Home / Definitions / Malware

Malware

Abby Braden
Last Updated January 12, 2024 3:56 am

What is Malware?

Short for malicious software, malware is any program or file designed to harm or exploit any programmable device or network. It’s an umbrella term for multiple types of harmful programs such as viruses, worms, trojans, and ransomware, among others, used to cause destruction or gain access to sensitive information. In contrast, a software bug is an error or defect in software that causes a program to malfunction unintentionally.

Malware can target any kind of data, including financial data, healthcare records, and personal emails and password credentials. Depending on the type of malware, the form of damage varies. Sometimes, the effects are mild and benign, such as displaying text or audio messages. Other times it can be disastrous, deleting files and stealing sensitive data.

How does malware work?

Malicious software can infect devices and networks in a number of ways. It can infiltrate a system physically, via a USB drive or it might spread via internet connection. For example, drive-by-downloads automatically download a malicious program to a system without the user’s knowledge.

Malware can also infect a system through a user clicking on an unknown link or attachment – this is known as phishing, or social engineering.

Many tools are available to protect against malware, such as antivirus software and firewalls. These tools can detect if malware is already present, and help recover from a malware attack.

Types of malware

As previously mentioned, malware is an umbrella term for different types of malicious software.

The first category of malware is categorized by how the malware spreads. These are the more well-known types, including worms, viruses, and trojans.

Virus

A virus is a piece of computer code that inserts itself within the code of another standalone program to alter the way a computer operates. To be considered a virus, it must execute and replicate itself. Some viruses are benign; they only replicate themselves across systems and present text, video, or audio messages. But some viruses are programmed to damage the computer by destroying programs, deleting files, or reformatting the hard disk. There are five types of viruses:

  • FIle infector virus: Infects executable code, such as .com and .exe files.
  • Boot sector virus: Infects the system area of a disk, meaning the drive’s boot record.
  • Master boot record virus: Infects a disk in the same way a boot sector virus does, but it saves a legitimate copy of the master boot record in a different location.
  • Multipartite virus: Infects both boot records and program files, making it especially difficult to repair.
  • Macro virus: Infects data files. This is the most common type of virus and costs the most time and money to repair.

Worm

A worm is a standalone piece of software that replicates itself as it moves from system to system without the use of a host file. This is different from a virus in that a virus requires an infected host file to spread. Worms generally exist inside other files, such as Word or Excel files.

This type of malware is commonly spread via software vulnerabilities or phishing attacks. It can modify and delete files, inject malicious software onto computers, replicate itself over and over to deplete system resources, steal data, and install an entryway for hackers to gain access.

Trojans

A trojan, or trojan horse, is a program that does not replicate itself, but instead masquerades itself as something desirable. The name is derived from the Greek legend of the Trojan War, in which Greek soldiers infiltrated the Trojans by hiding inside a wooden horse, given as a gift.

In the digital context, when a user activates the trojan, malicious code contained inside is also activated. Commonly, it aims to steal personal data.

In order for a trojan to spread, a user must invite it into their computer, such as opening an email attachment.

Spyware

Spyware is software that covertly gathers user information through the user’s internet connection without his or her knowledge, usually for advertising purposes. It typically exists as a hidden component of freeware or shareware programs that can be downloaded from the internet.

Once installed, spyware monitors user activity and transmits that information in the background to someone else. It can also gather information about email addresses, passwords, and credit card numbers.

Rootkit

A rootkit is a program or collection of software tools that provides privileged access in an operating system while concealing its presence. Behaving as benign programs, they hide malicious software designed to infiltrate a computer or a network, allowing cybercriminals access to protected data and the ability to take over the system undetected.

Rootkits can be installed through a USB or downloaded onto a computer via social engineering tactics like phishing. Once installed, rootkits are unnoticeable and can block security tools like antivirus software.

Adware

Adware is software that forces your browser to redirect to web advertisements, which often will seek to download more malicious software. It is not always malicious; in fact, it is considered a legitimate alternative offered to consumers who do not wish to pay for software. There are many ad-supported programs, games, or utilities that are distributed as adware or freeware.

Ransomware

Ransomware is a form of malware in which rogue software code effectively holds a user’s computer hostage until a “ransom” fee is paid, usually in Bitcoin. It often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected email attachment or visiting hacked or malicious websites.

Upon compromising a computer, ransomware will typically either lock a user’s system or encrypt files on the computer and then demand payment in exchange for a decryption key.

Malvertising

Malvertising injects malicious code into legitimate online advertising networks. As an example, a cybercriminal may pay to place an advertisement on a legitimate website. When a user clicks on the ad, the malicious code in the ad either redirects them to a malicious website or installs malware on their computer.

Malware is different from adware in that malware is deployed on a publisher’s webpage, whereas adware only targets individual users.

Botnets

A botnet is a swarm of devices that have been compromised by a hacker, which are then weaponised to attack other networks as a group. Typically, botnets are used in DDOS (distributed denial of service) attacks, which aim to disrupt the operation of a website or digital service.

Antivirus software

Antivirus software, also known as anti-malware software, is a program or set of programs designed to prevent, detect, and remove malware. This software can:

  • Pinpoint specific files detected of having malware
  • Schedule automatic malware scans
  • Scan one particular file or the entire computer at the user’s discretion
  • Delete malicious codes and software

Antivirus software runs as a background process, scanning the computer to detect and restrict the spread of malware. Most antivirus programs include real-time threat detection and protection. In order for this software to comprehensively scan a system, it must be given privileged access to the entire system. This vulnerability causes antivirus software itself to become a common target.

Some antivirus vendors offer free, basic versions of their product. These versions typically offer the basic antivirus and spyware protection. More advanced features and protections are available with a paid subscription. Top antivirus software providers include:

  • Microsoft Defender
  • Norton AntiVirus Plus
  • Bitdefender Antivirus Free Edition
  • McAfee Total Protection
  • Kaspersky Anti-Virus

Read More: The Best Security Software Vendors

How to prevent malware

To prevent malware, users can install antivirus software and implement safe practices on their computer or other personal devices. This can include avoiding opening attachments from strange email addresses or unexpected senders, updating antivirus software regularly, only buying applications from trusted sources, avoiding downloading suspicious links, backing up data regularly, and installing a firewall.

Enterprise networks are more extensive than home networks and have more at stake. Precautions enterprises should take to avoid malware include:

  • Implementing dual approval for B2B transactions
  • Implementing two factor authentication for B2C transactions.
  • Implementing office malware and threat detection software
  • Implementing whitelist security policies
  • Implementing web browser-level security

How to detect malware

Despite your best efforts, your device may become infected with malware. Typical signs of malware include unusual activity on a computer such as:

  • sudden loss of disc space
  • slow speeds
  • repeated crashes or freezes
  • or an increase in pop-up advertisements

All of the above might suggest your device has been infected.

How to remove malware

If your Mac or PC has been infected with malware, follow these steps to remove it.

Removing malware from a Mac

  1. Disconnect from the internet.
  2. Enter safe mode by restarting your device, then immediately holding the shift key.
  3. Refrain from logging into any of your accounts to prevent the malware from accessing your sensitive information.
  4. Delete temporary files that may have been installed by malware.
  5. Check your Activity Monitor. This shows all of the applications running on your computer and how each affects the performance. Locate the malicious software and delete it through the Activity Monitor.
  6. Run a malware scanner.
  7. Fix your web browser by uninstalling suspicious extensions through the browser’s settings.
  8. Clear your cache

Removing malware from a PC

  1. Disconnect from the internet
  2. Enter safe mode by restarting your PC, holding down the shift key, selecting Power, then Restart. After it restarts, click Choose an option, then Troubleshoot, then Advanced Options, then Startup Settings. Click Restart, then select F4 among the list of options to start your PC in safe mode.
  3. Refrain from logging into your accounts.
  4. Delete temporary files.
  5. Check your Activity monitor by typing “resource monitor” into the search box. Right click on the malicious software you want to end and click End Process.
  6. Run a malware scanner.
  7. Fix your web browser.
  8. Clear your cache.

History of malware

The idea of malware – or a computer virus – was first conceived by Hungarian scientists John Von Neumann in 1949. He published a paper that suggested the potential for a “self-reproducing automata.” While this virus was not functioning in any form at the time, Von Neumann proposed that computers would start to mirror the human nervous system as they continue to develop. He argued that as computers became more complex, they would eventually be responsible for making more of themselves, to essentially self-replicate. While he never used the term “virus,” the description provided by Von Neumann made a perfect fit for the label.

The first ever malware

The first recorded computer virus surfaced in 1971. The virus was called the Creeper Worm, and was developed by Robert Thomas at BBN Technologies. It was an experimental self-replicating program that gained access via the ARPANET and copied itself to remote systems. An infected computer would display the message: “I’m the creeper: Catch me if you can,” but didn’t cause any damage to the infected system. Instead, it scanned to see if there was another computer it could move to.

The term computer virus was coined in 1983 by Fred Cohen in an academic paper called Computer Viruses – Theory and Experiments. He defined a virus in a single sentence as a “a program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself.”

Even before the term was officially coined, malware had begun to affecting the general population. In its genesis, viruses spread via floppy disks and were carried by human hands from computer to computer. As technology progressed, so did the methods of malware authors.

Malware examples

Here is a timeline, starting with the Creeper Worm, that marks early versions of malware and their impact.

  • 1971 – Creeper Worm: An experiment designed to test how a program would move between computers.
  • 1974 – Wabbit: A self-replicating program that made copies of itself on a computer until the system performance crashed.
  • 1982 – Elk Cloner: Written by a 15-year-old, one of the earliest, widespread, self-replicating viruses to affect a personal computer.
  • 1986 – Brain Boot Sector: The first virus to infect MS-DOS computers. It was created in Pakistan to test loopholes in the creator’s company software.
  • 1986 – PC-Write Trojan: One of the earliest trojans disguised as a popular shareware program called “PC-Writer.” Once downloaded, it erased all of the user’s files.
  • 1988 – Morris Worm: Infected many computers connected to ARPANET. The worm would bring a network down within 24 hours. This was the first malware whose creator, Robert Morris, was convicted for his crimes.
  • 1991 – Michelangelo Virus: Design to erase information from hard drives on March 6, the birthday of Michelangelo. On March 6, 1991, the virus infected approximately 10,000 systems.
  • 1999 – Melissa Virus: The first mass-email virus that targeted Microsoft Word and Outlook-based systems.

Between 2000 and 2010, malware significantly grew in both design and the number of those affected. Notable malware varieties that happened during this period include the ILOVEYOU worm, SQL Slammer worm, Cabir (the first known cellphone virus), and the Confiker worm.

Notable varieties of malware that happened from 2010 to the present include the ZeuS trojan, the Cryptolocker, and the WannaCry ransomware.

Although malware originated from infecting computers, it can now infect anything with a microprocessor, such as a smart watch, light bulb, or automobile.