What is malware?

Source: Vsoftsystems, 07/10/2018

Viruses, Trojans, and ransomware are all malware, but what does that mean?
Malware is everywhere and it is the most dreaded word in computing.
The term is short for malicious software and is the general name used
to explain programs that can infect and damage computers, smartphones,
tablets or whole IT systems.
Once upon a time we simply called it a `virus`, which first came into
use in the early 80`s but the basic idea of a virus is as old as
computers themselves. John von Neumann developed a theory of
self-reproducing automatons in 1949 despite the details of the
technical implementation not being conceivable at the time.
The modern equivalent covers a multitude of variants such as Trojans,
ransomware and bots all which seeks to damage your computer from
within. Once it has access to a system, if it isn`t stopped or
removed, it can cause massive disruption through deletion or
encryption, lead to financial losses, sensitive data theft, or it can
remain hidden within the computer and spy on its users every move.
Malware news stories are becoming more and more commonplace each year
with the rise of smartphones and IoT as attacks happen across the globe.
We`ve delved deeper to find out what some of these malware threats are
and how they work.
Once malware has made its way onto a system, if it isn`t stopped or
removed it can cause massive disruption through data deletion or
encryption, lead to direct financial losses through the theft of
sensitive data like intellectual property or bank account details, or
alternatively sit quietly spying on the user`s every move.
Let`s dive deeper into what some of these malware threats are and how
they work.
Malware Types
There are several different types of malware, with some being more
common than others. These are some of the ones you`re most likely to
run into at home or in your business.
Virus
Predating `malware`, and once widely used as a catchall term for any
computer-related meltdowns, a `virus` is perhaps the term that people
will be most familiar with. As implied by its namesake, a computer
virus is a self-replicating, self-distributing piece of malicious
code, designed to be a fire and forget weapon.
It`s become one of the most widely used forms of malware as a result,
able to spread through a variety of methods, whether it be by email
attachment, direct download, or by hiding inside a storage media, such
as a USB.
Mobile devices, including smartphones and tablets, aren`t immune to
viruses, which typically spread as a result of someone installing an
application from an unknown source - although there are examples of
malicious files being hidden inside official app stores.
The purpose of a virus varies greatly, with some being more damaging
than others. Fairly innocuous viruses result in degraded performance
on a machine, slowing down browsers or desktop applications, however
others may self-replicate in order to spread to other machines on a
network.
Some may become so disruptive that a PC will crash or fail to startup
entirely, while others may hijack your desktop to display advertising,
block legitimate software or hijack your webcam.
Worms
Most types of malware are defined by their style of attack, and
`worms` are no exception. While similar to viruses in many ways, worms
don`t a user downloading a file or clicking on an attachment to
spread. Instead, they exploit the interconnectivity of a network,
sifting through shared software to find exploits.
Many worms are designed to simply replicate across networks rather
than cause direct disruption through changed settings, however, even
those without a `payload` can still cause increased network traffic
and instability.
Trojans
The aptly-named Trojan is designed to trick victims into believing
it`s a legitimate program. Once downloaded and executed, a Trojan will
run behind a seemingly normal looking application or service,
remaining undiscovered for as long as it can to carry out its real
goal, which is often stealing user information or copying files.
Unlike viruses and worms, however, Trojans tend not to self-replicate
so while they are a threat to an individual endpoint and the files on
it, they`re typically not a major threat to a network.
Adware and Spyware
Adware, while counted as malware, is more annoying than it is
malicious. This type of program displays unwanted adverts that are
hard to get rid of, for example displaying as pop-ups that are either
impossible to dismiss or which reappear shortly after the user has
closed them. As well as being obviously disruptive in that they
obscure part of the screen, adware can also cause a system to run slowly.
Spyware, on the other hand, is malicious. As the name would suggest,
it spies on a user`s activity and can exfiltrate sensitive data.
Unlike adware it hides its existence, silently syphoning off
information. Keyloggers and screen readers are just two types of
spyware that may infect your system.
Ransomware
Ransomware has become one of the most well-known forms of malware out
there, thanks to massive attacks like WannaCry in 2017. It has grown
to become the most popular forms of malware among cyber criminals as
it can be very lucrative with a high ROI. If the attacker is just out
for cash, this is the way to go.
Ransomware is best known for its use of splash screens, which are
impassable messages that demand users pay a specified fee, typically
in a cryptocurrency like Bitcoin, in order to retrieve their files.
These demands often increase after a set deadline, in order to
pressure users into paying up quickly. If the ransom isn`t paid, the
files are normally deleted, although in some cases the data will be
lost even if a user hands over their cash.
Browser hijackers
These are able to change your browser settings, like the home page,
and can make it extremely difficult to change the settings back. They
are able to install unwanted toolbars, search bars and can also
redirect existing browser shortcuts to other sites.
How malware spreads
Malware can spread through a variety of means, although it often
depends on the attack vector the variant chooses to exploit. One of
the most common methods is to hide malicious code within an email,
masquerading as a legitimate attachment, yet this isn`t always
effective, particularly if a company has robust filters.
Criminals may also use drive-by downloads, a tactic that attempts to
forcibly download a file to a user`s PC as they visit a website, or
more sophisticated methods involving command and control (C&C)
servers. Rather than letting a malware variant act independently, C&C
servers are able to maintain links between every infected machine,
allowing criminals to not only repeatedly steal data, but also hijack
its functions to be used as part of a larger botnet.
Cryptojacking
While not strictly malware, the rising interest in cryptocurrencies
such as Bitcoin and Monero has seen malware modified and created to
turn infected computers and mobile devices into machines to generate
valuable digital currency.
To generate or `mine` cryptocurrency, equations need to be solved
which requires a decent amount of processing power; this can be a time
consuming and power-hungry process. So hackers have been adding
cryptocurrency miners and scripts into malware payloads which
surreptitiously siphon an infected machine`s processor power to crunch
the calculations needed to mine cryptocurrency.
Known as cryptojacking, when scaled up through a network of infected
machines this process can end up generating digital money for hackers
off the back of other people`s computing power.
There is not necessarily an easy way to detect if your machine has a
cryptojacker on it, but if you find it`s is inexplicably running
slower or the processor is heating up, then there`s a chance that a
cryptojacker script is running in the background.
Cryptojackers can also infect smartphones and in extreme cases can
over-tax their processor and cause it to overheat and malfunction,
potentially damaging the phone or heating it up to the extent that it
burns the user.