![https://zdnet2.cbsistatic.com/hub/i/r/2017/10/20/539fdef4-aaf3-407b-a820-252eaca5d4ab/resize/770xauto/583537845f0eb3799e7f8099580db382/istock-trojan-horse.jpg"](https://zdnet2.cbsistatic.com/hub/i/r/2017/10/20/539fdef4-aaf3-407b-a820-252eaca5d4ab/resize/770xauto/583537845f0eb3799e7f8099580db382/istock-trojan-horse.jpg"){kind=link}
![https://zdnet4.cbsistatic.com/hub/i/r/2017/04/12/543b992b-41b1-4241-a8e4-aceceadb24ee/resize/770xauto/cb71e8305cf00d95ee347b74d0133bea/cerber-ransomware.png"](https://zdnet4.cbsistatic.com/hub/i/r/2017/04/12/543b992b-41b1-4241-a8e4-aceceadb24ee/resize/770xauto/cb71e8305cf00d95ee347b74d0133bea/cerber-ransomware.png"){kind=link}
![https://zdnet2.cbsistatic.com/hub/i/r/2018/02/07/93a5657f-b965-4161-86a8-4eeae354dbd1/resize/770xauto/980da4abe93bfef133f18f7c2da9c8cb/pop-up-ads.jpg"](https://zdnet2.cbsistatic.com/hub/i/r/2018/02/07/93a5657f-b965-4161-86a8-4eeae354dbd1/resize/770xauto/980da4abe93bfef133f18f7c2da9c8cb/pop-up-ads.jpg"){kind=link}
![https://zdnet1.cbsistatic.com/hub/i/r/2018/01/03/f26afe95-3550-44ac-813e-e7cc792959f2/resize/770xauto/427276c257051072d41d80107240de38/istock-bitcoin-and-other-currency.jpg"](https://zdnet1.cbsistatic.com/hub/i/r/2018/01/03/f26afe95-3550-44ac-813e-e7cc792959f2/resize/770xauto/427276c257051072d41d80107240de38/istock-bitcoin-and-other-currency.jpg"){kind=link}
![https://zdnet3.cbsistatic.com/hub/i/r/2017/06/12/11b5d52f-c95c-4b0c-b3d7-c5982701fcc2/resize/770xauto/ce37ec0ef0094a5e717d9f0a4a9cc471/macransom-ransom-note.png"](https://zdnet3.cbsistatic.com/hub/i/r/2017/06/12/11b5d52f-c95c-4b0c-b3d7-c5982701fcc2/resize/770xauto/ce37ec0ef0094a5e717d9f0a4a9cc471/macransom-ransom-note.png"){kind=link}
![https://zdnet3.cbsistatic.com/hub/i/r/2017/02/15/a48cff56-0929-4058-87cf-a98c4f00d1c6/resize/770xauto/61ec7d6bce97260756b484fb431fb7d2/android-trojan-mimic-malware.png"](https://zdnet3.cbsistatic.com/hub/i/r/2017/02/15/a48cff56-0929-4058-87cf-a98c4f00d1c6/resize/770xauto/61ec7d6bce97260756b484fb431fb7d2/android-trojan-mimic-malware.png"){kind=link}
![https://zdnet2.cbsistatic.com/hub/i/r/2016/10/12/b247db7b-6641-4c13-8a30-e178efb626a8/resize/770xauto/2b60d0c731f106d16d98df0b5ab04f2c/boiling-kettle.jpg"](https://zdnet2.cbsistatic.com/hub/i/r/2016/10/12/b247db7b-6641-4c13-8a30-e178efb626a8/resize/770xauto/2b60d0c731f106d16d98df0b5ab04f2c/boiling-kettle.jpg"){kind=link}
https://www.zdnet.com/article/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software/
What is malware? Everything you need to know about viruses, trojans and
malicious software
Cyber attacks and malware are one of the biggest threats on the internet. Learn
about the different types of malware - and how to avoid falling victim to
attacks.
</meet-the-team/uk/dannypalmerzdnet/>
By Danny Palmer</meet-the-team/uk/dannypalmerzdnet/> | May 30, 2018 -- 14:00
GMT (07:00 PDT) | Topic: Security</topic/security/>
Video: Android users fall victim to drive-by cryptocurrency miner
What is malware?
Malware is shorthand for malicious software. It is software developed by cyber
attackers with the intention of gaining access or causing damage to a computer
or network, often while the victim remains oblivious to the fact there's been a
compromise. A common alternative description of malware is 'computer virus' --
although are big differences between these types malicious programs.
What was the first computer virus?
The origin of the first computer virus is hotly debated: For some, the first
instance of a computer virus -- software that moves from host to host without
the input from an active user -- was Creeper, which first appeared in the early
1970s, 10 years before the actual term 'computer virus' was coined by American
computer scientist Professor Leonard M. Adleman.
SEE: Special report: Cybersecurity in an IoT and mobile world (free
PDF)<https://www.techrepublic.com/resource-library/whitepapers/special-report-cybersecurity-in-an-iot-and-mobile-world-free-pdf/>
Creeper ran on the Tenex operating system used throughout ARPANET -- the
Advanced Research Projects Agency Network -- and jumped from one system to
another, displaying a message of "I'M THE CREEPER : CATCH ME IF YOU CAN!" on
infected machines, before transferring itself to another machine. For the most
part, when it found a new machine, it removed itself from the previous
computer, meaning it wasn't capable of spreading to multiple computers at once.
While Creeper wasn't created for malicious purposes or performing any activity
beyond causing mild annoyance, it was arguably the first example of software
operating in this way.
Shortly afterward, a new form of software was created to operate in a similar
way -- but with the aim of removing Creeper. It was called Reaper.
Alternatively, some believe the title of the first computer virus should go to
one called
Brain<http://www.zdnet.com/pictures/ten-computer-viruses-that-changed-the-world/>,
because unlike Creeper, it could self-replicate itself without the need to
remove itself from a previous system first -- something many forms of malicious
code now do.
The Morris Worm
The Morris
Worm<http://www.zdnet.com/article/the-morris-worm-internet-malware-turns-25/>
holds the notorious distinction of the first computer worm to gain mainstream
media attention -- because, within hours of being connected to the early
internet, it had infected thousands of computers. The damage of the lost
productivity estimated to have cost between $100,000 and $10,000,000.
Like Brain and Creeper before it, the Morris worm isn't classed as malware,
because it is another example of an experiment gone wrong.
The software was designed to try to find out the size of the burgeoning
internet with a series of scans in 1988, but mistakes in the code led to it
running unintended denial of service operations -- sometimes multiple times on
the same machine, rendering some computers so slow they became useless.
As a result of the Morris Worm, the internet was briefly segmented for several
days in order to prevent further spread and clean up networks.
What is the history of malware?
While Creeper, Brain and Morris are early examples of viruses, they were never
malware in the truest sense.
Malware and the malicious code behind it is designed specifically to cause
damage and problems on computer systems, while those described above found
themselves causing issues by accident -- although the results were still
damaging.
With the birth of the
web<http://www.zdnet.com/article/25-years-of-the-web-and-counting/> and the
ability to connect to computers around the globe, the early 90s saw internet
businesses take off as people looked to provide goods and services using this
new technology.
However, as with any other form of new technology, there were those who looked
to abuse it for the purposes of making money -- or in many cases, just to cause
trouble.
In addition to being able to spread via discs -- both floppy and CD-Rom
varieties -- the increased proliferation of personal email allowed attackers to
spread malware and viruses via email attachments -- especially potent against
those without any sort of malware protection.
Various forms of malicious software caused trouble for the computer users of
the 1990s, performing actions ranging from deleting data and corrupting hard
drives, to just annoying victims by playing sounds or putting ridiculous
messages on their machines.
Many can now be viewed -- in safe mode with the actual malware removed -- at
the Malware Museum on the Internet
Archive<http://www.zdnet.com/article/want-to-experience-ms-dos-malware-go-to-the-malware-museum/>.
Some of the attacks may have looked simple, but it was these which laid down
the foundations for malware as we know it today -- and all the damage it has
caused around the world.
[casino-disk-destroyer-internet-archive.jpg]
Casino Disk Destroyer - a form of malware in the 90s - made victims play a game
of chance before it destroyed content on the disk.
Image: Internet Archive
What are the different types of malware?
Like traditional software, malware has evolved over the years and comes
equipped with different functions depending on the goals of the developer
Malware authors will sometimes combine the features of different forms of
malware to make an attack more potent -- such as using ransomware as a
distraction to destroy evidence of a trojan
attack<http://www.zdnet.com/article/this-destructive-wiper-ransomware-was-used-to-hide-a-stealthy-hacking-campaign/>.
What is a computer virus?
At its core, a computer virus is a form of software or code that is able to
copy itself onto computers. The name has become associated with additionally
performing malicious tasks, such as corrupting or destroying data.
While malicious software has evolved to become far more diverse than just
computer viruses -- there are still some forms of traditional viruses -- like
the 15-year-old Conficker
worm<http://www.zdnet.com/article/sql-slammer-worm-comes-back-from-the-dead-after-a-decade-of-inactivity/>
-- which can still cause problems for older systems. Malware, on the other
hand is designed to provide the attackers with many more malicious tools.
What is trojan malware?
One of the most common forms of malware -- the Trojan horse -- is a form of
malicious software which often disguises itself as a legitimate tool that
tricks the user into installing it so it can carry out its malicious goals.
SEE: Special report: Cybersecurity in an IoT and mobile world (free
PDF)<https://www.techrepublic.com/resource-library/whitepapers/special-report-cybersecurity-in-an-iot-and-mobile-world-free-pdf/>
Its name of course comes from the tale of ancient Troy, with the Greeks hidden
inside a giant wooden horse, which they claimed was a gift to the city of Troy.
Once the horse was inside the city walls, a small team of Greeks emerged from
inside the giant wooden horse and took the city.
[istock-trojan-horse.jpg]&lt;span class="img aspect-set "
style="padding-bottom: 67%"&gt;&lt;img
src="https://zdnet2.cbsistatic.com/hub/i/r/2017/10/20/539fdef4-aaf3-407b-a820-252eaca5d4ab/resize/770xauto/583537845f0eb3799e7f8099580db382/istock-trojan-horse.jpg";
class="" alt="istock-trojan-horse.jpg" height="auto"
width="770"&gt;&lt;/span&gt;
Just as the Greeks used a Trojan Horse to trick Troy into letting troops into
the city, Trojan malware disguises itself in order to infiltrate a system.
Image: Getty
Trojan malware operates in much the same way, in that it sneaks into your
system -- often disguised as a legitimate tool like an update or a Flash
download
<http://www.zdnet.com/article/hackers-race-to-use-flash-exploit-before-vulnerable-systems-are-patched/>
-- then, once inside your system, it begins its attacks.
Once installed in the system, depending on its capabilities a Trojan can then
potentially access and capture everything -- logins and
passwords<http://www.zdnet.com/article/espionage-malware-snoops-for-passwords-mines-bitcoin-on-the-side/>,
keystrokes, screenshots, system information, banking
details<http://www.zdnet.com/article/hacking-group-targets-banks-with-stealthy-trojan-malware-campaign/>,
and more -- and secretly send it all to the attackers. Sometimes a Trojan can
even allow attackers to modify data or turn off anti-malware protection.
The power of Trojan horses makes it a useful tool for everyone from solo
hackers, to criminal gangs to state-sponsored operations engaging in full-scale
espionage.
What is spyware?
Spyware is software which monitors the actions that are carried out on a PC and
other devices. That might include web browsing history, apps used, or messages
sent. Spyware might arrive as a trojan malware or may be downloaded onto
devices in other ways.
For example, someone downloading a toolbar for their web browser may find it
comes packed with spyware for the purposes of monitoring their internet
activity and computer use, or malicious adverts can secretly drop the code onto
a computer via a drive-by
download.<http://www.zdnet.com/article/comcast-customers-targeted-in-sophisticated-malvertising-scheme/>
In some cases, spyware is actively sold as software, designed for purposes such
as parents monitoring their child's internet
use<http://www.zdnet.com/article/i-am-not-a-villain-says-alleged-android-trojan-creator/>
and is designed to explicitly be ignored by antivirus and security software.
However, there are various instances of such tools being used by employers to
spy on the activity of employees and people using spyware to spy on their
spouses.
* Android malware spies on smartphones users and runs up their phone bill
too<http://www.zdnet.com/article/sophisticated-android-malware-spies-on-smartphones-users-and-runs-up-their-phone-bill-too/>
* Hacking group used Facebook lures to trick victims into downloading
Android
spyware<http://www.zdnet.com/article/hacking-group-uses-facebook-lures-to-trick-victims-into-downloading-android-spyware/>
* Hackers are using hotel Wi-Fi to spy on guests, steal
data<http://www.zdnet.com/article/hackers-are-using-hotel-wi-fi-to-spy-on-guests-steal-data/>
What is ransomware?
While some forms of malware rely on being subtle and remaining hidden for as
long as possible, that isn't the case for ransomware.
Often delivered via a malicious attachment or link in a phishing email,
ransomware encrypts the infected system, locking the user out until they pay a
ransom -- delivered in bitcoin or other
cryptocurrency<http://www.zdnet.com/article/how-bitcoin-helped-fuel-an-explosion-in-ransomware-attacks/>
in order to get them back.
Also: Ransomware: An executive guide to one of the biggest menaces on the
web<http://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/>
It might sound simple, but ransomware works: Cybercriminals pocketed over $1
billion from ransomware attacks during 2016
alone<http://www.zdnet.com/article/the-cost-of-ransomware-attacks-1-billion-this-year/>,
and a Europol report describes it as having "eclipsed" most other global
cybercriminal threats in
2017<http://www.zdnet.com/article/ransomware-surges-again-as-cyber-crime-as-a-service-becomes-mainstream-for-crooks/>.
[cerber-ransomware.png]&lt;span class="img aspect-set "
style="padding-bottom: 68%"&gt;&lt;img
src="https://zdnet4.cbsistatic.com/hub/i/r/2017/04/12/543b992b-41b1-4241-a8e4-aceceadb24ee/resize/770xauto/cb71e8305cf00d95ee347b74d0133bea/cerber-ransomware.png";
class="" alt="cerber-ransomware.png" height="auto"
width="770"&gt;&lt;/span&gt;
Ransomware demands a payment in return for returning encrypted files.
Image: Malwarebytes
What is wiper malware?
Wiper malware has one simple goal: To completely destroy or erase all data from
the targeted computer or network. The wiping could take place after the
attackers have secretly removed target data from the network for themselves, or
it could could be launched with the pure intention of sabotaging the target.
One of the first major forms of wiper malware was
Shamoon<http://www.zdnet.com/article/shamoon-malware-infects-computers-steals-data-then-wipes-them/>,
which targeted Saudi energy companies with the aim of stealing data then
wiping it from the infected machine. More recent instances of wiper attacks
include
StoneDrill<http://www.zdnet.com/article/stonedrill-wiper-malware-targets-european-hard-drives/>
and
Mamba<http://www.zdnet.com/article/destructive-disk-encrypting-mamba-ransomware-springs-back-to-life/>,
the latter of which doesn't just delete files, but renders the hard driver
unusable.
One of the most high profile wipers of recent times was Petya
ransomware<http://www.zdnet.com/article/petya-ransomware-attack-what-it-is-and-why-this-is-happening-again/>.
The malware was initially thought to be ransomware. However, researchers found
that not only was there no way for victims retrieve their data via paying the
ransom, but also that the goal of Petya was to irrecoverably destroy
data<http://www.zdnet.com/article/ransomware-in-disguise-experts-say-petya-out-to-destroy-not-ransom/>.
What is a computer worm?
A worm is a form of malware that is designed to spread itself from system to
system without the actions by the users of those systems.
Worms often exploit vulnerabilities in operating systems or software, but are
also capable of distributing themselves via email attachments in cases where
the worm can gain access to the contact book on an infected machine.
It might seem like a basic concept, but worms are some of the most successful
and long-lived forms of malware out there. The 15-year-old SQL slammer worm is
still causing issues by powering DDoS
attacks<http://www.zdnet.com/article/sql-slammer-worm-comes-back-from-the-dead-after-a-decade-of-inactivity/>,
while the 10-year-old Conficker worm still ranks among the most common cyber
infections<http://www.zdnet.com/article/why-companies-are-still-falling-victim-to-an-eight-year-old-computer-virus/>.
Last year's Wannacry ransomware
outbreak<http://www.zdnet.com/article/wannacry-ransomware-was-the-biggest-challenge-of-the-year-says-cyber-security-centre/>
infected over 300,000 computers around the world -- something it did thanks to
the success of worm capabilities which helped it quickly spread through
infected networks and onto unpatched systems.
What is adware?
The ultimate goal of many cybercriminals is to make money -- and for some,
adware is just the way to do it. Adware does exactly what it says on the
tin<http://www.zdnet.com/article/this-malware-campaign-has-created-a-backdoor-into-one-in-five-organisations-say-researchers/>
-- it's designed to maliciously push adverts onto the user, often in such a
way that the only way to get rid of them is to click through to the advert. For
the cybercriminals, each click brings about additional revenue.
In most cases, the malicious
adverts<http://www.zdnet.com/article/google-chrome-under-attack-have-you-used-one-of-these-hijacked-extensions/>
aren't there to steal data from the victim or cause damage to the device, just
sufficiently annoy the user into repeatedly clicking on pop-up windows.
However, in the case of mobile
devices<http://www.zdnet.com/article/sneaky-adware-exploits-android-users-with-precision-targeting/>,
this can easily lead to extreme battery drain or render the device unusable
due to the influx of pop-up windows taking up the whole
screen<http://www.zdnet.com/article/google-were-cracking-down-on-android-apps-with-those-annoying-lockscreen-ads/>.
[pop-up-ads.jpg]&lt;span class="img aspect-set " style="padding-bottom:
75%"&gt;&lt;img
src="https://zdnet2.cbsistatic.com/hub/i/r/2018/02/07/93a5657f-b965-4161-86a8-4eeae354dbd1/resize/770xauto/980da4abe93bfef133f18f7c2da9c8cb/pop-up-ads.jpg";
class="" alt="pop-up-ads.jpg" height="auto"
width="770"&gt;&lt;/span&gt;
Adware displays intrusive pop-up adverts which won't disappear until they're
clicked on.
Image: iStock
What is a botnet?
A botnet -- short for robot network -- involves cybercriminals using malware to
secretly hijack a network of machines in numbers, which can range from a
handful to millions of compromised
devices<http://www.zdnet.com/article/botnets-the-race-to-stop-the-most-powerful-weapon-on-the-internet/>.
While it is not malware in itself these networks are usually built by
infecting vulnerable devices.
Each of the machines falls under the control of a single attacking operation,
which can remotely issue commands to all of the infected machines from a single
point<http://www.zdnet.com/article/a-giant-botnet-behind-one-million-malware-infections-a-month-just-got-shut-down/>.
By issuing commands to all the infected computers in the zombie network,
attackers can carry out coordinated large-scale campaigns, including DDoS
attacks<http://www.zdnet.com/article/ddos-mystery-whos-behind-this-massive-wave-of-attacks-targeting-dutch-banks/>,
which leverage the power of the army of devices to flood a victim with
traffic, overwhelming their website or service to such an extent it goes
offline.
Other common attacks carried out by botnets include spam email attachment
campaigns<http://www.zdnet.com/article/this-giant-ransomware-campaign-just-sent-millions-of-malware-spreading-emails/>
-- which can also be used to recruit more machines into the network -- and
attempts to steal financial data, while smaller botnets have also been used in
attempts to compromise specific
targets<http://www.zdnet.com/article/how-iot-hackers-turned-a-universitys-network-against-itself/>.
Botnets are designed to stay quiet to ensure the user is completely oblivious
that their machine is under the control of an attacker.
As more devices become connected to the internet, more devices are becoming
targets for botnets. The infamous Mirai
botnet<http://www.zdnet.com/article/justice-dept-indicts-mirai-botnet-attackers/>
-- which slowed down internet services in late 2016 -- was partially powered
by Internet of
Things<http://www.zdnet.com/article/what-is-the-internet-of-things-everything-you-need-to-know-about-the-iot-right-now/>
devices which could easily be roped into the network thanks to their
inherently poor security and lack of malware removals tools.
What is a cryptocurrency miner malware?
The high profile of the rise of bitcoin has helped push cryptocurrency into the
public eye. In many instances, people aren't even buying it, but are dedicating
a portion of the computing power of their computer network or website to mine
for it.
While there are plenty of instances of internet users actively engaging in this
activity on their terms -- it's so popular the demand has helped to push up the
price of PC gaming graphics cards -- cryptocurrency mining is also being abused
by cyber
attackers<http://www.zdnet.com/article/cryptocurrency-miners-a-replacement-for-ransomware/>.
There's nothing underhanded or illegal about cryptocurrency mining in itself,
but in order to acquire as much currency -- be it bitcoin, Monero, Etherium or
something else -- some cybercriminals are using malware to secretly capture PCs
and put them to work in a botnet, all without the victim being aware their PC
has been compromised.
One of the largest cybercriminal cryptocurrency networks, the Smominru botnet,
is thought to consist of over 500,000 systems and to have made its operators at
least $3.6 million
dollars<http://www.zdnet.com/article/a-giant-botnet-is-forcing-windows-servers-to-mine-cryptocurrency/>.
Typically, a cryptocurrency miner will deliver malicious code to a target
machine with the goal of taking advantage of the computer's processing power to
run mining operations in the background.
The problem for the user of the infected system is that their system can be
slowed down to almost a complete stop by the miner using big chunks of its
processing power -- which to the victim looks as if it is happening for no
reason.
[istock-bitcoin-and-other-currency.jpg]&lt;span class="img aspect-set "
style="padding-bottom: 75%"&gt;&lt;img
src="https://zdnet1.cbsistatic.com/hub/i/r/2018/01/03/f26afe95-3550-44ac-813e-e7cc792959f2/resize/770xauto/427276c257051072d41d80107240de38/istock-bitcoin-and-other-currency.jpg";
class="" alt="istock-bitcoin-and-other-currency.jpg" height="auto"
width="770"&gt;&lt;/span&gt;
The rise of cryptocurrency has led to a rise in criminals using malware to mine
it via compromised systems.
Image: iStock
PCs and Window servers can be used for cryptocurrency mining, but Internet of
Things
devices<http://www.zdnet.com/article/cryptocurrency-miners-a-replacement-for-ransomware/>
are also popular targets for compromising for the purposes of illicitly
acquiring funds. The lack of security and inherently connected nature of many
IoT devices makes them attractive targets for cryptocurrency miners --
especially as the device in question is likely to have been installed and
perhaps forgotten about.
Analysis by Cisco Talos suggests a single system compromised with a
cryptocurrency miner could make 0.28 Monero a day. It might sound like a tiny
amount, but an enslaved network of 2000 systems could add the funds up to $568
per day -- or over $200,000 a year.
How is malware delivered?
In the past, before the pervasive spread of the World Wide Web, malware and
viruses would need to be manually, physically, delivered, via floppy disc or CD
Rom.
In many cases, malware is still delivered by using an external device, although
nowadays it is most likely to be delivered by a flash drive or USB stick. There
are instances of USB sticks being left in car parks outside targeted
organisations<http://www.zdnet.com/article/two-thirds-of-lost-and-found-usb-flash-drives-infected-with-malware/>,
in the hope that someone picks one up out of curiosity and plugs it into a
computer connected to the network.
However, more common now is malware that is delivered in a phishing
email<http://www.zdnet.com/article/1-4-million-phishing-websites-are-created-every-month-heres-who-the-scammers-are-pretending-to-be/>
with payloads distributed as an email attachment.
The quality of the spam email attempts vary widely -- some efforts to deliver
malware will involve the attackers using minimal effort, perhaps even sending
an email containing nothing but a randomly named attachment.
In this instance, the attackers are hoping to chance on someone naive enough to
just go ahead and click on email attachments or links without thinking about it
-- and that they don't have any sort of malware protection installed.
See also: What is phishing? Everything you need to know to protect yourself
from scam emails and
more<http://www.zdnet.com/article/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more/>
A slightly more sophisticated form of delivering malware via a phishing email
is when attackers send large swathes of messages, claiming a user has won a
contest, needs to check their online bank
account<http://www.zdnet.com/article/new-trojan-sends-users-to-fake-banking-site-that-looks-just-like-the-real-thing/>,
missed a delivery, needs to pay
taxes<http://www.zdnet.com/article/watch-out-for-these-tax-themed-phishing-and-malware-scams/>,
or even is required to attend court -- and various other messages which upon
first viewing may draw the target to instantly react.
For example, if the message has an attachment explaining (falsely) that a user
is being summoned to court, the user may click on it due to the shock, opening
the email attachment -- or clicking a link -- to get more information. This
activates the malware, with the likes of ransomware and trojans often delivered
in this way.
If the attackers have a specific target in mind, the phishing email can be
specifically tailored to lure in people within one
organisation<http://www.zdnet.com/article/expensive-new-defray-ransomware-targets-us-and-uk-organisations-with-specially-crafted-phishing/>,
or even just an
individual<http://www.zdnet.com/article/this-phishing-attack-pretends-to-come-from-someone-you-trust/>.
It's this means of delivering malware which is often associated with the most
sophisticated malware
campaigns<http://www.zdnet.com/article/mysterious-cyber-espionage-campaign-uses-torpedo-lure-to-trick-you-into-downloading-malware/>.
However, there are many other ways for malware to spread that do not require
action by the end user -- through networks and through other software
vulnerabilities.
What is fileless malware?
As traditional malware attacks are being slowed by prevention tactics including
the use of robust anti-virus or anti-malware system, and users are becoming
cautious of unexpected emails and strange attachments, attackers are being
forced to find other ways to drop their malicious payloads.
One increasingly common means of this is via the use of fileless
malware<http://www.zdnet.com/article/fileless-attacks-surge-in-2017-and-security-solutions-are-not-stopping-them/>.
Rather than relying on a traditional method of compromise like downloading and
executing malicious files on a computer -- which can often be detected by
anti-virus software solutions -- the attacks are delivered in a different way.
Instead of requiring execution from a dropped file, fileless
malware<https://www.techrepublic.com/article/fileless-malware-the-smart-persons-guide/>
attacks rely on leveraging zero-day exploits or launching scripts from
memory<http://www.zdnet.com/article/poweliks-trojan-goes-fileless-to-evade-detection-and-removal/>,
techniques which can be used to infect endpoints without leaving a tell-tale
trail behind.
This is achieved because the attacks uses a system's own trusted system files
and services to obtain access to devices and launch nefarious activity -- all
while remaining undetected because anti-virus doesn't register wrongdoing.
Exploiting the infrastructure of the system in this way allows the attackers to
create hidden files and folders or create scripts they can use to compromise
systems, connect to networks and eventually command and control servers,
providing a means of stealthily conducting activity.
The very nature of fileless
malware<https://www.techrepublic.com/article/fileless-malware-an-undetectable-threat/>
means not only is it difficult to detect, but difficult to protect against by
some forms of antivirus software. But ensuring that systems are patched, up to
date, and restricted users from adopting admin privileges can help.
Do only Windows PCs get malware?
There was a time when many naively believed that it was only Microsoft Windows
systems that could fall victim to malware. After all, malware and viruses had
concentrated on these, the most common computer systems, while those which used
other operating systems were free of its grasp. But while malware still remains
a challenge for Windows systems -- especially those running older, even
obsolete versions of the OS -- malware is far from exclusive to Microsoft PCs
Mac malware
For many years, a myth persisted that Macs were completely immune to malicious
infections. Over the course of the 90s, there were some forms of malware that
did infect Macs, despite primarily being designed for Windows systems. The
likes of Concept and Laroux were about to infect Macs using Microsoft office
programs.
However, by the mid-00s, attackers had started building forms of malware
specifically designed to target Apple Macs, and now, while Windows machines
bear the brunt of computer and laptop based malware attacks, Macs are now
regular targets for cybercrime.
It's now normal for Backdoors
trojans<http://www.zdnet.com/article/ohio-hacker-indicted-fruitfly-malware-spy-on-thousands-of-mac-users/>,
compromised software
downloads<http://www.zdnet.com/article/trojan-malware-for-mac-osx-spread-via-compromised-media-player-downloads/>,
and ransomware
attacks<http://www.zdnet.com/article/ransomware-as-a-service-schemes-are-now-targeting-macs-too/>
targeting Mac systems to be uncovered by cybersecurity researchers.
[macransom-ransom-note.png]&lt;span class="img aspect-set "
style="padding-bottom: 63%"&gt;&lt;img
src="https://zdnet3.cbsistatic.com/hub/i/r/2017/06/12/11b5d52f-c95c-4b0c-b3d7-c5982701fcc2/resize/770xauto/ce37ec0ef0094a5e717d9f0a4a9cc471/macransom-ransom-note.png";
class="" alt="macransom-ransom-note.png" height="auto"
width="770"&gt;&lt;/span&gt;
MacRansom is a form of ransomware which targets Macs.
Image: Fortinet
What is mobile malware?
The rise of smartphones and tablets over the last decade has fundamentally
changed our relationship with the internet and technology. But, like any form
of new technology, criminals soon realised that they could exploit smartphones
for their own illicit gain -- and these mobile devices not only contain vast
amounts of personal
information<http://www.zdnet.com/article/this-android-spyware-can-record-calls-take-screenshots-and-video-targets-gmail-linkedin-snapchat/>,
and can even allow hackers to monitor our
location<http://www.zdnet.com/article/android-security-this-newly-discovered-snooping-tool-has-remarkable-spying-abilities/>.
If there's a type of malware which can infect computers -- be it a trojan,
ransomware, or pop-up adware -- then criminals have been working on forms of
malware that can carry out the same tasks on smartphones.
The amount of data carried on mobile devices makes them an even more valuable
target for hackers, particularly if a sophisticated hacking group, or a
state-backed espionage operation is looking to compromise a particular target
for the purposes of spying.
The inherent abilities of a smartphone mean it's ultimately possible, with the
use of the right malware, for those groups to physically locate targets or even
listen into
conversations<http://www.zdnet.com/article/android-security-this-newly-discovered-snooping-tool-has-remarkable-spying-abilities/>
and take photos of them using the microphone and camera capabilities built
into phones.
Also: Online security 101: Tips for protecting your privacy from hackers and
spies<http://www.zdnet.com/article/simple-security-step-by-step-guide/>
Unfortunately, many people still don't realise their mobile phone is something
that can fall victim to cyber attacks -- although they can be protected by good
user practice and mobile antivirus software.
What is Android malware?
Android phones suffer the majority of malware attacks on smartphones, with
Google's larger share of the mobile market and the open nature of the ecosystem
making it an attractive target for cybercriminals.
Attackers can infect their targets by tricking them into downloading malicious
applications from third-party stores and malware has often found its way into
the official Google Play application market
place<http://www.zdnet.com/article/can-google-win-its-battle-with-android-malware/>.
These malicious apps are often designed to look like original useful tools or
games or in some cases mimic legitimate apps outright -- as demonstrated by a
fake version of WhatsApp, which was downloaded over a million
times<http://www.zdnet.com/article/fake-whatsapp-app-fooled-million-android-users-on-google-play-did-you-fall-for-it/>.
However, while the Google Play store has been used by hackers to distribute
Android malware, more sophisticated campaigns will socially engineer selected
targets<http://www.zdnet.com/article/android-security-this-newly-discovered-snooping-tool-has-remarkable-spying-abilities/>
into downloading malware for the purposes of espionage onto their device.
[android-trojan-mimic-malware.png]&lt;span class="img aspect-set "
style="padding-bottom: 64%"&gt;&lt;img
src="https://zdnet3.cbsistatic.com/hub/i/r/2017/02/15/a48cff56-0929-4058-87cf-a98c4f00d1c6/resize/770xauto/61ec7d6bce97260756b484fb431fb7d2/android-trojan-mimic-malware.png";
class="" alt="android-trojan-mimic-malware.png" height="auto"
width="770"&gt;&lt;/span&gt;
Android malware is known to pose as legitimate apps inside the Play Store -
this one is disguised as a cleaner which tells the user they need to download
an additional malicious update.
Image: ESET
Can my iPhone become infected by malware?
When it comes to iPhone, the ecosystem is much more heavily protected against
malware due to Apple's closed garden approach to applications.
However, while malware on iPhones is rare, it isn't an unknown entity --
hacking gangs have found ways to compromise the devices of selected targets in
espionage campaigns, such as those who exploited the Trident vulnerabilities to
install Pegasus spyware to spy on human rights activists in the Middle
East.<http://www.zdnet.com/article/trident-ios-flaws-researchers-detail-how-the-spyware-stayed-hidden/>
What is Internet of Things malware?
As the rise of malware on mobile devices has demonstrated, if something is
connected to the internet, it's a potential avenue of cyber attacks.
So, while the rise of Internet of Things connected
devices<http://www.zdnet.com/article/iot-devices-are-an-enterprise-security-time-bomb/>
has brought a number of benefits to users -- in industry, the workplace and at
home -- it too has opened doors for new cyber criminal
schemes<http://www.zdnet.com/article/an-internet-of-things-crime-harvest-is-coming-unless-security-problems-are-fixed/>.
The rush to jump on the IoT bandwagon means that some devices are rushed out
with little thought put into cyber security, meaning it remains relatively
simple for hackers to infect connected devices, ranging from industrial control
systems<http://www.zdnet.com/article/meltdown-spectre-more-businesses-warned-off-patching-over-stability-issues/>,
to household products to even children's
toys<http://www.zdnet.com/article/security-flaws-in-childrens-smartwatches-make-them-vulnerable-to-hackers/>.
One of the most common means in which the insecurity of IoT devices is
exploited is with malware attacks which secretly infect products and rope them
into a botnet.
Devices like routers, smart lighting systems, VCRs, and surveillance
cameras<http://www.zdnet.com/article/cctv-cameras-enslaved-to-infiltrate-air-gap-networks/>
can all easily become infected and the eventual damage can be spectacular --
as demonstrated by the online chaos caused by the Mirai botnet DDoS
attack<http://www.zdnet.com/article/justice-dept-indicts-mirai-botnet-attackers/>.
The network of Mirai-infected devices consisted largely of IoT products and was
so powerful, it brought large swathes of the internet grinding to a halt,
slowing down or outright preventing access to a number of popular services.
While devices infected with Mirai continued to operate as normal, that wasn't
the case for those who found their IoT products infected with BrickerBot, a
form of IoT malware that resulted in Homeland Security's Cyber Emergency
Response Team (CERT) issuing new
warnings<http://www.zdnet.com/article/homeland-security-warns-of-brickerbot-malware-that-destroys-unsecured-internet-connected-devices/>.
Devices infected with BrickerBot have their storage corrupted, leading them to
be completely unusable and irrecoverable.
Just like mobile phones can be turned into surveillance devices by hackers, the
same can be said of internet-connected cameras in the home. There has already
been a number of instances where IoT camera
security<http://www.zdnet.com/article/120000-iot-cameras-vulnerable-to-new-persirai-botnet-say-researchers/>
has been found to be so basic that malware has infected large numbers of
devices.
Unlike mobile phones, IoT devices are often plugged in and forgotten about,
with the risk that the IoT camera you set up could become easily accessible to
outsiders -- who could potentially use it to spy on your actions, be it in your
workplace or in your home.
Such is the extent of the security worry with the IoT, police have warned about
the threats posed by connected devices, while government bodies are working
towards ways of legislating IoT devices sooner rather than
later<http://www.zdnet.com/article/securing-the-iot-a-question-of-checks-and-balances/>,
so we're not left with a toxic
legacy<http://www.zdnet.com/article/your-forgotten-iot-gadgets-will-leave-a-disastrous-toxic-legacy/>
of billions of devices that can easily be infected with malware.
[boiling-kettle.jpg]&lt;span class="img aspect-set " style="padding-bottom:
67%"&gt;&lt;img
src="https://zdnet2.cbsistatic.com/hub/i/r/2016/10/12/b247db7b-6641-4c13-8a30-e178efb626a8/resize/770xauto/2b60d0c731f106d16d98df0b5ab04f2c/boiling-kettle.jpg";
class="" alt="boiling-kettle.jpg" height="auto"
width="770"&gt;&lt;/span&gt;
Everyday objects are increasingly being connected to the Internet of Things -
and they're an attractive target for malware.
Image: iStock
Malware as took for international cyberwarfare
With malware's offensive capabilities evident, it's no wonder it has become a
common tool in the murky world of international espionage and cyber
warfare<http://www.zdnet.com/article/cyberwar-a-guide-to-the-frightening-future-of-online-conflict/>.
It's especially useful for those involved in the game of geopolitics because
currently, unlike the case with conventional weapons, as yet there are no rules
or agreements detailing who can and can't be targeted by cyber weapons.
That attribution of attacks remains so difficult also makes cyber espionage a
crucial tool for nation-states who want to keep their activities under wraps.
Stuxnet<http://www.zdnet.com/article/zero-days-film-review-stuxnet-secrecy-and-the-new-era-of-cyber-war/>
is generally regarded as the first instance of malware designed to spy on and
subvert industrial systems and in 2010 it infiltrated Iran's nuclear
program<https://www.cnet.com/news/thunderstruck-a-tale-of-malware-acdc-and-irans-nukes/>,
infecting uranium centrifuges and irreparably damaging systems. The attack
slowed down Iran's nuclear ambitions for years.
While no state has officially taken credit for the attacks, it's believed
Stuxnet was the work of US and Israeli cyber forces.
Since that first instance of publicly reported malware attacks by nation
states, cyber warfare has become a tool used by governments around the world.
It's widely suspected that nation-state actors were behind attacks against a
Ukrainian power
plant<http://www.zdnet.com/article/us-report-confirms-ukraine-power-outage-caused-by-cyberattack/>,
but it isn't just physical systems and infrastructure which are targets for
cyber warfare.
Meanwhile, actors on all sides of diplomatic divides continue to undertake
cyber espionage campaigns against potentially useful
targets<http://www.zdnet.com/article/this-stealthy-cat-and-mouse-hacking-campaign-aims-to-steal-diplomatic-secrets/>.
How do you protect against malware?
Some of the most basic cyber security practices can go a long way to protecting
systems -- and their users -- from falling victim to malware.
Simply ensuring software is patched and up to date and all operating system
updates are applied as quickly as possible after they're released will help
protect users from falling victim to attacks using known exploits.
Time and again, delays in patching has led to organisations falling victims to
cyber attacks, which could've been prevented if patches had been applied as
soon as they were released.
One of the reasons the UK's National Health Service was so badly impacted by
the WannaCry outbreak was because, despite warnings that they should be
applied, vast swathes of systems hadn't been patched weeks after a security
update for protecting against the EternalBlue exploit was
available<http://www.zdnet.com/article/wannacry-ransomware-hospitals-were-warned-to-patch-system-to-protect-against-cyber-attack-but-didnt/>.
It's also common for cyber espionage campaigns to leverage exploits for which
fixes have long existed and still successfully compromise
targets<http://www.zdnet.com/article/hackers-are-using-recent-microsoft-office-vulnerabilities-to-distribute-malware/>
-- because nobody bothered to apply the patches. The lesson to be learned here
is that sometimes it might seem time-consuming and inconvenient to apply
patches -- especially across a whole network -- but it can prove to be an
effective barrier against malware.
Installing some form of cyber security software is also a useful means of
protecting against many forms of attack. Many vendors will update their
programs on a weekly or even daily basis, providing as much protection as
possible from malware, should something attempt to break into the system.
For example, visitors to watering hole sites should be protected from attacks,
while suspicious or dangerous files received via email can be quarantined.
User training should also be offered in order to ensure everyone using your
network is aware of the cyber threats they could face on the
internet<http://www.zdnet.com/article/securing-the-human-operating-system-how-to-stop-people-being-the-weakest-link-in-enterprise-security/>.
Teaching users about the dangers of phishing emails or to be wary of what they
download and click can help prevent threats from getting to the point of even
being downloaded. Users take a lot of criticism from some as a weakness in
cyber security, but they can also form the first line of defence against
malware attacks.
READ MORE
* Ransomware: An executive guide to one of the biggest menaces on the
web<http://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/>
* Stuxnet: The smart person's
guide<https://www.techrepublic.com/article/stuxnet-the-smart-persons-guide/>
[TechRepublic]
* What is AI? Everything you need to know about Artificial
Intelligence<http://www.zdnet.com/article/what-is-ai-everything-you-need-to-know-about-artificial-intelligence/>
* What is GDPR? Everything you need to know about the new general data
protection regulations
<http://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/>
* What is phishing? Everything you need to know to protect yourself from
scam emails and
more<http://www.zdnet.com/article/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more/>
David Goldfield
Assistive Technology Specialist
Feel free to visit my Web site
WWW.DavidGoldfield.info<http://WWW.DavidGoldfield.info>
