Malware

Software that is designed to disrupt normal operations of a device

Common DDoS Attacks
DDoS Attack Tools
DDoS Glossary of Terms

Malware

Learning Objectives

After reading this article you will be able to:

  • Define Malware
  • Explore and differentiate between common malware attacks
  • Understand potential risks for malware attacks, and how to reduce vulnurability

What is Malware?

Malware, a portmanteau from the words malicious and software, is a general term which can refer to viruses, worms, Trojans, ransomware, spyware, adware, and other types of harmful software. A key distinction of malware is that it needs to be intentionally malicious; any software that unintentionally causes harm is not considered to be malware.

The general goal of malware is to disrupt the normal operations of a device. This disruption can range in purpose from displaying ads on a device without consent to gaining root access of a computer. Malware may attempt to obfuscate itself from the user in order to collect information quietly or it may lock the system and hold data for ransom. In DDoS attacks, malware such as Mirai affects vulnerable devices, turning them into bots under the control of the attacker. Once modified, these devices can then be used to carry out DDoS attacks as part of a botnet.

The creation of malware arose as the result of experiments and pranks by computer programmers, but discovery of the commercial potential it creates has turned malware development into a lucrative black market industry. Today, many attackers offer to create malware and/or launch malware attacks in return for compensation.

What are some common types of malware?

  • Spyware - As the name implies, spyware is used to spy on a user’s behavior. Spyware can be used monitor a user’s web browsing activity, display unwanted ads to the user, and modify affiliate marketing streams. Some spyware uses what’s called a keylogger to record the user’s keystrokes, giving the attacker access to sensitive information including usernames and passwords.
  • Viruses - A virus is a malicious program that can be embedded in an operating system or a piece of software; the victim needs to run the operating system or open the infected file to be affected.
  • Worms - Unlike viruses, worms self-replicate and transmit themselves over a network, so the user doesn’t have to run any software to become a victim, just being connected to the infected network is enough.
  • Trojan Horses - These are pieces of malware that come hidden inside other useful software to entice the user to install them. Pirated copies of popular software are often infected with trojan horses.
  • Rootkits - These software packages are designed to modify an operating system so that unwanted installations are hidden from the user. A famous example is the 2005 Sony rootkit scandal, when Sony sold 22 million music CDs that came infected with a rootkit that would secretly install software intended to disrupt CD-copying on the purchaser’s computer. This rootkit opened up the door for other attackers to target infected computers with additional malware.
  • Ransomware - This software can encrypt files or even an entire operating system on a computer or network and keep them encrypted until a ransom is paid to the attacker. The emergence of bitcoin and other cryptocurrency has created a surge in the popularity of ransomware attacks, as attackers can anonymously accept currency and minimize the risk of getting caught.

What are the risk factors for malware infection?

  • Security bugs - Software such as operating systems, web browsers, and browser plugins can contain vulnerabilities for attackers to exploit.
  • User error - Users opening software from unknown software or booting their computers from untrusted hardware can create a serious risk.
  • OS sharing - The use of a single operating system by every computer on a network also increases malware infection risk; if all the machines are on the same OS, then it is possible for one worm to infect them all.

How can you stop malware?

No one can be completely impervious to malware attacks; new attacks are constantly being developed to challenge even the most secure systems. But there are plenty of ways to minimize vulnerability to malware attacks, these include:

  • Anti-virus and anti-malware software - Running regular scans on a computer or network is crucial to detecting threats before they can spread.
  • Website security scans - People who have websites should be aware that malware can target a website’s software to view private files, hijack the site, and potentially even harm that site’s visitors with forced malware downloads. Running regular security scans on a website can help to catch these threats.
  • Web Application Firewall (WAF) - Another good resource for webmasters is a WAF, which can block malware at the edge of a network and prevent it from reaching a site’s origin server.
  • Air gap isolation - Considered to be a last resort, air gap isolation means cutting a computer or network off from all outside networks and Internet communication by disabling any hardware that would make communications possible. Even this isn’t a foolproof defense and has been compromised by tactics such as the ‘dropped drive’ attack, where usb drives are dropped in a company’s parking lot in hopes that a curious employee will find one and plug it into a computer on the network, infecting the isolated network with malware.