Introduction
What is malware, and what are the different types of malware attacks? Malware (“malicious software”) refers to any software application intended to cause harm or damage to a computer system or environment. Cybercriminals may create and distribute malware for multiple reasons, such as stealing confidential data, gaining unauthorized access to a device or network, or even curiosity or malevolence.
There are many different types of malware. SonicWall’s patented Real-Time Deep Memory InspectionTM (RTDMI) has identified 270,228 new malware variants in 2022. (SonicWall, 2022). Businesses and IT security professionals should be familiar with the most common malware to effectively defend against them. This comprehensive guide will review the various types of malware and offer tips and best practices for preventing malware.
11 Types of Malware to Know
Malicious software can take many forms, from computer viruses to ransomware. This section will define 11 types of malware you should know about and provide guidance on preventing malware attacks.
Viruses
Computer viruses are one of the most well-known types of malware. The term “virus” comes from computer viruses designed to rapidly spread from one device to another. If not quickly detected, viruses can cause massive damage to IT environments. The infamous ILOVEYOU virus, for example, infected tens of millions of computers and caused billions of dollars’ worth of damage (Griffiths, 2020). The virus spread via email messages with the subject line “I love you” containing malicious attachments.
Worms
A computer worm is a type of malware similar to a virus. The main difference between worms and viruses is that worms can self-replicate and spread through a network without requiring user action. Viruses, on the other hand, attach themselves to a file or program that must be opened or executed before the virus can spread. Examples of computer worms include MyDoom, which caused an estimated $38 billion in damage and replicated by sending emails to the contacts in the victim’s email software (Okta, 2023).
Trojans
A Trojan (short for “Trojan horse”) is one of the most insidious types of malware. Trojans disguise themselves as legitimate software programs, such as a game or utility, while secretly damaging the host device. Unlike viruses and worms, Trojans mainly use social engineering techniques to replicate themselves, fooling victims into downloading and installing them.
Ransomware
Ransomware is one of the most pernicious and damaging types of ransomware. Once activated on the victim’s device, ransomware encrypts computer files and programs, preventing users from accessing them until a costly ransom is paid. Sophisticated ransomware also spreads itself to other devices on the network, potentially bringing business operations to a screeching halt. WannaCry, Clop, Petya, and DarkSide are just a few of the most infamous and destructive ransomware strains.
Adware
Adware is malware that displays intrusive and unwanted advertisements on the victim’s computer or mobile phone. Devices are often infected with adware when the user installs free software or downloads an email attachment. Adware can be annoying but also presents more significant concerns — it can slow down the device’s performance and even secretly collect information about users and their activities.
Spyware
Spyware is a form of malware that secretly gathers data about users and their activities. The types of information collected by spyware include a user’s browsing activities and login credentials, making it extremely dangerous for spyware to run on an undetected IT system. One infamous spyware campaign is called DarkHotel, an advanced persistent threat (APT) that targets business visitors at luxury hotel chains (Fokker, 2022). After infecting a hotel’s Wi-Fi network, the attackers infect victims with spyware, targeting high-profile individuals that may possess valuable data. Without advanced tools, spyware can be difficult or impossible to detect by users.
Rootkits
Rootkits are a type of malware that allows malicious actors to tinker with a computer system while hiding its presence from legitimate users. Once installed, a rootkit may allow the attacker to open a backdoor that makes it easier to gain unauthorized access. Rootkits may also contain functionality for stealing data or launching denial of service (DoS) attacks. Unfortunately, rootkits are infamously challenging to detect because they can bypass or disable conventional security tools such as antimalware and firewalls.
Keyloggers
Keyloggers are a type of malware that records the keystrokes and/or mouse activity of people using the device. Some keyloggers have legitimate purposes: e.g., monitoring employee activity or recording user activities during software testing. However, malicious keyloggers are frequently used to steal users’ passwords or sensitive financial data.
Wiper Malware
Wiper malware is a form of malware that permanently erases data from a system or device, often rendering it unusable. As the name suggests, wiper malware aims to “wipe” a computer clean of information so that the data is unrecoverable. Wiper malware is often used by threat actors with broader political, financial, or strategic goals.
Mobile Malware
Mobile malware is malware designed to infect mobile devices such as smartphones, tablets, and smartwatches. Attackers create this malware to exploit mobile technologies and operating systems (such as Android and iOS). One common attack vector for mobile malware is SMS: after users are tricked into visiting a fraudulent link in a text message, they are prompted to download and install malicious code.
Bots/Botnets
Last, a bot is an automated malware program that takes over a user’s system and directs it to perform various activities (often fraudulent or illegal). Malicious actors attempt to spread this bot software to as many computers as possible, creating a network of compromised devices known as a botnet. The attacker can then take control of this botnet and use it for additional nefarious purposes (such as sending spam messages or launching denial of service attacks).
Malware Prevention and Protection: Tips and Best Practices
With so many different types of malware, it’s crucial for businesses and cybersecurity professionals to know how to best defend against them. Below are just a few tips and best practices for malware prevention and protection:
- Using antivirus and anti-malware software: The right tools can go a long way to protecting companies from malware. Antivirus and anti-malware applications can detect, quarantine, and delete suspected issues before attackers start to wreak havoc.
- Installing software updates: Many cyberattacks occur because malicious actors exploit a security flaw that had already been fixed, but the victim failed to install the patch. Businesses should apply the latest updates to the software and operating systems they use on a day-to-day basis to have solutions to the latest vulnerabilities.
- Behaving cautiously: Phishing and spoofing attacks are among the most common ways malware is introduced into an IT environment. Employees should go through training and education programs to help them learn to recognize signs of a suspicious email attachment or link.
- Creating backups and disaster recovery plans: Ransomware, wiper malware, and other forms of malware can delete your valuable data or render it inaccessible. Keeping regular backups of your mission-critical information and applications will make it much easier to recover and restore operations after an attack.
How to Prevent Malware Attacks with CEH
Malware can be a tremendously destructive cybersecurity threat for businesses of all sizes and industries. The good news is that by applying the best practices above, organizations can significantly lower their risk of falling victim to malware attacks.
Knowing the various types of malware is essential for cybersecurity professionals, such as ethical hackers (also known as “white-hat hackers”). So how can you get started in the field if you want to become an IT security professional?
EC-Council’s Certified Ethical Hacker (C|EH) program gives students the right combination of theoretical knowledge and practical tools to jumpstart their careers in cybersecurity. The CEH certification covers 20 modules and provides hands-on instruction in more than 220 lab assignments.
References
SonicWall. (2022). Mid-Year Update: 2022 SonicWall Cyber Threat Report. https://www.sonicwall.com/medialibrary/en/infographic/mid-year-update-2022-sonicwall-cyber-threat-report.pdf
Griffiths, J. (2020, May 3). ‘I love you’: How a badly-coded computer virus caused billions in damage and exposed vulnerabilities which remain 20 years on. CNN Business. https://www.cnn.com/2020/05/01/tech/iloveyou-virus-computer-security-intl-hnk/index.html
Okta. (2023). What Is MyDoom Malware? History, How It Works & Defense. https://www.okta.com/identity-101/mydoom/
Fokker, J. (2022, March 17). Suspected DarkHotel APT activity update. Trellix. https://www.trellix.com/en-us/about/newsroom/stories/research/suspected-darkhotel-apt-activity-update.html