What is Malware

Kurt Baker - January 22, 2021

Malware Definition

Malware (malicious software) is a term used to describe any program or code that is created with the intent to do harm to a computer, network, or server. Malware infiltrates a computer system discreetly, so by the time the user realizes their system is infected with malware, sensitive data and personal information may already be breached. Common types of malware include viruses, ransomware, keyloggers, trojans, worms, spyware, malvertising, scareware, backdoors, and mobile malware.

The origins of malware started in 1949, when a mathematician named John Von Neuman theorized the idea of self reproducing software. Although this initial idea was not intended to produce malicious software, adversaries now use malware to steal intellectual information, personal data, or money. However, there are ways to protect your systems against malware, including keeping software updated and installing next-generation antivirus (NGAV) software.


Upgrade Your Business Malware Protection Now

For Enterprise  For Small Business


Malware Resources

Signs You Have a Malware Infection

Our list includes common malware signs, but symptoms of malware can be obvious or discrete, so the most reliable way to detect malware is using advanced antivirus software. These tools can constantly scan and detect systems for malware in real time.

Here are a few common signs that may indicate you have a malware infection:

  • Slow computer
  • Very frequent ads and pop-ups, especially if they appear in unexpected places
  • Battery drains rapidly
  • System crashes
  • Sudden loss in disk space
  • Browser settings change on their own
  • Browser redirects on its own
  • Unfamiliar apps appear on mobile device
  • Increase in system’s internet activity
  • Disabled antivirus product
  • Lost access to files or computer
  • Deleted files
  • Contacts receive strange messages from you

Types of Malware

In the years since the Morris Worm debuted, adversaries have applied a great deal of creativity to the concept of malware, coming up with new types of attacks as enterprise technology has evolved. The most common types of malware today are:

TypeDescription
RansomwareIn a ransomware attack, an adversary encrypts a victim’s data and offers to provide a decryption key in exchange for a payment. Ransomware attacks are usually launched through malicious links delivered via phishing emails, but unpatched vulnerabilities and policy misconfigurations are used as well.
Fileless MalwareFileless malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.
SpywareSpyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent.
AdwareAdware is a type of spyware that watches a user’s online activity in order to determine which ads to show them. While adware is not inherently malicious, it has an impact on the performance of a user’s device and degrades the user experience.
TrojanA trojan is malware that appears to be legitimate software disguised as native operating system programs or harmless files like free downloads. Trojans are installed through social engineering techniques such as phishing or bait websites.
WormsA worm is a self-contained program that replicates itself and spreads its copies to other computers. A worm may infect its target through a software vulnerability or it may be delivered via phishing or smishing. Embedded worms can modify and delete files, inject more malicious software, or replicate in place until the targeted system runs out of resources.
VirusUnlike worms, which are self-contained, viruses need to infect another program in order to operate. After infecting a program, viruses execute a payload to capture banking credentials, hijack the computer into a botnet, or encrypt data as part of a ransomware attack.
RootkitsA rootkit is a software package that contains all the tools its operators need to acquire remote access and administrator-level control of a targeted computer. Rootkits are typically injected through the use of a trojan. This type of malware is designed to evade traditional antivirus solutions.
KeyloggersKeyloggers record a user’s keystrokes and send the records back to their operators. There are legitimate reasons to use keyloggers, such as IT troubleshooting or law enforcement surveillance, but criminals use keyloggers to acquire financial or personal information such as credit card numbers and passwords.
BotsA bot is part of a botnet, which is a network of infected computers that are slaves to the bot operator’s commands. Botnets are used to infect other computers, collect volumes of personal or business information, and conduct distributed denial-of-service (DDoS). Bots are delivered through phishing emails and poisoned apps.
Mobile MalwareMobile malware is any type of malware designed to target mobile devices. Mobile malware is delivered through malicious downloads, operating system vulnerabilities, phishing, smishing, and the use of unsecured WiFi.
CryptojackingCryptojacking occurs when an unauthorized person installs malware on a victim’s computer and uses it to run cryptomining programs. Cryptojacking software may be delivered through phishing emails or it may run in-browser, meaning it only runs while a victim is on the attacker’s web page.
ExploitsAn exploit is a piece of software or data that opportunistically uses a defect in an operating system or an app to provide access to unauthorized actors. The exploit may be used to install more malware or steal data.
BackdoorsA backdoor is a method of bypassing normal authentication procedures so that malware can gain remote access to a system. Backdoors may be secretly installed by Trojan horses, worms, or implants.
Remote Access Trojan (RAT)A remote access Trojan (RAT) is a type of backdoor virus that creates a backdoor into an infected computer system so that hackers can access it without altering the system’s security. Attackers use backdoors to send files back and forth between the infected computer and theirs, making it a prime technique for spying and data theft.
ScarewareScareware tricks users into believing their computer is infected with a virus. Typically, a user will see scareware as a pop-up warning them that their system is infected. This scare tactic aims to persuade people into installing fake antivirus software to remove the “virus.” Once this fake antivirus software is downloaded, then malware may infect your computer.
MalvertisingMalvertising — or malicious advertising — injects malicious code into digital ads. Malicious actors can then pay legitimate advertising networks to display their infected ads on websites, which means all page visitors are at risk of infection.

Learn More

Learn about the many different variations of malware that you are most likely to encounter in the wild and see real-world examples of each type. 11 Types of Malware You Should Know

How to Prevent Malware

Whether you are protecting your personal devices or trying to keep your company’s endpoints safe, preventing malware attacks is everyone’s first line of defense. Here are CrowdStrike’s tips for preventing against malware:

  • Keep your software updated: Set up automatic updates on all your devices because outdated software is more vulnerable to malware attacks.
  • Install antivirus software: In addition to installing quality antivirus software, it is also important to update it regularly to stay ahead of constantly evolving malware threats. The Falcon platform uses a unique and integrated combination of methods to prevent and detect known malware, unknown malware, and fileless malware (which looks like a trusted program). Take a tour of the Falcon Platform or experience it yourself today with a free trial.
  • Use ad blockers to prevent malvertising: Malvertising, or malicious advertising, is the use of criminally controlled advertisements that spread and install malware on devices.
  • Stay cautious and practice user vigilance: Anytime you are online you are vulnerable. Be wary of pop-ups, advertisements, and suspicious websites or links. Do not click on links in emails, mobile text messages, or social media messages sent from unknown users.
  • Be wary of email attachments: Email phishing is one of the most common malware attacks. Never open emails from unknown senders or click on their attachments or images.
  • Only download apps from official app stores: Downloading trusted apps on your devices decreases your risk for malware.
  • Use virtual private networks: VPNs allow you to go online safely, securely, and anonymously so your data and privacy stays protected.
  • Use strong passwords and multi-factor authentication: This combination will make it harder for hackers to access your systems. Never share your passwords with anyone.
  • Don’t lend out your devices to others: The only person who should be using your devices is you. Lending out your device to anyone else means your security and data could be compromised.
  • Stay educated: Learning more about malware will keep yourself and any endpoint users aware of the risks involved while on the internet.

How to Detect Malware

No matter how well you try to avoid malware, you’re likely to run in to newer, more innovative variants at some point. When you do, advanced malware protection is your best defense.

Traditional Antivirus (AV) is simply no longer effective. Traditional AV compares suspected threats to a list of known threats by looking for Indicators of Compromise (IOCs), which are small pieces of code that are like digital fingerprints. This approach no longer works because no matter how promptly antivirus vendors update their signature databases, they can’t keep up with the pace at which new malware is emerging.

Advanced malware protection uses a unique and integrated combination of methods to prevent and detect known malware, unknown malware, and fileless malware. These methods include machine learning, exploit blocking, behavioral analysis, and blacklisting.

Machine Learning: Machine learning allows you to block malware without using signatures. Instead, it relies on mathematical algorithms to analyze files and build predictive models that can detect never-before-seen malicious activities with high accuracy

Exploit Blocking: Malware does not always come in the form of a file that can be analyzed by machine learning. Some types of malware may be deployed directly into memory through the use of exploit kits. Exploit blocking stops the execution and spread of threats via unpatched vulnerabilities

Behavioral Analysis: What about fileless malware that doesn’t use an exploit kit, such as certain types of ransomware? To protect systems against these threats, malware protection should use IOAs, which look across both legitimate and suspicious activities to detect stealthy chains of events that indicate malware infection attempts. Most IOAs can prevent non-malware attacks as well.

Blacklisting: Advanced malware protection also allows organizations to blacklist applications, automatically preventing them from running anywhere in the organization.

How to Remove Malware

The key to removing malware from your device is installing and running next-generation antivirus (NGAV) software. Upon detecting malware, NGAV can help identify and remediate malicious artifacts left behind from malicious activity.

For maximum efficacy, it’s crucial to keep your antivirus software updated so that it can stay ahead of constantly evolving malware attacks. The Falcon platform offers a next-gen solution that allows for automatic sensor update and constant system scans – users do not have to worry about manually updating the software or scanning for malware.

Here are some additional resources that can guide you through the process of removing malware:

CrowdStrike Malware Protection

Watch the video below to get a firsthand look at how the Falcon Platform stops malware in its tracks: 

These powerful methods work together in Falcon to produce an integrated approach that effectively protects against most malware and breaches. Take a tour of the Falcon Platform or experience it yourself today with a free trial.

Get to Know the Author

Kurt Baker is the senior director of product marketing for Falcon Intelligence at CrowdStrike. He has over 25 years of experience in senior leadership positions, specializing in emerging software companies. He has expertise in cyber threat intelligence, security analytics, security management and advanced threat protection. Prior to joining CrowdStrike, Baker worked in technical roles at Tripwire and had co-founded startups in markets ranging from enterprise security solutions to mobile devices. He holds a bachelor of arts degree from the University of Washington and is now based in Boston, Massachusetts.