Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather the information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behaviours.
Software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer without permission.
Malware is a broad term that refers to a variety of malicious programs.
How malware distributed
- Social network
- Pirated software
- Free Software
- Removable media
How malware works
Malware authors use a variety of physical and virtual means to spread malware that infects devices and networks.
- The USB drive or can spread over the internet through drive-by downloads, which automatically download malicious programs to systems without the user’s approval or knowledge.
- Phishing attacks are another common type of malware delivery where emails disguised as legitimate messages contain malicious links or attachments that can deliver the malware executable to unsuspecting users.
- Sophisticated malware attacks often feature the use of a command-and-control server that allows threat actors to communicate with the infected systems, exfiltrate sensitive data and even remotely control the compromised device or server.
- Emerging strains of malware include new evasion and obfuscation techniques that are designed to not only fool users but security administrators and anti-malware products as well.
- Some of these evasion techniques rely on simple tactics, such as using web proxies to hide malicious traffic or source IP addresses.
More sophisticated threats include polymorphic malware, which can repeatedly change its underlying code to avoid detection from signature-based detection tools, anti-sandbox techniques, which allow the malware to detect when it is being analysed and delay execution until after it leaves the sandbox, and file-less malware, which resides only in the system’s RAM in order to avoid being discovered.
Types of Malware
A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. Viruses copy themselves to other disks to spread to other computers. They can be merely annoying or they can be vastly destructive to your files.
Type computer viruses are:
- Macro virus
- Boot virus
- Logic Bomb virus
- Directory virus
- Resident virus
Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by the software. Often times software and applications offer “free” versions that come bundled with adware.
Adware is used to track a user’s browser and download history with the intent to display pop-up or banner advertisements that lure the user into making a purchase.
A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, or control the computer as part of a botnet.
Rootkit prevention, detection, and removal can be difficult due to their stealthy operation. Because a rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits.
Spyware is a type of malicious software that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect.
Typically, spyware is secretly installed on the user’s personal computer.
Ransomware is a form of malware that essentially holds a computer system captive while demanding a ransom. The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer.
A Trojan horse, commonly known as a “Trojan,” is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. A Trojan can give a malicious party remote access to an infected computer. Once an attacker has access to an infected computer, it is possible for the attacker to steal data (logins, financial data, even electronic money), install more malware, modify files, monitor user activity (screen watching, keylogging, etc), use the computer in botnets, and anonymize internet activity by the attacker.
Example Trojan Horses
- Remote access Trojans (RATs)
- Backdoor Trojans (backdoors)
- IRC Trojans (IRCbots)
- Keylogging Trojans
A worm can self-replicate without a host program and typically spreads without any human interaction or directives from the malware authors.
Worms typically cause harm to their host networks by consuming bandwidth and overloading web servers. Computer worms can also contain “payloads” that damage host computers. Payloads are pieces of code written to perform actions on affected computers beyond simply spreading the worm. Payloads are commonly designed to steal data, delete files, or create botnets.
Keyloggers also called system monitors, are used to see nearly everything a user does on their computer. This includes emails, opened web-pages, programs and keystrokes.
Malware can also be found on mobile phones and can provide access to the device’s components such as the camera, microphone, GPS or accelerometer. Malware can be contracted on a mobile device if the user downloads an unofficial application or if they click on a malicious link from an email or text message. A mobile device can also be infected through a Bluetooth or Wi-Fi connection.
Malware is found much more commonly on devices that run the Android OS comparatively to iOS devices.
- Bad Rabbit ransomware: New Ransomware Attack Spreading Russia, Ukraine, Turkey and Germany
- Android Malware to Exploit Dirty COW Vulnerability
- KevDroid Android RAT can steal private data
- What is Ransomware? How it works? How Prevent an Attack?
- AdGuard discovered fake ad-blocking extensions in the Chrome Web Store
- SynAck ransomware
- Protect yourself against encryption-based ransomware
- Tizi: Google Detects spyware on Android