What is malware?

2018-10-07 -

Viruses, Trojans, and ransomware are all malware, but what does that mean? Malware is everywhere and it is the most dreaded word in computing. The term is short for malicious software and is the general name used to explain programs that can infect and damage computers, smartphones, tablets or whole IT systems. Once upon a time we simply called it a `virus`, which first came into use in the early 80`s but the basic idea of a virus is as old as computers themselves. John von Neumann developed a theory of self-reproducing automatons in 1949 despite the details of the technical implementation not being conceivable at the time. The modern equivalent covers a multitude of variants such as Trojans, ransomware and bots all which seeks to damage your computer from within. Once it has access to a system, if it isn`t stopped or removed, it can cause massive disruption through deletion or encryption, lead to financial losses, sensitive data theft, or it can remain hidden within the computer and spy on its users every move. Malware news stories are becoming more and more commonplace each year with the rise of smartphones and IoT as attacks happen across the globe. We`ve delved deeper to find out what some of these malware threats are and how they work. Once malware has made its way onto a system, if it isn`t stopped or removed it can cause massive disruption through data deletion or encryption, lead to direct financial losses through the theft of sensitive data like intellectual property or bank account details, or alternatively sit quietly spying on the user`s every move. Let`s dive deeper into what some of these malware threats are and how they work. Malware Types There are several different types of malware, with some being more common than others. These are some of the ones you`re most likely to run into at home or in your business. Virus Predating `malware`, and once widely used as a catchall term for any computer-related meltdowns, a `virus` is perhaps the term that people will be most familiar with. As implied by its namesake, a computer virus is a self-replicating, self-distributing piece of malicious code, designed to be a fire and forget weapon. It`s become one of the most widely used forms of malware as a result, able to spread through a variety of methods, whether it be by email attachment, direct download, or by hiding inside a storage media, such as a USB. Mobile devices, including smartphones and tablets, aren`t immune to viruses, which typically spread as a result of someone installing an application from an unknown source - although there are examples of malicious files being hidden inside official app stores. The purpose of a virus varies greatly, with some being more damaging than others. Fairly innocuous viruses result in degraded performance on a machine, slowing down browsers or desktop applications, however others may self-replicate in order to spread to other machines on a network. Some may become so disruptive that a PC will crash or fail to startup entirely, while others may hijack your desktop to display advertising, block legitimate software or hijack your webcam. Worms Most types of malware are defined by their style of attack, and `worms` are no exception. While similar to viruses in many ways, worms don`t a user downloading a file or clicking on an attachment to spread. Instead, they exploit the interconnectivity of a network, sifting through shared software to find exploits. Many worms are designed to simply replicate across networks rather than cause direct disruption through changed settings, however, even those without a `payload` can still cause increased network traffic and instability. Trojans The aptly-named Trojan is designed to trick victims into believing it`s a legitimate program. Once downloaded and executed, a Trojan will run behind a seemingly normal looking application or service, remaining undiscovered for as long as it can to carry out its real goal, which is often stealing user information or copying files. Unlike viruses and worms, however, Trojans tend not to self-replicate so while they are a threat to an individual endpoint and the files on it, they`re typically not a major threat to a network. Adware and Spyware Adware, while counted as malware, is more annoying than it is malicious. This type of program displays unwanted adverts that are hard to get rid of, for example displaying as pop-ups that are either impossible to dismiss or which reappear shortly after the user has closed them

As well as being obviously disruptive in that they obscure part of the screen, adware can also cause a system to run slowly. Spyware, on the other hand, is malicious. As the name would suggest, it spies on a user`s activity and can exfiltrate sensitive data. Unlike adware it hides its existence, silently syphoning off information. Keyloggers and screen readers are just two types of spyware that may infect your system. Ransomware Ransomware has become one of the most well-known forms of malware out there, thanks to massive attacks like WannaCry in 2017. It has grown to become the most popular forms of malware among cyber criminals as it can be very lucrative with a high ROI. If the attacker is just out for cash, this is the way to go. Ransomware is best known for its use of splash screens, which are impassable messages that demand users pay a specified fee, typically in a cryptocurrency like Bitcoin, in order to retrieve their files. These demands often increase after a set deadline, in order to pressure users into paying up quickly. If the ransom isn`t paid, the files are normally deleted, although in some cases the data will be lost even if a user hands over their cash. Browser hijackers These are able to change your browser settings, like the home page, and can make it extremely difficult to change the settings back. They are able to install unwanted toolbars, search bars and can also redirect existing browser shortcuts to other sites. How malware spreads Malware can spread through a variety of means, although it often depends on the attack vector the variant chooses to exploit. One of the most common methods is to hide malicious code within an email, masquerading as a legitimate attachment, yet this isn`t always effective, particularly if a company has robust filters. Criminals may also use drive-by downloads, a tactic that attempts to forcibly download a file to a user`s PC as they visit a website, or more sophisticated methods involving command and control (C&C) servers. Rather than letting a malware variant act independently, C&C servers are able to maintain links between every infected machine, allowing criminals to not only repeatedly steal data, but also hijack its functions to be used as part of a larger botnet. Cryptojacking While not strictly malware, the rising interest in cryptocurrencies such as Bitcoin and Monero has seen malware modified and created to turn infected computers and mobile devices into machines to generate valuable digital currency. To generate or `mine` cryptocurrency, equations need to be solved which requires a decent amount of processing power; this can be a time consuming and power-hungry process. So hackers have been adding cryptocurrency miners and scripts into malware payloads which surreptitiously siphon an infected machine`s processor power to crunch the calculations needed to mine cryptocurrency. Known as cryptojacking, when scaled up through a network of infected machines this process can end up generating digital money for hackers off the back of other people`s computing power. There is not necessarily an easy way to detect if your machine has a cryptojacker on it, but if you find it`s is inexplicably running slower or the processor is heating up, then there`s a chance that a cryptojacker script is running in the background. Cryptojackers can also infect smartphones and in extreme cases can over-tax their processor and cause it to overheat and malfunction, potentially damaging the phone or heating it up to the extent that it burns the user.