Malware, shortly before malicious software, is a general term for viruses, worms, Trojans, and other harmful computer programs that hackers use to destroy and access sensitive information. Microsoft says it: "(malware) is a collective name for all software that is intended to damage a single computer, server, or computer network." In other words, software is identified as malware based on the intended use, instead of a certain technique or technology used to build it.
This means that the question of, let's say, the difference between malware and a virus misses the point a bit: a virus is a form of malware, so all viruses are malware (but not every piece of malware is a virus).
Types of malware
There are a number of different ways to categorize malware; the first is by how the malicious software spreads. You've probably heard the words virus, trojan, and worm used interchangeably, but as Symantec explains, they describe three subtly different ways in which malware can infect target computers:
- A worm is an isolated piece of malicious software that reproduces itself and spreads from computer to computer.
- A virus is a piece of computer code that inserts itself into the code of another independent program and then forces that program to take harmful actions and spreads itself.
- A Trojan is a program that cannot reproduce itself, but presents itself as something that the user wants and deceives them to activate so that it can do its damage and spread.
Malware can also be installed "manually" on a computer by the attackers themselves, either by gaining physical access to the computer or by using privileged privileges to gain remote access from the administrator.
Another way to categorize malware is by what it is is doing after it has successfully infected his victim's computers. There is a wide range of possible attack techniques used by malware:
- spyware is defined by Webroot Cybersecurity as "malware used for secretly collecting data about an unsuspecting user." In essence it is spies your behavior while you use your computer and the data that you send and receive, usually for the purpose of sending that information to a third party. A keylogger is a specific type of spyware that records all keystrokes of a user, great for stealing passwords.
- A rootkit is, as described by TechTarget, "a program or, more often, a collection of software tools that give a remote actor access to and control over a computer or other system." It gets its name because it is a package of tools that can be won (generally illegal) root access (administrator-level management, in Unix terms) about the target system and use that power to hide their presence.
- adware is malware that forces your browser to redirect to web advertisements, which often try to download even more, even more malicious software. As The New York Times notes, adware often turns to tempting "free" programs such as games or browser extensions.
- ransomware is a taste of malware that encrypts the files from your hard drive and requires a payment, usually in Bitcoin, in exchange for the decryption key. Several high-profile malware outbreaks from the last few years, such as Petya, are ransomware. Without the decryption key, it is mathematically impossible for victims to regain access to their files. So called scareware is a kind of shadow version of ransomware; it claims to have taken control of your computer and demands a ransom, but actually only uses tricks such as browser redirects to make it look like it has done more damage than it actually has, and unlike ransomware it can become relatively easy switched off.
- Malvertising is the use of legitimate advertisements or advertising networks to secretly deliver malware to the computers of unsuspecting users. For example, a cyber criminal can pay to place an advertisement on a legitimate website. When a user clicks on the ad, the code in the ad redirects them to a malicious website or installs malware on their computer. In some cases, the malware embedded in an advertisement can run automatically without user action, a technique that & # 39; drive-by-download & # 39; is called.
Every specific piece of malware has both an infection and a behavioral category. For example, WannaCry is a ransomware worm. And a certain piece of malware can take different forms with different attack vectors: the Emotet banking malware is seen in the wild as both a trojan and a worm.
A look at the Center for Internet Security & # 39; s top 10 malware offenders for June 2018 gives you a good idea of the types of malware that exist. By far the most common infection vector is via spam e-mail, which misleads users into activating the malware, Trojan-style. WannaCry and Emotet are the most common malware on the list, but many others, including NanoCore and Gh0st, are mentioned Remote Access Trojan horses or RAT &, in essence, rootkits that spread like Trojan horses. Cryptocurrency malware such as CoinMiner completes the list.
How to prevent malware
Since spam and phishing e-mail are the primary vector with which malware infects computers, the best way to prevent malware is to ensure that your e-mail systems are properly locked and your users know how to recognize danger. We recommend combining careful checking of attached documents and limiting potentially dangerous user behavior, as well as familiarizing your users with commonly used phishing attacks, so that their common sense can invade.
When it comes to more technical preventive measures, there are one the number of steps you can take, including keeping all your systems up-to-date and updating, inventorying the hardware, so that you know what to protect and performing ongoing vulnerability assessments for your infrastructure. Especially when it comes to ransomware attacks, a way to be prepared is always to back up your files, so you never have to pay a ransom to get them back if your hard drive is encrypted.
Antivirus software is the best known product in the category of malware protection products; although "virus" appears in the name, most offers take all forms of malware. Although high-end security professionals consider it outdated, it is still the backbone of basic malware protection. Today's best antivirus software comes from vendors Kaspersky Lab, Symantec and Trend Micro, according to recent tests by AV-TEST.
When it comes to more advanced corporate networks, endpoint security offers offer in-depth defense against malware. They not only provide signature-based malware detection that you expect from antivirus, but also from anti-spyware, personal firewall, application control, and other host intrusion formats. Gartner offers a list of the best choices in this space, including products from Cylance, CrowdStrike and Carbon Black.
How to detect malware
It is entirely possible – and perhaps even likely – that your system will be infected by malware despite your best efforts. How do you know for sure? CSO columnist Roger Grimes has taken a deep dive into diagnosing your PC for possible malware that you may find useful.
When you get to the business IT level, there are also more advanced visibility tools that you can use to see what's happening in your networks and to detect malware infections. Most forms of malware use the network to spread information or send it back to their controllers network traffic contains signals of malware infection that you might otherwise miss; there is a wide range of network monitoring tools, with prices ranging from a few dollars to a few thousand. There are also SIEM tools that have evolved from log management programs & # 39; s; these tools analyze logs from different computers and devices in your infrastructure looking for signs of problems, including malware infection. SIEM suppliers range from leading companies such as IBM and HP Enterprise to smaller specialists such as Splunk and Alien Vault.
How to get rid of malware
How you remove malware after being infected is actually a million-dollar question. Malware removal is a tricky business and the method may vary depending on the type you are dealing with. CSO has information about removing or otherwise repairing rootkits, ransomware and cryptojacking. We also have a manual for checking your Windows registry to find out how you can proceed.
If you are looking for tools to clean up your system, Tech Radar has a good collection of free offers that include some well-known names from the antivirus world along with newcomers such as Malwarebytes.
Examples of malware
We have already discussed some of the current malware threats that are in danger of becoming major today. But there is a long, legendary history of malware, dating back to infected floppy disks exchanged by Apple II hobbyists in the 1980s and the Morris Worm on Unix machines in 1988. Some of the other high-profile malware attacks include:
- I LOVE YOU, a worm that spread like wildfire in 2000 and caused more than $ 15 billion in damage
- SQL Slammer, which brought internet traffic to a halt within minutes of the first rapid distribution in 2003
- Conficker, a worm that exploited unpatched errors in Windows and used a variety of attack vectors – from injecting malicious code to phishing emails – to eventually crack passwords and hijack Windows devices into a botnet.
- Zeus, a keylogger Trojan from the late 00s who focused on bank information
- CryptoLocker, the first widespread ransomware attack, the code of which is repeatedly used in similar malware projects
- Stuxnet, a state-of-the-art worm that infects computers worldwide, but did real damage in only one place: the Iranian nuclear facility in Natanz, where it destroyed uranium-enriching centrifuges, the mission for which it was built by American and Israeli intelligence services
You can count on cyber criminals to follow the money. They will target victims depending on the likelihood of their malware being successfully delivered and the size of the potential payout. If you look at malware trends in recent years, you will see some fluctuation in terms of the popularity of certain types of malware and who are the most common victims – all driven by what the criminals say will have the largest ROI.
Recent research reports point to a number of interesting shifts in malware tactics and goals. Cryptominers, which had surpassed ransomware as the most common type of malware, fell out of favor due to the decline in cryptocurrency values. Ransomware is becoming more targeted and deviates from a shotgun approach.
Malware attacks on company strikes
Companies saw a 79 percent increase in the amount of malware they had treated in 2018 in 2017, according to the Malwarebytes Labs State of Malware Report 2019. "What we usually see at the end of the year or quarter is that there is some sort of has been an increase or large number of detections on the consumer side, "says Adam Kujawa, director of Malwarebytes Labs. "On the business side, it can grow slowly, but certainly not as we have seen this in the past six months." For comparison: consumer detections decreased by 3 percent in the same period.
"We have found that cyber criminals are putting a lot of pressure on moving away from consumers and doing really tough things against companies instead," adds Kujawa.
That "really heavy stuff" comes largely in the form of older consumer-focused malware that is "armed" to become a larger, more versatile threat to businesses. Kujawa mentions Emotet as one of the most important. "It's a nasty little Trojan for stealing information that also installs additional malware, distributes it laterally, and acts as its own spam sender. As soon as it infects a system, it starts sending email and trying to infect other people."
Emotet has been around since 2014 and focused primarily on consumers. It originally infected a computer that was looking for someone's financial or credit card to steal. Since then it has picked up new opportunities inspired by or borrowed from other successful malware such as Wannacry or EternalBlue. "Now it has become much more modular and we see it being able to use these exploits to navigate through a corporate network, whereas they were previously limited to a single endpoint," says Kujawa. "Even if it's a small network in a small company, it's juicier than infecting grandma."
Lateral movement of malware is increasing, according to the Global Threat Report: The Year of the Next-Gen Cyberattack from Carbon Black. Nearly 60 percent of malware attacks on companies are now designed to cross a network laterally.