9 Common Malware Types and How to Protect Against Them

Quick Definition: Malware (short for malicious software) comes in many forms; knowing the common types of malware is crucial to secure your infrastructure against it.

Malware is an ever-present threat in our connected world, with serious implications and repercussions for individuals, businesses, non-profits, and even governments. Bad guys use malware (short for malicious software) to force ads upon us, extort people for money, cause downtime, steal data, and generally create chaos. With so many connected devices, the threats against our systems will only continue.

Understanding the types of malware and how they work is essential business for anyone who administers systems or enforces cybersecurity. From the most complex enterprise infrastructures to your home laptop, awareness of malware and the best defenses can be the difference between safe browsing and a costly infection. Today, we'll explore the types of malware and some best practices to defend yourself.

What is Malware?

Malware is software designed to damage systems, disrupt operations, or gain unauthorized access to devices or networks. It's typically spread through networked systems, either by downloading infected files, self-replication through vulnerable services, phishing or other social engineering tactics, or malicious sites exploiting vulnerable browsers or plugins.

The history of malware goes back to the 1970s, when the first self-replicating program, Creeper, moved across mainframe systems across ARPANET, printing a silly message: "I'M THE CREEPER: CATCH ME IF YOU CAN." This was before personal computers and way before the modern internet, but the concept was the same: vulnerable, unprotected systems trusted a program written to exploit those systems. 

Creeper was more of a proof-of-concept than an attempt to cause damage, but the point was clear: connected systems aren't safe. What started as a nerdy party trick has evolved into a real danger to the systems that run our society, spanning a whole cybercrime underground with organized groups targeting businesses and even state-sponsored actors. 

9 Common Types of Malware

Malware comes in many forms, each designed to disrupt, damage, or steal data in unique ways. From viruses that spread through infected files to ransomware that locks your data until a payment is made, understanding the different types of malware is essential to staying protected. Let’s dive into the most common types of malware and how they work.

1. Viruses

A virus is the classic malware type that spreads through downloaded files or floppies back in the pre-internet days. Imagine a site tempting users with a free game download, but it's actually a virus in disguise. When opening the "game," the virus writes across the system, damaging data or system files.

Brain was an early but potent virus written onto the boot sector of a floppy disk. If the disk was in a computer on bootup, the boot sector was read, and the virus was executed, corrupting data on the hard drive and infecting any other floppy inserted later.

2. Worms

Worms are self-replicating, spreading across networks without requiring a user to execute an infected program. They run independently and exploit vulnerabilities in operating systems to move freely between computers on a network. Because they don't need user intervention, they can spread rapidly and widely.

Conflicker was a devastating worm from 2008. It spread across Windows machines, exploiting a vulnerability that allowed for remote code execution across the RPC protocol. Basically, one infected machine on a LAN could easily take out every other Windows machine until patched.

3. Trojans

Trojans disguise themselves as legitimate software but with a secret inside: malicious code that runs when the program is executed. Typically, social engineering is used to install applications, tricking users into trying out handy new utility or free apps.

AIDS was one of the first notable trojans. It was distributed by disk to a WHO mailing list. The disk claimed to contain "health information on the disease AIDS," but in reality, it contained a trojan that encrypted every file on the disk after 90 bootups. 

4. Ransomware

This is one of the most destructive forms of malware in recent years. It encrypts files on the infected system, then reaches out to any file shares on the network and encrypts those as well. If the user has broad enough permissions, every file in the company can end up encrypted. The infected system will then display a message saying to pay a ransom (usually by Bitcoin or prepaid credit cards) to get a decryption tool.

WannaCry was an especially widespread ransomware from 2017 that impacted numerous organizations, causing massive disruptions in business and government organizations.

5. Spyware

This malware can monitor your actions, including information typed into a browser or internet activity, and report back to the bad actor. Silent spyware can gather logins, browsing habits, credit card info, or personal messages. It is commonly bundled with another type of malware to infect the system, like a trojan horse.

CoolWebSearch was a 2003 spyware that collected private info, hijacked browsers, and redirected users to ad-filled websites. It could also rewrite search engine results, sending users to the same sites instead of the Google results they were expecting.

6. Adware

This is the least dangerous but most annoying form of malware for an unfortunate victim. Adware, as the name suggests, shows you lots of ads, creates constant ad pop-ups, and generally hijacks any other web browsing by redirecting every site to more ads.

CoolWebSearch was also considered adware, as it bombards the user with a stream of ads. This is a great example of how sometimes malware isn't strictly one type but has properties of multiple types.

7. Rootkits

After concealing themselves to avoid detection, rootkits take control of the OS kernel, allowing attackers to take deep control of a system. They are more dangerous than other types of malware, as they are very difficult to detect and remove and can lead to long-term residence.

The Sony BMG rootkit scandal involved a CD audio player program on their music CDs that also installed a rootkit. The rootkit was supposed to prevent copying the music but had vulnerabilities that other malware exploited. The rootkit also reported user listening habits to Sony BMG. Needless to say, the fallout for Sony BMG was significant.

8. Keyloggers

Keyloggers record a user's keystrokes and send them back to the attacker. They can expose passwords, credit card numbers, and entire emails. Again, keyloggers are commonly installed by other malware.

FinFisher was a particularly nasty keylogger that also could capture screenshots, mic recordings, and webcam captures, sending everything back to the bad guys for potential extortion.

9. Botnets

A network of infected machines ("bots") forms a botnet, which can collectively be controlled to run mass attacks like DDoSs. Access to botnets is commonly sold on black market websites, allowing anyone to purchase capacity to control infected machines and launch their own attacks.

Mirai was a massive botnet attack from 2016. It would scan public IP addresses, looking for common IoT devices and routers, try to login with default credentials, then infect vulnerable machines to take control of them. One instance of Mirai infected at least 145,000 devices and attacked cloud host OVH with over 1 TB/s of DDoS traffic.

How to Protect Against Common Types of Malware

A good defense has historically started with antivirus software. While it's traditionally called "antivirus," a better name for today is "antimalware," since any modern AV protects against all the malware we've discussed, not just viruses. Most companies today market their products as endpoint protection or endpoint security, a more all-encompassing term.

The next best protection is to keep your OS up-to-date. A shocking number of system updates are security-related, patching vulnerabilities in system components. The same goes for browsers; if an update is available, always install it ASAP.

User education is another essential for network security. When attacks come via email, phishing, and social engineering, your users are the best projection to recognize and counter them. 

For server admins, backups are not just about recovering from failed servers. Malware, particularly ransomware, can encrypt and corrupt data. The best recovery is typically restoring from backups, so always keep them working and test restoring regularly.

Challenges of Protecting Against Malware

This is a constantly changing landscape, so the challenge can seem overwhelming. As fast as companies can implement defenses and patch vulnerabilities, new threats emerge. The trends are fairly consistent, though, and following best practices to protect your networks will keep your defenses strong, regardless of what new threats emerge. In the worst case, they should have plans in place to respond to incidents, contain attacks, and recover from outages.

The range of malware types shows the breadth of cyber threats that we face daily, with consequences ranging from annoying ads to crippled servers. By adopting comprehensive security measures, however, we protect our networks and maintain the safety and security of our organizations.

Want to learn more about cybersecurity? Check out CBTNuggets Linux Professional Institute Security Essentials (020-100) Online Training course.