In our recent article, 10 Basic Cybersecurity Terms That Everyone Online Should Know, we defined malware as, “A type of software that does harm to computers usually at the service of cybercriminals, some examples include trojans, ransomware, or viruses.” Essentially, it’s “the bad guy” of cybersecurity.
That said, there are a lot of different types of malware that operate completely differently from one another and represent varying degrees of risk for everyday users, businesses, and governments alike. But don’t get too overwhelmed! At Covered 6 Cademy, we believe that everyone deserves to have the information they need to start practicing cybersecurity in their everyday lives, so we wanted to do a deeper dive into the various types of malware and how they work.
Virus is probably a word you hear thrown around a lot when people are discussing cybersecurity risk. Many everyday users use the word virus interchangeably with malware when, in fact, they’re quite different things. Virus is a type of malware, but it’s not simply a “sick” file by any means. Today, viruses comprise only 10% of all malware. And for that, we should all be thankful!
Viruses are a particularly pernicious form of malware that do, actually, mirror the behavior of biological viruses that we’re all so familiar with. What that means is that a computer virus attaches itself to a host file—in other words, infecting it. Once you execute that file once, it activates the virus. From there, viruses use the functioning of existing applications to spread themselves. As the virus spreads more and more files or users are caught up in its infectious encroachment.
Unlike a biological virus like the common cold, computer viruses don’t merely run their course. It’s extremely difficult to get rid of a true virus. In most cases, the infected file is simply quarantined or deleted. That stubbornness is why true viruses can be so damaged! And also why we’re glad most malware aren’t technically viruses—despite the fact that most people may call them that.
Spyware is exactly what it sounds like: a type of malware that is used to secretly spy on user activity. Although it’s one of the most common types of malware, it can also be incredibly difficult to detect given its clandestine nature. Once it’s installed on a device, spyware can monitor online activity, and its goal is typically to obtain sensitive content such as credit card numbers, bank account information, and passwords. The biggest indicator that a device has been infected is a significant reduction in performance, data usage, and battery life on the device in question.
You may be noticing some common naming conventions here… Much like spyware, ransomware is exactly what it sounds like, too! It’s a form of malware that works like a real-life ransom. Ransomware locks away certain files—essentially holding them hostage. Usually, this means encrypting the files and then demanding a ransom be paid to recover or decrypt them.
Some forms of ransomware may even pretend to be a government or law enforcement agency shutting down the files or device for seemingly legitimate reasons like pirated software or porn. So whether or not you actually have any such content on your device—no judgment!—be wary if you ever get any errors like that.
Now we’re getting into new territory here. You may not have heard of a rootkit before, but you probably have heard of the concept behind then. A rootkit is a form of malware that takes remote control of an infiltrated device. Basically, it could allow a hacker to do whatever they want on your device from anywhere in the world. Sort of like when you’re on the phone with tech support and you allow them to take over your computer to troubleshoot for you… Only this is way less helpful and without the consent.
In fact, rootkits can be especially damaging since they are extremely difficult to detect. Because rootkits can take complete control of an infected device they have the ability to turn off or hijack security software that may otherwise protect your device or, at least, alert you of the presence of malware.
5. Trojan Horse
This form of malware famously takes its name from Homer’s The Odyssey. The story goes that Greek soldiers infiltrated Troy by hiding in a giant horse—passing it off as an offering to the gods. Much like this titular ploy, a Trojan is a type of malware made to look like unassuming, legitimate software. The only difference is that once it’s installed it starts performing the nefarious actions it’s actually designed to do.
A worm is completely unique in its ability to reproduce or spread completely autonomously. Most forms of malware are triggered by user action or other outside forces. Worms, however, actually have the ability to transfer and copy themselves from device to device without a host file or hijacking a single device’s code.
7. Fileless Malware
Fileless malware is a particularly sneaky form of malware that utilizes genuine software to secretly infect a device. This is another type of malware that is very difficult to detect. Often, typical antivirus software can’t catch fileless malware. Almost all malware requires a user to download a particular file or execute a program, but fileless malware is completely different.
Fileless malware hops along on your device’s memory—where short-term data is temporarily stored—executing various malicious activities while legitimate programs run normally. Because it’s never technically stored, it leaves no footprint, making it almost impossible to recognize. Additionally, because users don’t have to save or download a file to become infected by fileless malware, it’s hard to be accurately aware of your risk of infection let alone trace it back to the source
Hybrid malware is a type of malware that combines two or more of the above forms. According to Infosec, the most common combinations are a “Trojan horse or worm with adware or malware attached.”
Because hybrids are simply new combinations of existing malware, many cybersecurity experts are able to defend against them simply by combining different types of protection from the original malware types. However, if they go undetected hybrids can pose a grave risk for infected devices. This is due to their ability to take the “best” functions (best for cyber attackers at least…!) of two different types of malware and use them together in a uniquely powerful combination.
Often mixed up with adware, malvertising isn’t technically its own form of malware. Rather, it’s a technique commonly used to distribute malware to unsuspecting users. However, we wanted to draw attention to is on this list as it is one of the most insidious types of cyberattacks.
Malvertising refers to a cyber-attack technique where cybercriminals buy legitimate ad space on otherwise trustworthy sites, but hide malicious code in the ads or redirect users to harmful websites. Malvertising can deploy any type of malware, so you never know what you might get.