When malware is brought up it is often used a broad term to describe any form of computer program that will execute on a device or network with the goal of causing damage, disruption, and transfers of wealth or knowledge. These are achieved by corrupting, editing, extracting or deleting data found on the target systems.
The resulting damage is often exacerbated further by the ability of some malware to download additional malware, extract sensitive data, create backdoors for future re-entry, or join a Botnet.
Malware Infection Methods:
These are some prevalent methods that may be used to infiltrate a pc with malware.
Program / OS Vulnerabilities:
All programs and operating systems can contain Common Vulnerabilities and Exposures (CVEs) which are leveraged to gain access and control of systems. These can be found by scanning across networks or by accessing a system and looking for the specific OS or program versions installed to identify known CVEs for them.
Social Engineering:
Targeting humans directly with manipulating tactics can offer an easier route to infection than attempting to hack a system. It abuses the trust between peers to bypass best security practices and aims to have them to provide sensitive information, download a malicious attachment or direct them to a link.
Removable Media:
Often playing on the curiosity and kindness of humans, hackers can place malware on removable media (USBs, Hard Drives, CD’s) and leave them nearby to the target location such as in car parks and shared communal areas (receptions, kitchens, or at the front door). Unsuspecting users will then plug them in to try locate the colleague it belongs to, at which point malware will automatically begin to infect the machine.
Fake Websites / Applications:
A simple but effective method cybercriminals utilise is creating websites or applications that mirror legitimate ones, the urls and names of these will be as close to the real ones as possible (such as Inf0.paypal.com, banking.uk.HS3C.co.uk) but the websites can begin to download further malware or collect the information provided by users for logins or banking details.
Types Of Malware
As it is such a broad term, Malware can exist in multiple formats, some of the most common are:
Trojan:
Stemming from the historical myth, the modern day trojan horse distributes malware by deceiving users into downloading or running software which appears authentic and safe to use but quickly begins carrying out malicious action. A report by AV-Test.org stated that in 2019, over 58% of malware was distributed using Trojan methods. (Source)
Once access is gained, ransomware will run encryption methods against any potentially valuable data such as documents, spreadsheets, images, and databases until they are unreadable / unusable before attempting to spread to other devices on the network. The users will then be prompted to pay a ransom, often pressured with short time constraints, to receive the recovery keys for their data/systems. It is worth noting, paying the ransom does not always guarantee the data will be recovered.
Spyware:
Leveraged by cybercriminals and government bodies alike, the connectivity (and in many cases mobility) of modern devices has resulted in the development of tools which are able to operate covertly on a targets device to find and extract data such as communication logs, bank details/transaction logs, locations, credentials, browsing history, documents/images or personal data.
Adware:
Initially seeming innocuous at first, advertising software can become increasingly intrusive and reduce the user’s ability to carry out tasks while pop-up windows and notifications appear on screen. These can sometimes be legitimate adverts, but upon clicking them a number will try redirect the user to sites which host other malware or attempt to extract data. In latest OS versions the built in notification functions can be utilized to present the adverts, adding another layer to the mirage of authenticity.
Worm:
Commonly described as self-contained viruses, worm malware has the ability to replicate itself without any user interaction and spread across network connections, email, instant messengers or file transfer sites. On networks it will treat each infected device as a host from which to discover more vulnerable servers it can attack. Other methods operate by sending copies of itself to entire contact lists as attachments such as image, work files or music, named in a way to deceive the user to open it. Even a fraction of contacts open the attachment results in exponential growth of infected devices using this method.