Malware is the collective name given to software that has been developed to disrupt or damage data, software or hardware, as well as gain unauthorised access to computer systems.
Malware is often disguised as, or embedded in, non-malicious files and can be spread via e-mail attachments or other methods of file sharing. Where e-mails are used they can often appear as though they are from a trustworthy individual or organisation, but instead come from a hacker and include infected attachments or links to infected web pages. This is known as e-mail spoofing. Where links to infected web pages are included, a drive-by download could be initiated upon visited the page, where the malware is downloaded to a user’s computer without their knowledge or consent.
Malware comes in a number of different forms, which are described below.
Viruses are the most well-known type of malware. A virus is a piece of software that can be designed to insert copies of itself into legitimate software, files or critical areas of a computer’s hard disk and can be subsequently spread to other computers. This can all be done without the knowledge of the user. The infection process can start simply by opening a previously infected file or piece of software. Once active, a virus is said to be self-replicating, attaching itself to other files and programmes. As well as causing damage to files and computer systems in general, they can consume a significant amount of memory, disk space and processing power, which will slow a computer down, or even render it unusable. Viruses can also be used to provide a hacker unauthorised access to a computer system.
Worms are similar to viruses in that they are self-replicating, however, they don’t require any user interaction to start the infection process. Worms spread through a computer network to infect other computers and use their resources to continue replicating themselves. They can go unnoticed for some time in comparison to viruses, as they don’t damage files, however, as more and more resources are used up by a worm it will have an impact on a systems performance, therefore signifying a problem.
Unlike viruses and worms, a trojan, or trojan horse as it is sometimes known, is not self-replicating. They appear as though they are legitimate pieces of software, such as, a screen saver, a game, or even antivirus software, however, when they are used, they covertly either do damage to a computer system or provide unauthorised access to it. They can also be used to monitor keystrokes from a keyboard of an infected computer and even utilise e-mail software to distribute itself to others.
Spyware is, as the name suggests, software that is used to obtain information about a person or organisation and without their knowledge or consent, transmit the information back to the individual or organisation who initiated the attack.
Ransomware is software that is covertly installed on a computer without the prior knowledge or consent of the user, which encrypts data on the target computer, or even disables the computer itself and demands a sum of money for the data to be unencrypted or computer to be unlocked.
As the name suggests, a keylogger is a piece of software that logs all the keystrokes that a user enters through an input device such as a keyboard. These can be used to steal sensitive information such as usernames and passwords.
Remote Access Trojan (RAT)
A Remote-Access Trojan, or RAT for short, is a toolkit designed to provide covert surveillance, as well as remote unauthorised access to a target system. They can be used to steal sensitive information and provide a backdoor into a system to allow an attacker unfettered access to it.
Potentially Unwanted Program (PUP)
PUPs are programs that may have adverse effects on a computer’s security or privacy. These often involve adware or spyware components that are used to generate revenue. They can have the effect of slowing down a computer, displaying a large number of adverts, adding toolbars that take up space on a web browser, or even collect private information.
A fireless virus, also known as a memory-based attack, is malware that only operates in memory, never touching the file system. They continue to run until the device is powered down and can be much harder to detect compared with other types of malware.
Logic bombs are a type of malicious software that are deliberately installed, often by an authorised person. They will sit dormant for a period until an event or specific date and time is reached. Where they are triggered by a specific date and time, they are sometimes referred to as a time bomb.
Crypto-malware is malware that uses a system's resources to mine for cryptocurrency. This affects the performance of the target machine as CPU cycles are being used to mine for the cryptocurrency.
Rootkits are a form of malware, which are specifically designed to modify the operation of the operating system in some fashion to facilitate non-standard functionality. A rootkit can do almost anything that the operating system can do, including modifying the operating system kernel and its supporting functions, as well as changing the nature of the system's operation.