< Back to EPP 101

What is Malware (Malicious Software)?

December 19, 2019

Malware Definition

Malware (malicious software) is a term used to describe any program or code that is created with the intent to do harm to a computer, network, or server. Common types of malware include viruses, ransomware, keyloggers, trojans, worms and spyware.

Malware works in different ways, but most start by ensuring a means of persistent access to a system so adversaries can slip into the network any time they like. Once inside, the malware takes control of the system with the purpose of communicating back to its original sender. The information it communicates may be sensitive data, intellectual property, captured keystrokes, images from a device’s camera, etc.

A Brief History of Malware

The idea of self-reproducing software goes back to 1949, when a mathematician named John Von Neuman theorized that “computing machines” could use elements in their environments to modify themselves.


About 20 years later, that idea was put to the test when Bob Thomas, an engineer at BBN Technologies, wrote a program that infected DARPA computers and caused them to display the message, “I’m the creeper: catch me if you can.”

Another 10 years passed before malware made a real impact on the world. In 1988, a college student named Robert Morris wrote a program that became known as the “Morris Worm.” Although its author stated that his intent was to test internet security flaws, the worm spread with such rapidity and was so hard to stop that it ultimately caused between $100K and $10M in damages. Morris was tried and convicted under the Computer Fraud and Abuse Act and sentenced to a fine, probation, and 400 hours of community service.

At the turn of the century, malware not only became more prevalent but continued to evolve as well. The growing worldwide web offered new and lucrative opportunities to monetize malware. Malicious toolkits, email worms, phishing schemes and other methods of delivery spread online at a rampant pace.

Since 2010, malware has gone through yet another evolution. The targets of malware attacks have also expanded beyond just individual consumers and their desktops to organizations and Internet of Things (IoT) devices. In recent years, nation-state and eCrime actors have focused on more sophisticated, large-scale attacks – what we now refer to as Big Game Hunting.

The history of malware shows that malicious software is unlikely to stagnate in the future. Adversaries will continue to modify their tactics to evade prevention solutions that lag behind the times – making next-generation technologies more important than ever.

What Does Malware Do?

In the years since the Morris Worm debuted, adversaries have applied a great deal of creativity to the concept of malware, coming up with new types of attacks as enterprise technology has evolved. The most common types of malware today are:

What It Does
Real-World Example
disables victim's access to data until ransom is paid
Fileless Malware
makes changes to files that are native to the OS
collects user activity data without their knowledge
serves unwanted advertisements
disguises itself as desirable code
spreads through a network by replicating itself
gives hackers remote control of a victim's device
monitors users' keystrokes
Olympic Vision
launches a broad flood of attacks
Mobile Malware
infects mobile devices

Learn More

Learn about the many different variations of malware that you are most likely to encounter in the wild and see real-world examples of each type. 11 Types of Malware You Should Know

Detecting and Removing Malware

Because malware is varied and always evolving, the only way to prevent it is to take a multi-pronged approach driven by constant innovation. Traditional Antivirus (AV) is simply no longer effective. Organizations need to get ahead of their adversaries by stopping malware before it infects their systems.

Mobile Threat Report

Download the latest mobile threat report to explore why the targeting of mobile platforms is being increasingly adopted

Download Report

Why Traditional AV Doesn’t Stop Malware

Traditional AV compares suspected threats to a list of known threats by looking for Indicators of Compromise (IOCs), which are small pieces of code that are like digital fingerprints. This approach no longer works because no matter how promptly antivirus vendors update their signature databases, they can’t keep up with the pace at which new malware is emerging.

That leaves organizations in the weak position of always being a step behind their adversaries, only able to react to attacks and never able to proactively prevent them.

Learn More

Still stuck with a fossilized, legacy antivirus? Download the Guide to AV Replacement to learn how to plan an AV replacement, including the critical elements to consider and to avoid common pitfalls that can derail the process.Download Guide

Malware Protection Needs a Next-Gen Solution

The Falcon platform uses a unique and integrated combination of methods to prevent and detect known malware, unknown malware, and fileless malware (which looks like a trusted program). These methods include machine learning, exploit blocking, behavioral analysis, and blacklisting.

Machine Learning

Falcon uses machine learning to block malware without using signatures. Instead, it relies on mathematical algorithms to analyze files and can protect the host even when it is not connected to the internet.

Exploit Blocking

But malware does not always come in the form of a file that can be analyzed by machine learning. Some types of malware may be deployed directly into memory through the use of exploit kits. To defend against these, Falcon provides an exploit blocking function that adds another layer of protection.

Behavioral Analysis

What about fileless malware that doesn’t use an exploit kit, such as certain types of ransomware? To protect systems against these threats, Falcon uses IOAs, which look across both legitimate and suspicious activities to detect stealthy chains of events that indicate malware infection attempts. Most IOAs can prevent non-malware attacks as well.

graphic displaying the differences between indicators of compromise and indicators of attack


Falcon also allows organizations to blacklist applications, automatically preventing them from running anywhere in the organization.

Watch the video below to get a firsthand look at how the Falcon Platform stops malware in its tracks: 

These powerful methods work together in Falcon to produce an integrated approach that effectively protects against most malware and breaches. Take a tour of the Falcon Platform or experience it yourself today with a free trial.

Want to Stay Ahead of Adversaries?

Download the 2020 Global Threat Report to uncover trends in attackers’ ever-evolving tactics, techniques, and procedures that our teams observed this past year.

Download Now