What is Malware?
The term malware has been defined and described in many ways over the years, McAfee defines malware as a catch-all term for any type of malicious software designed to harm or exploit any programmable device, service, or network. But in short terms, malware is malicious or ill-natured software.
Cybercriminals typically use it to extract data that they can use as leverage over victims for financial or other gains. That data can range from financial data to healthcare records, to personal emails and passwords – the possibilities of what sort of information can be compromised is ever increasing.
Types of Malware
There are diverse types of malware, some bare close similarities while others do not. According to Cisco, there are seven major malwares while Norton lists ten, but Up Guard tabulates twenty-two malwares which include those mentioned by Cisco and Norton. Drawing from these, below are the most pervasive and widely recognized.
1. Computer Viruses.
A virus is a type of malware that, when executed, self-replicates by changing other computer programs and inserting their own code. When this replication succeeds, the affected programs are said to be infected. Viruses need user interaction before they can become active, this action can vary from running a program to clicking a file to unpacking an attachment.
Virus writers use social engineering and exploit vulnerabilities to infect systems and spread the virus. Microsoft Windows and Mac operating systems are the targets of most viruses that often use complex anti-detection strategies to evade antivirus software.
2. Computer Worm.
A computer worm is a self-replicating malware program whose primary purpose is to infect other computers by duplicating itself while still being active on infected systems.
Often, worms use computer networks to spread, relying on vulnerabilities or security failures on the target computer to access it. Worms always cause at least some harm to a network, even if only by consuming bandwidth. This is different to viruses which almost always corrupt or modify files on the victim’s computer.
While many worms are designed to only spread and not change the systems they pass through, even payload-free worms can cause major disruptions. The Morris worm and Mydoom caused major disruptions by increasing network traffic despite their benign nature.
3. Trojan Horse.
A trojan horse or trojan is any malware that misleads users of its true intent by pretending to be a legitimate program. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Trojans are spread with social engineering such as phishing. For example, a user may be tricked into executing an email attachment disguised to appear genuine (e.g., an Excel spreadsheet). Once the executable file is opened, the trojan is installed.
While the payload of a trojan can be anything, most act as a backdoor giving the attacker unauthorized access to the infected computer. Trojans can give access to personal information such as internet activity, banking login credentials, passwords, or personally identifiable information (PII). Ransomware attacks are also carried out using trojans.
Unlike computer viruses and worms, trojans do not generally attempt to inject malicious code into other files or propagate themselves.
4. Rootkits.
A rootkit is a collection of malware designed to give unauthorized access to a computer or area of its software and often masks its existence or the existence of other software. The rootkit does this by replacing the internal system files that run the operating system. Rootkit installation can be automated, or the attacker can install it with administrator access. Access can be obtained by a result of a direct attack on the system, such as exploiting vulnerabilities, cracking passwords or phishing.
Rootkit detection is difficult because it can subvert the antivirus program intended to find it. Detection methods include using trusted operating systems, behavioral methods, signature scanning, difference scanning and memory dump analysis. Rootkit removal can be complicated or practically impossible, especially when rootkits reside in the kernel. Firmware rootkits may require hardware replacement or specialized equipment.
5. Ransomware.
Ransomware is a form of malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware spreads through phishing emails, malvertising, visiting infected websites or by exploiting vulnerabilities.
Ransomware attacks cause downtime, data leaks, intellectual property theft and data breaches. Ransom payment amounts range from a few hundred to hundreds of thousands of dollars. Payable in cryptocurrencies like Bitcoin.
6. Keylogger.
Keystroke loggers or system monitoring are a type of malware used to monitor and record each keystroke typed on a specific computer’s keyboard. Keyloggers are also available for smartphones.
Keyloggers store gathered information and sends it to the attacker who can then extract sensitive information like login credentials and credit card details.
7. Fileless Malware.
Fileless malware is a type of malware that uses legitimate programs to infect a computer. Unlike other malware infections, it does not rely on files and leaves no footprint, making it challenging for anti-malware software to detect and remove. It exists exclusively as a computer memory-based artifact i.e. in RAM.
Fileless malware emerged in 2017 as a mainstream cyber threat but has been around for a while. Frodo, Number of the Beast and the Dark Avenger were all early fileless malware attacks. More recently, the Democratic National Committee and the Equifax breach fell victim to fileless malware attacks.
Fileless malware does not write any part of its activity to the computer’s hard drive making it resistant to existing anti-computer forensic strategies to incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis or timestamping. It leaves little evidence that can be used by digital forensics investigators to identify illegitimate activity. That said, as it is designed to work in-memory, it generally only exists until the system is rebooted.
8. Adware.
Adware is a type of malware designed to put advertisements on your screen, often in a web browser or popup. Typically, it distinguishes itself as legitimate or piggybacks on another program to trick you into installing it on your computer, tablet, or smartphone.
Adware is one of the most profitable, least harmful forms of malware and is becoming increasingly popular on mobile devices. Adware generates revenue by automatically displaying advertisements to the user of the software.
9. Spyware.
Spyware is malware that gathers information about a person or organization, sometimes without their knowledge, and sends the information to the attacker without the victim’s consent. Spyware usually aims to track and sell your internet usage data, capture your credit card, bank account information, or steal personally identifiable information (PII).
Some types of spyware can install added software and change the settings on your device. Spyware is usually simple to remove because it is not as nefarious as other types of malware.
10. Crimeware.
Crimeware is a class of malware designed to automate cybercrime. It is designed to perpetrate identity theft through social engineering or stealth to access the victim’s financial and retail accounts to steal funds or make unauthorized transactions. Alternatively, it may steal confidential or sensitive information as part of corporate espionage.
11. RAM Scraper.
A RAM scraper is a type of malware that harvests the data temporarily stored in-memory or RAM. This type of malware often targets point-of-sale (POS) systems like cash registers because they can store unencrypted credit card numbers for a brief period of time before encrypting them then passing them to the back-end.
12. Cryptojacking.
Cryptojacking is a type of malware that uses a victim’s computing power to mine cryptocurrency.
13. Hybrid Malware.
Today most malware is a combination of existing malware attacks, often trojan horses, worms, viruses and ransomware. For example, a malware program may appear to be a trojan but once executed it may act as a worm and try to attack victims on the network.
14 Polymorphic Malware
This type of malware is a highly targeted malware written to infect specific systems. It is capable of rewriting or adjusting its code to evade detection until it reaches its end target or the factors necessary for it to execute are present. Fortunately, due to its sophistication this type of malware is very rare.
How Malware is Spread – Methods Used by Malicious Actors to Distribute Malware
We might not be able to protect ourselves from every potential malware threat. However, our understanding of approaches used by hackers would aid us in reducing our risk of infection. Malware can spread in many ways, but these are the most common methods by which users expose themselves to malware risks:
1. Phishing Emails.
This seems to be the most common method for malicious actors to spread malware. These malicious actors have become incredibly skilled at crafting emails that trick users into clicking on links or downloading a file that contains malicious code. These Emails may appear to come from trusted sources such as the user’s bank, the postal service, or trusted contacts within the user’s own list.
These phishing emails come in all shapes, sizes, and colors but one thing they have in common is a sense of urgency. If you receive an email that you think is a phishing email, you can block it in your spam filter and then delete it.
2. Social Network Spam.
This is relatively a new method for malicious actors to spread malware. This occurs when people browse social sites, looking at pictures or videos shared on a social site, when clicked, it takes users to a fake YouTube page that requests the user to download an online tool needed to watch the video. Often these online tools give access to malicious actors to gain access to the user’s computer.
3. Website (Drive-By Downloads from a compromised website).
Malicious actors spread malware by designing websites that aim at exploiting system vulnerabilities, human error, and common sense. Users see a pop-up ad warning them against a virus and prompting them to rid the virus by clicking a link, once they click the link, a virus is installed in the host system.
These vulnerabilities can arise from out-of-date apps, missing operating system patches, or browser plugins. If a weakness is found, it is used to infect the user system with malware.
4. Remote Desktop Protocol.
This is a connection protocol that enables a user to connect to another computer over a network connection. Malicious actors use automation tools to scan the internet looking for computers that are open to RPD. Afterward, the malicious actors make attempts to guess a username and password to gain access to the remote computer. Other times, these malicious actors buy the username and password from the dark web. Once they gain access, they can do whatever they want which includes installing malware.
5. Malvertising.
Malvertising, a portmanteau of malicious advertising, is the use of advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate advertising networks and webpages.
Advertising is a great way to spread malware because significant effort is put into ads to make them attract users to sell or advertise a product. Malvertising also benefits from the reputation of the sites it is placed on, such as high-profile and reputable news websites.
6 Browser Hijacker.
A browser hijacker or hijackware changes the behavior of a web browser by sending the user to a new page, changing their home page, installing unwanted toolbars, displaying unwanted ads or directing users to a different website.
7. Malicious Mobile Apps.
Not all apps available through the App Store and Google Play are legitimate. That said, the App Store is safer due to better prescreening of third-party apps. Malicious apps can steal user information, attempt to extort users, gain access to corporate networks, force users to view unwanted ads or install a backdoor on the device.
8. Rogue Security Software.
Rogue security software tricks users into thinking their system has a security problem such as a virus and entices them to pay to have it removed. In reality, the fake security software is the malware.
Malware Defense strategies
The best form of defense is to implement actions that mitigate against the above listed strategies that malware authors use to spread their creations.
- Practice Good Cyber Hygiene. Do not click links whether in emails, social media, or social messaging application except you specifically requested for it and trust the source. Same for email and file attachments.
2. Make sure you have an anti-malware application on your device that periodically runs scans for malware.
3. Install all security updates and patches for your device without delay.
4. Use an end-point firewall, some of these products have a browser guard that can check websites you visit and at once block malicious websites.
5. Disable Remote Desktop connection and do not install remote connection applications on your device.
6. Exercise caution with eternal storage devices such as USB thumb drives and eternal hard disks. It is preferable to use these on only devices you own, and if you must use it on another device make sure it is one that has some level of protection in the form of a functioning anti-malware program running on it.
Conclusion
Finally, there is no security method that is 100% foolproof, always make sure you have critical data backed up to an external device or cloud storage, so in the event you have a malware infestation that is proving difficult to remove, you can wipe the device and start all over again.
Contributors:
- Archibong Jeremiah
- Fortune Andrew
- Egbetola Sola