The term malware (“malicious software”) is often used as a synonym for terms such as virus or trojan. In fact, malware is the umbrella term for a variety of threats that users are exposed to. This malware is a major threat to IT infrastructures and systems and exposes data of all kinds to major risks. Malware has only one purpose: to harm the user. This damage is either financial or involves the loss or involuntary disclosure of confidential data or private information. By far the largest part of malware attacks is carried out via spam emails. Malware and spam have become substantial threats for companies and authorities with the spread of trojan Locky in 2016.
Not only PCs and laptops are affected
The topic of malware is ever-present in IT security. The reason for this is simple: malware is becoming an emerging threat to businesses and individuals. What many people don’t realise is that attacks by such malware are no longer limited to desktop PCs or laptops – smartphones, tablets and other mobile devices are also affected. Many people underestimate the dangers posed by mobile malware, as evidenced by the fact that many people consider it natural to install an antivirus program or firewall on a PC or laptop, but not on a mobile device.
The number of security threats is high
The terms virus, worm and trojan are probably familiar to most people, and many have also heard of ransomware. But these are by far not all types of malware that exist. Our overview provides an overview of the forms of current malware threats and tips on how you can protect yourself from malware threats.
Bots are programs that automatically perform certain actions on computers. A network of several infected computers is called a botnet. Such a botnet is used to perform a wide variety of illegal activities.
Examples are the mass dispatch of spam, so-called DDoS attacks on networks or the transfer of money for criminal purposes. Hackers can also sell the botnet services to spread spam. The spammers thus remain undetected because the emails are not sent via their own servers.
The resource targeted by the so-called crypto miners is the computing power of the infected computers. Since there is no data loss or blackmail attempt, the infestation with crypto miners is often noticed only when the own computer works slowly or some programs are no longer executable. This is due to the fact that a large part of the performance is used for digging crypto currencies. What doesn’t sound bad at first often has fatal consequences, especially for affected companies, as the performance required for business applications can no longer be provided. As a result, costly investments in new hardware have to be made to restore operations.
Fileless Malware differs from many other types of malware mainly in that it is not hidden in files stored on the hard drive. Traditional approaches to malware detection fail here because, for example, file-based or signature-based methods cannot work with Fileless Malware because the RAM is emptied after a restart and thus leaves no evaluable data behind. The main goal of Fileless Malware is therefore to set up command and control channels on the affected computers and to reload further malicious code.
Keyloggers are a form of spyware whose only task is to record keystrokes, for example to pick up passwords. However, there are also keyloggers used by companies to monitor employee keystrokes.
Blackmail software blocks access to files, folders or the entire operating system, or threatens to delete them. The goal of ransomware is to extort ransom from the user. A message on the screen asks the user to transfer a certain amount of money to an account. Once the transfer has been received, the blocking is to be lifted.
Ransomware is often sent via email attachments and downloaded to computers. The number of ransomware attacks has increased significantly in recent years.
Rootkits are software tools designed to provide long-term (remote) access to computer systems. This is possible by hiding specific processes and accessing data of the affected user. These can be keystrokes, passwords and other data. Rootkits are quite similar to trojan horses; the differences are mainly in the way they are distributed. Generally speaking, rootkits allow keyloggers, viruses and other malware to do their work.
Spyware and Adware
Spyware spies on users’ behavior or computers. This includes surfing habits, keystrokes and user account credentials. The aim of spyware is usually to create profiles from the data obtained and sell them to cyber criminals. Legal spyware includes, for example, programs that are installed to protect children from cyberbullying.
Trojans (actually trojan horses) are program components that hide in desired, useful programs and work in the background. They often spread via email attachments and in some cases are used to install backdoors. Such backdoors then allow the system to be used as a bot or part of a botnet, for example.
A virus is a computer program that writes copies of itself into programs, documents, or media. There is a wide range of actions that viruses can perform. They are often used to destroy data or make it accessible to criminals.
The virus modifies certain files so that it is executed when the host program is started. Program files, program libraries, scripts can be infected with viruses as well as documents that contain macros or other executable content.
Viruses spread by being copied by a user action, for example on removable media such as USB sticks. Sending infected content by email or using FTP servers can also spread viruses.
In contrast to a virus, worms try to spread and infect new systems independently. The prerequisite for this is that the worm has been executed at least once. A well-known example is the Stuxnet worm, which spread in 2010. The authors aimed to use Stuxnet to sabotage Iranian nuclear facilities. Worms exploit vulnerabilities in the target systems to spread over networks or email attachments, for example.
There are a large number of other trojan types, such as trojan banker, trojan SMS or trojan dropper. The latter try to install viruses on the affected systems or prevent the detection of malware.
How to protect yourself from malware
Even if there are a multitude of entry gates for malware, protection against malware means ,above all, email security. The majority of threats still reach computers and IT systems via email and email attachments. The immediate detection of the threat and the handling of infected email attachments are decisive for the effectiveness of this protection.
The right anti-malware software meets both criteria and ensures that computers, IT systems, networks and data are protected at all times.