Get a closer look at six of the most common types of malware and the characteristics of each.
Malware is a piece of software designed to cause damage to a computer, server, or network of computers. Although colloquially all nefarious programs are called viruses, a computer virus is just one type of malware among many. Malware is the umbrella term for malicious software, and there are different types of malware classified by how they attack and spread.
To adequately secure networks, it’s important to understand how different types of malware function and how to detect them. Malicious actors often combine different types of malware to execute an attack. Security practitioners must be aware of the types of malware that are commonly combined and how to build resilience against these possible threats. Here’s a closer look at six of the most common types of malware and the characteristics of each.
A computer virus modifies the system files of the host computer to execute malicious code and infect other files. Viruses are the only form of malware that modifies other files on a computer. Computer viruses are a minority among the total malware detected today due to the stronger protection offered by most modern operating systems. Still, they continue to present a threat to organizations of all sizes. If a computer is infected with a virus, it is the most difficult type of malware to clean up. Often the only solution is to ‘quarantine’ or to delete the infected files.
An example of a major virus is Melissa, which was distributed as an email attachment in the late 90s. Melissa disabled Microsoft Word safeguards and if the infected user had Outlook, would then send itself to the first 50 people in their address book in order to propagate the virus.
Ransomware has become increasingly prominent in recent years and has grown significantly during the COVID-19 pandemic, with new ransomware samples growing by 72% in the first six months of 2020. This type of malware encrypts data in an information system and demands payment in exchange for regaining access. The payment is commonly demanded in cryptocurrencies due to their untraceable nature. Though the malicious actors claim that they will unencrypt data after the ransom is paid, there is no guarantee that users will receive the decryption key, and according to the Center for Internet Security (CIS), one ransomware variant deletes files even if the ransom has been paid.
A recent ransomware attack on Baltimore's computer system illustrates the immense cost of a cyber attack (which includes financial and non-financial costs). The ransomware named RobbinHood impeded activities of the local government and cost them more than $18 million in damages. Ryuk, another high-profile ransomware strain targets corporate environments and is spread mainly through spam emails to corporate email accounts.
Trojans are another type of malicious software that looks and behaves like legitimate software but contains malicious code. The most common entry point of a trojan is from pop-up banners on websites that indicate that the user’s computer is infected with viruses and needs antivirus software to clean it up. The “antivirus software” user download contains malicious code designed to gain backdoor access to systems, steal sensitive data, or spy on user or network activities. Trojans can also infect devices when unsuspecting users open attachments or click links in spam emails.
The user has to execute it or take some action for a trojan to take root in the computer. Some trojans provide remote access to cybercriminals and are called RATs (Remote Access Trojans). Trojans are a widespread problem as they are easy to write and gain access to computers by tricking users. Emotnet is one example of a dangerous trojan that affects banking processes by evading signature-based detection. It has been in use by cybercriminals since 2014.
Spyware tracks the activities of the user on the infected computer including keystrokes, passwords, pin codes, payment-related information, personal messages, and other identifiable information. Spyware can come in the form of adware (malicious advertisements that are designed to force clicks from users) as well as in spoofing emails and even bundled with other software (typically “freeware”). In some cases, spyware can infect a device when a user agrees to the terms and conditions of a legitimate software program – that’s why it’s important to always read the fine print. Spyware can also act as rootkits by providing cybercriminals remote access to the host of the spyware.
DarkHotel is a threat actor group targeting vulnerable shared Wi-Fi networks in luxury hotels. Their modus operandi is to execute spear-phishing attacks on the top executives of these hotels. The group breaches systems through several means, including presenting users who log into a network with a dialog box asking them to install an update that appears legitimate but is actually spyware. Once installed, the malware enables keylogging and other information-stealing capabilities that send sensitive information to the attackers.
Worms have been a persistent form of malware from the bygone era of mainframe computers. The distinctive feature of worms is their ability to self-replicate. Worms replicate themselves in different computers in the same network as the infected computer. Worms can gain access to a system in multiple ways: through backdoors in software, from other computers in the same network, vulnerabilities in the operating system, through flash drives, etc. The worm spreads from device to device without any action from the user. Worms can be used by malicious actors to initiate a DDoS attack, steal data, or give attackers control over a system.
Stuxnet is one of the most famous worms. It was introduced to Iran’s nuclear program facilities through malicious USB sticks. It is believed to have been developed by American and Israeli intelligence forces to launch an attack on Iran’s nuclear program. The theory was that the worm would be contained within the program and would not spread outside. But that was not the case, and the worm spread widely.
Bots are hybrid forms of malware that can execute automated tasks through remote instruction. Many bots are used for legitimate purposes, but they can also be appropriated for nefarious actions. A large set of bots infecting a number of systems and communicating with a central server is known as a botnet. Botnets can act like a swarm, attacking in sync, making them capable of large-scale attacks.
One of the most widely known botnets is Mirai, which first emerged in 2016, although the first botnet was developed back in 2001 for the purpose of sending spam. Mirai’s source code has served as the foundation for several variants since then, including the Echobot in 2019 which targets IoT devices and enterprise applications.
The Zeus Virus, otherwise known as Zbot, is another example of a famous botnet. Discovered in 2007, the Zbot targeted Microsoft Windows through spam messages and drive-by downloads, with the goal of stealing users’ bank account details and subsequently, their funds. The creator released the source code to the public in 2011, leading to a number of variants and iterations, and its components have been used to develop other malware.
The age-old proverb, ‘An ounce of prevention is worth a pound of cure,’ applies to modern cyber systems, too. The best thing is to avoid behaviors that create vulnerabilities and open sensitive data and systems up to potential cyberattacks. You should ensure that your business is well secured with robust and updated cybersecurity measures. Because cyber criminals are constantly developing more sophisticated attack methods, protecting your business’s interests with cyber insurance coverage helps to ensure that your business has the means and resources to recover should a breach occur.