What is malware?
Malware encompasses all sorts of malicious software, including its best-known forms such as Trojan horses, ransomware, viruses, worms, and banking malware. The common denominator of everything that is described by this term is the malicious intent of its authors or operators.
How to recognize malware?
For a regular user, it is hard to say which file is malware and which isn’t. That’s why security solutions exist, maintaining vast databases of previously seen malicious samples and employing multiple protective technologies to counter new ones.
How does malware work?
Malware authors nowadays are very creative. Their “products” spread via vulnerabilities in unpatched systems, sneak past security measures, hide in memory, or mimic legitimate applications just to stay undetected.
However, even today one of the most effective vectors for infection is the weakest link in the chain – the human being. Well-crafted emails with malicious attachments have proven to be an efficient yet cheap way to compromise a system. And it only takes one wrong click to achieve it.
There are also various ways that malware authors monetize their malicious activities. Some malware tries to sneak inside a system, steal as much sensitive data as possible and the malware operators then sell it or use it to extort the victim. A popular method among cybercriminals is to encrypt the user's data or disk and demand an affordable ransom for reversing the damage.
And then there are cybercriminal groups that go after specific targets and are not necessarily driven by financial gain. How they earn money to fund their activities is difficult to say. We can only speculate as to whether the money comes from nation states, dark web entrepreneurship or who-knows-where. What we can say for sure is that some of these operations are sophisticated, highly organized and well-funded.
How to stay protected?
The first step is to keep all software up to date, including the operating system and all applications. Not only to add features and improvements and fix bugs, but also to patch vulnerabilities that could be misused by cybercriminals and their malicious code.
That, however, doesn’t cover all the threats that are looming out there. Therefore, a reliable and updated security solutionshould be in place to stop potential attempted attacks.
Regular backups stored on an offline hard drive are another way to counter malware, allowing the user to easily replace any data that might have been damaged, corrupted or encrypted by the attackers.
The first ever recorded PC virus was Pakistani Brain in early 1986. It tried to stay as stealthy as possible. Pakistani Brain infected the boot sector of floppy disks and spread globally in a matter of weeks – which is pretty remarkable, given that it was distributed only via 5.25" diskettes.
Since then, malware has evolved into various forms, its creators always finding new ways of afflicting victims. Internet use has made its distribution much easier and enabled malware authors to spread their “evil wares” to a global network of potential victims.
Some malware families, such as WannaCryptor, spread indiscriminately, encrypting files and causing damage globally. Others go after a more limited group of victims, such as businesses in one country, as in the case of Diskcoder.C aka Petya.
A recent example of targeted malicious code was Industroyer. Discovered by ESET, this malware attacks industrial control systems used in the electric grid and most probably caused blackouts in Ukraine by misusing unsecured but legitimate protocols. It is one of the few malware families that fall into the same category as Stuxnet - the first cyberweapon ever known to be used.