Describe malware

Completed

You've heard about terms like malware, viruses, worms, and so on. But what do these things mean? Is a virus a worm? Exactly what does malware do? These are just some of the basic concepts you’ll learn about in this unit.

What is malware?

Malware comes from the combination of the words malicious and software. It’s a piece of software used by cybercriminals to infect systems and carry out actions that will cause harm. This could include stealing data or disrupting normal usage and processes.

Malware has two main components:

  • Propagation mechanism
  • Payload

What is a propagation mechanism?

Propagation is how the malware spreads itself across one or more systems. Here are a few examples of common propagation techniques:

Illustration showing the three most common forms of malware propagation: virus, worm, and trojan

Virus

Most of us are already familiar with this term. But what does it actually mean? First, let’s think about viruses in nontechnical terms. In biology, for example, a virus enters the human body, and once inside, can spread and cause harm. Technology-based viruses depend on some means of entry, specifically a user action, to get into a system. For example, a user might download a file or plug in a USB device that contains the virus, and contaminates the system. You now have a security breach.

Worm

In contrast to a virus, a worm doesn't need any user action to spread itself across systems. Instead, a worm causes damage by finding vulnerable systems it can exploit. Once inside, the worm can spread to other connected systems. For example, a worm might infect a device by exploiting a vulnerability in an application that runs on it. The worm can then spread across other devices in the same network and other connected networks.

Trojan

A trojan horse attack gets its name from classical history, where soldiers hid inside a wooden horse that was presented as a gift to the Trojans. When the Trojans brought the wooden horse into their city, the soldiers emerged from hiding and attacked. In the context of cybersecurity, a trojan is a type of malware that pretends to be a genuine piece of software. When a user installs the program, it can pretend to be working as advertised, but the program also secretly performs malicious actions such as stealing information.

What is a payload?

The payload is the action that a piece of malware performs on an infected device or system. Here are some common types of payload:

  • Ransomware is a payload that locks systems or data until the victim has paid a ransom. Suppose there's an unidentified vulnerability in a network of connected devices. A cybercriminal can exploit this to access and then encrypt all files across this network. The attacker then demands a ransom in return for decrypting the files. They might threaten to remove all of the files if the ransom hasn't been paid by a set deadline.
  • Spyware is a type of payload that spies on a device or system. For example, the malware may install keyboard scanning software on a user's device, collect password details, and transmit them back to the attacker, all without the user's knowledge.
  • Backdoors: A backdoor is a payload that enables a cybercriminal to exploit a vulnerability in a system or device to bypass existing security measures and cause harm. Imagine that a cybercriminal infiltrates a software developing company and leaves some code that allows them to carry out attacks. This becomes a backdoor that the cybercriminal could use to hack into the application, the device it's running on, and even the organization's and customers' networks and systems.
  • Botnet is a type of payload that joins a computer, server, or another device to a network of similarly infected devices that can be controlled remotely to carry out some nefarious action. A common application of botnet malware is crypto-mining (often referred to as crypto-mining malware). In this case, the malware connects a device to a botnet that consumes the device's computing power to mine or generate cryptocurrencies. A user might notice their computer is running slower than normal and getting worse by the day.