Types of Malware and How to Prevent them

Written by Clare Stouffer, a NortonLifeLock employee

August 27, 2021

The most common types of malware include viruses, worms, trojans, ransomware, bots or botnets, adware, spyware, rootkits, fileless malware, and
malvertising.

And while the end goal of a malware attack is often the same — to gain access to personal information or to damage the device, usually for financial
gain — the delivery methods can differ. Some might even involve a combination of these malware types.

Detecting and dodging the malice begins with learning about these different types of malware. Here, we’re overviewing just that, listing out 10 prevalent
malware types and pressing questions and queries associated with them, including:

 What is malware?
 What are the different types of malware?
 How is malware injected or deployed?
 How to prevent, detect, and remove malware

What is malware?

A contraction of the words malicious software, malware is software that cyber attackers develop to gain access or cause damage to a computer or
network, usually without their victim’s knowledge. To define malware point blank, it’s any piece of software created with the intent to cause harm.
Of course, the degree of that harm depends on the types of malware you’re dealing with. This is why it’s not only important to understand not only what
does malware mean but also what each type of malware means — and what it means for targets.
What are the different types of malware?
Even as there was a 39 percent decrease in malware worldwide in 2020, malware types continue to evolve.
Over time, some malware types have even become hybrids of one another, as they deploy similar malware attack methods, such as by
harnessing logic bombs, meaning pre-set attacks that are sometimes triggered by victims themselves; by leveraging phishing and social
engineering tactics to deliver malware directly to victims; or via mobile malware, meaning malware that targets mobile devices.
These are the most common types of malware to recognize:

 Malware viruses
 Worm malware
 Trojan malware
 Ransomware
 Bots or botnets
 Adware malware
 Spyware
 Rootkits
 Fileless malware
 Malvertising

1. Malware viruses

Viruses are a type of malware that often take the form of a piece of code inserted in an application, program, or system and they’re deployed by
victims themselves.
Among the most common types of malware, viruses are similar to bodily viruses in that they require a host, meaning a device, to live. They lie dormant
until triggered to attack, perhaps by users downloading an email attachment — oftentimes .exe files, that stands for “executable” files.
From there, the virus replicates, spreading copies of itself from computer to computer, to wreak the most havoc.
Ultimately, malware viruses can:

 Seize applications
 Send infected files to contact lists
 Steal data
 Launch DDoS attacks
 Launch ransomware attacks

Malware viruses real-world example

ILOVEYOU virus, 2000: This malware virus impacted millions of computers around the globe and was downloaded by clicking on an attachment called
“LOVE-LETTER-FOR-YOU.TXT.vbs” and from an email with the subject line “ILOVEYOU.”

2. Worm malware
Worms, similar to malware viruses, are a type of malware that replicates itself. Unlike viruses, however, worm malware can copy itself without any
human interaction, and it’s not host-dependent, meaning it does not need to attach itself to a software program to cause damage.
Worms can be transmitted via software vulnerabilities. They also can arrive as attachments in emails or direct messages or be installed by removable
media. Once opened, these files could provide a link to a malicious website or automatically download the computer worm. Once installed, the
worm silently goes to work and infects the machine or even entire networks without the user’s knowledge.
Ultimately, worm malware can:
  Delete or modify files
 Steal data
 Install backdoors for hackers
 Launch DDoS attacks
 Launch ransomware attacks
 Create botnets
 Infect many computers at once

Worm malware example

SQL Slammer, 2003: Regarded as one the fastest spreading worm malware ever, SQL Slammer exploited a vulnerability in Microsoft’s SQL Server
software. The attack took all but 10 minutes and impacted thousands of servers.

3. Trojan malware
What are Trojans? Hence the valiant name, Trojans are a type of malware disguised as bona fide software, applications, or files to deceive users into
downloading it and, unknowingly, granting control of their devices. Once installed, a trojan can perform the action it was designed for, be it to damage,
disrupt, steal, or inflict some other harmful action on your data or network.
Also known as a Trojan horse or Trojan horse virus, Trojan malware is often spread via email attachments, website downloads, or direct messages.
Similar to viruses, they too require user action to be deployed. In comparing a malware virus vs trojans, the difference is that viruses are host-
dependent and trojans are not. Trojans also do not self replicate like viruses.

 Ultimately, trojan malware can:

 Delete, modify, or steal data
 Spy on users
 Access networks
 Launch DDoS attacks
 Take remote control of devices

Trojan malware example

ZeuS/Zbot, 2011: This banking Trojan leveraged keystroke logging to steal credentials and also account balances.

4. Ransomware

Ransomware, as the name indicates, is a type of malware that comes with a ransom. It locks and encrypts a victim’s device or data and demands a
ransom to restore access.
How does ransomware happen? It’s often the result of victims mistakenly downloading this malware type through email attachments or links from
unknown sources. Once installed, the malware might create a backdoor for hackers to gain access to a device and then begin encrypting the data
on locking owners out of their devices entirely until they pay a ransom to regain ownership.
Worth noting is ransomware is increasingly being paid in cryptocurrency and this is sometimes referred to as crypto-malware.
Ultimately, ransomware can:

 Hold devices hostage

 Make data inaccessible through encryption
 Result in financial loss
Ransomware example
WannaCry, 2017: This ransomware attack targeted thousands of computer systems around the world that were running Windows OS and spread itself
within corporate networks globally. Victims were asked to pay ransom in Bitcoin to retrieve their data.

5. Bots or botnets
Other times, the bots might act more as a “spider,” meaning a program that crawls the internet looking for holes in security infrastructures to exploit,
and the hacking is done automatically — or robotically if you will.
Botnets are a type of malware that gain access to devices through a piece of malicious coding. In some cases, botnets directly hack devices, with
cybercriminals even taking remote control of devices.
Ultimately, bots or botnets can:

 Launch DDoS attacks

 Record activity, including keystrokes, webcam, and take screenshots
 Send phishing emails from your device
 Give hackers remote control of devices

Bots + botnets example

 Mirai, 2016 : This botnet attack targeted Internet of Things devices and, from there, leveraged DDoS attacks.

6. Adware malware
Adware, as the name indicates, is malware that involves advertising. Also known as advertising-supported software, adware displays unwanted
advertisements on your computer, sometimes in the form of pop-up ads, that track users’ browsing activity.

Sometimes this is for marketing purposes. Where adware can go wrong is when these ads collecting your data with malicious intent, be it to sell it to
third parties or leverage it for identity theft or credit card fraud.

Mobile adware, meaning adware on mobile devices, has become increasingly common and can be contracted through third-party app downloads.

Ultimately, adware can:

 Be an annoyance
 Lure users to malicious sites
 Install spyware
 Share user data with third parties

Adware example
Fireball, 2017: This adware infected around 250 million devices by means of browser hijacking to track victims’ web activity.

7. Spyware

Spyware is a type of malware that infiltrates devices without the owner’s knowledge. This is often for the purpose of spying on internet activity, tracking
log in and password information, or collecting sensitive information that can be used for fraudulent purposes.
It’s a broad malware type, too, as adware, trojan malware, and tracking cookies could all be considered types of spyware. Keyloggers, as well, are
a popular form of spyware that can be used to track and log the keys you strike on your keyboard, capturing any information typed.
Ultimately, spyware can:

 Breach personal privacy

 Collects confidential data, including by logging keystrokes
 Steal data
 Result in identity theft or credit card fraud

Spyware example
DarkHotel, 2014: This keylogger spyware targeted government and business leaders using hotel Wi-Fi.

8. Rootkits
Rootkits are a type of malware that grants cybercriminals remote control of victims’ devices, oftentimes without the victims’ knowledge. Since rootkits
are designed to remain hidden, they can hijack or subvert security software, making it likely that this type of malware could live on your computer for a
long time causing significant damage.
This type of malware is often spread through phishing and malicious downloads or attachment.
Ultimately, rootkits can:

 Take remote control of devices

 Grant cybercriminals admin access to devices
 Spy on users’ activity

Rootkits example
Zacinlo, 2012: This rootkit stayed stealthy until about 2017 when it was first detected, delivering adware
and disabling antivirus software on primarily Windows devices.

9. Fileless malware
Fileless malware is a type of malware that uses software, applications, and protocols already built-in or native to device operating systems to install
and execute malicious activities. In other words, no files are needed to download this type of malware, hence the name fileless malware. Fileless
malware is memory-based, not file-based.
Once installed, fileless malware piggybacks on legitimate scripts by executing malicious activity while the legitimate programs continue to run. Thanks
to this stealthy nature, fileless malware is tough to spot.
Ultimately, fileless malware can:

 Disrupt antivirus software

 Steal data

Fileless malware example

Astaroth, 2019: This fileless malware was a true info-stealer and primarily targetted Windows devices and in specific countries, including Brazil.

10. Malvertising

Not to be confused with adware, malvertising is a type of malware that comes from ads on legitimate websites. Adware, however, is a type of malware
that is already on a device. Both attacks rely on online advertising to do their damage.
You can fall victim to malvertising by clicking on an infected ad — cybercriminals may even pay to place these on websites — or by visiting a website
that is home to a corrupted ad and becoming victim to a drive-by download.
Ultimately, malvertising can:

 Result in ransomware attacks

 Steal data
 Result in credit card fraud

Malvertising example
The media, 2016: The New York Times, BBC, AOL, and other news sites unknowing served malvertisements to readers that set out to hold hostage
computers and demand a ransom.

How is malware injected or deployed?

Malware is overwhelmingly spread via email. By some counts, 94 percent of it is delivered by email. Still, cybercriminals harness many methods to pull
off a malware attack. These are just some of their common tactics, some being combinations of one another.

 Man-in-the-browser attacks are when an attacker injects malware into a computer, which then installs itself into the browser without the
user’s knowledge, to record the data that is being sent between the victim and specifically targeted websites.
 Exploiting security vulnerabilities is when cybercriminals manually look for security holes in devices and networks that they can then
inject malware into.
 Exploit kits are an alternative to manually exploiting security vulnerabilities. They are prewritten codes used to search for vulnerabilities in
devices and, ultimately, inject malware in those security holes.
 Drive-by downloads are when users visit a malicious website that is hosting an exploit kit for malware attacks.
 Social engineering is manipulating people’s emotions to click malicious links, download bad attachments, or share sensitive information
that can be used for fraudulent purposes. It can encompass phishing, vishing, or smishing.

How to prevent, detect, and remove malware

Just as the types of malware may meld together, so too do malware prevention tactics. Consider a combination of these best practices to prevent
malware, plus tips for how to detect malware and how to remove malware.
Use multi-factor authentication
Multi-factor authentication, or two-factor authentication, adds an extra layer of security to your accounts by introducing an additional step in the login
process. That can come as a code sent to your phone or a biometric scan, that helps verify your identity. Ultimately, multi-factor authentication is
meant to prevent cybercriminals from accessing your private information.

Avoid suspicious emails, links, and sites

Staying Cyber Safe means staying suspicious — suspicious of attachments from unknown sources, encouragements to click links, and
even advertisements that seem too good to be true. All of these can be phishing attempts that result in malware. Play it safe, and don’t engage if your
gut tells you not to.

Adjust spam filters

Since email is the primary delivery method for malware, it’s important to bone up on your email security — start by setting your spam filters high. This
can ensure you’re never tempted to engage with a malicious link, email, or attachment from the start.

Keep software up to date

Software updates are important, because they repair security holes that could be exploited by cybercriminals. For this reason, make a point to run
software updates as soon as they become available and consider even allowing automatic updates.

Know the warning signs of a malware infection

Staying apprised of the following warning signs of malware can help you detect malware fast:

 Your device is sluggish, freezing, or crashing

 Programs are opening, closing, and modifying on their own
 Your device has little to no storage space
 You’re bombarded with pop-ups or unwanted programs
 Emails are being sent without your consent

Consider antivirus software

When the warning signs of malware infections aren’t apparent, antivirus software can be there to help. Antivirus can take the guesswork out of whether
or not you have a malware infection by monitoring — and stopping — the cyber threats.

Back up files regularly

The main reason for a data backup is to have a secure archive of your important information, whether that’s classified documents for your business or
treasured photos of your family. This way, you can restore your device quickly and seamlessly in the event of data loss, perhaps as the result of a
malware infection.

Remove accordingly
Depending on your device, malware removal can come with different steps. Be sure to research how to remove malware from a Mac or PC before
beginning your malware removal process.
There’s no getting around it: Malware is malicious. Knowing the different types of malware and how they spread can level up your holistic approach to
avoiding cyber threats.

Source: US.Norton.com