Pročitaj na engleskom

What is malware?

Completed

The word malware comes from combining two words—"malicious" and "software." Malware is a piece of software cybercriminals use to infect systems and cause harm by stealing data or disrupting normal processes.

Malware has two main components: propagation mechanism and payload. Let's look more closely at each part.

Propagation mechanism

Propagation is how the malware spreads itself across systems. The most common types of propagation mechanisms are viruses, worms, and trojans.

A graphic showing three types of malware: viruses that work like biological viruses, worms represented by a worm, trojans represented by a graphic of the Trojan horse.

Just as biological viruses do, technology-based viruses depend on an entry point to begin causing harm. Viruses need an end user to perform some type of action so the virus can infect the system. Examples of these types of actions are downloading an infected file or plugging in a removable device like a USB device that contains the virus.

Worms, however, don't need an end user to perform an action to spread across a system. Worms find system vulnerabilities and exploit them to cause damage. Worms may sit on top of legitimate applications that have access to a system. Once the application is launched, the worm begins to spread across devices in the same network or in connected networks.

A trojan is much more difficult to recognize than the other two propagation mechanisms. A trojan pretends to be a genuine piece of software. When the software is installed, the trojan pretends to be working as expected when in actuality it's secretly performing malicious acts in the background like stealing information.

Payload

Payload is the action that malware performs on an infected system or device. Some common types of payload include:

  • Ransomware which locks systems or data until the victim has paid a ransom.

  • Spyware which spies on a device or system to collect protected information like usernames and passwords.

  • Backdoors which allow a cybercriminal to exploit a system's vulnerability and bypass existing security measures.

  • Botnets which join a computer, server, or other device to a network of similarly infected devices that can be controlled remotely to carry out harmful actions.

Understanding propagation mechanisms and payload helps make end users more aware of malware and its potential damage.