Malware (malicious software) is a term used to describe any program or code that is created with the intent to do harm to a computer, network, or server. Malware infiltrates a computer system discreetly, so by the time the user realizes their system is infected with malware, sensitive data and personal information may already be breached. Common types of malware include viruses, ransomware, keyloggers, trojans, worms, spyware, malvertising, scareware, backdoors, and mobile malware.
The origins of malware started in 1949, when a mathematician named John Von Neuman theorized the idea of self reproducing software. Although this initial idea was not intended to produce malicious software, adversaries now use malware to steal intellectual information, personal data, or money. However, there are ways to protect your systems against malware, including keeping software updated and installing next-generation antivirus (NGAV) software.
- Types of Malware
- Malware Analysis Explained
- What is:
Signs You Have a Malware Infection
Our list includes common malware signs, but symptoms of malware can be obvious or discrete, so the most reliable way to detect malware is using advanced antivirus software. These tools can constantly scan and detect systems for malware in real time.
Here are a few common signs that may indicate you have a malware infection:
- Slow computer
- Very frequent ads and pop-ups, especially if they appear in unexpected places
- Battery drains rapidly
- System crashes
- Sudden loss in disk space
- Browser settings change on their own
- Browser redirects on its own
- Unfamiliar apps appear on mobile device
- Increase in system’s internet activity
- Disabled antivirus product
- Lost access to files or computer
- Deleted files
- Contacts receive strange messages from you
Types of Malware
In the years since the Morris Worm debuted, adversaries have applied a great deal of creativity to the concept of malware, coming up with new types of attacks as enterprise technology has evolved. The most common types of malware today are:
|Ransomware||In a ransomware attack, an adversary encrypts a victim’s data and offers to provide a decryption key in exchange for a payment. Ransomware attacks are usually launched through malicious links delivered via phishing emails, but unpatched vulnerabilities and policy misconfigurations are used as well.|
|Fileless Malware||Fileless malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.|
|Spyware||Spyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent.|
|Adware||Adware is a type of spyware that watches a user’s online activity in order to determine which ads to show them. While adware is not inherently malicious, it has an impact on the performance of a user’s device and degrades the user experience.|
|Trojan||A trojan is malware that appears to be legitimate software disguised as native operating system programs or harmless files like free downloads. Trojans are installed through social engineering techniques such as phishing or bait websites.|
|Worms||A worm is a self-contained program that replicates itself and spreads its copies to other computers. A worm may infect its target through a software vulnerability or it may be delivered via phishing or smishing. Embedded worms can modify and delete files, inject more malicious software, or replicate in place until the targeted system runs out of resources.|
|Virus||Unlike worms, which are self-contained, viruses need to infect another program in order to operate. After infecting a program, viruses execute a payload to capture banking credentials, hijack the computer into a botnet, or encrypt data as part of a ransomware attack.|
|Rootkits||A rootkit is a software package that contains all the tools its operators need to acquire remote access and administrator-level control of a targeted computer. Rootkits are typically injected through the use of a trojan. This type of malware is designed to evade traditional antivirus solutions.|
|Keyloggers||Keyloggers record a user’s keystrokes and send the records back to their operators. There are legitimate reasons to use keyloggers, such as IT troubleshooting or law enforcement surveillance, but criminals use keyloggers to acquire financial or personal information such as credit card numbers and passwords.|
|Bots||A bot is part of a botnet, which is a network of infected computers that are slaves to the bot operator’s commands. Botnets are used to infect other computers, collect volumes of personal or business information, and conduct distributed denial-of-service (DDoS). Bots are delivered through phishing emails and poisoned apps.|
|Mobile Malware||Mobile malware is any type of malware designed to target mobile devices. Mobile malware is delivered through malicious downloads, operating system vulnerabilities, phishing, smishing, and the use of unsecured WiFi.|
|Cryptojacking||Cryptojacking occurs when an unauthorized person installs malware on a victim’s computer and uses it to run cryptomining programs. Cryptojacking software may be delivered through phishing emails or it may run in-browser, meaning it only runs while a victim is on the attacker’s web page.|
|Exploits||An exploit is a piece of software or data that opportunistically uses a defect in an operating system or an app to provide access to unauthorized actors. The exploit may be used to install more malware or steal data.|
|Backdoors||A backdoor is a method of bypassing normal authentication procedures so that malware can gain remote access to a system. Backdoors may be secretly installed by Trojan horses, worms, or implants.|
|Remote Access Trojan (RAT)||A remote access Trojan (RAT) is a type of backdoor virus that creates a backdoor into an infected computer system so that hackers can access it without altering the system’s security. Attackers use backdoors to send files back and forth between the infected computer and theirs, making it a prime technique for spying and data theft.|
|Scareware||Scareware tricks users into believing their computer is infected with a virus. Typically, a user will see scareware as a pop-up warning them that their system is infected. This scare tactic aims to persuade people into installing fake antivirus software to remove the “virus.” Once this fake antivirus software is downloaded, then malware may infect your computer.|
|Malvertising||Malvertising — or malicious advertising — injects malicious code into digital ads. Malicious actors can then pay legitimate advertising networks to display their infected ads on websites, which means all page visitors are at risk of infection.|
How to Prevent Malware
Whether you are protecting your personal devices or trying to keep your company’s endpoints safe, preventing malware attacks is everyone’s first line of defense. Here are CrowdStrike’s tips for preventing against malware:
- Keep your software updated: Set up automatic updates on all your devices because outdated software is more vulnerable to malware attacks.
- Install antivirus software: In addition to installing quality antivirus software, it is also important to update it regularly to stay ahead of constantly evolving malware threats. The Falcon platform uses a unique and integrated combination of methods to prevent and detect known malware, unknown malware, and fileless malware (which looks like a trusted program). Take a tour of the Falcon Platform or experience it yourself today with a free trial.
- Use ad blockers to prevent malvertising: Malvertising, or malicious advertising, is the use of criminally controlled advertisements that spread and install malware on devices.
- Stay cautious and practice user vigilance: Anytime you are online you are vulnerable. Be wary of pop-ups, advertisements, and suspicious websites or links. Do not click on links in emails, mobile text messages, or social media messages sent from unknown users.
- Be wary of email attachments: Email phishing is one of the most common malware attacks. Never open emails from unknown senders or click on their attachments or images.
- Only download apps from official app stores: Downloading trusted apps on your devices decreases your risk for malware.
- Use virtual private networks: VPNs allow you to go online safely, securely, and anonymously so your data and privacy stays protected.
- Use strong passwords and multi-factor authentication: This combination will make it harder for hackers to access your systems. Never share your passwords with anyone.
- Don’t lend out your devices to others: The only person who should be using your devices is you. Lending out your device to anyone else means your security and data could be compromised.
- Stay educated: Learning more about malware will keep yourself and any endpoint users aware of the risks involved while on the internet.
How to Detect Malware
No matter how well you try to avoid malware, you’re likely to run in to newer, more innovative variants at some point. When you do, advanced malware protection is your best defense.
Traditional Antivirus (AV) is simply no longer effective. Traditional AV compares suspected threats to a list of known threats by looking for Indicators of Compromise (IOCs), which are small pieces of code that are like digital fingerprints. This approach no longer works because no matter how promptly antivirus vendors update their signature databases, they can’t keep up with the pace at which new malware is emerging.
Advanced malware protection uses a unique and integrated combination of methods to prevent and detect known malware, unknown malware, and fileless malware. These methods include machine learning, exploit blocking, behavioral analysis, and blacklisting.
Machine Learning: Machine learning allows you to block malware without using signatures. Instead, it relies on mathematical algorithms to analyze files and build predictive models that can detect never-before-seen malicious activities with high accuracy
Exploit Blocking: Malware does not always come in the form of a file that can be analyzed by machine learning. Some types of malware may be deployed directly into memory through the use of exploit kits. Exploit blocking stops the execution and spread of threats via unpatched vulnerabilities
Behavioral Analysis: What about fileless malware that doesn’t use an exploit kit, such as certain types of ransomware? To protect systems against these threats, malware protection should use IOAs, which look across both legitimate and suspicious activities to detect stealthy chains of events that indicate malware infection attempts. Most IOAs can prevent non-malware attacks as well.
Blacklisting: Advanced malware protection also allows organizations to blacklist applications, automatically preventing them from running anywhere in the organization.
How to Remove Malware
The key to removing malware from your device is installing and running next-generation antivirus (NGAV) software. Upon detecting malware, NGAV can help identify and remediate malicious artifacts left behind from malicious activity.
For maximum efficacy, it’s crucial to keep your antivirus software updated so that it can stay ahead of constantly evolving malware attacks. The Falcon platform offers a next-gen solution that allows for automatic sensor update and constant system scans – users do not have to worry about manually updating the software or scanning for malware.
Here are some additional resources that can guide you through the process of removing malware:
A Brief History of Malware
Although malware as we know it today is linked to hacking and various criminal activities, its origins were far less threatening. Here is a timeline of malware history to better understand how malware developed over time.
1940s – 1980s
- 1949 – John Von Neuman, a mathematician, introduced the idea of self-reproducing software theorizing that “computing machines” could use elements in their environments to modify themselves.
- 1971 – Bob Thomas, an engineer at BBN Technologies, challenged Neuman’s theory when his programt infected DARPA computers and caused them to display the message, “I’m the creeper: catch me if you can.”
- 1988 – Robert Morris, a college student, wrote a program that became known as the “Morris Worm.” Although Morris stated that his intent was to test internet security flaws, the worm made a big impact and spread rapidly, causing between $100K and $10M in damages. Morris was tried and convicted under the Computer Fraud and Abuse Act and sentenced to a fine, probation, and 400 hours of community service.
2000s – Present
- 2000 – At the turn of the century, malware continued to evolve and become more prevalent. The growing worldwide web offered new and lucrative opportunities to monetize malware. Malicious toolkits, email worms, phishing schemes and other methods of delivery spread online at a rampant pace.
- 2010 – Present – Since 2010, the targets of malware attacks have expanded beyond just individual consumers and their desktops to organizations and Internet of Things (IoT) devices. In recent years, nation-state and eCrime actors have focused on more sophisticated, large-scale attacks – what we now refer to as Big Game Hunting.
The history of malware shows that malicious software is unlikely to stagnate in the future. Adversaries will continue to modify their tactics to evade prevention solutions that lag behind the times – making next-generation technologies more important than ever.
CrowdStrike Malware Protection
Watch the video below to get a firsthand look at how the Falcon Platform stops malware in its tracks:
These powerful methods work together in Falcon to produce an integrated approach that effectively protects against most malware and breaches. Take a tour of the Falcon Platform or experience it yourself today with a free trial.