To define malware, it is malicious software coded with the intent of causing harm to a user, system, or a network. Although malware is nothing new, the rate at which it continues to evolve into new invisible forms of threats should raise the alarm for many businesses. It's important that your organization's staff understands the threat that malware poses and the difference between each form of malware.
Before looking at each of the different types, let's first define the four main categories of malware attacks;
- 0-Day - a zero-day vulnerability is an undisclosed flaw that hackers can exploit. It's called 0-day because it is not publicly reported or announced before becoming active.
- Exploit - a threat made real via a successful attack on an existing vulnerability. Also refers to software that is developed to target the loopholes on a particular device.
- Privilege Escalation - a situation where the attacker gets escalated access to restricted data that is on a higher level of security.
- Evasion - The techniques malware makers design to avoid detection and analysis of the malware by security systems and software.
- Blended Threat - A malware package that combines the characteristics of multiple types of malware like Trojans, worms or viruses, seeking to exploit more than one system vulnerability.
Now that we've established the different kinds of attacks that are associated with malware, it's time that we take a closer look at each type of malware and define them.
Probably the most well-known form of malware is a virus. The primary characteristic of a piece of software that has an urge to reproduce. This means that malware viruses distribute copies of itself using whatever means necessary. The secondary characteristic of this form of malware is that viruses are covert, making them hard to detect without dedicated security programs.
Worms are standalone software that replicates without targeting and infecting specific files present on a computer. Worms are basically small programs that replicate themselves in a computer and destroy the files and data on it. Once on a file, they work until the drive they are in becomes empty.
3. Trojan Horses
A trojan is a malicious program that misrepresents itself to appear useful. Computers get infected with trojans when a victim installs them on their PC. Trojans are usually disguised as routine software. Many trojans come in the form of a backdoor that allows attackers unauthorized access to the affected computer and are considered to be the most dangerous of all malware.
Rootkits are a collection of software that are designed to permit malware to gather information. Rootkits work in the background, making them hard to notice. Rootkits are like a backdoor that allow malware to enter a computer and wreak havoc.'
Although Trojan Horses are the most dangerous, ransomware is the most devastating. Ransomware blocks access to the data of a victim, threating to either publish or delete it until a ransom is paid. There is also no guarantee that paying the ransom will return access to the data. Ransomware infects the system from the inside, locking the computer and rendering it useless.
Keyloggers are software that records all of the information that is typed using a keyboard. Keyloggers generally affect physical keyboards and store the gathered information to send it to the attacker. From there, the attacker can extract sensitive information sure and usernames passwords.
Grayware is more of a nuisance that is not technically classified as malware but can worsen the performance of computers and lead to security risks. Almost all commercially availible antivirus software can detect these unwanted programs and separate modules to detect, quarantine, and remove malware that displays advertisements.
Malware has been around practically since computers were originally created. It's important that your organization's staff takes steps towards understanding exactly what the different types of malware are and how to avoid becoming infected.