/>
X

The 15 top malware threats facing you and your organisation

Computer viruses, malicious software, banking Trojans, and ransomware are just some of the nefarious ways hackers and cybercriminals are trying to turn your network and data into a payday.
dp-zdnet-headshot-feb-20201.jpg
worms-representing-conficker.jpg
1 of 15 iStock

Conficker

Cybercriminals are constantly developing and testing new forms of malicious software in order to make it as easy as possible for them to break down barriers and get a foothold into your network.

While some of the biggest threats to your network are new, others have been around for some time -- even over a decade in some cases. These are some of the cyber threats which you should be most concerned about right now.

It might be over eight years old, but the Conficker worm remains one of the most prevalent forms of malware there is.

Conficker uses flaws in the Windows operating system to infect machines and add them to a botnet, opening disabling antivirus software in the process making the victim even more vulnerable to other malware.

First detected in November 2008, Conficker is suspected to have infected millions of machines and it's thought there's still 500,000 infected IP addresses attempting to distribute the worm. Despite Conficker's continued success, the botnet command and control centre isn't issuing commands.

love-locks-representing-locky.jpg
2 of 15 Getty Images

Locky ransomware

File encrypting malicious software -- known as ransomware -- has become big business for cybercriminals and it's Locky which has become the most infamous and most successful of them all.

Locky has become so successful that it's often ranked as one of the top three most prevalent forms of malware and it's working for two big reasons: the attacks are easy to carry out and victims are willing to pay Bitcoin to get their data back.

Despite only first appearing in the wild during early 2016, Locky quickly made a name for itself by encrypting the networks of a Hollywood hospital, taking many services offline until a $17,000 ransom was paid.

zeus-representing-zeus.jpg
3 of 15 Vladimir Mucibabic, Getty Images/iStockphoto

Zeus

A form of Trojan malware, Zeus is designed to steal confidential information such as online credentials and banking information from infected machines. The very nature of the beast means it goes out of its way to avoid detection in order to gather as much data as possible.

Zeus is widely available to purchase on the dark web, and users can even download files and updates with improvements to its malicious software which provide the attacker with a variety of customisable functions.

The Trojan is primarily distributed via spam campaigns, often claiming to be from legitimate organisations and warning the victim about a problem with an account and offering a link to visit. Visiting that link will end up with the user being infected -- and soon their data will be for sale on the dark web.

brick-wall-representing-cryptowall.jpg
4 of 15 Getty Images/iStockphoto

Cryptowall

Cryptowall has long been one of the most prominent forms of ransomware, widely distributed via exploit kits, malvertising, and phishing.
Like other forms of ransomware, Crpytowall demands the victim pays a Bitcoin ransom in order to retrieve their files. However, even if the user pays the ransom, there's no guarantee that the attacker will provide the decryption key required to unlock their files.

humming-bird-representing-hummingbad.jpg
5 of 15 Getty Images/iStockphoto

Hummingbad

One of the most prolific forms of mobile malware, Hummingbad, has infected tens of millions of smartphones and tablets. Following a successful installation via a drive-by download or a malicious payload, HummingBad will install as many fraudulent apps as possible on the infected device.

Hummingbad generates at least $300,000 every month for the gang behind it, thanks to fraudulent ad revenue from millions of pop-up adverts and the installation of bogus apps.

trojan-horse-representing-ramnit.jpg
6 of 15 Getty Images/iStockphoto

Ramnit

First appearing in 2010 in the form of a self-replicating computer worm, Ramnit has evolved to become much more dangerous, reaching the point where those behind it have developed it into a banking Trojan, which is designed to steal bank customer login credentials for theft and fraud.

Ramnit is distributed in phishing scam emails, including one which claims to be from a charity with information about a recent donation.

Despite being seven years old, Ramnit remains dangerous.

android-apps-representing-triada.jpg
7 of 15 Getty Images

Triada

Triada is a modular backdoor for Android which grants the malicious actor super-user privileges on the infected device, allowing them to download additional malware and spoof URLs in order to make money for its distributors.

This form of Android malware is difficult to detect because it modifies the Zygote process, which contains the core processes of the Android OS. As this is used as the template for every Android application, Triada essentially becomes part of every single application, hiding it from view.

banks-representing-dridex.jpg
8 of 15 Getty Images

Dridex

The creators of Dridex aren't beating around the bush; known as Evil Corp, the malware developers target banks with this form of Trojan malware.

Spreading through email phishing campaigns and including features such as the ability to spy on victim PCs, the overall aim of Dridex is stealing credentials which can be used to access bank accounts and cash reserves.

The malware is believed to be responsible for stealing up to £20 million from UK accounts over the past several years.

salt-representing-sality.jpg
9 of 15 Getty Images/iStockphoto

Sality

First discovered in 2003 but still going strong, Sality is an entry-point obscuring (EPO) polymorphic file infector. The virus allows remote operations and downloads of additional malware to infected systems in order to deliver furthers malicious payloads to others. It remains one of the most prevalent malware threats.

Systems infected with Sality may communicate over a peer-to-peer network with its cybercriminal hosts, providing them with the opportunity to steal data from compromised networks and receive updated commands. The malware is considered to be one of the most difficult forms of malicious software to fight.

data-stealing-hand-representing-rookieai.jpg
10 of 15 Getty Images/iStockphoto

RookieUA

An information stealer designed to steal user account information such as logins and passwords, RookieUA malware is hitting targets across the globe. The HTTP communication is done using an uncommon User Agent called RookIE/1.0.

This information stealer is currently one of the most prolific forms of malware successfully attacking targets around the world.

bitcoin-representing-kelihos.jpg
11 of 15 Getty Images/iStockphoto

Kelihos

A botnet mainly involved in Bitcoin theft and spamming, Kelihos uses peer-to-peer communication to enable each individual node to act as command-and-control server. Kelihos is thought to have impacted five percent of all organisations across the globe in January 2017 alone.

Kelihos was first discovered in January 2010 and at one point was sending as many as 4 billion spam messages a day in its quest to add machines to its zombie network.

haircut-representing-cutwail.jpg
12 of 15 Getty Images/iStockphoto

Cutwail

Founded a decade ago in 2007, the Cutwail botnet was at one point the largest of its kind, thought to have infected almost 2 million computers and sending 74 billion spam messages a day. Cutwail isn't quite as powerful now, but is still one of the most prolific malicious botnets in the world.

Cutwail downloads and runs files on the victim PC, including a Trojan which enables the botnet to keep spreading. It also steals emails, usernames, passwords, and FTP credentials. While a threat in its own right, the Cutwail botnet is also known to have spread other malware including Zeus and FakeAV by downloading them onto infected systems.

pirate-ship-representing-parite.jpg
13 of 15 Getty Images/iStockphoto

Parite

A polymorphic file infector which targets Windows systems, the Parite virus infects .exe and .scr files on the local file system, instructing the infected files to subsequently perform other operations which infect other files across the infected machine and network.

By stealing hard disk space and memory in this way, Parite increasingly slows down the infected PC to the point where it stops working. But if the cybercriminals behind it don't want to wait for that to happen, they can also use Parite to outright delete data or an entire hard drive, as well as use it to steal information or spread Parite to others via spam emails.

It's the attachments in these spam emails and instant messages which are responsible for spreading the virus.

back-door-representing-virut.jpg
14 of 15 Getty Images/iStockphoto

Virut

First discovered in April 2007, Virut malware gives the attackers behind it access to your PC by opening a backdoor to an IRC server. The virus has worm-like capabilities which allow it to spread itself by copying itself to other network drives, including removable USB storage.

A computer infected with Virut allows a remote attacker to perform operations on it, which usually include the installation of other malware. It's thought that those behind Virut have created it to provide a means of installing pay-per-install software on the machines of victims, with the creators profiting from every single application installed on a compromised computer.

Virut attacks targets across the globe, although the highest percentage of infections seem to appear in the United States.

facebook-phone-on-app-representing-nivdort.jpg
15 of 15 Getty Images

Nivdort

Like other Trojans, Nivdort has been designed to steal information from victims, predominately data relating to online shopping and bank accounts. The malware is typically spread via the use of malicious spam emails, although those behind it have also been known to target Facebook users with malicious attachments in phishing messages.

If stealing financial data from victims wasn't enough, Nivdort has also been known to install malware and ransomware on infected PCs -- just in case they hadn't squeezed enough out of their targets.

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos
Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup
Asian woman working at a desk in front of a computer and calculator

Related Galleries

Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup

8 Photos
Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Drive Electric Day: A dizzying array of EVs in sunny Florida
ca3b4019-26c5-4ce0-a844-5aac39e2c34b.jpg

Related Galleries

Drive Electric Day: A dizzying array of EVs in sunny Florida

16 Photos
Incipio, Kate Spade, and Coach cases for Samsung Galaxy S22 Ultra: hands-on
s22-ultra-incipio-coach-cases-2.jpg

Related Galleries

Incipio, Kate Spade, and Coach cases for Samsung Galaxy S22 Ultra: hands-on

15 Photos
Casetify Impact Crush Galaxy S22 Ultra case hands-on: in pictures
casetify-s22-ultra-3.jpg

Related Galleries

Casetify Impact Crush Galaxy S22 Ultra case hands-on: in pictures

10 Photos