What is malware?

Malware is the collective name for several different types of malicious software that are harmful to a computer user. Malware can be delivered in several different ways including:

Email: A link or file is included, and the recipient clicks on the link or opens the file.
USB hardware device, e.g. memory stick: The recipient plugs the device into their computer and the malware automatically runs.
“Drive-by downloads” where the malware is automatically downloaded to the victim’s computer without their consent. This may be initiated by visiting an infected website or through a hidden link in an email.

What are the different types of malware?

Virus

A virus is the most common form of malware. It can execute itself and spread by infecting programs or files.

Worm

A worm is a virus that can self-replicate without using other programs on the victim’s computer. It typically spreads across a computer network without any directives or interaction from the malware authors.

Ransomware

Ransomware infects a victim’s computer and encrypts files or whole disks on that computer. Cybercriminals will then demand payment in exchange for supplying the method to decrypt the files. However, they may take the payment and then not supply the decryption method.

Spyware

Spyware collects information about the victim’s computer and observes the victim’s activity without their knowledge.

Trojan Horse

A Trojan Horse (named after the Trojan Horse in Greek mythology) looks like legitimate software, but after installation and execution, delivers its malware payload.

Rootkit

A Rootkit is a special piece of malware that runs undetected and allows a mal-actor to access the victim’s computer with “root” or “system” privileges.

Keylogger

A keylogger program is a special case of spyware that tracks what a user does. In the pre-Windows days, when users worked from the command line, a keylogger would log every keypress that the victim made. Now, it also logs mouse movements and clicks, allowing a mal-actor to recreate everything that a victim has done, including opening emails, visiting websites, and entering usernames, and passwords.

Remote Access Trojan (RAT)

A Remote Access Trojan (also known as a backdoor) creates a backdoor into the victim’s computer which allows a mal-actor to remotely access the computer without alerting the victim.

Scareware

Scareware tricks the victim into downloading and installing the malware by scaring him, usually by popping up a window that says that the computer is infected with a virus. The victim is then invited to buy a piece of software that will clean the virus. There is no virus and the software that the victim buys is the real malware, so the bad-actor scores twice by persuading the victim to buy, download and install the malware.

How do you protect yourself from malware?

Some simple steps can help prevent malware being loaded onto your computer.

Anti-virus software. Scans files as they are read from or written to disk and emails as they arrive, quarantines and/or flags suspicious files for the user to deal with. Anti-virus should also be configured to perform regular scans of the computers disk drives.
Firewall. Both software on the computer and hardware on the endpoint router connecting the network to the Internet. Blocks suspicious intrusions onto the network or computer. Software firewalls can also block unknown programs from connecting with the Internet.
Intrusion detection/prevention system. Like a firewall but checks incoming, outgoing, and local traffic on the network, blocking and warning of anything suspicious, including the connection of new or unrecognised devices to the network and connection to known malware websites.
User vigilance. It’s a truism that the humans are the weakest link in cybersecurity. You need to be aware that all the technology in the world is only there to help you and that you can override anything that it suggests.

Do you want to learn more?

Network Midlands runs seminars to help you detect and defeat social engineering attacks. Find out more at “The Art of Deception“.