Malware explained: How to prevent, discover and recover from it

What are the types of malware? How tin can you prevent, discover, or remove information technology? We've got answers.

Contributing writer, CSO |

CSO > danger / security threat / malware / binary skull overlaying binary code
Jakarin2521 / Simon2579 / Getty Images

Malware definition

Malware, short for malicious software, is a coating term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and proceeds access to sensitive data. As Microsoft puts it, "[malware] is a catch-all term to refer to whatsoever software designed to cause impairment to a single calculator, server, or computer network." In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it.

This means that the question of, say, what the difference is betwixt malware and a virus misses the signal a flake: a virus is a type of malware, so all viruses are malware (but non every piece of malware is a virus).

Types of malware

There are a number of dissimilar ways of categorizing malware; the start is by how the malicious software spreads. You've probably heard the words virus, trojan, and worm used interchangeably, merely every bit Symantec explains, they describe three subtly different means malware tin can infect target computers:

  • A wormis a standalone slice of malicious software that reproduces itself and spreads from computer to computer.
  • A virusis a slice of computer code that inserts itself within the lawmaking of another standalone program, and so forces that plan to take malicious activity and spread itself.
  • A trojanis a programme that cannot reproduce itself just masquerades as something the user wants and tricks them into activating it and so it can do its damage and spread.

Malware can also be installed on a calculator "manually" past the attackers themselves, either by gaining physical access to the computer or using privilege escalation to gain remote administrator admission.

Another way to categorize malware is past what it doesone time it has successfully infected its victim's computers. There are a wide range of potential attack techniques used by malware:

  • Spywareis divers by Webroot Cybersecurity as "malware used for the purpose of secretly gathering data on an unsuspecting user." In essence, it spieson your behavior as you utilise your computer, and on the data you send and receive, commonly with the purpose of sending that data to a third party. A keyloggeris a specific kind of spyware that records all the keystrokes a user makes—great for stealing passwords.
  • A rootkitis, as described by TechTarget, "a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system." It gets its name because it'southward a kit of tools that (generally illicitly) gain root access(administrator-level control, in Unix terms) over the target organization, and use that power to hide their presence.
  • Adware is malware that forces your browser to redirect to web advertisements, which often themselves seek to download further, even more than malicious software. As The New York Times notes, adware often piggybacks onto tempting "free" programs like games or browser extensions.
  • Ransomwareis a flavor of malware that encrypts your hard drive's files and demands a payment, usually in Bitcoin, in exchange for the decryption key. Several loftier-profile malware outbreaks of the final few years, such as Petya, are ransomware. Without the decryption cardinal, information technology's mathematically incommunicable for victims to regain admission to their files. So-called scarewareis a sort of shadow version of ransomware; information technology claims to have taken command of your calculator and demands a bribe, but actually is just using tricks like browser redirect loops to make it seem as if it's done more damage than it really has, and unlike ransomware can be relatively easily disabled.
  • Cryptojackingis some other manner attackers tin can force y'all to supply them with Bitcoin—simply information technology works without y'all necessarily knowing. The crypto mining malware infects your computer and uses your CPU cycles to mine Bitcoin for your attacker'south profit. The mining software may run in the background on your operating organisation or even as JavaScript in a browser window.
  • Malvertising is the use of legitimate ads or advertizing networks to covertly deliver malware to unsuspecting users' computers. For example, a cybercriminal might pay to place an ad on a legitimate website. When a user clicks on the ad, code in the advertizing either redirects them to a malicious website or installs malware on their computer. In some cases, the malware embedded in an ad might execute automatically without any action from the user, a technique referred to as a "bulldoze-by download."

Any specific piece of malware has both a ways of infection and a behavioral category. So, for instance, WannaCry is a ransomware worm. And a particular slice of malware might have dissimilar forms with different attack vectors: for example, the Emotet cyberbanking malware has been spotted in the wild as both a trojan and a worm.

A look at the Center for Internet Security's peak 10 malware offenders for June of 2022 gives you a good sense of the types of malware out there. By far the most mutual infection vector is via spam email, which tricks users into activating the malware, Trojan-style. WannaCry and Emotet are the most prevalent malware on the list, but many others, including NanoCore and Gh0st, are what's called Remote Access Trojansor RATs—essentially, rootkits that propagate like Trojans. Cryptocurrency malware like CoinMiner rounds out the list.

How to prevent malware

With spam and phishing e-mail being the main vector by which malware infects computers, the best way to forbid malware is make sure your email systems are locked down tight—and your users know how to spot danger. We recommend a combination of advisedly checking fastened documents and restricting potentially dangerous user behavior—as well equally but familiarizing your users with common phishing scams and then that their common sense can kick in.

When it comes to more than technical preventative measures, at that place are a number of steps yous can accept, including keeping all your systems patched and updated, keeping an inventory of hardware and then yous know what you demand to protect, and performing continuous vulnerability assessments on your infrastructure. When it comes to ransomware attacks in particular, one mode to exist prepared is to always make backups of your files, ensuring that you lot'll never need to pay a bribe to become them back if your hard drive is encrypted.

Malware protection

Antivirus software is the about widely known production in the category of malware protection products; despite "virus" beingness in the name, most offerings take on all forms of malware. While loftier-end security pros dismiss it as obsolete, information technology'southward still the courage of basic anti-malware defense. Today's best antivirus software is from vendors Kaspersky Lab, Symantec and Tendency Micro, according to contempo tests by AV-Examination.

When it comes to more advanced corporate networks, endpoint securityofferings provide defense force in depth against malware. They provide not merely the signature-based malware detection that you wait from antivirus, but anti-spyware, personal firewall, application control and other styles of host intrusion prevention. Gartner offers a listing of its top picks in this space, which include products from Cylance, CrowdStrike, and Carbon Black.

How to detect malware

It's fully possible—and perhaps even probable—that your organization will exist infected by malware at some point despite your best efforts. How can you tell for sure? CSOcolumnist Roger Grimes has written a deep dive into how to diagnose your PC for potential malware that you might find helpful.

When you get to the level of corporate It, there are too more advanced visibility tools y'all can utilize to see what's going on in your networks and discover malware infections. Most forms of malware use the network to either spread or send data back to their controllers, so network traffic contains signals of malware infection that you might otherwise miss; there are a wide range of network monitoring tools out there, with prices ranging from a few dollars to a few thousand. There are also SIEM tools, which evolved from log direction programs; these tools analyze logs from various computers and appliances across your infrastructure looking for signs of problems, including malware infection. SIEM vendors range from industry stalwarts like IBM and HP Enterprise to smaller specialists similar Splunk and Alien Vault.

Malware removal

How to remove malware in one case you're infected is in fact the million dollar question. Malware removal is a tricky business, and the method can vary depending on the type you're dealing with. CSOhas data on how to remove or otherwise recover from rootkits, ransomware, and cryptojacking. Nosotros also have a guide to auditing your Windows registry to effigy out how to movement forward.

If you're looking for tools for cleansing your system, Tech Radar has a practiced roundup of gratuitous offerings, which contains some familiar names from the antivirus globe along with newcomers like Malwarebytes.

Malware examples

Nosotros've already discussed some of the current malware threats looming large today. But there is a long, storied history of malware, dating dorsum to infected floppy disks swapped by Apple Ii hobbyists in the 1980s and the Morris Worm spreading across Unix machines in 1988. Some of the other loftier-profile malware attacks have included:

  • ILOVEYOU, a worm that spread similar wildfire in 2000 and did more than $xv billion in damage
  • SQL Slammer, which ground internet traffic to a halt within minutes of its outset rapid spread in 2003
  • Conficker, a worm that exploited unpatched flaws in Windows and leveraged a variety of attack vectors – from injecting malicious code to phishing emails – to ultimately crack passwords and hijack Windows devices into a botnet.
  • Zeus, a late '00s keylogger Trojan that targeted banking information
  • CryptoLocker, the starting time widespread ransomware attack, whose lawmaking keeps getting repurposed in similar malware projects
  • Stuxnet, an extremely sophisticated worm that infected computers worldwide but merely did real damage in ane place: the Iranian nuclear facility at Natanz, where it destroyed uranium-enriching centrifuges, the mission information technology was built for by U.South. and Israeli intelligence agencies

Malware trends

You tin can count on cyber criminals to follow the money. They will target victims depending on likelihood of delivering their malware successfully and size of potential payout. If y'all look at malware trends over the past few years, you will see some fluctuation in terms of the popularity of certain types of malware and who the nearly common victims are—all driven by what the criminals believe will have the biggest ROI.

Recent inquiry reports indicate some interesting shifts in malware tactics and targets. Cryptominers, which had surpassed ransomware equally the well-nigh mutual type of malware, are falling out of favor due to the decline in cryptocurrency values. Ransomware is becoming more targeted, moving away from a shotgun approach.

Malware attacks on businesses spike

Businesses saw a 79 percent increase in the amount of malware they dealt with in 2022 over 2017, according to the Malwarebytes Labs Land of Malware Report 2019. "What nosotros usually run into year-end or quarterly finish is that there has been some sort of increase or large amounts of detections on the consumer side," says Adam Kujawa, director of Malwarebytes Labs. "On the business organisation side it might slowly grow, but certainly nothing similar nosotros've seen this last 6 months." Past comparing, consumer detections decreased by 3 percentage over the same menstruum.

"We've observed that there is a significant push by cyber criminals to move away from consumers and put their really heavy stuff confronting businesses instead," Kujawa adds.

That "really heavy stuff" comes largely in the form of older consumer-focused malware that's "been weaponized" to become a bigger, more than versatile threat for business organisation. Kujawa cites Emotet equally i of the virtually meaning. "It'south a nasty little data stealing Trojan that too installs additional malware, spreads laterally, and acts as its own spam sender. Once it infects a system, it starts sending e-mail and tries to infect other people."

Emotet has been around since 2022 and targeted mainly consumers. Originally, it infected a computer looking for an individual's financial or credit card information to steal. Since then, information technology's picked up new capabilities inspired past or borrowed from other successful malware like Wannacry or EternalBlue. "Now it's go much more than modular and nosotros see it able to utilize these exploits to traverse through a corporate network whereas earlier they were express to a single endpoint," says Kujawa. "Fifty-fifty if information technology'due south a small network in a modest business, it'due south more juicy than infecting Grandma."

Lateral move of malware is increasing, co-ordinate to the Global Threat Report: The Year of the Next-Gen Cyberattack from Carbon Black. Near threescore percent of malware attacks on business are now designed to move laterally across a network.

One reason for the spike in malware attacks on business might be the EU'south General Data Privacy Regulation (GDPR). Kujawa believes it's possible that attackers stepped upwards business attacks thinking that it would be harder to steal personal and other data after the regulation went into event. That combined with the decline of cryptocurrency values and stepped up defenses against ransomware turned attackers to what worked in the past. "They e'er [go back to what works]," he says. "Cyber law-breaking is cyclical. It always comes back around."

Cryptomining attacks reject

The Malwarebyte Labs report has seen a shift away from cryptomining starting in the second quarter of 2018, due largely to the decline in cryptocurrency values. Notwithstanding, the number of cryptomining detections increased for the twelvemonth by 7 percentage.

Instead, cyber criminals are turning to information stealing malware like Emotet to turn a profit. "Overall, information technology seems every bit though criminals have reached the consensus that sometimes stealing is ameliorate than mining," the report stated.

Ransomware becoming more targeted

Kujawa notes that small and medium-sized businesses (SMBs) are becoming more pop targets. He attributes this to the likelihood of beingness paid for ransomware attacks—SMBs frequently can't afford the downtime and see paying ransom every bit the fastest way to recover. They too often softer targets than larger businesses.

Ransomware detections really declined by 26 per centum worldwide in 2018, according to the Malwarebytes written report. However, ransomware detections at businesses rose by 28 percent. Industries nearly often targeted were consulting, instruction, manufacturing and retail. Kujawa believes criminals focus on these industries because of opportunity and likelihood of ransoms existence paid.

More on malware

  • Alien malware a ascent threat to mobile banking users
  • How SilentFade group steals millions from Facebook ad spend accounts
  • After a decade, Qbot Trojan malware gains new, dangerous tricks
  • Ryuk ransomware explained: A targeted, devastatingly constructive attack
  • Malware detection in 9 easy steps
  • How to find and prevent crypto mining malware
  • 8 types of malware and how to recognize them
  • Infected with malware? Check your Windows registry

Josh Fruhlinger is a writer and editor who lives in Los Angeles.

Copyright © 2022 IDG Communications, Inc.