What is malware?

As the digital landscape continues to evolve, so does malware. Hackers develop new types of malware every year. That’s why you should stay up-to-date on malware news.

What is malware? A definition

Malware is malicious software that hackers use to attack your computer systems. Their goal is to damage or destroy your devices, service, or network. The definition is in the name itself, malware is short for malicious software. Malware is basically a file or code delivered over a network to infect, explore, steal or conduct virtually any behavior an attacker wants. Other common malware include worms, viruses, spyware, Trojan horses, and adware.Malware is typically used to achieve one of the following objectives:

• Getting remote control to use an infected computer
• Sending spam from an infected computer to unsuspecting targets
• Investigating the infected computer’s network
• Stealing the sensitive data

Sometimes malware attacks are also used to sabotage your ability to work, to make a political statement, or just to brag about it.Cybercriminals often use malware to extract data so they can use the data as leverage for their financial gain.Cybercriminals can steal all kinds of data like:

• Names
• Passwords
• Credit card numbers
• Medical information
• Credentials
• Social security numbers
• Personally identifiable information
• Other personal information
• Business secrets

History

Malware has been around for a long time, so a full history would be too long. But we can note the most important events.Hackers have been using many methods to get malware onto as many computers as possible.

The 1980s

The history of modern viruses begins with the first computer virus, called Elk Cloner. It was discovered on a Mac in 1982 when it started infecting Apple II systems. This virus spread to all floppy disks connected to a system and it was considered the first large-scale computer virus outbreak. This was prior to any Windows PC malware.

The 1990s

Since the launch of Microsoft Windows, viruses and worms have become widespread. Microsoft Windows started as the most popular operating system in the world. As it grew in popularity, so did the viruses connected to the platform. Malware authors started to write code in the macro language of Microsoft Word and these macro viruses infected documents and templates.Here is some notable malware from the 1980s - 1990s:

• Brain: the first ‘stealth” virus
• Jerusalem: a DOS virus discovered in 1987
• The Morris Worm: released in 1988, was the first to be distributed via the internet
• Michelangelo: was discovered in 1991 and was designed to infect DOS-based systems
• CIH: a Microsoft Windows 9x virus, released in 1998
• Melissa: a macro virus discovered in 1999

2002 to 2007

Instant messaging worms started to spread through popular networks like AOL AIM, MSN Messenger, and Yahoo Messenger. Most of these attacks started with a social engineering ploy. This was a message including a link to a malicious download. Once the worm infected your computer, it would move on to your entire contact list.

2005 to 2009

Adware attacks started to present unwanted advertisements to computer screens. Around 2008 software publishers began suing adware companies for fraud. This drove them to shut down. Today’s adware hackers still employ many of the same tricks as the old adware attacks.

2007 to 2009

Malware hackers turned to the first social networks like Myspace to deliver rogue advertisements, links to phishing pages, and malicious applications. When the popularity of Myspace died down, scammers started to focus on Facebook and Twitter.

2013

Ransomware started to become popular. A ransomware attack was launched under the name CryptoLocker. This attack targeted computers running Windows. The scammers behind CryptoLocker forced victims to pay $3 million in total. The ransomware’s success caused a wave of copycats.

2013 to 2017

Ransomware became even more popular. It started to be delivered through Trojans, exploits, and malvertising. A huge outbreak of ransomware attacks affected businesses of all kinds.

2017

Cryptocurrency and how to mine it started to get a lot of attention. This led to a new malware scam called cryptojacking.

2018 to 2019

Ransomware made a huge comeback. But this time, hackers shifted their focus from individual consumers to business targets. GandCrab and Ryuk were two major ransomware infections during this time and many more followed.Here is some notable malware from the 21st century:

• Iloveyou: attacked Window-based computers in 2000
• The Anna Kournikova email worm: launched in 2001, caused problems in email servers
• Sircam: was active in 2001, spreads itself through emails on Windows-based systems
• The CodeRed worm: spread in 2001 by taking advantage of a buffer overflow vulnerability
• Nimda: appeared in 2001, affected computers running Windows

Why do cybercriminals use malware?

Cybercriminals use malware for many different reasons, such as:

• Stealing personal information for identity theft by tricking people
• Stealing financial information like credit card numbers
• Taking control of computers to launch a denial-of-service attack
• Using other computers to mine bitcoin or other cryptocurrencies

Different types of malware

Virus

Computer viruses are a subgroup of malware. A virus is malicious software that, when executed, self-replicates without the knowledge of the user. It’s attached to a file or document that supports macros to execute its code and spread it from host to host. Viruses can self-replicate by modifying legitimate programs or host files by inserting their code. If the self-replication works, the program or target file gets infected with malware.Viruses usually come as an attachment in an e-mail, they can also spread via file sharing, instant messaging, USBs, network connections, and infected website downloads. Once the user opens the infected host file or when the program is activated, the virus is able to replicate itself and the device gets infected with the virus. A virus will remain dormant until the file is opened and in use. Computer viruses are developed to disrupt your system’s ability to operate. This way, viruses can cause operational issues and data loss.Viruses will use your whole contact list against you and infect them as well. Your friends, family, or co-workers will likely trust this e-mail because it seems to come from a reliable source. Most of the time viruses will remain dormant until they have spread to a network or to multiple devices.There are some file types that are more susceptible to virus infections that you should look out for. These are file types like .doc/docx, .exe, .html, .xls/.xlsx, .zip.

Worms

Worms are malicious programs that can spread through a network by rapidly replicating themselves. This makes them pretty similar to viruses. They can spread to any device within the network. Worms usually exploit some sort of security weakness in software or operating systems. They don’t require interaction or host programs to disseminate.Worms can spread through an entire company, just by clicking on a worm-infested email. They can infect a device through a downloaded file or a network connection.Worms also disrupt the operations of devices. They can also modify and delete files, inject malicious software onto computers, replicate themselves to deplete system resources, steal data and install a backdoor for hackers.Worms are used against web servers, email servers, and database servers. Most of the time they go unnoticed until the worm reaches a scale that consumes significant system resources or network bandwidth.Examples of worms are Iloveyou worm, SQL Slammer, and Stuxnet.

Trojan virus

Trojan viruses, also known as trojan horses, disguise themselves as harmless software. This way, the trojan virus tricks users into downloading and executing the malicious code hidden inside the program.Trojan horses are a doorway, they need a host to work. Once the malicious software is downloaded, the trojan virus can modify, block or delete data. Trojans can steal personal information, crash your devices, spy on your activities, harvest your device as part of a botnet, gain access to your network or even launch an attack.Trojan viruses are hidden in email attachments, website downloads, and instant messages.A popular example of a trojan virus is Emotet. Most of the time social engineering tactics are deployed to trick users into loading and executing Trojans on computer systems. The most common type of trojan virus is the false anti-malware program. Trojan horses are the preferred weapon of choice for cybercriminals. Unlike viruses and worms, trojans don’t self-replicate.Another example of trojans is Remote Access Trojans (RAT). This is a malicious program that creates a backdoor connection for its operators. While the program installs, a backdoor connection provides unauthorized access to its controllers.

Spyware

Spyware is malicious software installed on your computer. Usually, you don’t notice it’s there. It collects user activity, personal information, financial information, browsing habits, and account information without your knowledge. Remote access can be granted to attackers.Spyware is usually distributed as freeware or shareware. Meaning that it has an appealing function from the front but there is a covert mission running in the background. It’s often used for identity theft and credit card fraud. Spyware can also be used to install additional malware.Just like trojan viruses, spyware relies on social engineering-based exploits.DarkHotel is a specific example of spyware that was used to attack business hotel visitors through hotels’ in-house Wi-Fi networks.

Adware

Adware is malicious software that uses unsolicited advertising techniques. It usually looks like a blinking display advertisement or pop-up window. Adware is often installed in exchange for another service, like adware in return for free software.However not all adware is malicious, so it’s important to have protection that scans these programs.In every case, the adware can redirect you to unsafe sites that can contain malicious downloads. It can also slow down your system noticeably or deliver spyware.A specific adware example is Fireball. This adware runs code, downloads malware, and hijacks victims' internet traffic to generate advertising revenue.

Ransomware

Ransomware is one of the most common and most profitable types of malware. It installs itself, encrypts files, and demands a ransom to return data to the user. This financial payout usually comes in the form of bitcoins. Once this is paid, the hackers can give the user their key back to decrypt the data or they can choose to keep the money and the data. The point is you can never know with ransomware, so think before you pay the ransom.Ransomware is typically carried out using a trojan through social engineering like phishing, malicious USBs, vishing, etc.Examples of ransomware include Locky, RYUK, WannaCry, and NotPeyta. WannaCry targeted a known vulnerability in not updated MS operating systems.Ransomware damage can be hard to correct without a robust backup. The best advice is to keep a robust offline backup of essential files in a safe hard drive, watch out for attachments and keep your system and anti-virus up to date.

Fileless malware

Fileless malware is a kind of malware that exploits and thrives using operating system objects or via memory only. This kind of malware doesn’t need files. 50% of all malware consists of fileless malware.Fileless malware uses legitimate software to infect a computer. It leaves no files to scan or a process to detect, it leaves no footprint. This way, it's hard to detect and remove malware. It also makes forensics a lot more difficult.Popular examples of this malware are Frodo, Astaroth, and The Dark Avenger.

Scareware

Scareware is used in scams to scare you into thinking your device is infected. This way, attackers can convince you to buy a fake application.

Botnets

Botnet is short for robotnetwork. They are also just called bots. Botnets are a combination of Trojans, viruses, and worms. They perform automated tasks and commands. Botnets are basically a network of infected computers under remote control using command-and-control servers. All infected computers in the network are bots. The bot is also called a zombie computer and it can be used to launch more attacks or it can become part of a collection of bots. This collection is called a botnet.Botnets are versatile and adaptable. They can maintain resilience through redundant servers and they can relay traffic by using infected computers.Botnets are very popular in the hacker community. The more bots you collect, the more famous you can become as a hacker. They are also used to spread ransomware. Botnets can spread undetected to millions of devices. They are typically used for DDoS attacks, keylogging, screenshot and webcam access, spreading other types of malware, and sending spam and phishing messages.An example of a botnet is the Echobit. It’s a variant of the popular Mirai botnet. The Mirai botnet exploited internet of things (IoT) connected devices and other systems by entering the default username and password that the devices shipped with. The attacker-controlled botnet network was used for further large-scale attacks. Like a DDoS (distributed denial of service) attack. By sending large amounts of data to a website hosting company, causing many popular websites to be taken offline.

Malicious crypto-mining/cryptojacking

Cryptojacking is also known as malicious crypto-mining. It’s the process of using computing power to verify transactions on a blockchain network and earn cryptocurrency for providing this service. Cryptojacking happens when cybercriminals hack into business and personal computers, laptops, and mobile devices to install malicious software.

Malvertising

Malvertising is a combination of malware and advertising. It’s the practice of using online advertising to spread malware.It involves injecting malicious code into legitimate online advertising networks and web pages. It’s different from adware because adware targets individual users. While malvertising only affects users who view an infected webpage.

Polymorphic malware

Polymorphic malware is any type of malware that is able to “morph”. This means that the appearance of the code can be altered while the algorithm within is retained. Polymorphic malware is harder to detect.

Keyloggers

Keyloggers are a type of insidious spyware that captures your keystrokes to discover your sensitive information. They are activity-monitoring software programs that send data to the threat actor.Hackers use keyloggers to steal data like passwords, user IDs, banking details, etc. Keyloggers steal sensitive data and they monitor your user activity. Most of the time users are unaware they’re being monitored. Keyloggers can be installed by a Trojan or they can be a physical wire discreetly connected to a keyboard. They can be introduced to the system through phishing, social engineering, or malicious downloads from infected websites.An example of a keylogger is Olympic Vision. It was used against targets via Business Email Compromise attacks to steal sensitive data from specific targets.

Rootkits

Rootkits are backdoor programs that provide privileged or root-level access to attackers. This way, they can command and control a computer without the user knowing. Rootkits hide in the operating system. Because rootkits run at the Operating System level, they can give complete control over systems to the attackers. This means that the attackers can log files, spy on the owner’s usage, execute files, change system configurations, and overall use the administrative privileges.Rootkits are typically deployed using Trojans by being fed into applications, kernels, virtual machines, boot records, or firmware. But they can also be spread through malicious downloads, compromised shared devices, malicious attachments, and phishing attacks. Rootkits can also be a hideout for other malware, such as keyloggers.Antivirus software can't detect all rootkits and they are even more difficult to clean from a system.An example of a rootkit is Zacinlo. This rootkit infects systems when users download a fake VPN app.

Backdoors

Backdoors are a covert communication channel that avoids authentication or other main functions of a program. A backdoor accepts visitors based on who has access.You can use backdoors to reset user passwords or to upgrade firmware in case of emergency access. However, this is not seen as friendly software practice. They can fall into the wrong hands. This way, cybercriminals can get access to these backdoors and modify or exfiltrate your sensitive data.Some well-known backdoors are backdoors in pirated copies of WordPress premium plug-ins and the Joomla plug-in backdoor.

Mobile malware

Mobile malware is malware that affects your android and ios mobile devices. It’s as diverse as malware that targets computers, like ransomware, spyware, trojans, and madware. Madware is adware that targets smartphones and tablets with aggressive advertising.

RAM scrapper

RAM scrappers mine data temporarily stored in the memory or the Random Access Memory. It targets point-of-sale systems like cash registers. Because for a short duration they can store unencrypted credit card numbers before they are encrypted and passed to the back-end.

Logic bombs

Logic bombs are malware that activates when triggered. This can be on a specific date or time or when you log on to your account.Viruses and worms often contain logic bombs to deliver malicious code at a pre-defined time.Logic bombs can lie dormant for weeks, months, or years. However, an antivirus detects the most common types of logic bombs. The damage caused by logic bombs varies from changing bytes to making hard drives completely unreadable.

Different types of attacks

Malware can be delivered in many different ways:

• Malware takes advantage of exploitable vulnerabilities.
• Infected websites can be used to deliver malware.
• Email attachments can be used to deliver malware.
• Phishing can be used to spread malware.
• Vishing can be used to spread malware.
• Instant messaging can be used to spread malware.
• Malware takes advantage of backdoors.
• Malware uses multiple types of malware at once to evade detection.
• File-sharing software can allow malware to replicate and infect systems and networks.
• Peer-to-peer file-sharing can introduce malware by sharing seemingly harmless files.
• File servers can enable malware to spread quickly.
• Infected USBs can be used to spread malware.
• Network connections can be used to spread malware.
• Social engineering can be used to spread malware.
• Compromised shared devices can be used to spread malware.

What are the warning signs of a malware infection?

Over time your computer slows down. Sometimes this is a sign of a malware infection. Even if you have an anti-virus, you should still look out for the following warning signs:

1. A computer that is very slow

Malware reduces the speed of your operating system. You might notice your fan being louder than usual. This is a good indication that something is taking up resources in the background.

2. Lots of annoying popup ads

Adware bombards victims with advertisements that contain links to malicious websites that can drop malware on your computer.

3. You see the blue screen of death (BSOD) that displays in the event of a fatal system error

4. Programs open and close automatically or alter themselves

5. There is a mysterious lack of storage space

You can notice a lack of disk space due to a bloated malware squatter hiding in your hard drive.

6. Emails and messages are being sent without you prompting them

7. There’s an increase in internet activity

Trojans, botnets, spyware, and other threats that require back and forth communication with command and control servers create a spike in internet activity. These threats often communicate with these servers to download a secondary infection, like ransomware.

8. Your Browser gets redirected a lot

Look out for redirects that are not familiar to you or look at the URL. Redirection attacks rely on browser extensions, so check which ones you didn’t download and delete them.

9. Your Browser settings change

Browser setting changes can look like a homepage that changes, new toolbars, extensions, or plugins that might have some sort of malware infection.

10. Your internet connection is slow

11. There is an increase in spam and phishing emails and complaints from others who receive spam from you

12. There is an unexplainable increase in your system’s internet activity

13. Your system tools don't work

When using your system tools triggers a message saying your administrator has disabled them, it might be a self-defense attempt of malware on your system.

14. Your antivirus software stops working

Malware disabled your antivirus software and now you’re unprotected.

15. You lose access to files or your entire computer

This is a typical warning sign of a ransomware infection.

16. You frequently get scary infection warnings

Using scareware, attackers try to distribute fake antivirus programs with drive-by downloads. It uses scary display warnings about made-up threats.

17. You have problems shutting down or starting your computer

18. Mysterious posts start to appear on your social media

Some malware focuses on social media sites to procreate. Using inflammatory statements, attackers get other people to click on the post and then they become the next victim.

19. You get password reset messages

20. You get ransom demands

Attackers steal your data, encrypt it, and ask you to pay a ransom to get your data back.The more of these warning signs you see, the higher the chance is that your computer has a malware infection. But even if you don’t get any of these warning signs, your computer could still have a malware infection. Many types of malware run in the background, lie dormant, or are hard to detect.

Protection methods

Although it’s not completely possible to protect yourself from cybercriminals, there are a number of actions you can take to prevent malware attacks.There are many different solutions to detect malware and prevent it. You could install firewalls, next-generation firewalls, network intrusion prevention systems (IPS), deep packet inspection (DPI) capabilities, unified threat management systems, content filtering, and data leak prevention.You can install a powerful antivirus application or security suite if you think malware has taken residence in your computer. Also, make sure your antivirus is always fully up to date and run a full scan.If you still have unwanted apps you can’t get rid of, it might be time to scan your computer with an on-demand cleanup tool.Installing a virtual private network or VPN could also be a good idea to add an extra layer of protection to your data.Adopting an email protection solution with anti-spam, anti-phishing and anti-malware might also be a good idea.Other tips are to pay attention to suspicious files, websites, links, emails, and downloads. Besides that, you should keep your operating system up to date and use complex passwords.

Here are some actions you can take to prevent a malware infection:

• Develop security policies
• Implement security awareness training
• Use app-based multi-factor authentication
• Install anti-malware & spam filters to remover malware threats
• Change default operating system policies
• Perform routine vulnerability assessments
• Keep operating systems and applications up-to-date
• Never click a link in a popup
• Limit the number of apps on your android and ios devices
• Use security solutions on all your devices
• Don’t leave your device unattended
• Avoid clicking on suspicious links
• Be selective about which site you visit
• Beware of emails requesting personal data
• Only purchase security software from the official website or an app store
• Beware of email attachments
• Perform regular checks and check bank accounts and credit reports regularly
• Manage your vulnerabilities
• Perform regular backups

The Jimber solution

Jimber has many different solutions to protect your sensitive information from malware. You can protect your browsers with Browser Isolation, you can protect your corporate apps with our Web App Isolation and you can protect your files using our Digital Vault. We also perform cybersecurity audits and pentests to test the security of your software.

Browser Isolation

Browser Isolation is a way of safe browsing. It uses a technology that provides malware protection by containing browsing activity in an isolated environment. This isolated environment secures all threats so they can’t infiltrate the user’s computer or other devices.Web browsers are a major entry point for malware and a huge security liability. While other security products are effective with known malware, they may miss newer malware that exploits unknown and unprotected vulnerabilities.Browser Isolation protects your computer against malware while browsing.Moreover, all websites and web pages remain accessible, so there is no website blocking that impacts productivity. This way, as a user you don’t notice anything.With Browser Isolation you can be confident that all your financial data and other important information stays safe. Finally, you can work anywhere you want and careless employees are no longer a risk. Experts call it the zero-trust principle.

Web App Isolation

Web App Isolation uses the same principle as Browser Isolation. It’s our isolation technology applied to web applications.Web app security uses a certain ‘container’ between web apps and the computer of the end-user. This protects APIs and application vulnerabilities are history. Using Web App Isolation, you never really send the real application or document with all the details. You only send a stream of images.With Web App Isolation, your applications remain safe. Even the 10 most frequent web security threats are having a hard time bullying you. You will benefit from a very user-friendly system and you will get full access control. On top of that, you will get high compatibility with all your existing applications.

Digital Vault

The Digital Vault is a secure environment to share and save documents. It’s also a vault where you can easily share credentials without actually sharing your passwords.The Digital Vault literally means ‘digital locker or safe’. It’s an online tool to securely manage passwords and documents. It offers different possibilities to share passwords or files in a safe way.The Digital Vault uses Web Application Isolation. Because of this, users only see an image of the confidential document. This way, documents never physically reach the user’s device. The user doesn’t notice anything and can look at and edit the document as usual.​​Hackers are getting smarter every day and it becomes more and more difficult to protect business systems from viruses and malware. So your cybersecurity should be up-to-date as well.

Security testing

During a security audit or cyber security check, we look at the biggest issues within your organization. What's going well? What could be better? What do you not have to worry about? And what can you better be prepared for?During an audit, we analyze how secure your IT systems are and which non-secure systems can cause problems. We make a report that you can read with our concrete advice on what you can do to optimize the current systems.During a pentest or penetration test, we test all apps, websites, and networks to rule out all possible risks.Check out our cybersecurity solutions or contact us for security testing.Read more about malware, ransomware, and viruses: https://www.vpnmentor.com/blog/difference-between-malware-ransomware/