Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. At its core, malware exploits existing network, device, or user vulnerabilities, posing as little a risk as annoying advertisements to the much more damaging demand for millions of dollars in ransom.
This article dives into the lexicon of malware, offering descriptions, protections, and examples of each.
Best Practices to Defend Against Malware
As you browse the myriad of malicious software featured in this article, we offer tips for how best to defend against each type. In general, here are some of the most frequent best practices to protect against malware:
- Update all network, application, and device software promptly
- When alerted to potential vulnerabilities, patch promptly
- Boost your organization’s IT literacy with ongoing cybersecurity training so they recognize the threats posed by malware attacks
- Architect a premium network security model like SASE that encompasses SD-WAN, CASB, secure web gateways, ZTNA, FWaaS, and microsegmentation
- Consider anti-malware solutions that can aid your existing infrastructure
- Understand malware is a reality; prepare for the worst, and plan your response to a malware attack
Here are some common and not so common malware threats and how to defend against them.
Adware, also known as malvertising, is a type of malware that downloads or displays advertisements to the user interface. Rather than stealing data, adware is more of an irritant forcing users to see unwanted ads. Most users are familiar with adware in the form of unclosable browser pop-ups. Users sometimes unknowingly infect themselves with adware installed by default when they download and install other applications.
How to Defend Against Adware
Install an antivirus solution that includes anti-adware capabilities. Disable pop-ups on your browsers, and pay attention to the installation process when installing new software, making sure to un-select any boxes that will install additional software by default.
Examples of Adware Malware Attacks
While there are hundreds of adware versions, some of the most common examples include Fireball, Appearch, DollarRevenue, Gator, and DeskAd. These adware strains often present themselves as a video, banner, full screen, or otherwise pop-up nuisance.
A backdoor is a trojan that offers an attacker remote access into the victim’s device. Most device or software manufacturers place backdoors in their products intentionally and for a good reason. If needed, company personnel or law enforcement can use the backdoor to access the system when needed. However, in a bad actor’s hands, a backdoor can do anything the user does. Backdoors can also be installed by other types of malware, such as viruses or rootkits.
How to Defend Against a Backdoor
Backdoors are among the most challenging types of threats to protect against. Experts say the best defense is a multi-pronged network security strategy that includes a firewall, anti-malware software, network monitoring, intrusion detection and prevention (IDPS), and data protection.
Examples of Backdoor Malware Attacks
Because backdoors are often intentionally built into products, the number of instances they’ve been used maliciously is numerous. In 2005, Sony BMG delivered millions of CDs with a rootkit that monitored listening habits and unintentionally left a backdoor to the device for cybercriminals. In 2017, more than 300,000 WordPress websites were affected by a malicious plugin that allowed an attacker to place embedded hidden links on victim websites.
Bots and Botnets
Bots are software performing automated tasks, making attacks known as “botnets” deadly for victims. In cybersecurity, a bot typically refers to an infected device containing malicious software. Without the user’s knowledge or permission, a bot can corrupt the device. Botnet attacks are targeted efforts by an army of bots, directed by their bot herder.
How to Defend Against Botnets
Organizations can help prevent their computers from becoming part of a botnet by installing anti-malware software, using firewalls, keeping software up-to-date, and forcing users to use strong passwords. Network monitoring software can also help determine when a system has become part of a botnet. Always change the default passwords for any IoT devices you install before extended use.
Examples of Botnet Malware Attacks
Attackers often use botnets to send out spam or phishing campaigns to carry out distributed denial of service (DDoS) attacks. However, a growing number of botnet attacks are used against IoT devices and their connected networks. Additional features of botnets include spam, ad and click fraud, and spyware.
In 2008, the Kraken botnet with 495,000 bots infected 10% of the Fortune 500 companies. This instance of a botnet attack was also the first where malware went undetected by anti-malware software. In 2016, the Mirai botnet attack left most of the eastern U.S. with no internet. With over 600,000 devices, this botnet exposed just how vulnerable IoT devices could be and led to the IoT Cybersecurity Improvement Act of 2020.
A browser hijacker also called “hijackware,” noticeably changes the behavior of your web browser. This change could be sending you to a new search page, slow-loading, changing your homepage, installing unwanted toolbars, directing you to sites you did not intend to visit, and displaying unwanted ads. Attackers can make money off advertising fees, steal information from users, spy, or direct users to websites or apps that download more malware.
How to Defend Against a Browser Hijacker
Be careful when installing new software on your system. Many browser hijackers piggyback on wanted software, much like adware does. Ensure you install and run anti-malware software on your system and maintain high-security settings for browser activity.
Because hijackware is related to your browser, therein lies the solution to exterminating a browser hijacker. If your antivirus software fails to notice a new strain, you can reinstall the browser. If that fails to work, clearing the contents of the device might be required.
Examples of Browser Hijacker Malware Attacks
A handful of notable browser hijackers are Ask Toolbar, Conduit, CoolWebSearch, Coupon Saver, GoSave, and RockTab. These browser hijackers typically come in the form of an added toolbar, and because it’s often included in the software download, users rarely recognize it’s potential harm.
Bugs are a generic term for flaws in segments of code. All software has bugs, and most go unnoticed or are mildly impactful to the user. Sometimes, however, a bug represents a severe security vulnerability, and using software with this type of bug can open your system up to attacks.
How to Defend Against Bugs
The best way to minimize potentially nasty bugs is consistent updates for your software. With vulnerabilities at the top of software vendors’ minds, they are quick to release patches to prevent user systems damage. For organizations writing or configuring their code, it’s imperative to follow best practices for secure code and potentially seek third-party review.
Examples of Bug Malware Attacks
Because bugs are often the root vulnerability that enables malware, almost every attack has something to do with a bug-related exposure.
Some vendors use “crimeware” to refer to malware that is criminally executed and often financially benefits the attacker. Much like malware, it is an inclusive category that encompasses a wide variety of malicious software. Unlike ransomware, it might be a criminal operation that does not involve the collection of a ransom. As a term, crimeware encompasses much of the malware types listed in this article.
How to Defend Against Crimeware
Best network security practices are essential, including using anti-malware, firewalls, intrusion prevention and detection (IPDS), network and log monitoring, data protection, security information and event management (SIEM), and threat intelligence.
Examples of Crimeware Malware Attacks
Because crimeware is an umbrella term for most malware types, the examples are endless. Some malware technologies like keyloggers and backdoors come with the product design for later maintenance of the device. All crimeware programs are inherently malicious, and their successful activation is prosecutable.
A keylogger is a software program that records all of the keys a user touches. This exposed data includes everything from emails and documents typed to passwords entered for authentication purposes. By obtaining sensitive authentication access, attackers can break into the vendor network or user account.
How to Defend Against a Keylogger
Good password hygiene is one of the best ways to prevent access to keyloggers. Using strong passwords that you update regularly can go a long way towards keeping you safe. You should also use a network firewall and an anti-malware solution.
Examples of Keylogger Malware Attacks
Keylogging is legal and widely enforced by vendors working with sensitive information. Employers can enable a keylogger through hardware or software to detect any criminal or unethical behavior on company systems. For malicious keyloggers outside your organization, initial access to a device or user’s account would be necessary.
A strain of keylogger malware dubbed LokiBot notably increased in 2020. CISA reported that LokiBot “employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.”
Malicious Mobile Apps
In the sea of apps available today, not all of them are desirable, and the problem is even more acute with third-party app stores. While app store vendors try to prevent malicious apps from becoming available, some inevitably slip through. These apps can steal user information, attempt to extort money from users, gain access to corporate networks, force users to view unwanted ads, or engage in other undesirable activity types.
How to Defend Against a Malicious Mobile App
User education is one of the most powerful tools for preventing malicious mobile apps. By avoiding third-party app stores and investigating app data before downloading, users can significantly mitigate this risk. Deploying mobile anti-malware and a company-wide mobile security plan is essential for large organizations.
Examples of Malicious Mobile App Malware Attacks
During the 2019 holiday season, the Barracuda research team analyzed 4,200 Android apps related to shopping, Santa, and games. Of these, 165 apps had excessive permission requests, 35 contained adware, and 7 exhibited evident malicious redirecting. While this case study is just a snapshot, vigilance in the app store is required.
Also Read: Types of Mobile Malware & Solutions
Phishing and Social Engineering
Phishing and social engineering are a type of email attack that attempts to trick users into divulging passwords, downloading an attachment or visiting a website that installs malware on their systems. More targeted efforts at specific users or organizations are known as spear phishing. Because the goal is to trick the user, attackers will research the victim to maximize trick potential, often using spoofing to make the email seem legit.
How to Defend Against Phishing
Because phishing relies on social engineering — tricking users into doing something — employee training is one of the best defenses against these attacks. Users should deploy anti-spam and anti-malware solutions, and staff should know not to divulge personal information or passwords in email messages. Training about downloading attachments or clicking website links in messages, even if they appear to come from a known source, is imperative given phishing attackers often pretend to be a company or person known to the victim. Email is also usually how ransomware works.
Examples of Phishing Malware Attacks
|Deceptive Phishing||Most common type, using an email headline with a sense of urgency from a known contact. This attack blends legitimate links with malicious code, modifies brand logos, and evades detection with minimal content.|
|Spear Phishing||As noted, spear phishing targets specific users or organizations by exploring social media, recording out-of-office notifications, compromising API tokens, and housing malicious data in the cloud.|
|Whaling||Even more targeted than spear phishing, whaling targets chief officers of an organization by infiltrating the network, exposing the supply chain, and following up the malicious email with a phone call to give it legitimacy.|
|Vishing||Targeting victims over the phone, vishing is the use of Voice over Internet Protocol (VoIP), technical jargon, and ID spoofing to trick a caller into revealing sensitive information.|
|Smishing||Smishing also targets phone users, but this one comes in the form of malicious text messages. Smishing attacks often include triggering the download of a malicious app, link to data-stealing forms, and faux tech support.|
|Pharming||Moving away from trying to trick users, pharming leverages cache poisoning against the DNS, using malicious email code to target the server and compromise web users’ URL requests.|
RAM scraper malware, also known as Point-of-Sale (POS) malware, harvests data temporarily stored in a system’s memory, also known as random access memory (RAM). This type of malware targets POS systems like cash registers or vendor portals where an attacker can access unencrypted credit card numbers. While this sensitive payment data is only available for milliseconds before passing the encrypted numbers to back-end systems, attackers can still access millions of records.
How to Defend Against a RAM Scraper
Organizations can help prevent RAM scraper attacks by using hardened POS systems and separating payment-related systems from non-payment systems. Usual precautions such as anti-malware software, firewalls, data encryption, and complying with any relevant standards or regulations for protecting customer data are a must.
Examples of RAM Scraper Malware Attacks
Since 2008, RAM scraping has been a boon for retailers. A handful of years later, the now-infamous spyware dubbed BlackPOS led to the compromise of 40 million Target customers and 56 million Home Depot customers. Heading into the 2020s, a few notable RAM scraping malware families are FrameworkPOS, PoSeidon/FindStr, FighterPOS, and Cabanak/Anunak.
In recent years, ransomware has quickly become one of the most prevalent types of malware. The most common malware variants encrypt a system or specific files, pausing any work from being done until the victim pays a ransom to the attacker. Other forms of ransomware threaten to publicize sensitive information within the encrypted data.
How to Defend Against Ransomware
Often organizations can mitigate ransomware attacks by having up-to-date backups. If their files become locked, they can simply wipe the system and reboot from an offline backup. Organizations should train users about the threat, patch their software as necessary and install all the usual security solutions. Some instances of ransomware appear so dire that many organizations and individuals resort to paying the ransom.
Examples of Ransomware Malware Attacks
With vendors and organizations increasingly moving online, more data is at risk of exposure. Attackers know this and often take advantage of small to mid-sized organizations with weaker network security, requesting an amount they know the organization can afford. Notable examples from the 2010s included CryptoLocker, Locky, WannaCry, Hermes, GandCrab, and Ryuk.
Rogue Security Software
Rogue security software is a form of ransomware or scareware. An attacker enabling this method tricks users into thinking their system or device is at risk. The malware program will present itself as a fake security tool to remove the problem at a cost. In actuality, the user pays up and the artificial security software installs more malware onto their systems.
How to Defend Against Rogue Security Software
As with most other malware forms, you can prevent most rogue security software from being installed on your system by using a firewall and anti-malware solution and by being careful when clicking on links or attachments in email messages. Also, organizations should educate users about the threat as rogue security software attackers have become particularly good at social engineering.
Examples of Rogue Security Software Malware Attacks
Some of the most common rogue security software attacks have come in spam campaigns and adware. However, a different infection vector for this malware is the technique known as Black Hat SEO. By following the most popular keywords on the internet through public records like Google Trends, attackers use malicious scripts to generate websites that appear legitimate.
Also Read: Holiday Twitter Topics Concealing Malware
Rootkits are one of the most insidious malware types because they allow attackers to have administrator-level access to systems without the users’ knowledge. Once an attacker has root access to a network, they can do almost anything with the system, including recording activity, changing system settings, accessing data, and mounting attacks on other systems.
How to Defend Against a Rootkit
You can prevent most rootkit infections by installing appropriate security software (anti-malware, firewall, log monitoring) and keeping your operating system and other software up-to-date with patches. You should be careful when installing any software on your system and when clicking email attachments or links. If a rootkit infects your system, it can be nearly impossible to detect and remove; in many cases, you may have to wipe your hard drive and start over from scratch to get rid of it.
Examples of Rootkit Malware Attacks
|Bootkit rootkit||A type of kernel-mode rootkit infecting boot functionality during computer startup, subverting the kernel upon powering on.|
|Firmware rootkit||Firmware is often used by organizations, however, their persistent presence in the router, network card, hard drive, or BIOS makes detecting it difficult if used maliciously.|
|Kernel-mode rootkit||This rootkit alters the very core of your system, the kernel. Resembling device drivers or loadable modules, they operate at the same security level as the OS, giving the appearance of credibility.|
|Virtual rootkit||Also known as a hypervisor, this rootkit hosts the target OS as a virtual machine (VM). It can forgo modifying the kernel and subvert the OS.|
|User-mode rootkit||This rootkit can alter security settings, allowing the attacker to replace executables and system libraries and modify interface behavior.|
In IT security, spam is unwanted email. Usually, it includes unsolicited advertisements, but it can also have attempted fraud or links or attachments that would install malware on your system. Most spam emails contain:
- Poor spelling and grammar
- An unusual sender address
- Unrealistic claims
- Links that look mighty risky
How to Defend Against Spam
Most email solutions or services include anti-spam features. Using these capabilities is the best way to prevent spam from showing up on your systems. If your inbox contains thousands of unread emails and a dozen subscriptions no longer pertinent, do yourself a favor and unsubscribe.
Examples of Spam Malware Attacks
Spam might be one of the most universally understood forms of malware. As billions of users enable email for their everyday lives, it makes sense that malicious actors try to sneak into your inbox. Some of the most common types of spam emails include fake responses, PayPal, returned mail, and social media. All of which are disguised as legitimate but contain malware.
Also Read: American Airlines Delivers Malware
Spyware is any type of software that gathers information about someone without their knowledge or consent. For example, website tracking cookies that monitor a user’s browsing history is considered a form of spyware. Other types of spyware might attempt to steal personal or corporate information. Government agencies and law enforcement often use spyware to investigate domestic suspects or international threat actors. It is challenging for the user to detect spyware symptoms ranging from performance issues to unusual modem activity.
How to Defend Against Spyware
Install anti-spyware software on your computer. Luckily, anti-spyware capabilities are included in most antivirus or anti-malware packages nowadays. Using a firewall and caution when downloading software is a must. And finally, scanning for potential threats at least once a week can be a lifesaver.
Examples of Spyware Malware Attacks
Spyware often comes in the form of adware, trojans, keyloggers, and rootkits. Some of the best-known spyware strains include CoolWebSearch, Gator, Internet Optimizer, TIBS Dialer, and Zlob. For example, CoolWebSearch uses Internet Explorer vulnerabilities to direct traffic to advertisements, infect host files, and rewrite search engine results.
In computer security, a trojan is any malware that pretends to be something else but serves a malicious purpose. For example, a trojan might appear to be a free game, but once installed, it might destroy your hard drive, steal data, install a backdoor, or take other harmful actions.
How To Defend Against a Trojan
Because trojans use social engineering for targeted attacks, educating users is imperative. Caution when installing new software or clicking email links and attachments is the name of the game. Organizations can defend against most trojans with security software such as anti-malware software and sufficient firewalls.
Examples of Trojan Malware Attacks
|ArcBomb trojan||Short for “archive bomb”, this trojan is built to slow, freeze, or overwhelm the computer’s performance by using malcrafted archive headers, repeating data, and identical files in the archive|
|Backdoor trojan||See Backdoor for reference. A remote user with control of your device can act as you, steal data, and corrupt files.|
|Banking trojan||Appearing as your bank, these trojans are built to steal your financial account information, exploiting your data and using your money.|
|Clicker trojan||Trojans that are activated upon click. Victims are usually the recipient of adware, but can also be redirected to malicious websites.|
|DDoS trojan||See DDoS for reference. These trojans execute a DDoS attack on a target website.|
|Downloader trojan||Trojans that can download or install updated versions of malware.|
|Dropper trojan||Installs trojans to prevent detection of malware or install additional malware; increasingly harder to detect for antivirus software.|
|Exploit trojan||Pertinent to our looks at bugs, exploit trojans target vulnerabilities in the code of application software.|
|FakeAV trojan||By simulating the appearance of an antivirus program, these trojans ask you to pay for the detection and removal of threats that don’t really exist.|
|Game thief trojan||These trojans target the login and user account data of online gamers.|
|Instant messaging trojan||By stealing your credentials for instant messaging services like native SMS apps, Skype, Facebook, WhatsApp, and more, attackers can capture your account’s data.|
|Mailfinder trojan||Searching through your computer, this trojan harvests email addresses that it can use for additional malware.|
|Notifier trojan||This trojan alerts attackers to when an infected device is online, therefore giving the attacker access to IP address, open port number, and other sensitive information.|
|Proxy trojan||Often used for mass spam mailings, this trojan gives attackers access to the victim computer’s internet resources.|
|Password stealing trojan||Programs built to search systems files for username and password information.|
|Ransom trojan||Like ransomware, this trojan encrypts your files or causes a noticeable change in your computer’s functionality. Restoration of performance or data comes at a price.|
|Rootkit trojan||See Rootkit for reference. This trojan aids in the hiding of malicious software, concealing its activities and prolonging the infection.|
|SMS trojan||These trojans target cellular devices, using their access to a device to send messages without regard for how much it might cost the device owner.|
|Spy trojan||Similar to spyware, trojan spy software monitors your computer through keylogging, screenshots, and application authentication.|
While some refer to malware and viruses interchangeably, a virus is a specific type of malware that requires human activation — a click on an attachment, image, link, or even a file you access every day. Often hidden, a click by staff could unknowingly boot up a virus.
Viruses infect a device and then attempt to spread to other devices and systems. As far as damage to the user goes, a virus can perform several undesirable commands. These include:
- Incorporating systems into a botnet
- Sending spam to contacts
- Stealing sensitive information
- Locking the system
- Missing files and programs
How to Defend Against a Virus
Any internet-enabled system in your network should have antivirus software installed and up-to-date. Deploying a firewall is essential, but use care when clicking on email attachments or URL links. Inspecting website security by its SSL is imperative to avoid visiting unknown or untrusted websites.
Major antivirus software vendors include Avast, AVG, BitDefender, ESET, Kaspersky, Norton, Panda and Sophos, and Micorosft offers free Windows protection in the form of Microsoft Defender.
Examples of Virus Malware Attacks
|Virus Type||Method of Breach|
|Boot sector virus||Infects the boot sector of the Master Boot Record (MBR) of hard disks, activating every time you start your computer.|
|Browser hijacker virus||See Browser hijacker for reference, this virus takes control of browser settings and redirecting traffic to malicious websites.|
|Direct action virus||Replicates and infects files of folders, most often .exe and .com files, activating when the file is accessed.|
|File virus||Targets both files and the operating system (OS), this virus can reformat the hard drive and damage programs by amending existing code.|
|Macro virus||Written into macro language like VBA, once an application is infected, the infection can spread when shared to other devices.|
|Multipartite virus||Targets both the boot sector and the system’s programs, this speedy virus spreads by unauthorized activities|
|Polymorphic virus||Difficult for anti-malware to detect, this virus is quick to change identifiable file traits or encryption keys, changing the appearance of the code.|
|Resident virus||Conceals itself in the computer’s RAM, and can spread to any programs opened while infected.|
|Script virus||Through a vulnerability in the web browser — think malicious ads and links — this virus injects scripting into an organization’s web page to access sensitive information.|
A worm is similar to a virus because it spreads itself, but a worm does not need an attacker’s permission for activation. Instead, it is a standalone piece of malware that extends within a system or network. Like viruses, it can cause just as much damage to the device.
How to Defend Against Worms
As with viruses, the best way to prevent worm infections is with antivirus or anti-malware software. And as always, users should only click on email links or attachments when confident of the contents.
Examples of Worm Malware Attacks
|Worm Type||Hidden In|
|Email worm||Email content (attachment or advertisement)|
|Downloads worm||Download files or FTP files|
|Instant Messaging worm||Mobile or desktop instant messaging programs|
|Internet worm||Corrupted website’s HTML|
|IRC worm||Internet relay chat channels and rooms|
|File Sharing/P2P worm||Person-to-person file-sharing network|
|Networks worm||Carried in network packets or any shared access device, drive, or file in the network|
Prepare For All Malware Types
If you’ve made it this far, you know the forest of malware is dark and deep. Today’s league of malicious actors aren’t relying on the traditional forms of malware. They’re consistently seeking more robust strains that can outdo your network security and current anti-malware or antivirus solutions.
Being aware of the dangers that lie in different types of malicious software comes first. As a cybersecurity professional, it is your responsibility to stay mindful of malware trends and actively respond to pertinent vulnerabilities.