While malware is one of the biggest cyber threats we deal with today, it has been around since the 1970s.
Early malware variants were typically either:
- Experiments designed to help programmers and engineers understand how computer viruses work.
- Pranks to prove how easy it would be to hack a computer system if a user desired to do so.
In the early 1980s, the first computer virus – Elk Cloner – was identified on an Apple Mac system. By the end of the decade, malware was being used on a significant scale as a means of controlling computer networks and trying to defraud individuals and businesses.
What is malware?
Malware is short for malicious software and is an umbrella term describing any software designed to cause intentional damage to computer systems, networks, servers or end users.
Why do criminals deploy malware?
Criminals use malware for many purposes, including:
- Gathering information and data from businesses.
- Disrupting the operation of a business or government, or specific types of equipment and software. These are usually termed distributed denial of service, or DDoS, attacks.
- Stealing information from individuals, such as bank and credit card details or passwords.
- To commit “click fraud” to generate revenue from ad clicks when no clicks have taken place.
While malware attacks aiming for all these objectives are common, most of them aim to generate direct financial profit for those who deployed the attack.
Six common types of malware and how they work
As malware is an umbrella term, you might have come across content relating to different types of malware without realizing they’re all similar types of software. Below are six of the most common types and how they work.
Viruses are the type you’re probably most familiar with. Many people use the term viruses instead of malware to describe software attacks in general.
While viruses are common, they’re also among the easiest types of malware to prevent from activating.
Because they require human action, like opening an attachment or downloading something from a website.
Viruses can be designed to do several things, including:
- Damaging and reformatting data
- Shutting down your system
- Creating botnets
- Stealing data and money
Worms work by exploiting weaknesses in operating systems. Crucially, it requires no human action to put them onto a system other than the initial deployment.
Once an attack has been deployed, the worm can quickly replicate itself and spread to other systems across a network. Worms are often used to delete files, steal information, or encrypt data that hides another attack, such as ransomware.
3. Trojan horses
Trojan horses are another type of attack that requires you to install something on your system for it to work. Typically, criminals will deploy a Trojan horse via a file or program that looks harmless. Once you have installed a program or saved the file, criminals can then access your system.
From there, attackers can do a whole host of things, including:
- Steal your data
- Monitor your activity
- Watch you through your webcam
- Install and deploy other types of malware
While Trojan horses can’t replicate themselves, attackers often combine them with worms, which can cause massive damage and help criminals access more systems quicker.
Spyware is controversial, as it’s often deployed in legitimate products and programs without the user’s knowledge. While the adoption of the GDPR is likely to reduce instances of this, at least in the European Union (EU), it remains a problem.
Criminals also widely deploy spyware, often using it to monitor activity, harvest information, and steal passwords and financial information.
In addition to being included with some legitimate programs, spyware can also be deployed alongside Trojan horse malware or by attackers exploiting weaknesses in software.
Adware – advertising software – shows you unwanted advertisements.
There is some legitimate adware software, but you have to give them permission to show you ads and collect your data when you install them.
Malicious adware will do things like change your homepage and randomly redirect you to advertising sites. Such adware can install itself via browser vulnerabilities if you visit a dangerous website. But they may also be included in software downloads.
Given its potential for generating enormous sums of money for criminals, ransomware is the type of malware we often hear most about these days.
Ransomware typically finds its way onto your system via phishing emails that include malicious attachments or facilitate “drive-by” downloads onto your system.
Once ransomware is installed, criminals typically control your system and demand payment to give you back access, hence ransomware’s name.
While ransomware targeting businesses can ask for millions of dollars in return for information and access, many schemes work by targeting individuals and collecting many smaller payments.
Five famous malware attacks
Malware attacks, or attempts at malware attacks, happen every day. Below are five of the most famous attacks across the malware types described above.
1. CovidLock, a 2020 ransomware attack
Times of uncertainty and panic are always lucrative opportunities for cybercriminals. People are anxious about their finances and the future.
In 2020, attackers took advantage of the COVID-19 pandemic to try and profit using ransomware attacks.
CovidLock infected computer systems via files that supposedly included information about the virus. If you installed CovidLock, you were then faced with a $100 payment demand to gain access to your devices.
2. Emotet, a 2018 Trojan Horse
Emotet has been around since 2014. It is still widely deployed and considered one of the most dangerous cyber threats faced by businesses today.
Emotet achieved global notoriety in 2018 when several banks and governmental organizations lost millions of dollars to criminals using this Trojan horse to access systems and steal data and cash.
3. Stuxnet, a 2010 worm
Stuxnet is a notable example of malware being used for national security purposes. It is also an excellent example of what people mean when they say modern wars are fought in cyberspace.
This 2010 worm is believed to have been deployed by the United States and Israeli governments to disrupt Iran’s nuclear program. Stuxnet was deployed via USB drives, with several accounts of special forces covertly swapping products in stores where they knew workers at Iran’s nuclear facilities shopped.
It is believed a similar technique was used to confirm the location of Osama bin Laden before his killing.
4. Melissa, a 1999 virus
Melissa was perhaps the most famous virus of the early days of the boom in internet growth. Spread via a Microsoft Word attachment, recipients would receive an email with a subject line saying “Important message from ”. Upon opening the attachment, the recipient’s system would be infected, and the virus would continue to spread via email.
5. WannaCry, a 2017 ransomware attack
WannaCry is one of the most notorious and expensive ransomware attacks in history, leading to estimated losses of over $4 billion across individuals, educational institutions, hospitals, and businesses.
WannaCry was distributed via phishing emails and is believed to have been deployed successfully at least 200,000 times.
Malware prevention, protection, detection and removal
Malware has the potential to do anything from briefly disrupting your life or operations. As such, you must know how to prevent and protect yourself from attacks and also how to detect and remove malware if it does end up on your system.
As we’ve seen, not all malware requires human action to find its way onto a system. Still, most types are deployed via phishing emails. The best means of prevention is ensuring you use spam filters to the max.
In addition to using spam filters, look at using email programs that preemptively scan attachments. In a business context, you might even ban the sending of all attachments and use cloud storage software for sharing and collaborating on files. It’s also common for businesses to have systems in place to limit or monitor emails that come from outside the company.
You might also take steps to minimize the impact of specific types of attacks. For example, having backups of your data means you’ll never need to pay a ransomware demand. However, you might still have to deal with the fallout of the data breach.
From a personal perspective, anti-virus software combined with high diligence levels is the best defense against malware.
If you’re looking at protecting a business, you should look at more advanced software tools to keep your data and finances safe. Learn how LogPoint can help you protect your business from malware attacks.
Even with prevention and protection systems in place, there is still a chance you can fall victim. In many cases, anti-virus tools will work to detect and remove the malware in question, even if it was unable to prevent its installation in the first place.
In a business context, security information and event management (SIEM) software monitors network traffic and your overall IT infrastructure to detect when malware may be present.
Malware removal can often be as straightforward as conducting a security scan and having your anti-virus software remove it from your system. However, the removal method can differ depending on the type you’ve been infected with. If your current security program cannot remove the malware, you will need to look at another solution, or have an IT professional look at doing it manually.
You will also need to audit log files and your system registry to ensure any additional files and programs have been removed. Many people are repeat victims to malware by removing the primary attack but not dealing with associated elements.
Commonly asked questions about malware
While there is much information about malware available online, many sources of confusion and outright myths persist, which likely contributes to many successful malware attacks.
Can Mac computers be infected with malware?
Yes, although they are less likely to be infected with viruses because viruses that attack Windows systems need a Windows operating system to succeed. The Mac operating system itself is also more secure.
Can your mobile device be infected with malware?
Yes. Android devices are more susceptible than iOS devices because you can download apps from various sources. In contrast, with an iOS device, you’re limited to the App Store. However, users who “jailbreak” their iPhone will increase the risk of their device becoming infected.
Regardless of where you download content from, you should also maintain anti-virus software on your mobile devices.
Protecting yourself and your business from malware attacks
Considering the potential consequences of falling victim to a malware attack, it doesn’t cost much to protect yourself.
While you can use SIEM software and other tools to monitor and deal with threats proactively, remember that a lot of malware depends on human action to work. You must combine software with ongoing training and awareness for yourself and your teams to ensure you give yourself the highest possible level of protection from malware threats.