast, and The Dark Avenger
|Install Endpoint Protection solution, look for unusual behavior
|Records all keys a user touches
|Strong password and use a network firewall and anti-malware solution
|Malicious Mobile Apps
|Steal user information, attempt to extort money from users, gain access to corporate networks, force users to view unwanted ads
|Shopping and Gaming Apps can contain adware and malicious redirection
|Avoid using third-party app stores and investigating apps before downloading
|Phishing and Social Engineering
|Email attack that attempts to trick users into divulging passwords, downloading an attachment, or visiting a website that installs malware
|Deceptive Phishing, Spear Phishing, Whaling, Vishing, Smishing, Pharming
|Deploy anti-spam and anti-malware solutions and train users
|Harvests data temporarily stored in a system’s memory
|Home Depot and Target data breaches
|Using hardened POS systems and separating payment-related systems from non-payment systems
|Prevents data access until the victim pays a ransom to the attacker – assuming ransomed keys work
|CryptoLocker, Locky, WannaCry, Hermes, GandCrab, Ryuk
|Antivirus and anti-malware software, train users, patch
|Rogue Security Software
|Presents itself as a fake security tool to remove a fake malware problem at a cost
|Black Hat SEO
|Use a firewall and anti-malware solution and be careful when clicking on links or attachments in email messages
|Allows attackers to have administrator-level access to systems without users’ knowledge
|Bootkit Rootkit, Firmware Rootkit, Kernel-Mode Rootkit, Virtual Rootkit, User-Mode Rootkit
|Anti-malware, firewall, log monitoring, keeping OS and other software up-to-date
|Unwanted email with potential fraud
|Multiple fake emails and fake responses from big companies
|Unsubscribe to unnecessary email subscriptions, don’t click
|Gathers information about someone without their knowledge or consent
|Pegasus, CoolWebSearch, Gator, Internet Optimizer, TIBS Dialer, Zlob
|Install anti-spyware software, monitoring tools
|Any malware that pretends to be something else but serves a malicious purpose
|ArcBomb, Backdoor, Banking, Clicker, DDoS, Downloader, Dropper, Exploit, FakeAV, Game thief, Instant messaging, Mailfinder, Notifier, Proxy, Password stealing, Ransom, Rootkit, SMS, Spy
|Caution when installing new software or clicking email links and attachments
|A specific type of malware that requires human activation
|Boot sector, Browser hijacker, Direct action, File, Macro, Multipartite, Polymorphic, Resident, Script
|Antivirus software, carefully inspect links
|Worms are similar to a virus but without human activation
|Email, Downloads, Instant Messaging, Internet, IRC, File Sharing/P2P, Networks
|Antivirus or anti-malware software, caution with links, downloads
Adware is a type of malware that downloads or displays advertisements to the user interface. Rather than stealing data, adware is more of an irritant, forcing users to see unwanted ads. Many users are familiar with adware in the form of unclosable browser pop-ups. Users sometimes unknowingly infect themselves with adware installed by default when they download and install other applications.
Risks of Adware Attacks
Adware not only shows unwanted advertisements but may also track user activity in great detail and create backdoors and other windows for future attacks. It can gather information about surfing behavior, search history, and even personal information. This data is frequently sold to advertisers, resulting in a loss of privacy and the possibility of targeted fraud.
How To Defend Against Adware
Install an antivirus solution that includes anti-adware capabilities. Enable ad blockers and disable pop-ups on your browsers, and pay close attention to the installation process when installing new software, making sure to un-select any boxes that will install additional software by default. And a somewhat different category: Be careful with online ads too, as malvertising campaigns have appeared in even the best known ad networks like Google. Adware is perhaps more of a mobile malware issue these days, but malvertising has been on the rise across the board. Regardless of trends, always be sure to only download from or visit known entities.
Real Examples of Adware Attacks
While there are hundreds of different types of adware, some of the most prevalent adware attacks include Fireball, Appearch, DollarRevenue, Gator, and DeskAd. These adware outbreaks frequently appear as a video, banner, full-screen, or other pop-up annoyance.
A backdoor is a trojan that offers an attacker remote access into the victim’s device. Most device or software manufacturers place backdoors in their products intentionally, so company personnel or law enforcement can use the backdoor to access the system if needed. However, in a bad actor’s hands, a backdoor can do anything the user does. Backdoors can also be installed by other types of malware, such as viruses or rootkits.
Risks of Backdoor Attacks
Backdoors can provide illegal access to networks and systems, allowing attackers to enter networks and systems invisibly. Cybercriminals can exploit them to maintain control, steal sensitive data, or launch long-term assaults undetected.
How To Defend Against Backdoors
Backdoors are among the most challenging types of threats to protect against. For businesses, experts say the best defense is a multi-pronged network security strategy that includes a firewall, anti-malware or EDR software, network monitoring, SIEM systems, intrusion detection and prevention (IDPS), and data protection. For individual users, the best defenses will be good antivirus software and timely updates, plus a properly configured home router.
Real Examples of Backdoor Attacks
Microsoft SQL Server experienced a major backdoor malware attack in late 2022. DoublePulsar, an NSA-developed malware implant, was leaked by Shadow Brokers in 2017 and infects Windows systems. ShadowPad, a sophisticated backdoor malware, was discovered in 2017 embedded in software products like CCleaner, providing remote access for attackers to steal sensitive data. It is associated with the threat group APT17 and has been involved in high-profile cyberattacks targeting intellectual property and financial information. Backdoors, intentional or not, have also been discovered by security researchers; a recent one was found in PowerShell.
Bots and Botnets
Bots are software performing automated tasks, making attacks known as “botnets” overwhelming for victims. In cybersecurity, a bot typically refers to an infected device containing malicious software. Without the user’s knowledge or permission, a bot can corrupt the device. Botnet attacks are targeted efforts by an army of bots, directed by their bot herder.
Risks of Botnet Attacks
Bots, particularly when organized into botnets, have the ability to execute orders on a vast scale. They are capable of launching distributed denial-of-service (DDoS) attacks, which overwhelm servers and render websites or services unreachable. Bots can also commit identity theft, credit card fraud, and other sorts of online crime.
How To Defend Against Botnets
Organizations can help prevent their computers from becoming part of a botnet by installing anti-malware or EDR software, using firewalls, keeping software up-to-date via patch management, and forcing users to use strong passwords. Network monitoring software can also help determine when a system has become part of a botnet, and botnet protection and DDoS solutions are essential for critically important systems. Always change the default passwords for any IoT devices you install before use.
Real Examples of Botnet Attacks
While botnets may be best known for their role in DDoS attacks, their growing sophistication in fraud and credential theft are possibly even more alarming. Meanwhile, botnets remain quite active in DDoS attacks, with Mirai perhaps the most frequently mentioned. Cybercriminals continue to evolve here too, witness the recent record DDoS attacks based on a widespread HTTP/2 protocol flaw.
A browser hijacker also called “hijackware,” noticeably changes the behavior of your web browser. This change could be sending you to a new search page, slow-loading, changing your homepage, installing unwanted toolbars, directing you to sites you did not intend to visit, and displaying unwanted ads. Attackers can make money off advertising fees, steal information from users, spy, or direct users to websites or apps that download more malware.
Risks of Browser Hijacker Attacks
Browser hijackers can not only reroute users but also change search results and introduce malicious advertisements. They can direct visitors to phishing sites, where personal information such as login passwords and financial information can be stolen, resulting in serious security breaches.
How To Defend Against Browser Hijacker
Be careful when installing new software and browser extensions on your system. Many browser hijackers piggyback on wanted software, much like adware does. Ensure you install and run anti-malware software on your system and maintain high-security settings for browser activity.
Because hijackware is related to your browser, therein lies the solution to exterminating a browser hijacker. If your antivirus software fails to notice a new strain, you can reinstall the browser. If that fails to work, clearing the contents of the device might be required. Follow browser security rankings from time to time; as of this writing, Firefox is well regarded.
Real Examples of Browser Hijacker Attacks
Ask Toolbar, Conduit, CoolWebSearch, Coupon Saver, GoSave, and RockTab are a few noteworthy browser hijackers. These browser hijackers often take the shape of an additional toolbar, and because they are frequently included in software downloads, consumers are often unaware of their potential danger.
Bugs are a generic term for flaws in segments of code. All software has bugs, and most go unnoticed or are mildly impactful to the user. Sometimes, however, a bug represents a severe security vulnerability, and using software with this type of bug can open your system up to attacks.
Risks of Bug Attacks
Attackers can use bugs to obtain unauthorized access to systems. Depending on the nature of the problem, it might cause system crashes, data theft and corruption, or alteration of vital files, posing serious threats to a system’s stability and security.
How To Defend Against Bugs
The best way to minimize potentially nasty bugs is consistent updates for your software. With vulnerabilities at the top of software vendors’ minds, they are usually quick to release patches to prevent user system damage. For organizations writing or configuring their code, it’s imperative to follow best practices for secure code and potentially seek third-party review. On the dev side, code security tools can also help.
Real Examples of Bug Attacks
The Y2K issue, also known as the Millennium Bug or Year 2000 Problem, was a significant computer bug-related concern due to its global scope, widespread fear, technological dependence, complex interconnected systems, massive preparations, and unprecedented media coverage. Fortunately that turned out to be a relatively benign issue, but there are more than 20,000 new vulnerabilities discovered every year. To stay on top of them, follow our frequent vulnerability reports, the best known of which is Microsoft’s Patch Tuesday updates on the second Tuesday of every month.
Some vendors use “crimeware” to refer to malware that is criminally executed and often financially benefits the attacker. Much like malware, it is an inclusive category that encompasses a wide variety of malicious software. Unlike ransomware, it might be a criminal operation that does not involve the collection of a ransom. As a term, crimeware encompasses much of the malware types listed in this article.
Risks of Crimeware Attacks
Crimeware is particularly developed for monetary gain. It contains a variety of infections, including banking trojans and credit card stealers. These threats are often aimed at financial institutions and users, resulting in financial losses, hacked accounts, and a loss of faith in online transactions.
How To Defend Against Crimeware
For businesses, best network security practices are essential, including using anti-malware, firewalls, intrusion prevention and detection (IPDS), network and log monitoring, data protection, security information and event management (SIEM), and threat intelligence.
For individuals, the usual best practices apply: good antivirus software, timely updates, good router security, and most of all, if you don’t know what it is, don’t click on it.
Real Examples of Crimeware Attacks
Because crimeware is an umbrella term for most malware types, the examples are endless. Some malware like keyloggers and backdoors come with the product design for later maintenance of the device. All crimeware programs are inherently malicious, and their successful activation is prosecutable.
Fileless malware, also known as non-malware or memory-resident malware, operates without relying on executable files on a victim’s system. It resides in the system’s memory or uses legitimate system tools, making it harder to detect and remove. It often exploits scripting languages, macros, or other programs, often delivered through malicious email attachments, compromised websites, or phishing attacks. Once executed, fileless malware can exploit vulnerabilities to execute malicious actions, such as stealing sensitive information or initiating unauthorized transactions.
Risks of Fileless Malware Attacks
Fileless malware operates in computer memory, avoiding detection by regular antivirus software. It leaves no traces on the file system, making analysis and removal difficult, allowing attackers to maintain persistent access and carry out covert operations.
How To Defend Against Fileless Malware
To reduce the risk of fileless malware infections, both users and organizations should follow the security best practices we’ve already discussed. Detection of fileless malware can be difficult. Enterprises should look for behavioral anomalies and other indicators of compromise such as abnormal code execution and lateral movement. These are good things to look for in threat hunting exercises too. The good news is that EDR and even consumer antivirus software are getting better at behavioral detection. The bad news is that fileless malware is difficult to remove; for Windows users, Autoruns and Process Explorer may help.
Real Examples of Fileless Attacks
Fileless malware assaults have been present for a while, but they became more common in 2017. Frodo, Number of the Beast, and The Dark Avenger were early examples of fileless malware. The Democratic National Committee hack and the Equifax breach are two recent high-profile fileless attacks. This is one area where hackers continue to evolve, witness reports last year that Windows Event Logs had become a source of fileless malware. The use of legitimate tools like PowerShell and Windows Event Logs for cyber attacks is also part of the growing tactics of Living off the Land (LOTL) attacks.
A keylogger is a software program that records all of the keys a user touches. This exposed data includes everything from emails and documents typed to passwords entered for authentication purposes. By obtaining sensitive authentication credentials, attackers can break into a victim’s network or user accounts.
Risks of Keylogger Attacks
Keyloggers discreetly record keystrokes, acquiring sensitive data such as passwords and credit card information, and can lead to identity theft or illegal access to critical systems.
How To Defend Against Keyloggers
Good password hygiene is one of the best ways to prevent access to keyloggers. Using strong passwords that you update regularly can go a long way towards keeping you safe. Firewalls and anti-malware solutions can help, but keyloggers are also a good argument in favor of using biometric authentication, or at least MFA that uses a second device for authentication.
Real Examples of Keylogger Attacks
Keylogging is often used by vendors and organizations working with sensitive information. Employers can enable a keylogger through hardware or software to detect any criminal or unethical behavior on company systems. For malicious keyloggers outside your organization, initial access to a device or user’s account would be necessary, typically through a malicious download.
A strain of keylogger malware dubbed LokiBot notably increased in 2020. CISA reported that LokiBot “employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.” Just this year, security researchers demonstrated how AI could be used to steal keystrokes.
Malicious Mobile Apps
In the sea of apps available today, not all of them are desirable, and the problem is even more acute with third-party app stores. While app store vendors try to prevent malicious apps from becoming available, some inevitably slip through, occasionally even through Apple’s App Store and the Google Play Store. Malicious mobile apps can steal user information, attempt to extort money from users, gain access to corporate networks, force users to view unwanted ads or engage in other undesirable activity types.
Risks of Malicious Mobile App Attacks
Malicious mobile apps can steal data or damage device operation. They frequently seek overly broad permissions, allowing them to access personal information, communications, or location data, jeopardizing user privacy.
How To Defend Against A Malicious Mobile App
User education is one of the most powerful tools for preventing malicious mobile apps. By avoiding third-party app stores and investigating app data before downloading, users can significantly mitigate this risk. Deploying mobile anti-malware and company-wide mobile security management is essential for large organizations. This is one place where paying for mobile antivirus software is absolutely worth the cost, and pay attention to reports of malicious apps to make sure you don’t have any installed on your devices.
Real Examples of Malicious Mobile Apps Attacks
Google Play Store was hit by a banking trojan earlier this year. Google has taken steps to make Play Store more secure, but all mobile users should still exercise caution, keep devices updated, and use a paid anti-malware solution; free versions typically offer little.
Learn more about mobile malware
Phishing and Social Engineering
Phishing and social engineering are a type of email attack that attempts to trick users into divulging passwords, downloading an attachment, or visiting a website that installs malware on their systems. More targeted efforts at specific users are known as spear phishing. Because the goal is to trick the user, attackers will research the victim to maximize trick potential, often using spoofing to make the email seem legitimate.
Risks of Phishing and Social Engineering Attacks
Phishing and social engineering are deceptive techniques that can trick victims into disclosing sensitive information or other undesirable outcomes. Attackers utilize psychological manipulation to trick users into revealing private data, leading to identity theft, unlawful access and other cybersecurity issues.
How To Defend Against Phishing and Social Engineering
Because phishing relies on social engineering — tricking users into doing something — employee training is one of the best defenses against these attacks. Users should deploy anti-spam and anti-malware solutions, and staff should know not to divulge personal and financial information or passwords in email messages. Training users to avoid downloading attachments or clicking website links in messages, even if they appear to come from a known source, is imperative given phishing attackers often pretend to be a company or person known to the victim. Email is also a common attack vector for ransomware.
Real Examples of Phishing and Social Engineering Attacks
|Most common type, using an email headline with a sense of urgency from a known contact. This attack blends legitimate links with malicious code, modifies brand logos, and evades detection with minimal content.
|Spear phishing targets specific users or organizations by exploring social media, recording out-of-office notifications, compromising API tokens, and housing malicious data in the cloud.
|Even more targeted than spear phishing, whaling targets chief executive officers of an organization by infiltrating the network, exposing the supply chain, and following up the malicious email with a phone call to give it legitimacy.
|Targeting victims over the phone, vishing is the use of Voice over Internet Protocol (VoIP), technical jargon, and ID spoofing to trick a caller into revealing sensitive information.
|Smishing also targets phone users, but this one comes in the form of malicious text messages. Smishing attacks often include triggering the download of a malicious app, linking to data-stealing forms, and faking tech support.
|Moving away from trying to trick users, pharming leverages cache poisoning against the DNS, using malicious email code to target the server and compromise web users’ URL requests.
RAM scraper malware, also known as Point-of-Sale (POS) malware, harvests data temporarily stored in a system’s memory, also known as random access memory (RAM). This type of malware targets POS systems like cash registers or vendor portals where an attacker can access unencrypted credit card numbers. While this sensitive payment data is only available for milliseconds before passing the encrypted numbers to back-end systems, attackers can still access millions of records.
Risks of RAM Scraper Attacks
RAM Scraper uses computer memory to retrieve sensitive information such as credit card numbers during transactions. Attackers obtain access to payment information by intercepting data in real-time, resulting in financial theft and hurting client trust.
How To Defend Against Ram Scraper Attacks
Organizations can help prevent RAM scraper attacks by using hardened POS systems and separating payment-related systems from non-payment systems. Usual precautions such as anti-malware software, firewalls, data encryption, and complying with any relevant standards or regulations for protecting customer data are a must.
Real Examples of RAM Scraper Attacks
Home Depot and Target were hit by RAM scraping techniques in two of the largest-ever data breaches in 2014. The Home Depot attack, discovered in September 2014, compromised over 50 million customer records, and the Target attack, discovered in December 2014, resulting in over 40 million. The attacks underscored the need for ongoing vigilance by both businesses and consumers.
Ransomware has quickly become one of the scariest and most prevalent types of malware. The most common malware variants encrypt a system or specific files, stopping any work from being done until the victim pays a ransom to the attacker — even though the decryption keys provided by attackers often don’t work. Other forms of ransomware threaten to publicize sensitive information within the encrypted or stolen data.
Risks of Ransomware Attacks
Ransomware encrypts files and demands money for decryption, frequently resulting in data loss and financial harm. “Double extortion” attacks carry the added risk of sensitive data exposure and reputational damage.
How To Defend Against Ransomware Attacks
Often organizations and users can mitigate ransomware attacks by having up-to-date, immutable, air-gapped data backups so they can simply wipe the system and reboot from an offline backup. Organizations should train users about the threat, patch their software as necessary, and follow all recommended security best practices.
Real Examples of Ransomware Attacks
The Colonial Pipeline attack that nearly shut down the Eastern U.S. was one of the most dramatic in recent years, but healthcare attacks have perhaps been even more concerning. The Clop ransomware group is one of the newest threats in a long line that includes CryptoLocker, Locky, WannaCry, Hermes, GandCrab, and Ryuk.
Read more about ransomware:
- Ransomware Protection: How to Prevent Ransomware Attacks
- How to Recover From a Ransomware Attack
- Best Ransomware Removal Tools
- Best Ransomware Removal and Recovery Services
- How to Decrypt Ransomware Files – And What to Do When That Fails
Rogue Security Software
Rogue security software is a form of ransomware or scareware. An attacker enabling this method tricks users into thinking their system or device is at risk. The malware program will present itself as a fake security tool to remove the problem at a cost. In actuality, the user pays and the artificial security software installs even more malware onto their systems.
Risks of Rogue Security Software Attacks
Rogue security software dupes users into paying for unneeded services and even giving away their payment info while receiving only further damage. While attempting to delete the fraudulent software, users may unintentionally install further malware, exacerbating the security concern.
How To Defend Against Rogue Security Software Attacks
As with many other malware forms, you can prevent most rogue security software from being installed on your system by using a firewall and anti-malware solution and by being careful when clicking on links or attachments in email messages. Also, organizations should educate users about the threat, as rogue security software attackers have become particularly good at social engineering.
Real Examples of Rogue Security Software Attacks
Some of the most common rogue security software attacks have come in spam campaigns and adware. However, a different infection vector for this malware is the technique known as Black Hat SEO. By following the most popular keywords on the internet through public records like Google Trends, attackers use malicious scripts to generate websites that appear legitimate.
Rootkits are one of the most insidious malware types because they allow attackers to have administrator-level access to systems without users’ knowledge. Once an attacker has root access, they can do almost anything with the system, including recording activity, changing system settings, accessing data, and mounting attacks on other systems.
Risks of Rootkit Attacks
Rootkits are frequently used in persistent, covert attacks. With admin-level control, rootkits have high-level system privileges while circumventing security safeguards, allowing attackers to maintain control over infected computers for lengthy periods of time and enabling a wide range of destructive behaviors, including data and credential theft.
How To Defend Against Rootkit Attacks
You can prevent most rootkit infections by installing appropriate security software (anti-malware, firewall, log monitoring) and keeping your operating system and other software up-to-date with patches. There are rootkit scanning and removal tools, but many of their capabilities can now be found in good EDR and antivirus tools. You should also be careful when installing any software on your system and when clicking on email attachments and links. If a rootkit infects your system, it can be nearly impossible to detect and remove; in many cases, you may have to wipe your hard drive and start over from scratch to get rid of it.
Real Examples of Rootkit Attacks
|A type of kernel-mode rootkit that infects boot functionality during computer startup, subverting the kernel upon powering on.
|Firmware’s persistent presence in the router, network card, hard drive, or BIOS makes detecting it difficult if used maliciously.
|This rootkit alters the very core of your system, the kernel. Resembling device drivers or loadable modules, these operate at the same security level as the OS, lending the appearance of credibility.
|Also known as a hypervisor, this rootkit hosts the target OS as a virtual machine (VM). It can forgo modifying the kernel and subvert the OS.
|This rootkit can alter security settings, allowing the attacker to replace executables and system libraries and modify interface behavior.
In IT security, spam is unwanted email. Usually, it includes unsolicited advertisements, but it can also contain attempted fraud, links or attachments that could install malware on your system. Many spam emails contain:
- Poor spelling and grammar
- An unusual sender address
- Unrealistic claims
- Links that look risky
However, AI tools and chatbots have made crafting email attacks easier, requiring even more caution on the part of end users.
Risks of Spam
These unwanted, bulk emails clutter inboxes by containing harmful links or schemes. Clicking on spam links can take you to phishing sites, malware downloads, or scams, all of which can compromise your personal and financial information.
How To Defend Against Spam
Most email solutions or services include anti-spam features, and major email services like Gmail have continually improved at spam detection. Using these capabilities is the best way to prevent spam from showing up on your systems. If your inbox contains thousands of unread emails and a dozen subscriptions no longer pertinent, do yourself a favor and unsubscribe. Businesses should also consider email security tools and other ways to make email more secure.
Real Examples of Spam
Spam might be one of the most universally understood forms of malware. As billions of people use email in their everyday lives, it makes sense that malicious actors try to sneak into your inbox. Some of the most common types of spam emails include fake responses, PayPal, returned mail, and social media, all of which are disguised as legitimate but contain malware.
Spyware is any type of software that gathers information about someone without their knowledge or consent. For example, website tracking cookies that monitor a user’s browsing history is considered a form of spyware. Other types of spyware might attempt to steal personal or corporate information. Government agencies and law enforcement often use spyware to investigate domestic suspects or international threat actors. It is challenging for the user to detect spyware symptoms, ranging from performance issues to unusual modem or router activity.
Risks of Spyware Attacks
Spyware secretly monitors user actions, gathering personal information, passwords, surfing patterns, location and more. As attackers get access to critical information without the user’s awareness, it can lead to identity theft, privacy breaches, and financial losses. In cases of political surveillance, spyware can endanger opponents of authoritarian regimes, as happened with the NSO Group’s Pegasus spyware in Apple iPhones.
How To Defend Spyware Attacks
Install anti-spyware software on your computer. Luckily, anti-spyware capabilities are included in most antivirus or anti-malware packages, but in the case of a sophisticated foe, spyware can still be difficult to detect. Using a firewall and caution when downloading software is a must. And finally, scanning for potential threats often can be a lifesaver. Amnesty International published a detailed article on detecting Pegasus spyware and released a forensics tool for mobile devices.
Real Examples of Spyware Attacks
Adware, trojans, keyloggers, and rootkits are common forms of spyware. CoolWebSearch, Gator, Internet Optimizer, TIBS Dialer, and Zlob are some of the most well-known spyware strains. CoolWebSearch, for example, utilizes browser flaws to redirect traffic to advertising, infect host files, and rewrite search engine results. In the case of the iPhone spyware exploit, Apple patched its devices, but the incident showed that nothing is safe from determined, sophisticated hackers.
In computer security, a trojan is any malware that pretends to be something else but serves a malicious purpose. For example, a trojan might appear to be a free game, but once installed, it might destroy your hard drive, steal data, install a backdoor, or take other harmful actions.
Risks of Trojan Attacks
A Trojan is often disguised as legitimate software, but once installed it enables unwanted access and control. Trojans can download additional malware, steal sensitive data, or provide attackers backdoor access to an infected machine, creating severe security threats.
How To Defend Against Trojan Attacks
Because trojans use social engineering for targeted attacks, educating users is imperative. Caution when installing new software or clicking email links and attachments is the name of the game. Organizations can defend against most trojans with security software such as anti-malware software and sufficient firewalls.
Real Examples of Trojan Attacks
|Short for “archive bomb”, this trojan is built to slow, freeze, or overwhelm a computer’s performance by using malcrafted archive headers, repeating data, and identical files in the archive
|See Backdoor above for reference. A remote user with control of your device can act as you, steal data, and corrupt files.
|Appearing as your bank, these trojans are built to steal your financial account information, exploiting your data and stealing your money.
|Trojans that are activated upon click. Victims are usually the recipient of adware, but can also be redirected to malicious websites.
|See Botnet above for reference. These trojans execute a DDoS attack on a target website.
|Trojans that can download or install updated versions of malware.
|Installs trojans to prevent detection of malware or install additional malware; increasingly harder to detect for antivirus software.
|Pertinent to our looks atBugs, exploit trojans target vulnerabilities in the code of application software.
|By simulating the appearance of an antivirus program, these trojans ask you to pay for the detection and removal of threats that don’t really exist.
|Game thief trojan
|These trojans target the login and user account data of online gamers.
|Instant messaging trojan
|By stealing your credentials for instant messaging services like native SMS apps, Skype, Facebook, WhatsApp, and more, attackers can capture your account data.
|Searching through your computer, this trojan harvests email addresses that it can use for additional malware.
|This trojan alerts attackers to when an infected device is online, thereby giving the attacker access to IP address, open port number, and other sensitive information.
|Often used for mass spam mailings, this trojan gives attackers access to the victim computer’s internet resources.
|Password stealing trojan
|Programs built to search systems files for username and password information.
|Like ransomware, this trojan encrypts your files or causes a noticeable change in your computer’s functionality. Restoration of performance or data comes at a price.
|See Rootkit for reference. This trojan aids in the hiding of malicious software, concealing its activities and prolonging the infection.
|These trojans target cellular devices, using their access to a device to send messages without regard for how much it might cost the device owner.
|Similar to Spyware, trojan spy software monitors your computer through keylogging, screenshots, and application authentication.
While some refer to malware and viruses interchangeably, a virus is a specific type of malware that requires human activation — a click on an attachment, image, link, or even a file you access every day. Often hidden, a click by someone could unknowingly boot up a virus. Viruses infect a device and then attempt to spread to other devices and systems.
Risks of Virus Attacks
As far as damage to the user goes, a virus can perform several undesirable commands. These include:
- Incorporating systems into a botnet
- Sending spam to contacts
- Stealing sensitive information
- Locking the system
- Deleting or damaging files and programs
How To Defend Virus Attacks
Any internet-enabled system in your network should have antivirus software installed and up-to-date. Deploying a firewall is essential, but also use care when clicking on email attachments or URL links. Inspecting website security by its SSL is imperative to avoid visiting unknown or untrusted websites.
Real Examples of Virus Attacks
|Method of Breach
|Boot sector virus
|Infects the boot sector of the Master Boot Record (MBR) of hard disks, activating every time you start your computer.
|Browser hijacker virus
|See Browser hijacker for reference; this virus takes control of browser settings and redirects traffic to malicious websites.
|Direct action virus
|Replicates and infects files of folders, most often .exe and .com files, activating when the file is accessed.
|Targets both files and the operating system (OS), this virus can reformat the hard drive and damage programs by amending existing code.
|Written into macro language like VBA, once an application is infected, the infection can spread when shared to other devices.
|Targets both the boot sector and the system’s programs, this speedy virus spreads by unauthorized activities.
|Difficult for anti-malware to detect, this virus is quick to change identifiable file traits or encryption keys, changing the appearance of the code.
|Conceals itself in the computer’s RAM, and can spread to any programs opened while infected.
|Through a vulnerability in the web browser — think malicious ads and links — this virus injects scripting into an organization’s web page to access sensitive information.
A worm is similar to a virus because it spreads itself, but a worm does not need an attacker’s permission for activation. Instead, it is a standalone piece of malware that extends within a system or network. Like viruses, it can cause just as much damage to the device.
Risks of Worm Attacks
Worms are self-replicating malware that spread over networks, wasting bandwidth, interfering with services, and swiftly infecting a large number of devices, potentially resulting in a loss of vital services.
How To Defend Worm Attacks
As with viruses, the best way to prevent worm infections is with antivirus or anti-malware software. And as always, users should only click on email links or attachments when confident of the contents.
Real Examples of Worm Attacks
|Email content (attachment or advertisement)
|Download files or FTP files
|Instant Messaging worm
|Mobile or desktop instant messaging programs
|Corrupted website’s HTML
|Internet relay chat channels and rooms
|File Sharing/P2P worm
|Person-to-person file-sharing network
|Carried in network packets or any shared access device, drive, or file in the network
Defending Against All Types of Malware
Defending against various types of malware necessitates a comprehensive strategy that includes proactive and reactive measures. Here are key approaches for safeguarding your systems and devices from malware.
Utilize Antivirus and Anti-Malware Software
Install trustworthy antivirus and anti-malware programs on each of your devices. Also, ensure these tools are regularly updated to identify and remove the latest threats.
Keep Software Updated
Keep your operating system, software, and applications up-to-date, as outdated software often contains vulnerabilities that malware exploits.
Train users to recognize common malware delivery methods, like phishing emails and dubious websites. Encourage caution when interacting with emails, files or links from unknown sources.
Use firewalls to block malicious inbound and outbound traffic. Regularly configure firewalls to limit unnecessary ports and services. For individual users, make sure your router is secure and properly configured, and activate firewalls on your router and/or laptop.
Enhance Email Security
Employ robust email security measures to filter out spam, phishing emails, and malicious attachments. Advise users to exercise caution with email attachments or links, especially from unfamiliar senders.
Secure Web Browsing
Utilize web security tools such as gateways to prevent access to malicious websites. In addition, educate users about the risks associated with visiting suspicious sites.
Strengthen Network Security
Segment your network to minimize lateral movement within your organization. Deploy intrusion detection and prevention systems to monitor network traffic for signs of malicious activity.
Consider using application whitelisting to permit only authorized software to run. This reduces the chance of unauthorized or malicious applications executing.
Adopt Least Privilege
Limit user and system privileges to the minimum required for their tasks, also known as zero trust. This minimizes the potential impact if a system or account is compromised.
Regular Data Backups
Create regular automated, immutable backups of crucial data. In the case of malware, clean backups enable restoration of systems and data.
Utilize Behavior Analysis
Employ security software utilizing behavior analysis to identify and block malware based on actions and characteristics, not just signatures.
Develop an Incident Response Plan
Establish and routinely test an incident response plan to react swiftly and efficiently to malware incidents. Isolate infected systems and take necessary actions to eliminate the malware.
Establish a patch management process to promptly apply security updates, as many malware attacks exploit unpatched vulnerabilities.
Ensure Mobile Device Security
Apply good security practices to mobile devices, such as smartphones and tablets, to guard against mobile malware. Employ mobile security solutions and remote device management tools.
Monitor and Use Threat Intelligence
Continuously monitor your network for signs of malicious activity. Stay updated on the latest malware threats and trends through reliable threat intelligence sources.
Bottom Line: Prepare For All Malware Types
To protect against malware, it’s crucial to have up-to-date antivirus and anti-malware solutions, and regularly update operating systems, software, and applications. Educate your team about common cybercriminal tactics and promote a security-conscious culture. Firewalls, web and email security tools, and advanced technologies like behavior analysis can help block unauthorized traffic and access. A robust data backup system is essential.
Establish a well-defined incident response plan, outlining steps for isolating systems, removing malware, and restoring data from backups. Regular testing ensures swift and effective response. Stay informed about emerging malware trends and adapt your cybersecurity strategy as threats evolve.
By fostering a security-conscious culture, implementing robust technical defenses, and having a well-rehearsed incident response plan, you can significantly enhance your organization’s resilience against malware threats.
This updates a February 2021 article by Sam Ingalls
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.