Malware is a contraction of ‘malicious software’ and is an all-encompassing term for any program designed specifically to attack, damage or compromise a system in some way.
The main malware categories include Trojans, viruses, worms, and ransomware. There are malware examples targeting all of the major operating systems including those from Apple, Android, and Windows – even Linux.
Malware only exists to attempt to exploit your device or personal data in some manner, usually for the author’s own gain – say, for example, stealing your online banking details – but sometimes it effectively represents random acts of virtual violence, such as a virus which just nukes your entire system.
So yes, it can be dangerous – which we’ll discuss further in a moment – and to defend against some of the disastrous potential scenarios malware can bring about, it’s a good idea to use an antivirus to protect your PC or smartphone.
- Looking for even more protection? Grab the best VPN
- Macs could be in danger too - see our Mac antivirus guide
- See why we rate Bitdefender so highly in our testing
The problem with viruses
There is a lot more to malware than viruses. Computer viruses are a specific type of malware which have two specific characteristics. First, a computer virus can execute or run itself. It does this by attaching itself to other programs or by hiding in the computer code which is run automatically when certain types of files or programs are opened. Second, a virus can replicate itself. This is often done within a targeted program or app within the device, followed by the virus spreading to other devices via emails, USB memory devices, or a vulnerable network.
While these technical distinctions are important for analysts, they aren’t for the consumer. The important point for consumers is to realize that a narrowly defined computer virus is just the tip of the iceberg -- there are many more risks and vulnerabilities out there than just that.
Malware has been around almost as long as the IT era. While there is no universal agreement over what the first malware was, two early examples are the Brain and the Morris Worm. The Brain was launched in 1986 by two Pakistani brothers. It was a self-replicating virus on a large floppy that promoted their computer repair services shop. The Morris worm, launched in 1988, was one of the first computer worms. It also resulted in the first felony conviction under the Computer Fraud and Abuse Act.
Strains of malware
Malware is a broad term, so is often employed very generally to cover anything bad happening to your PC in terms of rogue software that exploits your system in some way.
However, there are different subsets of commonly recognized malware, and we’ll now look briefly at the main offenders (there are other variations out there, too).
The virus (which we’ve already mentioned) is historically one of the more common types of malware (but perhaps a bit less so, these days). A virus comes embedded in a piece of software or file, and infects the system when that app or file is run. When that happens, what’s called the payload is triggered – in other words, the bad things that happen to your PC (which you may not even notice, as some effects are designed to be stealthy). Then the virus – as its name suggests – can spread itself to other files, and therefore potentially to other PCs (if those files are transferred).
A worm acts in much the same way to spread itself, but is even more dangerous, because it doesn’t need to be ‘triggered’ by the user (via a file being run) – it automatically propagates itself.
A Trojan is another kind of malware which pretends to be a legitimate program (being named, of course, after the famous Trojan horse). In other words, it’s specifically designed to look like a useful app, but will actually wreak malicious havoc on your system when run; a nasty concept indeed.
Ransomware is even nastier, though, and when unleashed on your PC – either via a file, or a website – it locks your machine (and all your files), threatening to delete everything by a certain deadline if you don’t pay a specified ransom online.
The four basic stages of malware
Impress/annoy – The earliest malware was designed by to either impress or annoy – or both. It was largely a platform for early hackers to show off their technical prowess and confound the rest of the world.
Damage – Malware soon moved into the damaging mode with some earlier malware types bricking up infected devices or deleting files. While impressive – and highly irritating – it was limited.
Steal – The profit motive soon showed up as hackers realized they could make substantial amounts by extracting data from infected devices and then misusing it. This discovery moved malware from simply being IT geeks showing off into a lucrative business. Monetization types have run the gamut from credit card fraud, bank fraud, identity theft, to ransomware.
Track – The age of smartphones – with always online individuals – have pulled in the trackers. Tracking can be legal, exist in a grey area, or be flatly illegal – depending on how trackers are added to the device and whether the individual agreed to this. Intrusive trackers sniffing out user activities have been linked to malicious advertising campaigns and streaming of dubious ads to infected devices.
How bad is bad?
On the subject of how dangerous malware is, the short answer is very. As we’ve indicated, some types of malware are particularly nasty, like ransomware which effectively locks up your digital life away from you – and even if you pay the ransom demanded, there’s no guarantee the author of the malware will actually let you have your files back. And if you haven’t backed up your data, then you really are in serious trouble (do remember that there’s some great free backup software out there).
However, any type of malware is seriously bad news generally speaking, and can have all sorts of negative effects on your PC, including spying on you (via a webcam perhaps), stealing your online passwords or other personal data, slowing your PC or internet connection down, or indeed just completely destroying all your files.
So, malware isn’t just dangerous – in fact, it can be deadly, at least to your files and system.
Malware creation and distribution trends
Malware began as cyber-boasting, often as a lone wolf-individual showed off his – or her – special skill set. Then it became a gang of thieves, focused on a particular technical angle such as hacking SQL databases and Point of Sales devices.
Malware as a service – As malware grew into a bigger business, it split into various roles and specializations. In particular, there were the actual malware code developers, those marketing lists of stolen credentials, and the individuals testing out various marketing strategies and delivery mechanisms. From a security analyst perspective, we often see the same development of distribution, marketing campaigns, even A/B testing for malware such as Dridex and Locky that we would see for completely legal online products.
Malware as a government service – State actors have had an outsized position in the development and deployment of malware. Stuxnet malware was allegedly developed and deployed by the USA/Israel to knock Iran’s plutonium-producing equipment out of action. Subsequently, elements of this code have been integrated into other purely malware packages.
North Korea is believed to have had a major influence in the damaging of Sony studio files and ransomware deployment. Russia-connected entities were behind the Petya and NotPetya ransomware.
Some of the major industrial hacks such as that of the Marriott have come from China-connected organizations. The leak of NSA zero-day exploits into the wild have resulted in several waves of malware and ransomware attacks.
Trends in malware detection
Malware has existed almost as long as the modern computer – but its destructive power has increased exponentially since the days of the I LOVE YOU virus back int the dark ages of the year 2000. Incidentally, this malware is still circulating on the internet. While the ability of malware to upset our online lives has grown, so also have the different techniques for detecting malware and keeping it off your device.
Signature-based detection – An early staple of antivirus programs was signature detection where a unique code pattern or hash of a known malicious file is known and recorded. Once this signature is discovered again, the file containing it can be flagged by the antivirus.
As malware became more sophisticated, malware authors began using new techniques, like polymorphism, to change their pattern each time their creation spread from one system to the next. As such, this minimized the effectiveness of a simple signature detection. Researchers then supplemented this with heuristic detection that judges the code based on its behavior. When anything starts acting out of the ordinary, it sets off alarm bells.
Cloud-based detection – Cloud based detections shift the identification work from the individual device to the cloud. This frees up computer space for more productive tasks and enables security firms to keep their detection methodologies more hidden from the cyber-criminals. By adding AI-enhanced machine learning into the mix, security firms are able to sort and sift through potential malware much faster and more in-depth than in the past, saving their manual ID work for new and emerging threats.
Should I never go online again?
The common thread with all these types of malware is that you contract them online, from either an app or file you downloaded, or a website (often via an email link). Obviously, it’s not an option to never go online again just because of what might happen with malware – but rather, it’s a matter of being aware of potential risks and taking simple precautions.
It’s beyond the scope of this article to go into detail on this, but the basics are that firstly and most importantly, you should use a good antivirus app (there are capable free antivirus products out there, or even Windows Defender is a solid enough proposition now and it comes built-in with Windows 10 by default, so even the terminally lazy don’t have any excuse for not using something).
Secondly, be very careful what you click on. If there’s a link on a social media site which seems suspicious, don’t follow it. If you have any doubts about a link sent to you in an email, or you’re worried about a dodgy-looking email attachment, again – leave it well alone. Be wary of anything that’s labeled as ‘urgent’ or seems to be demanding that you click it, and don’t forget, if you’re not sure about something, you can always check with the sender if the email is genuine or not.
Finally, always download software from an official store (like the Microsoft Store for Windows 10/Windows 11 PCs, for example, or Google Play with Android), or the maker’s website wherever possible. Don’t use any remotely suspicious-looking website or third-party store (at the same time, don’t think that official stores are bulletproof for malware – but they are far less likely to have been compromised).
What about my business?
Malware can be hugely damaging to businesses as well as individuals. Hackers often use malware to try and gain entry into an organisation's systems or networks, from where they can access valuable data to steal and sell on. Companies can face targeted attacks via malware that can cripple their systems, causing outages that could cause technical and financial damage.
To stay safe, businesses must ensure they have a full security suite offering installed that includes the latest up to date malware protection. This must be updated regularly, as hackers often switch up their tactics to take advantage of the latest threats.
Protection from malware
- Antivirus (or endpoint protection): Have a reputable, security app that has been through a battery of independent tests on your device. This is a basic starting point for malware security. In addition, a good security app will also have a history of testing results so look at a couple test results if you can.
- Updates: Malware loves finding a device that runs outdated software. Stay ahead of these threats by having an updater installed. This takes the responsibility for finding and installing the latest updates for the many apps on your devices.
- You: As the device user and owner, you are the most important layer of security. Look before you click on suspicious email attachments. Is the sender address correct? Are the links in the encrypted HTTPS? Does it feel correct? It’s ok to be suspicious – it could save your device from malware.
- Read more: get the right software for you - how to choose the best antivirus
AIexander has more than 18 years of experience in the Anti-Malware industry. A veteran of Avast (now NortonLifeLock) where he worked for more than two decades, he is also the CTO and board member of the AMTSO (Anti-Malware Testing Standards Organization).