What is malware?

A CGI render of a warning symbol representing malware, sitting on an abstract computer surface. Decorative: the warning sign is glowing red and there is blue and yellow diffused light throughout.
(Image credit: Getty Images)

Malware is one of the biggest cyber security threats that businesses face today. In fact, a recent Thales study found that malware attacks have impacted 41% of enterprises in 2023 

The term “malware” is a combination of the terms “malicious” and “software.” An integral part of any hacker’s arsenal, malware allows attackers to disrupt and gain unauthorized access to computers, servers, and networks. 

Cyber security experts use malware as an umbrella term to describe a range of malicious applications designed to infect and exploit computer systems. These include common forms of malware like viruses, ransomware, or trojans among others. All can wreak havoc on businesses by corrupting their data or knocking their systems offline. 

As malware increases in scale and complexity, businesses must take steps to understand how these attacks work so that they can identify and remove them. This is where anti-malware software and security awareness training can help.

Different types of malware 

There are many forms of malware, all of which vary in scale and design. But here are a few to understand if you’re looking to protect your business or personal devices.

Viruses

Viruses are the most prevalent forms of malware. Through malicious code they can self-replicate and self-distribute themselves to inflict maximum damage across devices and computer networks. Threat actors can spread viruses using email attachments, software downloads, or USB sticks. As well as affecting the performance of a device, viruses can cause costly data breaches. It’s important that leaders invest in the best antivirus software possible to protect their businesses from this serious threat.

Ransomware

Ransomware is both a common and infamous form of malware, with the 2017 WannaCry incident being one of the most prolific examples. Hackers conducting ransomware attacks typically gain unauthorized access to a system, encrypt sensitive data, and offer the victim a decryption key in return for a ransom. In double-extortion ransomware attacks, attackers combine ransomware with other forms of infostealing malware and threaten to leak data for all to see if the victim doesn’t pay up quickly.

Unfortunately, ransomware is one of the easier methods of attack, particularly for those looking to make quick cash. Ransomware as a service, where criminal groups offer up their ransomware strains and services for hire, has become one of the biggest threats facing the business world. In fact, many of the most popular ransomware strains hitting Europe, and in particular the UK, right now are considered to be the result of ransomware as a service.

Worms

Like viruses, computer worms are capable of self-replication. This allows them to infect one computer after another. They are typically spread by exploiting software and network vulnerabilities, rather than email attachments and file downloads. Worms allow hackers to slow down computers, gain unauthorized computers via backdoors, and steal sensitive information. 

An infamous example of a worm is Stuxnet, which was discovered in 2010 having done massive damage to Iran's nuclear facilities.

Trojans

Trojans are a type of malware that masquerades as legitimate software or files. They are typically built to exfiltrate sensitive data and perform malicious commands, such as copying or modifying files. Unlike viruses and worms, trojans aren’t typically designed to self-replicate. As a result, infection is usually contained to a single device rather than an extensive computer network.

Adware and spyware

Adware is malicious software that automatically shows unwanted advertisements — including pop-ups and banners — on the devices of victims. Adware can be difficult to remover and can have a detrimental effect on computer performance. Spyware, such as keyloggers and screen readers, allows hackers to track your online activity and steal passwords and other sensitive information. This type of malware is designed to remain hidden and is, therefore, hard to detect. 

Rootkits

Rootkits are among the hardest malware to detect and remove on a compromised device. Their purpose is to embed themselves within the core components of a device, such as within a computer’s firmware or random-access memory (RAM), to become as persistent as possible. Once established, rootkits can survive factory resets and act as a backdoor for attackers.

Browser hijackers

As the name suggests, browser hijackers enable threat actors to take control of your internet browser. Browser hijackers can change browser settings and redirect victims to malicious websites for phishing or that automatically download other forms of malware onto their system.

Hunter-killer malware

Hunter-killer malware, which hackers use to deactivate security tools after compromising a computer network, is quickly becoming one of the most common types of malicious software. This threat has grown by 300% in the past year according to Picus Security's Red Report 2024.

How malware spreads

Threat actors leverage various techniques to spread malware. Social engineering and targeted phishing attacks is one of the most prevalent methods. 

Madelein van der Hout, a senior analyst at Forrester, tells ITPro that hackers use social engineering techniques to exploit the psychology of their victims. Van der Hout explains that hackers employ enticing or intimidating methods to trick victims into breaking security rules and share sensitive information, often by clicking links in malicious messages and emails purporting to be from a trusted source. 

“For example, a criminal poses as your manager and asks to transfer money. The criminal chooses specific individuals and highly tailored messages.

“Pretexting is when someone impersonates an IT tech support staff member who calls to ask for your password to fix a problem. The attacker creates a fabricated scenario to gain access right from a user.”

Hackers can also spread malware by leveraging flaws in computer applications and networks. “These vulnerabilities stem from outdated software, weak passwords, and unpatched security flaws.”

Evgeny Mirolyubov, senior director analyst at Gartner, warns that threat actors can change passwords and destabilize multi-factor authentication (MFA) by launching social engineering attacks on helpdesk departments.

Misconfigured internet services, a lack of MFA protection, and initial access brokers are also aiding malware attacks. “Once inside the organization, threat actors use various lateral movement techniques to compromise more systems and identify sensitive data for further exfiltration,” Mirolyubov adds.

Detecting and removing malware

One of the first steps to preventing malware attacks is regularly performing patches and software updates, as well as data backups according to van der Hout.

Antimalware and antivirus software also provide a “first line of defense” for tackling malware, she says. Solutions that use “signatures, heuristics and behavior-based detection” will enable companies to spot malware attacks, adds van der Hout.

A firewall can prevent cyber criminals from accessing computer systems and networks by monitoring network traffic and detecting anything unusual. She explains: “It can block malicious IP addresses, restrict access to certain ports and protocols used by malware, and limit outbound traffic to prevent infected systems from communicating with command-and-control servers.”

For a “more sophisticated” way of tackling malware, she recommends using endpoint detection and response (EDR) services. “These solutions offer comprehensive monitoring and analysis of endpoint data to detect, investigate, and also respond to abnormalities,” she explains.

She says removing malware infections from a computer system or network can be both “straightforward” to “complex”. Companies affected by “sophisticated malware” will often need outside support to “ensure complete removal and secure against future attacks”, she continues. 

Businesses that fall victim to a ransomware attack should never pay the ransoms demanded by threat actors, she adds. “You can never be sure a criminal actually leaves your system, network, or device to exploit again later on.”

Andrew Braunberg, principal analyst for cyber security at Omidia, urges companies to train their employees on spotting malware. He says: “The success of phishing points to a major weakness in most defenses: the end user. Security training can often help with awareness of the problem.”

With both traditional and emerging forms of malware affecting businesses across all industries, they must take these threats seriously. But thanks to the latest antivirus and anti-malware solutions, as well as security awareness training, safeguarding computer systems and networks from malware needn’t be hard. 

Connor Jones
Contributor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.

With contributions from