Malware is shorthand for malicious software. It is software developed by cyber attackers with the intention of gaining access or causing damage to a computer or network, often while the victim remains oblivious to the fact there's been a compromise. A common alternative description of malware is 'computer virus' -- although there are big differences between these types of malicious programs.
What was the first computer virus?
The origin of the first computer virus is hotly debated. For some, the first instance of a computer virus -- software that moves from host to host without the input from an active user -- was Creeper, which first appeared in the early 1970s, 10 years before the actual term 'computer virus' was coined by American computer scientist Professor Leonard M. Adleman.
Creeper ran on the Tenex operating system used throughout ARPANET -- the Advanced Research Projects Agency Network -- and jumped from one system to another, displaying a message of "I'M THE CREEPER : CATCH ME IF YOU CAN!" on infected machines, before transferring itself to another machine. For the most part, when it found a new machine, it removed itself from the previous computer, meaning it wasn't capable of spreading to multiple computers at once.
While Creeper wasn't created for malicious purposes or performing any activity beyond causing mild annoyance, it was arguably the first example of software operating in this way.
Shortly afterward, a new form of software was created to operate in a similar way -- but with the aim of removing Creeper. It was called Reaper.
Alternatively, some believe the title of the first computer virus should go to one called Brain, because unlike Creeper, it could self-replicate itself without the need to remove itself from a previous system first -- something many forms of malicious code now do.
The Morris Worm
The Morris Worm holds the notorious distinction of the first computer worm to gain mainstream media attention -- because, within hours of being connected to the early internet, it had infected thousands of computers. The damage of the lost productivity is estimated to have cost between $100,000 and $10,000,000.
Like Brain and Creeper before it, the Morris worm isn't classed as malware, because it is another example of an experiment gone wrong.
The software was designed to try to find out the size of the burgeoning internet with a series of scans in 1988, but mistakes in the code led to it running unintended denial of service operations -- sometimes multiple times on the same machine, rendering some computers so slow they became useless.
As a result of the Morris Worm, the internet was briefly segmented for several days in order to prevent further spread and clean up networks.
What is the history of malware?
While Creeper, Brain and Morris are early examples of viruses, they were never malware in the truest sense.
Malware and the malicious code behind it is designed specifically to cause damage and problems on computer systems, while those described above found themselves causing issues by accident -- although the results were still damaging.
With the birth of the web and the ability to connect to computers around the globe, the early 90s saw internet businesses take off as people looked to provide goods and services using this new technology.
However, as with any other form of new technology, there were those who looked to abuse it for the purposes of making money -- or in many cases, just to cause trouble.
In addition to being able to spread via discs -- both floppy and CD-Rom varieties -- the increased proliferation of personal email allowed attackers to spread malware and viruses via email attachments, which has been especially potent against those without any sort of malware protection.
Various forms of malicious software caused trouble for the computer users of the 1990s, performing actions ranging from deleting data and corrupting hard drives, to just annoying victims by playing sounds or putting ridiculous messages on their machines.
At its core, a computer virus is a form of software or code that is able to copy itself onto computers. The name has become associated with additionally performing malicious tasks, such as corrupting or destroying data.
While malicious software has evolved to become far more diverse than just computer viruses, there are still some forms of traditional viruses -- like the 15-year-old Conficker worm -- that can still cause problems for older systems. Malware, on the other hand, is designed to provide the attackers with many more malicious tools.
What is trojan malware?
One of the most common forms of malware -- the Trojan horse -- is a form of malicious software that often disguises itself as a legitimate tool that tricks the user into installing it so it can carry out its malicious goals.
Its name, of course, comes from the tale of ancient Troy, with the Greeks hidden inside a giant wooden horse, which they claimed was a gift to the city of Troy. Once the horse was inside the city walls, a small team of Greeks emerged from inside the giant wooden horse and took the city.
Once installed in the system, depending on its capabilities a Trojan can then potentially access and capture everything -- logins and passwords, keystrokes, screenshots, system information, banking details, and more -- and secretly send it all to the attackers. Sometimes a Trojan can even allow attackers to modify data or turn off anti-malware protection.
The power of Trojan horses makes it a useful tool for everyone from solo hackers, to criminal gangs to state-sponsored operations engaging in full-scale espionage.
What is spyware?
Spyware is software that monitors the actions carried out on a PC and other devices. That might include web browsing history, apps used, or messages sent. Spyware might arrive as a trojan malware or may be downloaded onto devices in other ways.
While some forms of malware rely on being subtle and remaining hidden for as long as possible, that isn't the case for ransomware.
Often delivered via a malicious attachment or link in a phishing email, ransomware encrypts the infected system, locking the user out until they pay a ransom -- delivered in bitcoin or other cryptocurrency, in order to get their data back.
Wiper malware has one simple goal: to completely destroy or erase all data from the targeted computer or network. The wiping could take place after the attackers have secretly removed target data from the network for themselves, or it could could be launched with the pure intention of sabotaging the target.
One of the first major forms of wiper malware was Shamoon, which targeted Saudi energy companies with the aim of stealing data then wiping it from the infected machine. More recent instances of wiper attacks include StoneDrill and Mamba, the latter of which doesn't just delete files, but renders the hard driver unusable.
A worm is a form of malware that is designed to spread itself from system to system without actions by the users of those systems.
Worms often exploit vulnerabilities in operating systems or software, but are also capable of distributing themselves via email attachments in cases where the worm can gain access to the contact book on an infected machine.
Last year's Wannacry ransomware outbreak infected over 300,000 computers around the world -- something it did thanks to the success of worm capabilities which helped it quickly spread through infected networks and onto unpatched systems.
What is adware?
The ultimate goal of many cybercriminals is to make money -- and for some, adware is just the way to do it. Adware does exactly what it says on the tin -- it's designed to maliciously push adverts onto the user, often in such a way that the only way to get rid of them is to click through to the advert. For the cybercriminals, each click brings about additional revenue.
In most cases, the malicious adverts aren't there to steal data from the victim or cause damage to the device, just sufficiently annoying to push the user into repeatedly clicking on pop-up windows. However, in the case of mobile devices, this can easily lead to extreme battery drain or render the device unusable due to the influx of pop-up windows taking up the whole screen.
By issuing commands to all the infected computers in the zombie network, attackers can carry out coordinated large-scale campaigns, including DDoS attacks, which leverage the power of the army of devices to flood a victim with traffic, overwhelming their website or service to such an extent it goes offline.
Botnets are designed to stay quiet to ensure the user is completely oblivious that their machine is under the control of an attacker.
As more devices become connected to the internet, more devices are becoming targets for botnets. The infamous Mirai botnet -- which slowed down internet services in late 2016 -- was partially powered by Internet of Things devices, which could easily be roped into the network thanks to their inherently poor security and lack of malware removals tools.
What is cryptocurrency miner malware?
The high profile rise of bitcoin has helped push cryptocurrency into the public eye. In many instances, people aren't even buying it, but are dedicating a portion of the computing power of their computer network or website to mine for it.
There's nothing underhanded or illegal about cryptocurrency mining in itself, but in order to acquire as much currency as possible -- be it bitcoin, Monero, Etherium or something else -- some cybercriminals are using malware to secretly capture PCs and put them to work in a botnet, all without the victim being aware their PC has been compromised.
Typically, a cryptocurrency miner will deliver malicious code to a target machine with the goal of taking advantage of the computer's processing power to run mining operations in the background.
The problem for the user of the infected system is that their system can be slowed down to almost a complete stop by the miner using big chunks of its processing power -- which to the victim looks as if it is happening for no reason.
PCs and Window servers can be used for cryptocurrency mining, but Internet of Things devices are also popular targets for compromising for the purposes of illicitly acquiring funds. The lack of security and inherently connected nature of many IoT devices makes them attractive targets for cryptocurrency miners -- especially as the device in question is likely to have been installed and perhaps forgotten about.
Analysis by Cisco Talos suggests a single system compromised with a cryptocurrency miner could make 0.28 Monero a day. It might sound like a tiny amount, but an enslaved network of 2,000 systems could add the funds up to $568 per day -- or over $200,000 a year.
How is malware delivered?
In the past, before the pervasive spread of the World Wide Web, malware and viruses would need to be manually, physically, delivered, via floppy disc or CD Rom.
The quality of the spam email attempts vary widely -- some efforts to deliver malware will involve the attackers using minimal effort, perhaps even sending an email containing nothing but a randomly named attachment.
In this instance, the attackers are hoping to chance on someone naive enough to just go ahead and click on email attachments or links without thinking about it -- and that they don't have any sort of malware protection installed.
A slightly more sophisticated form of delivering malware via a phishing email is when attackers send large swathes of messages, claiming a user has won a contest, needs to check their online bank account, missed a delivery, needs to pay taxes, or even is required to attend court -- and various other messages which upon first viewing may draw the target to instantly react.
For example, if the message has an attachment explaining (falsely) that a user is being summoned to court, the user may click on it due to the shock, opening the email attachment -- or clicking a link -- to get more information. This activates the malware, with the likes of ransomware and trojans often delivered in this way.
However, there are many other ways for malware to spread that do not require action by the end user -- through networks and through other software vulnerabilities.
What is fileless malware?
As traditional malware attacks are being slowed by prevention tactics including the use of robust anti-virus or anti-malware systems, and users are becoming cautious of unexpected emails and strange attachments, attackers are being forced to find other ways to drop their malicious payloads.
This is achieved because the attacks uses a system's own trusted system files and services to obtain access to devices and launch nefarious activity -- all while remaining undetected because anti-virus doesn't register wrongdoing.
Exploiting the infrastructure of the system in this way allows the attackers to create hidden files and folders or create scripts they can use to compromise systems, connect to networks, and eventually command and control servers, providing a means of stealthily conducting activity.
The very nature of fileless malware means not only is it difficult to detect, but difficult to protect against by some forms of antivirus software. But ensuring that systems are patched, up to date, and restricted users from adopting admin privileges, can help.
Do only Windows PCs get malware?
There was a time when many naively believed that it was only Microsoft Windows systems that could fall victim to malware. After all, malware and viruses had concentrated on these, the most common computer systems, while those that used other operating systems were free of its grasp. But while malware still remains a challenge for Windows systems -- especially those running older, even obsolete versions of the OS -- malware is far from exclusive to Microsoft PCs
For many years, a myth persisted that Macs were completely immune to malicious infection. Over the course of the 90s, there were some forms of malware that did infect Macs, despite primarily being designed for Windows systems. The likes of Concept and Laroux were about to infect Macs using Microsoft office programs.
However, by the mid-00s, attackers had started building forms of malware specifically designed to target Apple Macs, and now, while Windows machines bear the brunt of computer and laptop based malware attacks, Macs are now regular targets for cybercrime.
If there's a type of malware that can infect computers -- be it a trojan, ransomware, information stealer, or pop-up adware -- then criminals have been working on malware threats that can carry out the same tasks on smartphones.
The amount of data carried on mobile devices makes them an even more valuable target for hackers, particularly if a sophisticated hacking group, or a state-backed espionage operation is looking to compromise a particular target for the purposes of spying.
Unfortunately, many people still don't realise their mobile phone is something that can fall victim to cyberattacks -- although they can be protected by good user practice and mobile antivirus software.
What is Android malware?
Android phones suffer the majority of malware attacks on smartphones, with Google's larger share of the mobile market and the open nature of the ecosystem making it an attractive target for cyber criminals.
However, while the Google Play store has been used by hackers to distribute Android malware, more sophisticated campaigns will socially engineer selected targets into downloading malware for the purposes of espionage onto their device.
Can my iPhone become infected by malware?
When it comes to iPhone, the ecosystem is much more heavily protected against malware due to Apple's closed garden approach to applications.
The network of Mirai-infected devices consisted largely of IoT products and was so powerful that it brought large swathes of the internet grinding to a halt, slowing down or outright preventing access to a number of popular services.
Unlike mobile phones, IoT devices are often plugged in and forgotten about, with the risk that the IoT camera you set up could become easily accessible to outsiders -- who could potentially use it to spy on your actions, be it in your workplace or in your home.
It's especially useful for those involved in the game of geopolitics because currently, unlike the case with conventional weapons, as yet there are no rules or agreements detailing who can and can't be targeted by cyber weapons.
That attribution of attacks remains so difficult also makes cyber espionage a crucial tool for nation-states who want to keep their activities under wraps.
Stuxnet is generally regarded as the first instance of malware designed to spy on and subvert industrial systems and in 2010 it infiltrated Iran's nuclear program, infecting uranium centrifuges and irreparably damaging systems. The attack slowed down Iran's nuclear ambitions for years.
Some of the most basic cybersecurity practices can go a long way to protecting systems -- and their users -- from falling victim to malware.
Simply ensuring software is patched and up to date, and all operating system updates are applied as quickly as possible after they're released, will help protect users from falling victim to attacks using known exploits.
Time and again, delays in patching have led to organisations falling victims to cyberattacks, which could've been prevented if patches had been applied as soon as they were released.
Installing some form of cybersecurity software is also a useful means of protecting against many forms of attack. Many vendors will update their programs with new threat intelligence, which is applied to scan for and detect new malware on a weekly or even daily basis, providing as much protection as possible from malware, should something attempt to break into the system.
For example, visitors to watering-hole sites should be protected from attacks, while suspicious or dangerous files received via email can be quarantined.
Teaching users about safe browsing and the dangers of phishing emails, or to be wary of what they download and click on, can help prevent threats from getting to the point of even being downloaded. Users take a lot of criticism from some as a weakness in cybersecurity, but they can also form the first line of defence against malware attacks.