Malware is an umbrella term for different malicious software, such as spyware, ransomware, and viruses. Malware is a code developed by attackers to attack a system and associated data or access a third-party network. The medium used to deploy malware is most commonly an email. The email contains links or attachments that, when clicked or downloaded, resulting in the execution of the malware code.
The malware appeared in the late 1970s, with the introduction of the Creeper virus, which threatened individual users and organizations. Since then, the world has seen thousands of malware variants, all having the same intentdisruption and destruction of services.
The malware contains payloads that are deployed on target systems in various ways. An attacker’s motives range from demanding money to stealing information, and they are beginning to get smarter with their attack techniques. Here are the different types of malware present today.
Types of Malware
Some of these terms have already been briefly discussed in the cybersecurity terminology section in Chapter One. In this section, you will understand them in more detail.
The virus is a generic term used by regular computer users and the media for any malware that makes the headlines. However, it is unfair to say that all malware is a virus. A computer virus attaches to files on your system or on pointers to those files and gets triggered when the user executes the files. For example, a user may be executing a normal PDF document, and the virus would have leached onto it via embedded code.
The digital domain does not commonly have any pure viruses today as they make up for less than ten percent of malicious software. This is a good thing. The virus is the only subgenre of malware that sits on one file and then spreads to another file. Given this nature, it becomes a difficult task to clean viruses as they can keep spreading. Cleaning up viruses has always been complicated, and even the best antivirus solutions struggle with it. Most antivirus solutions are only capable of detecting and quarantining infected files. They cannot clean them and, therefore, just end up deleting these files as a last re-sort. One may argue what the harm is in deleting files, but if these files are essential for your application or web application to function, their deletion will lead to the malfunction of your application or website.
The history of the existence of worms predates viruses. They have been present ever since the development of mainframes. They became popular in the 1990s with the introduction of email, and security experts were frustrated with worms arriving as email attachments. One employee would open an email with a worm, and the entire organization would be infected in a short period.
What distinguishes a worm from a virus is that a worm is self-replicating. For instance, the Iloveyou worm, on the days of its inception, took over the world by affecting emails, phone systems, television networks, etc. Other popular worms, like MS Blaster and SQL Slammer, also ensured that they would be remembered forever in computer security history.
A worm is extremely dangerous because it can spread like wildfire without any user interaction. Contrary to this, viruses need a human to trigger them and then infect other files. Worms can just depend on files and processes in the system to execute.
For instance, the SQL Slammer still holds the record to date for exploiting a vulnerability in Microsoft SQL, to create buffer overflows on every SQL server with Internet connectivity within ten minutes.
Attackers have moved from worms to Trojans as a weapon for implementing attacks. Trojans pretend to look like genuine programs or files but have malicious code embedded in them. Trojans were present in the digital world even before viruses and are the most popular malware amongst cyber- criminals today. Like viruses, even Trojans need user interaction to be executed. Trojan use emails or malicious websites as a medium to arrive at a target system. The most common and popular type of Trojan is a fake antivirus. You may have seen pop-ups while visiting certain websites that say your computer is infected and asks you to download software to clean the virus. You may believe that it is true and take the bait and end up downloading and installing a Trojan instead. The Trojan then takes control of your system. It is difficult to defend yourself against a Trojan for two reasons. 1. Trojans are easy to code, and cybercriminal groups have even developed Trojan building kits today. 2. Trojans are deployed onto a system by tricking users, and therefore, they conveniently dodge traditional defences like a firewall. There are literally millions of Trojans that are developed every month. Antivirus developers try their best to counter Trojans, but the signatures are too many to keep track of.
The malware present today is a hybrid combination of malicious software, Trojans, and even viruses. The malware may look like a Trojan in the beginning, but its execution will end up attacking all users on the network, a nature exhibited by worms.
Malware programs today are considered to be stealth programs or rootkits. This means that the main objective of malware today is to take control of the computer’s operating system and manipulate it in such a way that even anti- malware programs cannot detect it. The only way to get rid of such malware is to disconnect the memory component that has control of the system.
Another hybrid combination of Trojans and worms are bots that exploit one system and try to add it to an attack toward a larger infrastructure. Bots place themselves on individual computer systems and then receive instructions from botmasters, which are command and control servers for the bot network. Bot networks known as botnets can infest a few hundred computers to a network of thousands of servers over the Internet, controlled by a single botmaster. Botmasters often rent these botnets out to other criminals who use them for their specific needs.
Ransomware is malware through which attackers encrypt all your data and demand a ransom to decrypt it. Attackers initially used to target individual users with ransomware but realized the monetary benefits of targeting bigger institutions, such as banks, hospitals, etc. Ransomware will be discussed in depth later.
is is not really a different type of malware but has made it as a classification based on the way malware is used to exploit a user. Traditional mal- ware infects systems by taking control of the file system. On the other hand, fileless malware does not touch the file system but spreads within system memory or employs other non-file components such as APIs, scheduled tasks, and registry keys. Fileless malware exploits a program running in the system to become its sub-process. Or it uses system tools such as the PowerShell in Microsoft Windows-based operating systems. Attackers have started using fileless malware because they are difficult to detect. For instance, Operation Cobalt Kitty is a fileless malware that became pop- ular for infecting PowerShell and attacking Asian companies for six months. The malware was deployed onto target systems by using spear phishing emails.
If you have come across malware only in the form of adware, consider yourself lucky. Adware infects a computer and just keeps popping up un- wanted ads. The most common ads that appear through adware redirect users to websites containing promotions for other products. Adware is potentially harmless but can get very annoying.
Do not confuse this with adware, but malvertising makes use of genuine ads to deliver malicious files to a target system. For example, an attacker might pay a website to place a malicious ad on their web page. A user clicking on this ad will be redirected to the attacker’s website or will instantly download mal- ware onto the user’s system. Often, malware in the ads executes without any user interaction, a technique called drive-by-download. There have been instances when attackers hacked into big ad engines like Yahoo to deploy malware through their ads into bigger websites, such as Spo- tify, New York Times, The London Stock Exchange, etc. Attackers use malvertising to make money. They deploy malware through ads that are capable of crypto mining and ransomware infections.
Spyware is a type of malware used by attackers to spy on people’s activities. It is mostly used by partners in a relationship to spy on each other, but attack- ers also use spyware to understand a target’s activity and log their keystrokes. A regular scanner can detect spyware and help you uninstall it.
Protecting Yourself from Malware
If you feel that your system is infected, follow the steps given below immediately.
Install/Update your Antivirus
If you do not have an antivirus solution, purchase one, and install it im- mediately. It is a small price to pay for your system’s health and the important data it contains. You can trust providers such as Norton Security, Kaspersky, McAfee, and Avast, among many others. Most of these solutions are rated 4.5 stars. Run a deep scan once you have installed the antivirus and let it run even if it takes a lot of time. The only problem is that the malware is very advanced; it knows how to deactivate the antivirus. If you already have an antivirus solution and it has failed to detect the mal- ware, it mostly means that you have not updated its signatures. The job is not over by just installing an antivirus solution. New malware is developed everyday, and therefore, you need to update your antivirus signatures so that they can detect this new malware. You are opening your system to new malware even if your antivirus is a single day out of the update.
Most operating systems, such as Microsoft Windows, have a feature called system restore. This basically stores an image of your entire system at regular intervals. This means that if your system contracted malware today, and there is a system restore point available for yesterday, you could restore your system to how it was yesterday, which will remove the malware. However, sometimes malware code is written so that it won’t let you run the system restore. In such cases, you may need to reboot your system to enable safe mode and then try to run a system restore.
Disconnect from the Internet
If there is malware that is being used to steal information from your computer, it means that someone is remotely controlling it through the Internet. The first step to deal with this is disconnecting the Internet completely. Plug out the Ethernet cable, disable Wi-Fi, and even shut down the router if needed. You may argue that your antivirus will not update if you have disconnected the Internet, but you can install antivirus through an offline solution. At least you will be at peace that the attacker no longer has access to your information.
Get a Portable Antivirus Solution
If everything is failing, and you are not even allowed to install antivirus, it means the malware has taken control of the operating system. You need to find a way to take control without having to deal with the operating system. In such cases, you can use portable antivirus solutions that can be loaded on to a USB drive. Some of these are ClamWin, Kaspersky Security Scan, McAfee Stinger, and Microsoft Safety Scanner. You can, in fact, have all of these on a USB drive and run individual scans without causing any conflict. The aftermath of a malware infection can be difficult at the beginning. It is like coming back to live in a home that was robbed. It will take time to feel safe again. Once you are back, take steps to increase the security of your system. Get the best security solutions, even if they cost a bit. Also, uninstall unwanted software at regular intervals, and delete temporary files. You can be ruthless and strict, but also careful at the same time.