Home

Types of Malware Cybersecurity Professionals Should Know

|
|  Updated:  
2021-04-26 18:45:40
Cybersecurity All-in-One For Dummies
Explore Book
Buy On Amazon
Malware, or malicious software, is an all-encompassing term for software that intentionally inflicts damage on its users who typically have no idea that they are running it.

Malware includes computer viruses, worms, Trojans, ransomware, scareware, spyware, cryptocurrency miners, adware, and other programs intended to exploit computer resources for nefarious purposes.

Viruses

Computer viruses are instances of malware that, when executed, replicate by inserting their own code into computer systems. Typically, the insertion is in data files (for example, as rogue macros within a Word document), the special portion of hard drives or solid state drives that contain the code and data used to boot a computer or disk (also known as boot sectors), or other computer programs.

Like biological viruses, computer viruses can’t spread without having hosts to infect. Some computer viruses significantly impact the performance of their hosts, while others are, at least at times, hardly noticeable.

While computer viruses still inflict tremendous damage worldwide, the majority of serious malware threats today arrive in the form of worms and Trojans.

Worms

Computer worms are standalone pieces of malware that replicate themselves without the need for hosts in order to spread. Worms often propagate over connections by exploiting security vulnerabilities on target computers and networks.

Because they normally consume network bandwidth, worms can inflict harm even without modifying systems or stealing data. They can slow down network connections — and few people, if any, like to see their internal and Internet connections slow down.

Trojans

Trojans (appropriately named after the mythical Trojan horse) is malware that is either disguised as non-malicious software or hidden within a legitimate, non-malicious application or piece of digital data.

Trojans are most often spread by some form of social engineering — for example, by tricking people into clicking on a link, installing an app, or running some email attachment. Unlike viruses and worms, Trojans typically don’t self-propagate using technology — instead, they rely on the effort (or more accurately, the mistakes) of humans.

Ransomware

Ransomware is malware that demands that a ransom be paid to some criminal in exchange for the infected party not suffering some harm.

Ransomware often encrypts user files and threatens to delete the encryption key if a ransom isn’t paid within some relatively short period of time, but other forms of ransomware involve a criminal actually stealing user data and threatening to publish it online if a ransom is not paid.

Some ransomware actually steals the files from users’ computers, rather than simply encrypting data, so as to ensure that the user has no possible way to recover his or her data (for example, using an anti-ransomware utility) without paying the ransom.

Ransomware is most often delivered to victims as a Trojan or a virus, but has also been successfully spread by criminals who packaged it in a worm. In recent years sophisticated criminals have even crafted targeted ransomware campaigns that leverage knowledge about what data is most valuable to a particular target and how much that target can afford to pay in ransoms.

The image below shows the ransom demand screen of WannaCry — a flavor of ransomware that inflicted at least hundreds of millions of dollars in damage (if not billions), after initially spreading in May 2017.

Many security experts believe that the North Korean government or others working for it created WannaCry, which, within four days, infected hundreds of thousands of computers in about 150 countries.

Wanna Cry ransomware Ransomware demanding ransom.

Scareware

Scareware is malware that scares people into taking some action. One common example is malware that scares people into buying security software. A message appears on a device that the device is infected with some virus that only a particular security package can remove, with a link to purchase that “security software.”

Spyware

Spyware is software that surreptitiously, and without permission, collects information from a device. Spyware may capture a user’s keystrokes (in which case it is called a keylogger), video from a video camera, audio from a microphone, screen images, and so on.

It is important to understand the difference between spyware and invasive programs. Some technologies that may technically be considered spyware if users had not been told that they were being tracked online are in use by legitimate businesses; they may be invasive, but they are not malware.

These types of nonspyware that also spies includes beacons that check whether a user loaded a particular web page and tracking cookies installed by websites or apps. Some experts have argued that any software that tracks a smartphone’s location while the app is not being actively used by the device’s user also falls into the category of nonspyware that also spies — a definition that would include popular apps, such as Uber.

Cryptocurrency miners

Cryptocurrency miners are malware that, without any permission from devices’ owners, commandeers infected devices’ brainpower (its CPU cycles) to generate new units of a particular cryptocurrency (which the malware gives to the criminals operating the malware) by completing complex math problems that require significant processing power to solve.

The proliferation of cryptocurrency miners exploded in 2017 with the rise of cryptocurrency values. Even after price levels subsequently dropped, the miners are still ubiquitous as once criminals have invested in creating the miners, there is little cost in continuing to deploy them.

Not surprisingly, as cryptocurrency prices began to rise again in 2019, new strains of cryptominers began to appear as well — some of which specifically target Android smartphones.

Many low-end cybercriminals favor using cryptominers. Even if each miner, on its own, pays the attacker very little, miners are easy to obtain and directly monetize cyberattacks without the need for extra steps (such as collecting a ransom) or the need for sophisticated command and control systems.

Adware

Adware is software that generates revenue for the party operating it by displaying online advertisements on a device. Adware may be malware — that is, installed and run without the permission of a device’s owner — or it may be a legitimate component of software (for example, installed knowingly by users as part of some free, ad-supported package.)

Some security professionals refer to the former as adware malware, and the latter as adware. Because no consensus exists, it’s best to clarify which of the two is being discussed when you hear someone mention just the generic term adware.

Blended malware

Blended malware is malware that utilizes multiple types of malware technology as part of an attack — for example, combining features of Trojans, worms, and viruses.

Blended malware can be quite sophisticated and often stems from skilled attackers.

Zero day malware

Zero day malware is any malware that exploits a vulnerability not previously known to the public or to the vendor of the technology containing the vulnerability, and is, as such, often extremely potent.

Regularly creating zero day malware requires significant resource and development. It’s quite expensive and is often crafted by the cyber armies of nation states rather than by other hackers.

Commercial purveyors of zero day malware have been known to charge over $1 million for a single exploit.

Cybersecurity professionals need to know the possible security vulnerabilities and ensure systems are prepare for a variety of cyberattacks.

About This Article

This article is from the book: 

About the book author:

Joseph Steinberg is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP , ISSAP , ISSMP , and CSSLP . Joseph has written several books on cybersecurity, including the previous edition of Cybersecurity For Dummies. He is currently a consultant on information security, and serves as an expert witness in related matters.