What is Malware?

December 19, 2019

Malware Definition

Malware (malicious software) is a term used to describe any program or code that is created with the intent to do harm to a computer, network, or server. Common types of malware include viruses, ransomware, keyloggers, trojans, worms and spyware.

Malware works in different ways, but most start by ensuring a means of persistent access to a system so adversaries can slip into the network any time they like. Once inside, the malware takes control of the system with the purpose of communicating back to its original sender. The information it communicates may be sensitive data, intellectual property, captured keystrokes, images from a device’s camera, etc.

A Brief History of Malware

The idea of self-reproducing software goes back to 1949, when a mathematician named John Von Neuman theorized that “computing machines” could use elements in their environments to modify or replicate themselves.

“I’M THE CREEPER: CATCH ME IF YOU CAN.”

About 20 years later, that idea was put to the test when Bob Thomas, an engineer at BBN Technologies, wrote a program that infected DARPA computers and caused them to display the message, “I’m the creeper: catch me if you can.”

Another 10 years passed before malware made a real impact on the world. In 1988, a college student named Robert Morris wrote a program that became known as the “Morris Worm.” Although its author stated that his intent was to test internet security flaws, the worm spread with such rapidity and was so hard to stop that it ultimately caused between $100K and $10M in damages. Morris was tried and convicted under the Computer Fraud and Abuse Act and sentenced to a fine, probation, and 400 hours of community service.

At the turn of the century, malware not only became more prevalent but continued to evolve as well. The growing worldwide web offered new and lucrative opportunities to monetize malware. Malicious toolkits, email worms, phishing schemes and other methods of delivery spread online at a rampant pace.

Since 2010, malware has gone through yet another evolution. The targets of malware attacks have also expanded beyond just individual consumers and their desktops to organizations and Internet of Things (IoT) devices. In recent years, nation-state and eCrime actors have focused on more sophisticated, large-scale attacks – what we now refer to as Big Game Hunting.

The history of malware shows that malicious software is unlikely to stagnate in the future. Adversaries will continue to modify their tactics to evade prevention solutions that lag behind the times – making next-generation technologies more important than ever.

What Does Malware Do?

In the years since the Morris Worm debuted, adversaries have applied a great deal of creativity to the concept of malware, coming up with new types of attacks as enterprise technology has evolved. The most common types of malware today are:

Type	What It Does	Real-World Example
Ransomware	disables victim's access to data until ransom is paid	RYUK
Fileless Malware	makes changes to files that are native to the OS	Astaroth
Spyware	collects user activity data without their knowledge	DarkHotel
Adware	serves unwanted advertisements	Fireball
Trojans	disguises itself as desirable code	Emotet
Worms	spreads through a network by replicating itself	Stuxnet
Rootkits	gives hackers remote control of a victim's device	Zacinlo
Keyloggers	monitors users' keystrokes	Olympic Vision
Bots	launches a broad flood of attacks	Echobot
Mobile Malware	infects mobile devices	Triada

11 Types of Malware You Should Know: Learn about the many different variations of malware that you are most likely to encounter in the wild and see real-world examples of each type.

Detecting and Removing Malware

Because malware is varied and always evolving, the only way to prevent it is to take a multi-pronged approach driven by constant innovation. Traditional Antivirus (AV) is simply no longer effective. Organizations need to get ahead of their adversaries by stopping malware before it infects their systems.

Download this year’s mobile threat report to explore the latest mobile malware trends:

Click to Download

Why Traditional AV Doesn’t Stop Malware

Traditional AV compares suspected threats to a list of known threats by looking for Indicators of Compromise (IOCs), which are small pieces of code that are like digital fingerprints. This approach no longer works because no matter how promptly antivirus vendors update their signature databases, they can’t keep up with the pace at which new malware is emerging.

That leaves organizations in the weak position of always being a step behind their adversaries, only able to react to attacks and never able to proactively prevent them.

Still stuck with a fossilized, legacy antivirus? Download the Guide to AV Replacement to learn how to plan an AV replacement, including the critical elements to consider and to avoid common pitfalls that can derail the process.

Malware Protection Needs a Next-Gen Solution

The Falcon platform uses a unique and integrated combination of methods to prevent and detect known malware, unknown malware, and fileless malware (which looks like a trusted program). These methods include machine learning, exploit blocking, behavioral analysis, and blacklisting.

Machine Learning

Falcon uses machine learning to block malware without using signatures. Instead, it relies on mathematical algorithms to analyze files and can protect the host even when it is not connected to the internet.

Exploit Blocking

But malware does not always come in the form of a file that can be analyzed by machine learning. Some types of malware may be deployed directly into memory through the use of exploit kits. To defend against these, Falcon provides an exploit blocking function that adds another layer of protection.

Behavioral Analysis

What about fileless malware that doesn’t use an exploit kit, such as certain types of ransomware? To protect systems against these threats, Falcon uses IOAs, which look across both legitimate and suspicious activities to detect stealthy chains of events that indicate malware infection attempts. Most IOAs can prevent non-malware attacks as well.

graphic displaying the differences between indicators of compromise and indicators of attack

Blacklisting

Falcon also allows organizations to blacklist applications, automatically preventing them from running anywhere in the organization.

Watch the video below to get a firsthand look at how the Falcon Platform stops malware in its tracks:

These powerful methods work together in Falcon to produce an integrated approach that effectively protects against most malware and breaches. Take a tour of the Falcon Platform or experience it yourself today with a free trial.

Want to stay ahead of adversaries? Download the 2020 Global Threat Report to uncover trends in attackers’ ever-evolving tactics, techniques, and procedures that our teams observed this past year.

Click to Download

featured articles

feature image for zero day exploit article

What is a Zero-Day Exploit?

A zero-day exploit is an unknown security vulnerability or software flaw that hackers can specifically target with malicious code.

What is Network Lateral Movement?

Learn what lateral movement is and the three steps you can take to eliminate it.

two mobile phone screens with red overlay

What is an MITM Attack?

A man-in-the-middle (MITM) attack is a type of cyberattack in which a third party infiltrates a conversation between a network user and a web application.