Most businesspeople today are familiar with the term malware – that is, malicious software of some sort – but, in recent months I have heard multiple otherwise knowledgeable people misuse various terms related to malware types, so I decided to share a short primer that should be useful for people of all backgrounds:
Malware is an all-encompassing term that includes many forms of intentionally malicious software (in fact, the word malware was first coined in 1990 by the late Israeli professor, Yisrael Radai, as a conjunction of the words “malicious” and “software”). Malware includes computer viruses, worms, Trojans, ransomware, scareware, spyware, cryptocurrency miners, adware, and other programs intended to exploit computer resources for nefarious purposes.
A computer virus is an instance of malware that, when executed, replicates itself by inserting its own code into data files (often in the form of rogue macros), “boot sectors” of hard drives or SSDs, or other computer programs. Like biological viruses, computer viruses require hosts in order to spread. While viruses still inflict tremendous damage, the majority of serious malware threats today arrive in the form of Trojans and worms. (Note: The plural of computer virus is accepted as “viruses,” even if one uses “viri” as the plural for a biological virus.)
A computer worm is a standalone piece of malware that replicates itself without the need for any host in order to spread. Worms often propagate over networks by exploiting security vulnerabilities on target computers and networks. Because they normally consume network bandwidth, worms can inflict harm even without modifying systems or stealing data.
A Trojan (or Trojan horse) is malware disguised as non-malicious software or hidden within a legitimate application or piece of digital data. Trojans are typically spread by social engineering – for example, by tricking people into clicking a link, installing an app, or running some email attachment – and, as such, unlike viruses and worms, Trojans typically do not self-propagate – instead, they rely on human involvement.
Ransomware is malware that demands that a ransom be paid to some criminal in exchange for the infected party not suffering some harm. Ransomware often encrypts user files and threatens to delete the encryption key if a ransom is not paid within some relatively short period of time, but other forms of ransomware involve a criminal actually stealing user data and threatening to publish it online if a ransom is not paid. Ransomware is most often delivered as a Trojan or a virus, but can be, and has been, also been packaged in a worm.
Scareware is malware that scares people into making some purchase. One common example is malware that displays a message on a device that the device is infected with some virus that only a particular security package can remove, with a link to purchase that “security software.”
Spyware is software that surreptitiously, and without permission, collects information from a device. Spyware may capture a user’s keystrokes (in which case it is called a keylogger), video from a video camera or audio from a microphone, screen images, etc. Some technologies that might technically be considered spyware if users have not been told that they are being tracked are in use by legitimate businesses; they include beacons that check if a user loaded a particular web page, and tracking cookies installed by websites or apps.
Cryptocurrency mining malware is malware, that, without permission of a device’s owner, uses the device’s computing power to generate new units of a particular cryptocurrency (which it gives to the criminals operating the malware) by completing complex math problems that require significant processing power to solve.
Adware is software that generates revenue for the party operating it by displaying online advertisements on a device. Adware may be malware – that is, installed and run without the permission of a device’s owner – or may be a legitimate component of software (for example, installed knowingly by users as part of some free, ad-supported package.)
Blended malware is malware that utilizes multiple types of malware technology as part of an attack – for example, combining features of Trojans, worms, and viruses.
Zero Day Malware
Zero Day malware is any malware that exploits a vulnerability not previously known to the public or to the vendor of the technology containing the vulnerability.
In a future piece, I plan to provide a high-level overview of technologies used by malware.
This piece originally appeared in Inc.