First used by an Israeli professor, Yisrael Radai, as a conjunction of "malicious" and "software", malware (mal·weuh) has grown to be one of the most ubiquitous forms of cybersecurity threats globally.
But how did we get here, and what exactly is malware? This article is a beginner’s guide to learning everything you need about malware.
A bit of history about malware
Hacking is nothing new. From the early days of phreaking telephone lines to gain access to free calls to modern Distributed Denial-of-Service (DDoS) attacks and ransomware, the threats in the cybersecurity and fraud landscape are vast and deep.
The primary purpose of malware is to disrupt networks and systems, steal data (either governmental, company-specific or financial) or sit and spy on your activity.
Malware itself has followed a similar path. The first trojan (ANIMAL) was released into the wild in the 1970s, followed by the Jerusalem virus in the late 1980s. Malicious software was gaining traction as a disruptive influence but was very much in its infancy and, for now, not overly dangerous or effective.
In the early 1990s, dial-up internet expanded the minds of the global population and the risks and opportunities for criminals associated with it. Malware has become a growing threat as the danger could now be catastrophic and swift, and as time has gone on, the types and threats associated with malware have grown exponentially.
Malware types in 2024
So what are the malware types under this all-encompassing term, and how prevalent are they now in 2024?
Worms are designed with destruction in mind. They look to self-replicate through a network and can overload bandwidth and delete files. However, they can also provide options for other malware to enter by dropping it themselves or opening backdoors in a system. Not used as much today, they were primarily used in the 80s to mid-2000s, with Storm Worm and Morris Worm being notable mentions, but MYDOOM caused $38 billion worth of damage in 2004.
Because worms move laterally through a computer network, they risk exposing themselves to system administrators when they hit firewalls. Although worms are self-replicating, viruses are not. They tend to require positive action from the user or from software to move through a network. Although considered older forms of malware, they are worth mentioning, for example, Flip, Monxla and Invader.
The Trojan Horse story is so omnipresent throughout society that it has even been coined in cybersecurity. Running parallel with the idea of the Greek soldiers hiding in the wooden horse to take the city of Troy, this malware type functions in the same way. It is designed to present as a non-harmful application to target systems and steal sensitive information, such as login credentials, credit card details, or personal identification numbers. ILOVEYOU and Zeus are well-known forms of Trojans, and new versions are still being created today.
This malware type is used specifically to gain funds from the targets. It encrypts the files on a target machine and then presents a screen requesting payment, usually in the form of non-traceable cryptocurrency. The amounts that are requested may vary depending on the target, with large demands as high as $240 million. This was orchestrated by the Hive ransomware group against MediaMarkt, Europe’s largest consumer electronics retailer. Others are concentrating on volume, such as WannaCry asking for $300 from each user but multiplying that by 200,000 computers were infected across 150 countries.
All of these malware types have their attack vectors, their uses for fraudsters, and their limitations. Understandably, bad actors want to have the largest impact but also want to do this with the most efficiency. To do this, fraudsters would use many types of malware we have touched on above, alongside others, plus social engineering to create a campaign to either overwhelm an organisation's defences or to find vulnerabilities quickly. Conficker and Code Red are examples of blended malware.
Zero-day malware is malware that takes advantage of recently released software updates that may have new vulnerabilities. Zero-day malware works as bad actors are not restricted by either software release schedules or legislation; because of this, they can often gain an advantage before patches are implemented. Famous zero-day malware include TeaBot, Sharkbot and Pixpirate, all of which were found, classified and stopped by Cleafy. There will be more on how we do this in future posts.