Malware—a blanket term for viruses, worms, trojans, and other harmful computer programs—has been with us since the early days of computing. But malware is constantly evolving and hackers use it to wreak destruction and gain access to sensitive information; fighting malware takes up much of the day-to-day work of infosec professionals.
Malware definition
Malware is short for malicious software, and, as Microsoft puts it, "is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network." In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it.
This means that the question of, say, what the difference is between malware and a virus misses the point a bit: a virus is a type of malware, so all viruses are malware (but not every piece of malware is a virus).
There are a number of different ways of categorizing malware; the first is by how the malicious software spreads. You've probably heard the words virus, trojan, and worm used interchangeably, but as IT experts explains, they describe three subtly different ways malware can infect target computers:
- A worm is a standalone piece of malicious software that reproduces itself and spreads from computer to computer.
- A virus is a piece of computer code that inserts itself within the code of another standalone program, then forces that program to take malicious action and spread itself.
- A trojan is a program that cannot reproduce itself but masquerades as something the user wants and tricks them into activating it so it can do its damage and spread.
Malware can also be installed on a computer "manually" by the attackers themselves, either by gaining physical access to the computer or using privilege escalation to gain remote administrator access.
Another way to categorize malware is by what it does once it has successfully infected its victim's computers. There are a wide range of potential attack techniques used by malware:
- Spyware is defined as "malware used for the purpose of secretly gathering data on an unsuspecting user." In essence, it spies on your behavior as you use your computer, and on the data you send and receive, usually with the purpose of sending that information to a third party. A keylogger is a specific kind of spyware that records all the keystrokes a user makes—great for stealing passwords.
- A rootkit is, as described by TechTarget, "a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system." It gets its name because it's a kit of tools that (generally illicitly) gain root access (administrator-level control, in Unix terms) over the target system, and use that power to hide their presence.
- Adware is malware that forces your browser to redirect to web advertisements, which often themselves seek to download further, even more malicious software. As The New York Times notes, adware often piggybacks onto tempting "free" programs like games or browser extensions.
- Ransomware is a flavor of malware that encrypts your hard drive's files and demands a payment, usually in Bitcoin, in exchange for the decryption key. Several high-profile malware outbreaks of the last few years, such as Petya, are ransomware. Without the decryption key, it's mathematically impossible for victims to regain access to their files. So-called scareware is a sort of shadow version of ransomware; it claims to have taken control of your computer and demands a ransom, but actually is just using tricks like browser redirect loops to make it seem as if it's done more damage than it really has, and unlike ransomware can be relatively easily disabled.
- Cryptojacking is another way attackers can force you to supply them with Bitcoin—only it works without you necessarily knowing. The crypto mining malware infects your computer and CPU cycles to mine Bitcoin uses your for your attacker's profit. The mining software may run in the background on your operating system or even as JavaScript in a browser window.
Any specific piece of malware has both a means of infection and a behavioral category. So, for instance, WannaCry is a ransomware worm. And a particular piece of malware might have different forms with different attack vectors: for instance, the Emotet banking malware has been spotted in the wild as both a trojan and a worm.
No comments:
Post a Comment