Malware, or malicious software, is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer activity without their permission.
Types of malware
There are different types of malware that contain unique traits and characteristics. A virus is the most common type of malware, and it’s defined as a malicious program that can execute itself and spreads by infecting other programs or files. A worm is a type of malware that can self-replicate without a host program; worms typically spread without any human interaction or directives from the malware authors. A Trojan horse is a malicious program that is designed to appear as a legitimate program; once activated following installation, Trojans can execute their malicious functions. Spyware is a kind of malware that is designed to collect information and data on users and observe their activity without users’ knowledge.
Other types of malware include functions or features designed for a specific purpose. Ransomware, for example, is designed to infect a user’s system and encrypt the data. Cybercriminals then demand a ransom payment from the victim in exchange for decrypting the system’s data. A rootkit is a type of malware designed to obtain administrator-level access to the victim’s system. Once installed, the program gives threat actors root or privileged access to the system. A backdoor virus or remote access Trojan (RAT) is a malicious program that secretly creates a backdoor into an infected system that allows threat actors to remote access it without alerting the user or the system’s security programs.
History: Advanced malware detection key to finding threats
The term malware was first used by computer scientist and security research Yisrael Radai in 1990. However, malware existed long before this; one of the first known examples of malware was the Creeper virus in 1971, which was created as an experiment by BBN Technologies engineer Robert Thomas. Creeper was designed to infect mainframes on ARPANET. While the program did not alter functions, or steal or delete data, the program moved from one mainframe to another without permission while displaying a teletype message that read, “I’m the creeper: Catch me if you can.” Creeper was later altered by computer scientist Ray Tomlinson, who added the ability to self-replicate to the virus and created the first known computer worm. The concept of malware took root in the technology industry, and examples of viruses and worms began to appear on Apple and IBM personal computers in the early 1980s before becoming popularized following the introduction of the World Wide Web and the commercial internet in the 1990s.
How malware works
Malware authors use a variety of means to spread malware and infect devices and networks. Malicious programs can be delivered physically to a system through a USB drive or other means. Malware can often spread via the internet through drive-by downloads, which automatically download malicious programs to users’ systems without their approval or knowledge. These are initiated when a user visits a malicious website, for example. Phishing attacks are another common type of malware delivery; emails disguised as legitimate messages contain malicious links, or attachments can deliver the malware executable to unsuspecting users.
Sophisticated malware attacks often feature the use of a command-and-control server that allows threat actors to communicate with the infected systems, exfiltrate sensitive data and even remotely control the compromised device or server.
Emerging strains of malware often include new evasion and obfuscation techniques that are designed to not only fool users, but security administrators and antimalware products as well. Some of these evasion techniques rely on simple tactics, such as using web proxies to hide malicious traffic or source IP addresses.
More sophisticated threats include polymorphic malware, which can repeatedly change its underlying code to avoid detection from signature-based detection tools; anti-sandbox techniques, which allow the malware to detect when it’s being analyzed and delay execution until after it leaves the sandbox; and fileless malware, which resides only in the system’s RAM in order to avoid being discovered.
There are other types of programs that share common traits with malware, but are distinctly different. Adware, for example, can have adverse effects on users in terms of annoying users with unwanted ads and degrading performance of the device or system. However, adware is generally not considered the same as malware, since there isn’t a malicious intent to harm users or their systems. However, there are cases where adware can contain harmful threats; web ads can be hijacked by threat actors and turned into malvertising threats. Similarly, some adware can contain spyware-like features that collect information, such as browsing histories and personal information, without users’ knowledge or consent.
A PUP, or potentially unwanted program, is another example of a program similar to malware. These are typically applications that trick users into installing them on their systems, such as browser toolbars, but don’t execute any malicious functions once they have been installed. However, there are cases where a PUP may contain spyware-like functionality or other hidden malicious features, in which case the PUP would be classified as malware.