Cyberattacks and malware are one of the biggest threats on the internet.
Here is Part 1 of information necessary to learn about the different types of malware – and how to avoid falling victim to attacks.
What is malware?
Malware is shorthand for malicious software. It is software developed by cyber attackers with the intention of gaining access or causing damage to a computer or network, often while the victim remains oblivious to the fact there’s been a compromise. A common alternative description of malware is ‘computer virus’ — although there are big differences between these types of malicious programs.
What was the first computer virus?
The origin of the first computer virus is hotly debated. For some, the first instance of a computer virus — software that moves from host to host without the input from an active user — was Creeper, which first appeared in the early 1970s, 10 years before the actual term ‘computer virus’ was coined by American computer scientist Professor Leonard M. Adleman.
Creeper ran on the Tenex operating system used throughout ARPANET — the Advanced Research Projects Agency Network — and jumped from one system to another, displaying a message of “I’M THE CREEPER : CATCH ME IF YOU CAN!” on infected machines, before transferring itself to another machine. For the most part, when it found a new machine, it removed itself from the previous computer, meaning it wasn’t capable of spreading to multiple computers at once.
While Creeper wasn’t created for malicious purposes or performing any activity beyond causing mild annoyance, it was arguably the first example of software operating in this way.
Shortly afterward, a new form of software was created to operate in a similar way — but with the aim of removing Creeper. It was called Reaper.
Alternatively, some believe the title of the first computer virus should go to one called Brain, because unlike Creeper, it could self-replicate itself without the need to remove itself from a previous system first — something many forms of malicious code now do.
The Morris Worm
The Morris Worm holds the notorious distinction of the first computer worm to gain mainstream media attention — because, within hours of being connected to the early internet, it had infected thousands of computers. The damage of the lost productivity is estimated to have cost between $100,000 and $10,000,000.
Like Brain and Creeper before it, the Morris worm isn’t classed as malware, because it is another example of an experiment gone wrong.
The software was designed to try to find out the size of the burgeoning internet with a series of scans in 1988, but mistakes in the code led to it running unintended denial of service operations — sometimes multiple times on the same machine, rendering some computers so slow they became useless.
As a result of the Morris Worm, the internet was briefly segmented for several days in order to prevent further spread and clean up networks.
What is the history of malware?
While Creeper, Brain and Morris are early examples of viruses, they were never malware in the truest sense.
Malware and the malicious code behind it is designed specifically to cause damage and problems on computer systems, while those described above found themselves causing issues by accident — although the results were still damaging.
With the birth of the web and the ability to connect to computers around the globe, the early 90s saw internet businesses take off as people looked to provide goods and services using this new technology.
However, as with any other form of new technology, there were those who looked to abuse it for the purposes of making money — or in many cases, just to cause trouble.
In addition to being able to spread via discs — both floppy and CD-Rom varieties — the increased proliferation of personal email allowed attackers to spread malware and viruses via email attachments, which has been especially potent against those without any sort of malware protection.
Various forms of malicious software caused trouble for the computer users of the 1990s, performing actions ranging from deleting data and corrupting hard drives, to just annoying victims by playing sounds or putting ridiculous messages on their machines.
Many can now be viewed — in safe mode with the actual malware removed — at the Malware Museum on the Internet Archive.
Some of the attacks may have looked simple, but it was these that laid the foundations for malware as we know it today — and all the damage it has caused around the world.
What are the different types of malware?
Like legitimate software, malware has evolved over the years and comes equipped with different functions depending on the goals of the developer
Malware authors will sometimes combine the features of different forms of malware to make an attack more potent — such as using ransomware as a distraction to destroy evidence of a trojan attack.
What is a computer virus?
At its core, a computer virus is a form of software or code that is able to copy itself onto computers. The name has become associated with additionally performing malicious tasks, such as corrupting or destroying data.
While malicious software has evolved to become far more diverse than just computer viruses, there are still some forms of traditional viruses — like the 15-year-old Conficker worm — that can still cause problems for older systems. Malware, on the other hand, is designed to provide the attackers with many more malicious tools.
What is trojan malware?
One of the most common forms of malware — the Trojan horse — is a form of malicious software that often disguises itself as a legitimate tool that tricks the user into installing it so it can carry out its malicious goals.
Its name, of course, comes from the tale of ancient Troy, with the Greeks hidden inside a giant wooden horse, which they claimed was a gift to the city of Troy. Once the horse was inside the city walls, a small team of Greeks emerged from inside the giant wooden horse and took the city.
Trojan malware operates in much the same way, in that it sneaks into your system — often disguised as a legitimate tool like an update or a Flash download — then, once inside your system, it begins its attacks.
Once installed in the system, depending on its capabilities a Trojan can then potentially access and capture everything — logins and passwords, keystrokes, screenshots, system information, banking details, and more — and secretly send it all to the attackers. Sometimes a Trojan can even allow attackers to modify data or turn off anti-malware protection.
The power of Trojan horses makes it a useful tool for everyone from solo hackers, to criminal gangs to state-sponsored operations engaging in full-scale espionage.
What is spyware?
Spyware is software that monitors the actions carried out on a PC and other devices. That might include web browsing history, apps used, or messages sent. Spyware might arrive as a trojan malware or may be downloaded onto devices in other ways.
For example, someone downloading a toolbar for their web browser may find it comes packed with spyware for the purposes of monitoring their internet activity and computer use, or malicious adverts can secretly drop the code onto a computer via a drive-by download.
In some cases, spyware is actively sold as software designed for purposes such as parents monitoring their child’s internet use and is designed to explicitly be ignored by antivirus and security software. However, there are various instances of such tools being used by employers to spy on the activity of employees and people using spyware to spy on their spouses.
What is ransomware?
While some forms of malware rely on being subtle and remaining hidden for as long as possible, that isn’t the case for ransomware.
Often delivered via a malicious attachment or link in a phishing email, ransomware encrypts the infected system, locking the user out until they pay a ransom — delivered in bitcoin or other cryptocurrency, in order to get their data back.
It might sound simple, but ransomware works: cybercriminals pocketed over $1 billion from ransomware attacks during 2016 alone, and a Europol report describes it as having “eclipsed” most other global cybercriminal threats in 2017.
What is wiper malware?
Wiper malware has one simple goal: to completely destroy or erase all data from the targeted computer or network. The wiping could take place after the attackers have secretly removed target data from the network for themselves, or it could could be launched with the pure intention of sabotaging the target.
One of the first major forms of wiper malware was Shamoon, which targeted Saudi energy companies with the aim of stealing data then wiping it from the infected machine. More recent instances of wiper attacks include StoneDrill and Mamba, the latter of which doesn’t just delete files, but renders the hard driver unusable.
One of the most high profile wipers of recent times was Petya ransomware. The malware was initially thought to be ransomware. However, researchers found that not only was there no way for victims to retrieve their data via paying the ransom, but also that the goal of Petya was to irrecoverably destroy data.
What is a computer worm?
A worm is a form of malware that is designed to spread itself from system to system without actions by the users of those systems.
Worms often exploit vulnerabilities in operating systems or software, but are also capable of distributing themselves via email attachments in cases where the worm can gain access to the contact book on an infected machine.
It might seem like a basic concept, but worms are some of the most successful and long-lived forms of malware out there. The 15-year-old SQL slammer worm is still causing issues by powering DDoS attacks, while the 10-year-old Conficker worm still ranks among the most common cyber infections.
Last year’s Wannacry ransomware outbreak infected over 300,000 computers around the world — something it did thanks to the success of worm capabilities which helped it quickly spread through infected networks and onto unpatched systems.