Diff: Malware
Comparing revision #2 (2023-06-12 00:20:52) with revision #3 (2026-06-22 13:11:07).
| Old | New |
|---|---|
'''Malware''' is malicious software or code designed to disrupt, damage, spy on, extort from, or gain unauthorised access to computer systems, networks or user devices. The word is short for "malicious software" and covers a wide range of threats, including viruses, worms, trojans, spyware, ransomware and destructive tools. |
|
Malware, short for malicious software, refers to any software or code specifically designed to disrupt, damage, or gain unauthorized access to computer systems, networks, or user devices. Malware is a broad term that encompasses various types of malicious programs, including viruses, worms, Trojans, ransomware, adware, spyware, and more.<ref>https://malwarealarm.com/t/malware-an-in-depth-analysis-of-the-digital-menace/36</ref> |
|
Malware is not defined by one technical shape. It is defined by purpose and effect. A malicious attachment, a stolen browser extension, a compromised update package and a ransomware payload can all be malware if they are used to harm systems or users. |
|
== Overview == |
|
Malware poses a significant threat to the security and privacy of individuals, businesses, and organizations. It can be distributed through various vectors, such as email attachments, infected websites, software downloads, removable media, or social engineering techniques. Once executed, malware can perform a range of malicious activities, depending on its type and purpose. |
|
== Common Types == |
|
=== Virus === |
|
A virus attaches itself to another file or programme and spreads when that host is opened or executed. Modern viruses are less dominant than they once were, but the term is still widely used by the public for many kinds of malware. |
|
== Types of Malware == |
|
=== Worm === |
|
A worm spreads without needing a user to move an infected file manually. Worms often exploit network weaknesses or unpatched services, making them dangerous in large organisations. |
|
=== 1. Viruses === |
|
Viruses are self-replicating programs that attach themselves to legitimate files or programs and spread from one computer to another when the infected file is executed. They can cause damage to data, corrupt files, and compromise system stability. |
|
=== Trojan === |
|
A trojan is malware disguised as something useful or harmless. It may appear to be a cracked application, a fake document, a game cheat, a support tool or a software update. |
|
=== 2. Worms === |
|
Worms are standalone programs that replicate and spread independently, typically over networks. Unlike viruses, worms do not require a host file to spread. They often exploit security vulnerabilities in operating systems or software to infect and compromise multiple devices. |
|
=== Ransomware === |
|
Ransomware blocks access to files or systems, usually by encryption, and demands payment for restoration. Modern ransomware groups may also steal data and threaten to publish it. |
|
=== 3. Trojans === |
|
Trojans, named after the Trojan horse of Greek mythology, appear as legitimate software or files but contain hidden malicious code. Once installed, Trojans can create backdoors, steal sensitive information, or enable unauthorized remote access to a compromised system. |
|
=== Spyware === |
|
Spyware collects information without proper consent. It may capture keystrokes, browser activity, screenshots, messages, credentials or financial data. |
|
=== 4. Ransomware === |
|
Ransomware encrypts files on a victim's device and demands a ransom in exchange for the decryption key. It can severely disrupt business operations and cause financial loss. Ransomware is typically distributed through phishing emails, exploit kits, or compromised websites. |
|
=== Adware and Potentially Unwanted Software === |
|
Adware displays unwanted adverts or redirects traffic. Some adware is merely intrusive, while other examples track users, change browser settings or install additional unwanted components. |
|
=== 5. Adware === |
|
Adware is software that displays unwanted advertisements on a user's device. While not inherently malicious, adware can impact system performance, compromise user privacy, and redirect web traffic to potentially malicious websites. |
|
== Infection Routes == |
|
Malware commonly spreads through: |
|
=== 6. Spyware === |
|
Spyware is designed to gather information about a user's activities without their consent. It can track keystrokes, capture screenshots, monitor web browsing habits, and collect sensitive information. Spyware often aims to steal login credentials, financial data, or personal information. |
|
* Phishing emails and malicious attachments. |
|
* Compromised websites or malicious adverts. |
|
* Stolen credentials and remote access tools. |
|
* Unpatched software vulnerabilities. |
|
* Pirated software, cracked applications or fake installers. |
|
* Infected removable media. |
|
* Supply-chain compromise, where a trusted vendor or update channel is abused. |
|
== Prevention and Protection == |
|
Protecting against malware requires a multi-layered approach, including: |
|
== Impact == |
|
The impact can range from nuisance pop-ups to total business disruption. Malware can steal data, destroy files, encrypt systems, monitor users, add devices to botnets, interrupt public services or provide a foothold for later attacks. |
|
* Using reputable antivirus and anti-malware software to detect and remove known threats. |
|
* Keeping operating systems, applications, and software up to date with the latest security patches. |
|
* Exercising caution when clicking on links or opening attachments in emails, especially from unknown sources. |
|
* Regularly backing up important data to mitigate the impact of ransomware attacks. |
|
* Employing strong passwords and enabling two-factor authentication (2FA) for online accounts. |
|
* Practicing safe browsing habits, such as avoiding suspicious websites and refraining from downloading software from untrustworthy sources. |
|
* Educating users about social engineering techniques, phishing attacks, and other common vectors used to distribute malware. |
|
For organisations, the damage is often wider than the infected device. Incident response, downtime, customer notification, data protection duties, recovery costs and reputational harm can all follow. |
|
== Legal and Ethical Considerations == |
|
Developing, distributing, or using malware is illegal and unethical in most jurisdictions. Engaging in such activities can lead to severe legal consequences. Ethical considerations include respecting the privacy and security of individuals and organizations, adhering to responsible disclosure practices, and using cybersecurity knowledge to protect systems and networks rather than exploit them. |
|
== Defence == |
|
Good malware defence is layered. Useful controls include: |
|
* Keeping operating systems, browsers and applications patched. |
|
* Using reputable endpoint protection. |
|
* Restricting administrator privileges. |
|
* Enabling multi-factor authentication for important accounts. |
|
* Filtering email and blocking dangerous attachment types. |
|
* Training users to report suspicious messages quickly. |
|
* Maintaining offline or otherwise protected backups. |
|
* Testing recovery plans before an incident happens. |
|
Backups matter because ransomware can turn a security incident into a business continuity crisis. A backup that is connected to the same network may be encrypted or deleted by the attacker, so backup design is part of security. |
|
== Detection and Response == |
|
Signs of infection can include unusual network traffic, unexpected processes, disabled security tools, unknown browser extensions, ransom notes, suspicious logins, or alerts from endpoint protection. |
|
Response normally involves isolating affected systems, preserving evidence, identifying the entry route, removing persistence, restoring from clean backups and changing compromised credentials. In serious cases, specialist incident response support may be needed. |
|
== See Also == |
|
* [[Ransomware]] |
|
* [[Social engineering]] |
|
* [[Cybersecurity]] |
|
* [[Command Prompt]] |
|
== References == |
|
* [https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks NCSC: Mitigating malware and ransomware attacks] |
|
* [https://www.ncsc.gov.uk/ransomware/home NCSC: What you need to know about ransomware] |
|
* [https://ico.org.uk/about-the-ico/research-reports-impact-and-evaluation/research-and-reports/learning-from-the-mistakes-of-others-a-retrospective-review/malware-and-ransomware/ ICO: Malware and ransomware] |
|
* [https://cyberessentials.online/cyber-essentials-malware-explained/ Cyber Essentials: Malware explained] |
|
[[Category:Cybersecurity]] |
|
[[Category:Computing]] |