What is Malware?by Iwan Price-Evans on Security • April 29, 2022
Malware is a term used to describe malicious software. Malware refers to any application or code designed to be harmful to other systems. Types of malware include viruses, ransomware, spyware, Trojan horses, and many more.
Cybercriminals create malware applications that can embed themselves into devices to damage, disable or steal data from them. The motives of the criminals can include financial gain, political statements, or just their entertainment.
The malicious actor's intention may be to disrupt an organization's services such as online banking systems. Their aim may be to gain unauthorized access and steal data or to disable or interfere with some system functions. Once the device is compromised it can be used for criminal activity like spying on financial transactions or stealing personal identity information. A compromised device can also be used to launch attacks on other systems or devices as part of a botnet.
The history of malware
Malware has been around since the inception of the internet. The theory of computer viruses was first published in a paper by mathematician John von Neumann of the University of Illinois in 1966. This paper described the potential creation of self-reproducing harmful code.
The Creeper program was created by Bob Thomas of the research and development organization BBN in 1971. This program is considered the first virus. It was designed to see if a self-replicating program was possible and was to be used for security testing.
The first malicious virus was called the Rabbit (or Wabbit) and appeared in 1974. It was self-replicating and designed to overwhelm a computer by rapidly copying itself and crashing the system.
What are the types of malware?
A virus is a type of infectious software. It can self-reproduce making copies of itself and then embedding them into other software or files. Once embedded into another executable program, when the host program runs, it triggers the virus to self-replicate and spread.
Ransomware is a type of malware that's designed to hold to ransom computer assets such as system or data access. When a ransomware application is triggered to run, it can perform 'lockout' actions. These can be locking screens, displaying threatening messages (similar to scareware), or encrypting data making it inaccessible. Often the attacker will demand payment to release the system or data, and unfortunately, payment is no guarantee of that happening.
Programs designed to maliciously gather information are called spyware. They are silently installed on a system in the same way as other malware. Once running, they can gather information about a user or organization and send it to the attacker to be used for harmful purposes.
A contentious gray area for spyware is its use by law enforcement, government agencies, and private security companies to monitor sensitive or criminal communications. Similarly, consumer spyware applications are available that allow the purchaser to spy on family, partners, or employees. These types of spyware use are a significant concern for privacy advocates.
Trojans malware applications that pretend to be legitimate applications. "Trojan" refers to the ancient Greek story of how a Trojan Horse was used to deceive and attack the city of Troy. Trojans are one of the most dangerous types of malware because they often open a 'backdoor' allowing the attacker to gain unauthorized access. Once access is gained, they can steal personal data, install other malware, or take any other action which is hidden from the device user.
A worm is similar to a virus because it is self-replicating. However, worms are designed to copy themselves from device to device without any user interaction. They exploit a vulnerability in an operating system or software and use a network to spread and infect other devices.
Adware is designed to generate income through illegitimate means. The adware is developed to automatically generate web adverts or in-app adverts. Adware creators can generate income from advertising networks by generating artificially high volumes of ad displays and ad clicks. Another illegitimate income stream is creating spyware adverts that collect personal information to be sold to other criminals.
This type of malware is designed to scare the user into thinking that their device has been compromised. Often the user will be presented with a warning message telling them that their device has been infected with a virus. They then lead the user to install an application to resolve this perceived problem but the application installed is actually malicious software. Criminals will use advertising networks to initiate this type of malware attack.
How do I get malware?
Malicious email attachments such as text or image documents can have malware embedded within them. Once clicked or opened, the malware performs a malicious action.
Malicious emails that encourage the recipient to click on a link or take an urgent action can trigger actions that install malware on their device. The message may also be designed to trick the recipient into handing over their personal details on a fake website such as a fake banking site.
In recent years text messages have been used to trick people into clicking on links that download malware onto their devices. These work in the same way as phishing emails and are becoming more common.
Criminals can use legitimate web advertising networks to distribute malicious adverts (Adware). Malicious adverts can also be shown as pop-up windows when a certain website action is taken. These adverts are prevalent in free services, software, and apps.
Fake software downloads
Criminals often choose to distribute fake software via free download directory websites or their own fake websites. The download file may appear to be a legitimate application such as an anti-virus program or a free image download but is actually a malware program.
Infected removable drives
USB drives or any other type of removable hard drive can be used to transfer malware onto another device. The nature of a removable device means it is a prime target for criminals to download malware onto. The user then unwittingly copies it to another device on connection.
Infected software applications
Malicious programs can be hidden inside applications that seem legitimate. Credible download sources can allow you to download a valid application but may also include another application bundled with it. On installation, the user may be prompted to install the bundled app and is persuaded that it is essential when it isn't and is actually installing malware.