What Is Malware?

Malware is a common cyber-attack and an umbrella term for various malicious programs delivered and installed on end-user systems and servers. These attacks are designed to cause harm to a computer, server, or computer network, and are used by cybercriminals to obtain data for financial gain.

Most computer historians say that the first virus was created in 1970. The Creeper Worm self-replicated and copied itself across ARPANET (an early version of the internet). When activated, it displayed the message, “I’m the creeper, catch me if you can!”

The term “virus” wasn’t coined until 1986, when Ph.D. student Fred Cohen described a computer virus as a program that can infect other programs and create an evolved version of itself. Most early viruses destroyed files or infected boot sectors. Today’s malware is much more sinister and designed to steal data, spy on businesses, create a denial-of-service condition, or lock files to extort money from victims.

Types of malware programs fall into commonly referred to categories such as:

• Ransomware: Encrypts files that cannot be recovered unless the victim pays a ransom. Ransomware attacks are all too common these days.
• Adware: Display ads (sometimes malicious ads) to users as they work on their computers or browse the web.
• Fileless malware: Instead of using an executable file to infect computer systems, fileless malware uses Microsoft Office macros, WMI (Windows Management Instrumentation) scripts, PowerShell scripts, and other management tools.
• Viruses: A virus infects a computer and performs a variety of payloads. It may corrupt files, destroy operating systems, delete or move files, or deliver a payload at a specific date.
• Worms: A worm is a self-replicating virus, but instead of affecting local files, a worm spreads to other systems and exhausts resources.
• Trojans: A Trojan is named after the Greek war strategy of using a Trojan horse to enter the city of Troy. The malware masquerades as a harmless program, but it runs in the background stealing data, allowing remote control of the system, or waiting for a command from an attacker to deliver a payload.
• Bots: Infected computers can become a part of a botnet used to launch a distributed denial-of-service by sending extensive traffic to a specific host.
• Spyware: Malware that installs, collects data silently, and sends it to an attacker that continuously “spies” on users and their activities. Spyware aims to gather as much important data as possible before detection.
• Backdoors: Remote users can access a system and possibly move laterally. Trojans deliver backdoor payloads during installation.
• Banking Trojans: View or steal banking credentials to access accounts. Typically, they manipulate web browsers to trick users into entering their personal banking information.
• Keyloggers: Capture keystrokes as users type in URLs, credentials, and personal information and send it to an attacker.
• RAT: “Remote access tools” enable attackers to access and control the targeted device remotely.
• Downloaders: Download other malware to install locally. The type of malware depends on the attacker’s motives.
• POS: Compromise a point-of-sale (PoS) device to steal credit card numbers, debit card and PINs, transaction history, and contact information.

More sophisticated types of malware contain several of the above types to deliver a combination of payloads, mainly to ensure attack success. Most malware are developed with evasion features to avoid detection from antivirus programs.

Attackers can employ one or more of the evasion techniques to give their malware a better chance of avoiding detection and only deploy on human-run systems.

Cyber-attackers use malware for a variety of malicious intentions. In most cases, its purpose is to steal critical information or resources for monetary gain. For instance, hackers use malware as a tool to compromise computer networks or specific devices to steal or compromise sensitive data, like credit card information or confidential login credentials. But in some scenarios, malware is merely intended to cause havoc and sabotage its victims’ computer systems to disrupt a system’s operability.

Since the pandemic lockdowns, malware authors have increased their attacks to exploit poor cybersecurity practices. AV-TEST researchers detect over 450,000 new malicious programs every day. In 2021, AV-TEST registered over 1.3 billion malware applications compared to a little over 182 million malware applications in 2013. The number of malware applications is projected to double in 2022 compared to 2021. In fact, according to the Ponemon Cost of Phishing Study, costs due to the inability to contain malware have almost doubled, going from $3.1 million to $5.3 million.

Google provides a malware crawler to the general public to find malicious websites and block them from being indexed. These safe search efforts detect that 7% of websites host malware or are infected with malware. In just the first half of 2020, 20 million IoT malware attacks were detected, and that number continues to climb. Symantec estimates that three out of four infected IoT devices are routers.

Unfortunately, many organizations are ill-equipped to effectively prevent and handle catastrophic cyber-attacks related to malware. A 2022 ISACA State of Cybersecurity report found that 69% of cybersecurity professionals believe their organization’s team is sorely understaffed. That could intensify the strain on existing staff and further exacerbate risks from devastating malware attacks.

These cyber threats are showing no signs of slowing down. As malware attacks continue to increase in volume and sophistication, reports by Cybersecurity Ventures estimate global cybercrime costs to grow by 15% year-over-year for the next five years, reaching upwards of $10.5 trillion in damages by 2025. Largely fueled by ransomware-related attacks, these trends indicate the greatest transfer of wealth in history. Fueling the malware momentum are alarming data and trends, including:

Yes, Android devices are far more vulnerable to malware attacks. Downloading apps from unofficial, third-party app stores is one of the main risks Android users encounter, as some apps may conceal malicious software until downloaded and installed. Once downloaded, these apps can infect the device with malware, resulting in many symptoms like quickly drained batteries, increased data usage, and random pop-ups.

Smartphones carry more private data than computers due to their popularity. Users take their phones with them everywhere, so they contain financial information, travel locations, GPS tracking, shopping history, browsing history, and so much more that could be useful to an attacker. Users are more likely to install applications on their smartphones, thinking it’s safer than installing software on a desktop. All these factors make smartphones bigger targets than desktops for some threats.

Threats take advantage of a smartphone’s constant connection to either Wi-Fi or cellular data, making the internet always available. As malware runs in the background, it can silently upload stolen data and credentials to an attacker-controlled server regardless of the smartphone owner’s location.

If you think your computer has malware, you must take steps to remove it. For enterprise workstations, malware removal can be done remotely with business antivirus tools. More sophisticated forms of removal might be necessary for malware that evades antivirus.

The first step in removal is updating the machine’s antivirus software and running a scan on the entire system. Ensure your antivirus is enabled before beginning a scan because some malware disables antivirus. Scanning a computer can take several minutes, so it’s best to leave it running overnight if you need it for work.

After the antivirus completes the scan, it produces a report on its findings. Most antivirus software quarantines suspicious files and asks you what to do with quarantined files. After the scan, reboot the computer. The antivirus software should have a setting that tells it to scan the computer periodically every week. Scanning your computer at a set schedule ensures that malware is not installed unknowingly again.

At worst, you might be forced to re-image or reset a computer to factory settings. If you have a complete backup of your operating system and files, you can re-image it. Re-imaging installs everything, including files, so that you can recover from your last storage point. If you don’t have this type of backup, you can reset the PC to factory settings. Remember that you lose all files and software this way, and the computer is returned to the state when you first purchased it.

It’s important to ensure that malware is completely removed. If you do not completely remove malware from an environment, it could be coded to re-infect a newly scanned and cleaned computer. To stop malware from re-infecting a computer, always have monitoring and data protection running across all network resources. Intrusion detection systems actively monitor the network for suspicious traffic patterns and alert administrators of potential threats to prevent cybersecurity incidents from becoming data breaches.

Companies that rely on exchanging external documents are a good target for attackers. As every organization depends on people, criminals have directed their malware attacks toward the company’s HR function. By directly uploading or sending resumes through recruiting job sites, attackers deliver resumes directly to HR employees while avoiding the secure email gateway, a key detection mechanism.