Types of Malware

Types of Malware

Malware which is short for “Malicious Software”, can come in a variety of formats. Malware refers to any software that is intentionally designed to cause damage, steal information or gain unauthorized access to a user or organisations systems. As for the transportation, malware is found is possible in any form of IT protocol or transport mechanism. Even today singular cases show that it could also be preinstalled to hardware like smart phones. In this article we will look at some of the most common types that you could encounter. 

Viruses

A computer virus is a type of malware that aims to attach itself to legitimate files or applications to corrupt data, interfere with system operations, or even spread to other systems on the same network. 

The Melissa virus in 1999 targeted Microsoft Word and Outlook based systems. This Computer virus spread through email attachments which resulted in widespread server crashes and an estimated $1.1 billion in damages globally. Up to the year 2000 Viruses were the dominant class of Malware leading to the industry combating malicious code to be called “Antivirus”.

Worms

Unlike viruses, worms do not need human interaction to spread. Worms are self-replicating and exploit system vulnerabilities to infect multiple devices across a network. Their ability to propagate autonomously makes them particularly dangerous, often leading to significant disruption and data loss. 

The WannaCry worm, which targeted a Windows vulnerability in 2017, encrypting data and demanding ransom payments. 

Worms can rapidly bring down entire networks, overwhelming systems with massive traffic or exploiting critical data access points, causing havoc in both corporate and governmental settings. While they are very dangerous, worms are rarely used in coordinated attacks as they are comparably noisy and therefore easy to detect. They are also very hard to control for threat actors leading to unintended side effects. 

Trojans (Trojan Horses)

Trojans disguise themselves as legitimate software to trick users into downloading them. Once the victim installs the malware, it will deliver malicious payloads that can range from creating backdoors for attackers to steal data or even providing full system control. Trojans are incredibly versatile and can take many forms including backdoor Trojans, banking Trojans, and Remote Access Trojans (RATs). For example, Banking Trojans will specifically target financial information, while RATs allow attackers to monitor and control infected devices remotely.

 The Zeus Trojan, which has been active since 2007, is one of the most notorious examples, having stolen millions of dollars by stealing banking credentials and login information.

Ransomware

Ransomware is a type of malware that encrypts a victim’s data and prevents it from being accessed until a ransom is paid. Ransomware attacks have become increasingly common with high-profile attacks on businesses, hospitals, and government agencies as attacker’s aim for substantial ransom payments. Attackers will often use phishing emails or malicious downloads to carry out their attack. 

One of the most devastating ransomware attacks, Petya, hit in 2016, encrypting entire hard drives and crippling organizations until they paid the ransom. The financial and operational damage caused by ransomware can be massive as it can lead to downtime, loss of sensitive data, and expensive ransom payments.

Using Ransomware to extort money is one of the most successful cybercriminal schemes. Today, highly organised groups offer it as a service model to other criminals. So called “Ransomware as a Service” organisations are responsible for nearly 1500 successful attacks on EU businesses between July 2023 and June 2024 according to the European Unions Agency for Cybersecurity (ENISA) https://www.enisa.europa.eu/topics/cyber-threats/threats-and-trends. 

Spyware

Spyware is a type of malware, that collects sensitive data from infected systems without the user’s knowledge. It can monitor browsing habits, log keystrokes, and capture login credentials, posing a severe threat to both individual privacy and corporate security. 

Pegasus spyware, discovered in 2016, is a prime example, enabling attackers to access data on both iOS and Android devices. Spyware will often come bundled with legitimate-looking software or through malicious website downloads. The Attackers can use this information for identity theft, corporate espionage, or other malicious purposes.

Adware

Adware is a type of malware that displays unwanted advertisements on infected systems and although it is considered less harmful than other types of malware it can still pose significant risks. The purpose of adware is to generate revenue for attackers by displaying ads and by PPC (Pay Per Click) if the user clicks on an advertisement. While adware doesn’t typically steal sensitive data, it can degrade user experience and open the door for more serious malware infections. 

Fireball adware, which infected millions of systems in 2017, hijacked browsers and tracked user behaviour for advertising purposes, highlighting the intrusive nature of adware.

Malicious Coinminer (aka Coinmining Virus, Cryptojacking)

Mining for Cryptocurrencies like Bitcoin is legal as long as the underlying system belongs to the miner or the owner's consent is given. However, criminals regularly infect systems illegally with this type of software giving this method the name “Cryptojacking”. As Malware it drains the hosts energy trying to generate Cryptocurrency coins that could then be sold by the threat actor. 

Stealing Energie is often regarded as a minor issue and therefore ignored. Coin mining viruses are therefore also used by “Access as a Service” Criminals to generate some money while they wait for their customers. 

Rootkits

Rootkits are some of the most dangerous and difficult types of malware to detect and remove. These malicious tools allow attackers to gain long-term, privileged access to a system while hiding their presence from both users and security software. Rootkits can manipulate system files, alter processes, and change security settings to avoid detection, allowing attackers to maintain control over a compromised system for extended periods. 

In the Sony BMG rootkit scandal of 2005, rootkit software was secretly installed on CDs to prevent copying, making systems vulnerable to further malware attacks.

Keyloggers

Keyloggers are a form of spyware designed to record a user’s keystrokes, allowing attackers to capture sensitive information like passwords, credit card numbers, and private messages. Keyloggers are often deployed through phishing attacks or bundled with other malware. Once installed, they silently log every keystroke, sending the data back to the attacker for exploitation. This type of malware is particularly dangerous in financial and corporate environments, where login credentials to banking accounts or secure systems can be stolen.

Fileless Malware

Fileless malware is a modern innovation in malware attacks, as it operates without a file. Instead, it lives in system memory, making it difficult for traditional antivirus software to detect and remove. Fileless malware exploits legitimate system tools, such as PowerShell, to execute its malicious activities. Because it doesn’t rely on file storage, fileless malware presents a unique challenge to cybersecurity professionals, requiring advanced detection methods. Attackers often use fileless malware to carry out stealthy attacks that can go undetected for extended periods.

Botnets

A botnet is a network of compromised devices, also known as "zombies," which are controlled remotely by attackers. These devices can be used for large-scale attacks, such as Distributed Denial of Service (DDoS) attacks or spam campaigns. Botnets are often built by infecting devices with malware, turning them into unknowing participants in malicious activities. 

One of the largest botnets, Mirai, was responsible for a massive DDoS attack in 2016 that temporarily shut down major websites. Botnets can be used to overwhelm networks, steal data, or perform other malicious actions without the user’s knowledge.

Preventive Measures and Best Practices

To protect against these various types of malware you should adopt some of the best practices mentioned below:

  • Keep all your software updated: Regularly update your Operating Systems, system drivers and all software on your device. Software updates will often contain patches which is a fix for specific issue or vulnerability that could be exploited.

  • Use Firewalls: Firewalls block unauthorized access to networks and monitor incoming and outgoing traffic for suspicious activity.

  • Educate Employees: Employees should receive cybersecurity training to help them spot phishing attempts and to identify harmful links or downloads. 

  • Implement Endpoint Detection and Response (EDR) Tools: EDR solutions provide continuous monitoring and detection of security threats across devices, helping to stop malware before it can cause widespread damage.

Types of Malware

Related Research