Updated February 2021
Short for malicious software, malware is any program or file designed to harm or exploit any programmable device or network. It’s an umbrella term for multiple types of harmful programs such as viruses, worms, trojans, and ransomware, among others, used to cause destruction or gain access to sensitive information. In contrast, a software bug is an error or defect in software that causes a program to malfunction unintentionally.
Malware can target any kind of data, including financial data, healthcare records, and personal emails and password credentials. Depending on the type of malware, the form of damage varies. Sometimes, the effects of malware are mild and benign, such as displaying text or audio messages. Other times it can be disastrous, deleting files and stealing sensitive data.
Malware can use many means, both physical and virtual, to affect devices and networks. Malicious software can infect a system via a USB drive or the internet through drive-by-downloads, which automatically downloads a malicious program to a system without the user’s knowledge. Malware can also infect a system through a user clicking on an unknown link or attachment.
History of malware
The idea of a virus, a type of malware, was first conceived by Hungarian scientists John Von Neumann in 1949 when he published a paper that suggested the potential for a “self-reproducing automata.” While this virus was not functioning in any form at the time, Von Neumann proposed that computers would start to mirror the human nervous system as they continue to develop. He argued that as computers became more complex, they would eventually be responsible for making more of themselves, to essentially self-replicate. While he never used the term “virus,” the description provided by Von Neumann made a perfect fit for the label.
These ideas were put into practice when the first recorded computer virus surfaced in 1971. The virus was called the Creeper Worm, and was developed by Robert Thomas at BBN Technologies. It was an experimental self-replicating program that gained access via the ARPANET and copied itself to remote systems. An infected computer would display the message: “I’m the creeper: Catch me if you can,” but didn’t cause any damage to the infected system. Instead, it scanned to see if there was another computer it could move to.
The term computer virus was coined in 1983 by Fred Cohen in an academic paper called Computer Viruses – Theory and Experiments. He defined a virus in a single sentence as a “a program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself.”
Even before the term was officially coined, malware had begun to affecting the general population. In its genesis, viruses spread via floppy disks and were carried by human hands from computer to computer. As technology progressed, so did the methods of malware authors. Here is a timeline, starting with the Creeper Worm, that marks early versions of malware and their impact.
- 1971 – Creeper Worm: An experiment designed to test how a program would move between computers.
- 1974 – Wabbit: A self-replicating program that made copies of itself on a computer until the system performance crashed.
- 1982 – Elk Cloner: Written by a 15-year-old, one of the earliest, widespread, self-replicating viruses to affect a personal computer.
- 1986 – Brain Boot Sector: The first virus to infect MS-DOS computers. It was created in Pakistan to test loopholes in the creator’s company software.
- 1986 – PC-Write Trojan: One of the earliest trojans disguised as a popular shareware program called “PC-Writer.” Once downloaded, it erased all of the user’s files.
- 1988 – Morris Worm: Infected many computers connected to ARPANET. The worm would bring a network down within 24 hours. This was the first malware whose creator, Robert Morris, was convicted for his crimes.
- 1991 – Michelangelo Virus: Design to erase information from hard drives on March 6, the birthday of Michelangelo. On March 6, 1991, the virus infected approximately 10,000 systems.
- 1999 – Melissa Virus: The first mass-email virus that targeted Microsoft Word and Outlook-based systems.
Between 2000 and 2010, malware significantly grew in both design and the number of those affected. Notable malware varieties that happened during this period include the ILOVEYOU worm, SQL Slammer worm, Cabir (the first known cellphone virus), and the Confiker worm.
Types of malware
As previously mentioned, malware is an umbrella term for different types of malicious software.
The first category of malware is categorized by how the malware spreads. These are the more well-known types, including worms, viruses, and trojans.
A virus is a piece of computer code that inserts itself within the code of another standalone program to alter the way a computer operates. To be considered a virus, it must execute and replicate itself. Some viruses are benign; they only replicate themselves across systems and present text, video, or audio messages. But some viruses are programmed to damage the computer by destroying programs, deleting files, or reformatting the hard disk. There are five types of viruses:
- FIle infector virus: Infects executable code, such as .com and .exe files.
- Boot sector virus: Infects the system area of a disk, meaning the drive’s boot record.
- Master boot record virus: Infects a disk in the same way a boot sector virus does, but it saves a legitimate copy of the master boot record in a different location.
- Multipartite virus: Infects both boot records and program files, making it especially difficult to repair.
- Macro virus: Infects data files. This is the most common type of virus and costs the most time and money to repair.
A worm is a standalone piece of software that replicates itself as it moves from system to system without the use of a host file. This is different from a virus in that a virus requires an infected host file to spread. Worms generally exist inside other files, such as Word or Excel files.
A worm is commonly spread by software vulnerabilities or phishing attacks. It can modify and delete files, inject malicious software onto computers, replicate itself over and over to deplete system resources, steal data, and install an entryway for hackers to gain access.
A trojan, or trojan horse, is a program that does not replicate itself, but instead masquerades itself as something desirable. When a user activates the trojan, the malicious code contained inside can cause loss or theft of data. In order for a trojan to spread, a user must invite it into their computer, such as opening an email attachment.
The name for this malware comes from the Greek legend of the Trojan War, in which the Greeks gifted the Trojans a giant, wooden horse. After the horse was accepted into Troy’s city walls, Greek soldiers emerged from their hiding place within the horse and opened the city gates, which led to the capture of the city.
The other category of malware is defined by the malware does once it’s successfully infected a computer. This list is much broader in terms of attack techniques and include malware types such as spyware, rootkit, and ransomware.
Spyware is software that covertly gathers user information through the user’s internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the internet; however, the majority of shareware and freeware applications do not come with spyware.
Once installed, the spyware monitors user activity and transmits that information in the background to someone else. Spyware can also gather information about email addresses, passwords, and credit card numbers.
A rootkit is a program or collection of software tools that provides privileged access in an operating system while concealing its presence. Behaving as benign programs, they hide malicious software designed to infiltrate a computer or a network, allowing cybercriminals access to protected data and the ability to take over the system undetected.
Rootkits can be installed through a USB or downloaded onto a computer via social engineering tactics like phishing. Once installed, rootkits are unnoticeable and can block security tools like antivirus software.
Adware is software that forces your browser to redirect to web advertisements, which often will seek to download more malicious software. Adware is not always malicious, and is considered a legitimate alternative offered to consumers who do not wish to pay for software. There are many ad-supported programs, games, or utilities that are distributed as adware or freeware.
Ransomware is a form of malware in which rogue software code effectively holds a user’s computer hostage until a “ransom” fee is paid, usually in Bitcoin. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected email attachment or visiting hacked or malicious websites.
Malvertising injects malicious code into legitimate online advertising networks. As an example, a cybercriminal may pay to place an advertisement on a legitimate website. When a user clicks on the ad, the malicious code in the ad either redirects them to a malicious website or installs malware on their computer.
Malware is different from adware in that malware is deployed on a publisher’s webpage, whereas adware only targets individual users.
Antivirus software, also known as anti-malware software, is a program or set of programs designed to prevent, detect, and remove malware. Antivirus software can:
- Pinpoint specific files detected of having malware
- Schedule automatic malware scans
- Scan one particular file or the entire computer at the user’s discretion
- Delete malicious codes and software
Antivirus software runs as a background process, scanning the computer to detect and restrict the spread of malware. Most antivirus programs include real-time threat detection and protection. In order for this software to comprehensively scan a system, it must be given privileged access to the entire system. This vulnerability causes antivirus software itself to become a common target.
Some antivirus vendors offer free, basic versions of their product. These versions typically offer the basic antivirus and spyware protection. More advanced features and protections are available with a paid subscription. Top antivirus software providers include:
- Microsoft Defender
- Norton AntiVirus Plus
- Bitdefender Antivirus Free Edition
- McAfee Total Protection
- Kaspersky Anti-Virus
How to detect and prevent malware
Despite a user’s best efforts, experiencing malware isn’t uncommon. Typical signs of malware include unusual activity on a computer such as sudden loss of disc space, slow speeds, repeated crashes or freezes, or an increase in pop-up advertisements. If a user experiences these signs, it’s possible the computer is infected with malware.
To prevent malware, users can install antivirus software and implement safe practices on their computer or other personal devices. This can include avoiding opening attachments from strange email addresses or unexpected senders, updating antivirus software regularly, only buying applications from trusted sources, avoiding downloading suspicious links, backing up data regularly, and installing a firewall.
Enterprise networks are more extensive than home networks and have more at stake. Precautions enterprises should take to avoid malware include:
- Implementing dual approval for B2B transactions
- Implementing two factor authentication for B2C transactions.
- Implementing office malware and threat detection software
- Implementing whitelist security policies
- Implementing web browser-level security
How to remove malware
If your Mac or PC has been infected with malware, follow these steps to remove it.
Removing malware from a Mac
- Disconnect from the internet.
- Enter safe mode by restarting your device, then immediately holding the shift key.
- Refrain from logging into any of your accounts to prevent the malware from accessing your sensitive information.
- Delete temporary files that may have been installed by malware.
- Check your Activity Monitor. This shows all of the applications running on your computer and how each affects the performance. Locate the malicious software and delete it through the Activity Monitor.
- Run a malware scanner.
- Fix your web browser by uninstalling suspicious extensions through the browser’s settings.
- Clear your cache
Removing malware from a PC
- Disconnect from the internet
- Enter safe mode by restarting your PC, holding down the shift key, selecting Power, then Restart. After it restarts, click Choose an option, then Troubleshoot, then Advanced Options, then Startup Settings. Click Restart, then select F4 among the list of options to start your PC in safe mode.
- Refrain from logging into your accounts.
- Delete temporary files.
- Check your Activity monitor by typing “resource monitor” into the search box. Right click on the malicious software you want to end and click End Process.
- Run a malware scanner.
- Fix your web browser.
- Clear your cache.