In this definition...
What is Malware?
Short for malicious software, malware is any program or file designed to harm or exploit any programmable device or network. It’s an umbrella term for multiple types of harmful programs such as viruses, worms, trojans, and ransomware, among others, used to cause destruction or gain access to sensitive information. In contrast, a software bug is an error or defect in software that causes a program to malfunction unintentionally.
Malware can target any kind of data, including financial data, healthcare records, and personal emails and password credentials. Depending on the type of malware, the form of damage varies. Sometimes, the effects are mild and benign, such as displaying text or audio messages. Other times it can be disastrous, deleting files and stealing sensitive data.
How does malware work?
Malicious software can infect devices and networks in a number of ways. It can infiltrate a system physically, via a USB drive or it might spread via internet connection. For example, drive-by-downloads automatically download a malicious program to a system without the user’s knowledge.
Malware can also infect a system through a user clicking on an unknown link or attachment – this is known as phishing, or social engineering.
Types of malware
As previously mentioned, malware is an umbrella term for different types of malicious software.
The first category of malware is categorized by how the malware spreads. These are the more well-known types, including worms, viruses, and trojans.
A virus is a piece of computer code that inserts itself within the code of another standalone program to alter the way a computer operates. To be considered a virus, it must execute and replicate itself. Some viruses are benign; they only replicate themselves across systems and present text, video, or audio messages. But some viruses are programmed to damage the computer by destroying programs, deleting files, or reformatting the hard disk. There are five types of viruses:
- FIle infector virus: Infects executable code, such as .com and .exe files.
- Boot sector virus: Infects the system area of a disk, meaning the drive’s boot record.
- Master boot record virus: Infects a disk in the same way a boot sector virus does, but it saves a legitimate copy of the master boot record in a different location.
- Multipartite virus: Infects both boot records and program files, making it especially difficult to repair.
- Macro virus: Infects data files. This is the most common type of virus and costs the most time and money to repair.
A worm is a standalone piece of software that replicates itself as it moves from system to system without the use of a host file. This is different from a virus in that a virus requires an infected host file to spread. Worms generally exist inside other files, such as Word or Excel files.
This type of malware is commonly spread via software vulnerabilities or phishing attacks. It can modify and delete files, inject malicious software onto computers, replicate itself over and over to deplete system resources, steal data, and install an entryway for hackers to gain access.
A trojan, or trojan horse, is a program that does not replicate itself, but instead masquerades itself as something desirable. The name is derived from the Greek legend of the Trojan War, in which Greek soldiers infiltrated the Trojans by hiding inside a wooden horse, given as a gift.
In the digital context, when a user activates the trojan, malicious code contained inside is also activated. Commonly, it aims to steal personal data.
In order for a trojan to spread, a user must invite it into their computer, such as opening an email attachment.
Spyware is software that covertly gathers user information through the user’s internet connection without his or her knowledge, usually for advertising purposes. It typically exists as a hidden component of freeware or shareware programs that can be downloaded from the internet.
Once installed, spyware monitors user activity and transmits that information in the background to someone else. It can also gather information about email addresses, passwords, and credit card numbers.
A rootkit is a program or collection of software tools that provides privileged access in an operating system while concealing its presence. Behaving as benign programs, they hide malicious software designed to infiltrate a computer or a network, allowing cybercriminals access to protected data and the ability to take over the system undetected.
Rootkits can be installed through a USB or downloaded onto a computer via social engineering tactics like phishing. Once installed, rootkits are unnoticeable and can block security tools like antivirus software.
Adware is software that forces your browser to redirect to web advertisements, which often will seek to download more malicious software. It is not always malicious; in fact, it is considered a legitimate alternative offered to consumers who do not wish to pay for software. There are many ad-supported programs, games, or utilities that are distributed as adware or freeware.
Ransomware is a form of malware in which rogue software code effectively holds a user’s computer hostage until a “ransom” fee is paid, usually in Bitcoin. It often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected email attachment or visiting hacked or malicious websites.
Malvertising injects malicious code into legitimate online advertising networks. As an example, a cybercriminal may pay to place an advertisement on a legitimate website. When a user clicks on the ad, the malicious code in the ad either redirects them to a malicious website or installs malware on their computer.
Malware is different from adware in that malware is deployed on a publisher’s webpage, whereas adware only targets individual users.