Malware, also known as malicious software, is one of the biggest risks for IT systems and data. When detecting and defending against malware, the specifics of the different types of malware must be taken into account.
What is malware?
Malware refers to malicious, harmful software. Unlike software that unintentionally causes damage because it is faulty, for example, malware is created for the sole purpose of causing harm. Depending on the malware, the damage consists of loss of confidentiality in the case of information requiring protection, loss of integrity in the case of information and IT systems, or loss of information and damage to IT systems.
A combination of these damage patterns is also possible. Malware that spies on its victims’ information and undermines the confidentiality of data is also known as spyware.
Malware can be created and distributed by individual perpetrators, but it is now more common for malware to be created by specialized malware authors and sold to clients. The black market for malware, the shadow economy can be considered industrial, the malware offered on the black market is often offered with a guarantee of success, the right to exchange, and its own support. Malware is a separate, criminal business sector.
Not all malware is a computer virus
Instead of malware, malicious software, or malicious software, it is often referred to as a computer virus or virus. This is a generalization because computer viruses are the best-known form of malware but by no means the only one. When one speaks of anti-virus software, one therefore usually means anti-malware software, i.e. security solutions that are designed to detect and ward off malware.
Viruses, worms, and Trojans lurk not only on the Internet
Besides computer viruses, the worm or computer worm and the Trojan or Trojan horse are among the best-known types of malware. While a computer virus infects other files in order to reproduce itself, a computer worm is able to reproduce itself. A Trojan is said to exist when an apparently useful program contains a malicious function.
In order to cause damage, the malware uses a security hole (exploit) in the programs of the affected systems. Infection with malware often occurs when victims open contaminated attachments to an e-mail sent to them by the attacker. Another way of infection is clicking a prepared link on a website, which starts downloading the deposited malware. However, simply opening a website can also be enough to download malware. This is known as a drive-by download.
However, malware is not only spread via e-mails and websites; malware can also be found on storage media and on appropriately prepared hardware.
Malware attacks are becoming increasingly sophisticated
Anti-malware programs try to detect malware as early as possible in order to block and remove it. To do this, such security programs look for certain patterns (signatures) in the files located on the devices they protect.
In addition, anti-malware programs also monitor the activity that comes from files and looks for any suspicious behavior in order to warn users accordingly. Since new types and variants of malware are always emerging, a malware scan should always pay attention to the signatures and behavior of files.
The variety of malware types shows how sophisticated malware attacks can be: a backdoor is a malware that provides the attacker with a “backdoor”, secret access into the victim’s system for further attacks. A rootkit is malware designed to help hide further malware and attacks on the victim’s system. Ransomware is malware that encrypts data against the victim’s will and extorts a ransom for decryption. Malware thus knows many malicious varieties.