Malware, or malicious software, is any program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of different functions such as stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission.
How malware works
Malware authors use a variety of physical and virtual means to spread malware that infect devices and networks. For example, malicious programs can be delivered to a system with a USB drive or can spread over the internet through drive-by downloads, which automatically download malicious programs to systems without the user's approval or knowledge. Phishing attacks are another common type of malware delivery where emails disguised as legitimate messages contain malicious links or attachments that can deliver the malware executable to unsuspecting users. Sophisticated malware attacks often feature the use of a command-and-control server that allows threat actors to communicate with the infected systems, exfiltrate sensitive data and even remotely control the compromised device or server.
Emerging strains of malware include new evasion and obfuscation techniques that are designed to not only fool users but security administrators and anti-malware products as well. Some of these evasion techniques rely on simple tactics, such as using web proxies to hide malicious traffic or source IP addresses. More sophisticated threats include polymorphic malware, which can repeatedly change its underlying code to avoid detection from signature-based detection tools, anti-sandbox techniques, which allow the malware to detect when it is being analyzed and delay execution until after it leaves the sandbox, and fileless malware, which resides only in the system's RAM in order to avoid being discovered.
Common types of malware
Different types of malware contain unique traits and characteristics. Types of malware include:
- A virus is the most common type of malware which can execute itself and spread by infecting other programs or files.
wormcan self-replicate without a host program and typically spreads without any human interaction or directives from the malware authors.
- A Trojan
horse isdesigned to appear as a legitimate program in order to gain access to a system. Once activated following installation, Trojans can execute their malicious functions.
Spyware ismade to collect information and data on the device user and observe their activity without their knowledge.
- Ransomware is designed to infect a user's system and encrypt the data. Cybercriminals then demand a ransom payment from the victim in exchange for decrypting the system's data.
rootkit is createdto obtain administrator-level access to the victim's system. Once installed, the program gives threat actors root or privileged access to the system.
- A backdoor virus or remote access Trojan (RAT) secretly creates a backdoor into an infected system that allows threat actors to remotely access it without alerting the user or the system's security programs.
tobetter target advertising.
- Keyloggers, also called system monitors, are used to see nearly everything a user does on their computer. This includes emails, opened web-pages, programs and keystrokes.
Malware can also be found on mobile phones and can provide access to the device's components such as the camera, microphone, GPS or accelerometer. Malware can be contracted on a mobile device if the user downloads an unofficial application or if they click on a malicious link from an email or text message. A mobile device can also be infected through a Bluetooth or Wi-Fi connection.
Malware is found much more commonly on devices that run the Android OS comparatively to iOS devices. Malware on Android devices is usually downloaded through applications. Signs that an Android device is infected with malware include unusual increases in data usage, a quickly dissipating battery charge or calls, texts and emails being sent to the device contacts without the user's knowledge. Similarly, if a user receives a message from a recognized contact that seems suspicious, it may be from a type of a mobile malware that spreads between devices.
Apple iOS devices are rarely infected with malware because Apple carefully vets the applications sold in the App Store. However, it is still possible for an iOS device to be infected by opening an unknown link found in an email or text message. iOS devices will become more vulnerable if jailbroken.
How to detect and remove malware
A user may be able to detect malware if they observe unusual activity such as a sudden loss of disc space, unusually slow speeds, repeated crashes or freezes or an increase in unwanted internet activity and popup advertisements. An antivirus tool may also be installed on the device that detects and removes malware.These tools can either provide real-time protection or detect and remove malware be executing routine system scans.
Windows Defender, for example, is a Microsoft anti-malware software which is included in
Malwarebytes is another anti-malware tool which can remove malware from Windows, macOS, Android and iOS platforms. Malwarebytes can scan through a user’s registry files, running programs, hard drives and individual files. If detected, malware can then be quarantined and deleted. However, users cannot set automatic scanning schedules.
The term malware was first used by computer scientist and security researcher Yisrael Radai in 1990. However, malware existed long before this. One of the first known examples of malware was the Creeper virus in 1971, which was created as an experiment by BBN Technologies engineer Robert Thomas. Creeper was designed to infect mainframes on ARPANET. While the program did not alter functions, or steal or delete data, the program moved from one mainframe to another without permission while displaying a teletype message that read, "I'm the creeper: Catch me if you can." Creeper was later altered by computer scientist Ray Tomlinson, who added the ability to self-replicate to the virus and created the first known computer worm. The concept of malware took root in the technology industry, and examples of viruses and worms began to appear on Apple and IBM personal computers in the early 1980s before becoming popularized following the introduction of the World Wide Web and the commercial internet in the 1990s.
There are other types of programs that share common traits with malware but are distinctly different, such as a PUP, or potentially unwanted program. These are typically applications that trick users into installing them on their system (such as browser toolbars) but do not execute any malicious functions once they have been installed. However, there are cases where a PUP may contain spyware-like functionality or other hidden malicious features, in which case the PUP would be classified as malware.