Main menu


Understanding what malware is, viruses, worms

Understanding what malware is, viruses, worms

Understanding what malware is, viruses, worms, Trojans and more

Malware is a collective term for viruses, worms, Trojans, and other harmful computer programs, and has existed since the early days of computing. Malware is constantly evolving, and hackers use it to destroy and steal sensitive information. Fighting malware is the main job of an information security expert on a daily basis.


of Malware Malware is an acronym for malicious software. As Microsoft describes it, it collectively refers to "any software designed to harm a single computer, server, or network of computers." In other words, malware is classified based on its intended use, rather than the specific technique or technology used to create it.

Types of

Malware For example, the question of what is the difference between malware and a virus misses the point. Viruses are a type of malware. So, all viruses are malware (but not all malware is viruses).

There are several ways to classify malicious code. The first is classification according to how the malicious software spreads. The terms virus, Trojan horse, and worm tend to be used interchangeably without distinction, but each has a slightly different method of infecting a target computer, as Symantec explains.

- A worm is malicious software that runs independently, which replicates itself and spreads to other computers.

- A virus is computer code that injects itself into the code of another independent program and then forces that program to act maliciously and spread itself.

- Trojan horses cannot self-replicate, but disguise themselves as something the user wants, and inflict damage and spread in a way that induces them to activate themselves.

An attacker could also install malware “directly” on a computer, either by gaining physical access to the computer or by using elevation of privilege to gain remote administrator access.

Another way to classify malware is based on the actions it performs after successfully infecting a computer. The attack techniques used for malware are quite diverse.

- Spyware: Webroot Cybersecurity defines spyware as "malware used for the purpose of secretly collecting data from unsuspecting users". Basically, spyware spies on data you send and receives from your computer, and their purpose is usually to send this information to third parties. A keylogger is a type of spyware that logs every keystroke of a user, and is used to steal passwords.

- Rootkit:TechTarget defines it as "a program, or, more commonly, a suite of software tools, that grants a threat actor remote access or control over a computer or other system". The name rootkit derives from its ability to steal root access (administrator-level control in Unix terms) of a target system and use it to hide its existence.

- Adware: Malware that forcibly sends browsers to web advertisements, and in many cases downloads more malicious software. As The New York Times pointed out, adware often hides in attractive "free" programs in the form of games or browser extensions.

- Ransomware: A type of malware used to encrypt files on a hard drive and then demand money (usually Bitcoin) in exchange for a decryption key. Ransomware is malware that has gained notoriety over the past few years, such as Petya. It is mathematically impossible for the victim to regain access to the file without the decryption key. Scareware is an imitative version of ransomware. They claim to have taken over the computer and demand a ransom, but in fact, they use tricks such as a browser redirect loop to exaggerate the extent of the damage than they actually are, and unlike ransomware, it can be released relatively easily.

- Cryptojacking:Another way to forcefully take bitcoins from victims. The only difference is that things can happen without the victim's knowledge. After the cryptocurrency mining malware infects a computer, it uses the computer's CPU cycles to mine bitcoins for the attacker. Mining software can run in the background of the operating system or run as JavaScript in a browser window.

Every kind of malware has a means of infection and a category of action. For example, WannaCry is a ransomware worm. In addition, certain malware can use various attack vectors and take various forms. For example, the Emotet banking malware was found in both forms: a Trojan horse and a worm.

The types of malware can be identified by looking at the top 10 malware attacks as of June 2018 by the Center for Internet Security. The most common infection vector is spam emails that trick users into activating malware or Trojan horses.

The malware that appears most frequently in this ranking is WannaCry and Emotet. However, there are many malware classified as remote access Trojans (RATs, rootkits that propagate in the same way as Trojans), including NanoCore and Gh0st. In addition, there are cryptocurrency malware such as CoinMiner.

How to block malware

Since the main routes for malware to infect computers are spam and phishing emails, the best way to prevent malware is to lock down your email system and educate users on how to recognize the risks.

It's a good idea to scrutinize the documents attached to emails and limit potentially dangerous user behavior. It should also inform users of common phishing scams so they can respond rationally.

A technical countermeasure involves several steps, including patching all systems and keeping them updated, maintaining an ongoing hardware inventory to determine what needs to be protected, and performing an ongoing vulnerability assessment of the infrastructure. In particular, one way to prepare for a ransomware attack is to always back up your files so that even if your hard drive is encrypted, you don't have to pay a ransom to get it back.

Anti- Malware

Protection One of the most popular products in the category of malware protection products is anti-virus software. Although the word "virus" is included in the name, most products respond to all forms of malware.

Although now considered a relic among top security professionals, antivirus software still plays a pivotal role in basic malware defenses. According to recent AV-TEST test results, the best antivirus software at the moment is software from Kaspersky Lab, Symantec and Trend Micro.

For corporate networks, endpoint security products can provide in-depth defense against malware. In addition to signature-based malware detection commonly used in antivirus, it provides anti-spyware, personal firewall, application control, and other host intrusion prevention features. Gartner's list of Best Products includes products from Cylance, CrowdStrike and Carbon Black.

How to detect malicious code

Even with thorough protection, there is always the possibility that the system will be infected with malicious code. How to make sure?

At the enterprise IT level, there are also more advanced tools that provide a broader perspective that can be used to understand the state of the network and detect malware infections. Most malware spreads using networks or sends information to masterminds, so network traffic includes signs of malware infection that administrators go unnoticed.

There are a variety of network monitoring tools in this area, with prices ranging from a few dollars to thousands of dollars. There are also SIEM tools that evolved from log management programs. The SIEM tool analyzes the logs of various computers and applications located in the infrastructure to catch signals of problems, including malware infections.

In the SIEM market, there are a variety of companies, from IT representatives such as IBM and HP Enterprise to small specialized companies such as Splunk and Alien Vault.

How to get rid of malware

How to remove malware after being infected with malware is the most important question. Removal of malicious code is a difficult task, and the method varies depending on the type of malicious code. CSOs have information on how to get rid of rootkits, ransomware, and cryptojacking, or how to recover after an attack. It also provides a guide for auditing the Windows registry.

If you're looking for a tool to clean your system, Tech Radar has a collection of useful free products. There are some familiar names in the antivirus space, and some start-ups like Malwarebytes.


of Malicious Codes I mentioned earlier about the current malicious code threats. However, the history of malware goes back to the days of infected floppy disks swapped out by individual Apple II users in the 1980s and the Morris worm that spread throughout Unix systems in 1988. Other major malware incidents are as follows.

- ILOVEYOU: A worm that spread violently in 2000, causing more than $15 billion in damage

- SQL Slammer: It started spreading in 2003 and stopped Internet traffic within minutes

- Conficker : A worm that takes advantage of Windows' unpatched flaws and exploits various attack vectors ranging from malicious code injection to phishing emails, ultimately breaking passwords and hijacking Windows devices as botnets.

- Zeus: A keylogger Trojan that appeared in the late 2000s, aiming for banking information

- CryptoLocker: The first widespread ransomware attack, and the code of CryptoLocker is continuously modified and used by similar malware projects Becoming

- Stuxnet: An extremely sophisticated worm that infects computers all over the world, but inflicts real damage to only one Iranian nuclear facility in Natanz. Stuxnet, created by US intelligence agencies, destroyed Iran's uranium-enriched centrifuge on its mission.