What are the best two things can you to do protect yourself from viruses and other forms of malware?

Malware, short for "malicious software," refers to a type of computer program designed to infect a legitimate user's computer and inflict harm on it in multiple ways. Malware can infect computers and devices in several ways and comes in a number of forms, just a few of which include viruses, worms, Trojans, spyware and more. It's vital that all users know how to recognize and protect themselves from malware in all of its forms.

Inhaltsverzeichnis Show

A Criminal Enterprise
Protecting Against Malware
What is Malware Protection?

So what is malware? It comes in a bewildering variety of forms. Computer viruses are probably the most familiar type of malware — so named because they spread by making copies of themselves. Worms have a similar property. Other types of malware, such as spyware, are named for what they do: In the case of spyware, it transmits personal information, such as credit card numbers.

A Criminal Enterprise

So after asking "What is malware?" the next logical questions are, "who is creating it, and why?" The days when most malware was created by teenage pranksters are long gone. Malware today is largely designed by and for professional criminals.

These criminals may employ a variety of sophisticated tactics. In some cases, as technology site Public CIO notes, cybercriminals have even "locked up" computer data — making the information inaccessible — then demanded ransom from the users to get that data back.

But the main risk that cybercriminals pose to heavy computer users is stealing online banking information such as banking and credit card accounts and passwords. The criminal hackers who steal this information may then use it to drain your account or run up fraudulent credit card bills in your name. Or they may sell your account information on the black market, where this confidential information fetches a good price.

Protecting Against Malware

So now we're at the biggest question of all: "How do I make sure my computer or network is malware-free?"

The answer has two parts: Personal vigilance, and protective tools. One of the most popular ways to spread malware is by email, which may be disguised to look as if it is from a familiar company such as a bank, or a personal email from a friend.

Be wary of emails that ask you to provide passwords. Or emails that seem to be from friends, but have only a message such as "check out this cool website!" followed by a link.
Personal vigilance is the first layer of protection against malware, but simply being careful is not enough. Because business security is not perfect, even downloads from legitimate sites can sometimes have malware attached. Which means that even the most prudent user is at risk, unless you take additional measures.

What is Malware Protection?

Malware security protection provides that second vital layer of protection for your computer or network. A robust antivirus software package is the primary component of technological defenses that every personal and business computer system should have.

Well-designed antivirus protection has several characteristics. It checks any newly downloaded program to ensure that it is malware-free. It periodically scans the computer to detect and defeat any malware that might have slipped through. It is regularly updated to recognize the latest threats.

Good antivirus protection can also recognize — and warn against — even previously unknown malware threats, based on technical features (such as attempting to "hide" on a computer) that are characteristic of malware. In addition, robust antivirus software detects and warns against suspicious websites, especially those that may be designed for "phishing" (a technique that tricks users into entering passwords or account numbers).

Finally, malware protection needs to be usable. Effective antivirus software must be simple to download and install, so you don't need to be a Ph.D. in computer science in order to use it. Look for antivirus software solutions that have the characteristics outlined above — and follow through by installing it.

Robust malware protection specifically guards your finances. These tools safeguard your account information, and can also provide password-management tools so that frustration over forgotten passwords does not lead you to skip over this essential component of protection.

No protection is absolute. But a combination of personal awareness and well-designed protective tools will make your computer as safe as it can be.

Kaspersky

Malware is one of the greatest security threats enterprises face. Malware attacks increased 358% in 2020 over 2019, and ransomware attacks increased 435% year over year, according to Deep Instinct. 2021 is setting up to be more of the same. The first half of the year saw 93% more ransomware attacks than the same period in 2020, according to Check Point's midyear security report.

Security departments must actively monitor networks to catch and contain malware before it can cause extensive damage. With malware, however, prevention is key. But, to prevent an attack, it is critical to first understand what malware is, along with the 10 most common types of malware.

Malware, short for malicious software, is used by threat actors to intentionally harm and infect devices and networks. The umbrella term encompasses many subcategories, including the following:

viruses
worms
ransomware
bots
Trojan horses
keyloggers
rootkits
spyware
cryptomining malware
adware

Malware infiltrates systems physically, via email or over the internet. Phishing, which involves email that appears legitimate but contains malicious links or attachments, is one of the most common malware attack vectors. Malware can also get onto devices and networks via infected USB drives, unpatched or fraudulent software and applications, insider threats, and vulnerable or misconfigured devices and software.

Malware can go undetected for extended periods of time. Many users are only aware of a malware attack if they receive an antimalware alert, see pop-up ads, are redirected to malicious websites, or experience slow computer speeds or frequent crashes.

Malware exploits devices to benefit threat actors. Attackers use malware to steal data and credentials, spy on users, hold devices hostage, damage files and more.

A computer virus infects devices and replicates itself across systems. Viruses require human intervention to propagate. Once users download the malicious code onto their devices -- often delivered via malicious advertisements or phishing emails -- the virus spreads throughout their systems. Viruses can modify computer functions and applications; copy, delete and steal data; encrypt data to perform ransomware attacks; and carry out DDoS attacks.

The Zeus virus, first detected in 2006, is still used by threat actors today. Attackers use it to create botnets and as a banking Trojan to steal victims' financial data. The Zeus creators released the malware's source code in 2011, enabling new threat actors to create updated, more threatening versions of the original virus.

Malware comes in many forms, including adware, ransomware and worms.

2. Worms

A computer worm self-replicates and infects other computers without human intervention. This malware inserts itself in devices via security vulnerabilities or malicious links or files. Once inside, worms look for networked devices to attack. Worms often go unnoticed by users, usually disguised as legitimate work files.

WannaCry, also a form of ransomware, is one of the most well-known worm attacks. The malware took advantage of the EternalBlue vulnerability in outdated versions of Windows' Server Message Block protocol. In its first year, the worm spread to 150 countries. The next year, it infected nearly 5 million devices.

3. Ransomware

Ransomware encrypts files or devices and forces victims to pay a ransom in exchange for reentry. While ransomware and malware are often used synonymously, ransomware is a specific form of malware.

There are four main types of ransomware:

Locker ransomware completely locks users out of their devices.
Crypto ransomware encrypts all or some files on a device.
Double extortion ransomware encrypts and exports users' files. This way, attackers can receive payment from the ransom and/or the selling of the stolen data.
Ransomware as a service enables affiliates, or customers, to rent ransomware. A percentage of each ransom is paid to the ransomware developer.

Well-known ransomware variants include REvil, WannaCry and DarkSide, the strain used in the Colonial Pipeline attack.

Data backups were long the go-to defense against ransomware -- with a proper backup, victims could restore their files from a known-good version. With the rise of extortionware, however, organizations must follow other measures to protect their assets from ransomware, such as deploying advanced protection technologies and using antimalware with anti-ransomware features.

4. Bots

A bot is a self-replicating malware that spreads itself to other devices, creating a network of bots, or a botnet. Once infected, devices perform automated tasks commanded by the attacker. Botnets are often used in DDoS attacks. They can also conduct keylogging and send phishing emails.

Mirai is a classic example of a botnet. This malware, which launched a massive DDoS attack in 2016, continues to target IoT and other devices today. Research also shows botnets flourished during the COVID-19 pandemic. Infected consumer devices -- common targets of Mirai and other botnets -- used by employees for work or on the networks of employees working on company-owned devices from home enable the malware to spread to corporate systems.

5. Trojan horses

A Trojan horse is malicious software that appears legitimate to users. Trojans rely on social engineering techniques to invade devices. Once inside a device, the Trojan's payload -- or malicious code -- is installed, which is responsible for facilitating the exploit. Trojans give attackers backdoor access to a device, perform keylogging, install viruses or worms, and steal data.

Remote access Trojans (RATs) enable attackers to take control of an infected device. Once inside, attackers can use the infected device to infect other devices with the RAT and create a botnet.

The Emotet banking Trojan was first discovered in 2014. Despite a global takedown at the beginning of 2021, Emotet has been rebuilt and continues to help threat actors steal victims' financial information.

6. Keyloggers

A keylogger is a surveillance malware that monitors keystroke patterns. Threat actors use keyloggers to obtain victims' usernames and passwords and other sensitive data.

Keyloggers can be hardware or software. Hardware keyloggers are manually installed into keyboards. After a victim uses the keyboard, the attacker must physically retrieve the device. Software keyloggers, on the other hand, do not require physical access. They are often downloaded by the victim via malicious links or downloads. Software keyloggers record keystrokes and upload the data to the attacker.

The Agent Tesla keylogger first emerged in 2014. The spyware RAT still plagues users, with its latest versions not only logging keystrokes, but also taking screenshots of victims' devices.

Password managers are particularly helpful in preventing keylogger attacks because users don't need to physically fill in their usernames and passwords, thus preventing them from being recorded by the keylogger.

7. Rootkits

A rootkit is malicious software that enables threat actors to remotely access and control a device. Rootkits facilitate the spread of other types of malware, including ransomware, viruses and keyloggers.

Rootkits often go undetected because, once inside a device, they can deactivate endpoint antimalware and antivirus software. Rootkits typically enter devices and systems through phishing emails and malicious attachments.

To detect rootkit attacks, cybersecurity teams should analyze network behavior. Set alerts, for example, if a user who routinely logs on at the same time and in the same location every day suddenly logs on at a different time or location.

The first rootkit, NTRootkit, appeared in 1999. Hacker Defender, one of the most deployed rootkits of the 2000s, was released in 2003.

8. Spyware

Spyware is malware that downloads onto a device without the user's permission. It steals users' data to sell to advertisers and external users. Spyware can track credentials and obtain bank details and other sensitive data. It infects devices through malicious apps, links, websites and email attachments. Mobile device spyware, which can be spread via Short Message Service and Multimedia Messaging Service, is particularly damaging because it tracks a user's location and has access to the device's camera and microphone. Adware, keyloggers, Trojans and mobile spyware are all forms of spyware.

Pegasus is a mobile spyware that targets iOS and Android devices. It was first discovered in 2016, at which time it was linked to Israeli technology vendor NSO Group. Apple filed a lawsuit against the vendor in November 2021 for attacking Apple customers and products. Pegasus was also linked to the assassination of Saudi journalist Jamal Khashoggi in 2018.

Spyware encapsulates four main threats: adware, keyloggers, Trojans and mobile spyware.

9. Cryptomining malware

Mining -- the process of verifying transactions within a blockchain -- is highly profitable but requires immense processing power. Miners are rewarded for each transaction they validate. Cryptojacking, the action behind cryptomining malware, enables threat actors to use an infected device's resources to conduct verification.

Cisco found 69% of its customers were affected by cryptomining malware in 2020, accounting for the largest category of DNS traffic to malicious sites that year.

XMRig was the most prevalent cryptomining malware in 2020, followed by JSEcoin, Lucifer, WannaMine and RubyMiner.

10. Adware

Adware is software that displays or downloads unwanted advertisements, typically in the form of banners or pop-ups. It collects web browser history and cookies to target users with specific advertisements.

Not all adware is malicious. Software developers use legitimate adware -- with users' consent -- to offset developer costs. Malicious adware can, however, displays ads that may lead to infection when clicked.

Threat actors use vulnerabilities to infect OSes and place malicious adware within preexisting applications. Users might also download applications already corrupted with adware. Alternately, adware can be included in a software bundle when downloading a legitimate application or come pre-installed on a device, also known as bloatware.

Fireball, Gator, DollarRevenue and OpenSUpdater are examples of adware.

Strong cybersecurity hygiene is the best defense against common types of malware attacks. The premise of cyber hygiene is similar to personal hygiene: If an organization maintains a high level of health (security), it avoids getting sick (attacked).

Good cyber hygiene practices that prevent malware attacks include the following: