A Brief History And The Different Kinds Of Malware
Malware: An Introduction
Malware or malicious software could be defined as the software that cyber criminals develop with malicious intents- like accessing and causing damage to a computer/mobile device or a network of computers, mostly without the user(s) being aware of the infiltration done by the malicious software. We do use the term ‘computer virus’ or mere ‘virus’ in common parlance, though technically speaking virus is just one among the many malware and there are many different kinds of malware prevalent today.
Computer virus: The beginning
There are differences in opinion about the origin of the first computer virus. Some say it was the Creeper, which appeared in the early 1970s, even before the term computer virus came to be used, is the first instance of a computer virus. Creeper, which ran on the Tenex OS, jumped from one computer to another, at the same time displaying the message ‘I’M THE CREEPER : CATCH ME IF YOU CAN!’ on all infected systems. Anyhow, while moving on to a new system, Creeper would mostly get removed from the previous one; it wasn’t capable of spreading to multiple computers at one go. Creeper was basically created just for annoying users and not for malicious purposes. Another virus, named Reaper was created after Creeper; the aim was to use it to remove Creeper.
There are also some who believe that the first real computer virus was Brain, which was created in 1986 and which could self-replicate and didn’t need to remove itself from a system to spread to another.
The history of malware
The viruses paved the way for malware, which were designed specifically to cause damage and other such issues on systems. As the internet began its boom in the 1990s, with people beginning to use the new technology for all kinds of purposes, malware began to be made and spread, through floppy disks, CD-ROM disks and later as email attachments. These malware could cause data to get deleted or corrupt hard drives, while some would just cause users annoyance and not much damage. Today we have all kinds of sophisticated malware and malware attacks have sort of become so common that almost anyone can be targeted and attacked at any given point in time.
The different kinds of malware
Over the years, malware has evolved into being very sophisticated and will all kinds of mixed features. The cyber criminals today use malware to accomplish different things. Let’s take a look at the different kinds of malware-
A computer virus is a malicious software that can copy itself onto multiple computers, in the process performing additional malicious tasks like corrupting data or destroying data. Malware has, of course, evolved and diversified over the years, but there still are some forms of traditional viruses that infect and cause damages.
The Trojan or Trojan Horse is the kind of malware that disguises itself as a legitimate tool that would trick a user into installing it so that the hacker can use it to carry out malicious activities. The name, as we know, has been borrowed from the Greek mythology, wherein the Greeks use a giant wooden horse to gain entry into Troy and then destroy the city. Similarly, a Trojan malware that sneaks into your system could be disguised as something else- a software update, a new version of a player etc. Once it gets in, it starts its work, that of accessing the system resources, capturing and stealing data (login credentials, keystrokes, system information etc) and sending the same to the attackers. It could even be used to turn off anti-malware protection or to modify data. Trojan horses are used by individual hackers, gangs of cyber criminals, state-sponsored actors etc.
A spyware, as the name suggests, is a malicious software that is used by hackers to monitor the actions that take place on a system or any other device. Hackers usually use spyware to monitor web browsing history, the messages transmitted to and from a system (or network), the applications on the system etc. It could be as a Trojan or in some other way that this malware sneaks into a system/network, post which it begins its monitoring activity. Today spyware is also sold as a software, especially for purposes like parents’ monitoring kids’ browsing activities, employers spying on employees etc.
Ransomware, which seems to be the malware most in circulation these days, is really dangerous. A ransomware could encrypt everything on the infected system and thus the user would be locked out. The hackers would then ask for ransom, which has to be paid as Bitcoin or any other cryptocurrency. If the ransom is not paid, the hackers would refuse to decrypt the files and restore access to the system; they’d even sometimes delete the files. Nowadays, some ransomware criminals don’t decrypt and restore the encrypted stuff even after getting the ransom and that’s complicating things.
A worm is a malware that spreads itself from computer to computer without any action on the part of the users. This is done exploiting OS vulnerabilities or software vulnerabilities. Similarly, worms can also get distributed by themselves via email attachments especially when it gains access to the contact list of a user on an infected system.
The wiper malware, as the name suggests, erases or destroys all the data that’s there on a system or network. Sometimes the hackers do this after secretly removing the target data from the system or network, for being used by them, while sometimes hackers simply wipe it all off even without removing it.
Botnet refers to cyber criminals using a malware to hijack a network of computers, which can then be used to carry out malicious activities or attacks- to execute DDoS attacks, to send spam, to attack other systems or networks etc. A botnet could consist of a handful of systems or even millions of systems. A botnet itself is not a malware, it’s a collection of systems used to carry out malicious activities, but it’s achieved by using malware to access the systems and gain control over them.
Adware is the software that pushes or automatically generates online advertisements that the user would have to click on to get rid of, thereby helping the developer generate revenue. Adware implements ads in different ways- full screen, banner display, video, pop-up, static box display etc. Though adware is used to help cyber criminals make money, sometimes it also causes battery drain in mobile devices. Sometimes it also makes a mobile device unusable when pop-up ads take up the whole screen.
Cryptocurrency miner malware
This involves hackers using malware to secretly capture systems and then use them as a botnet and then take advantage of the computers’ processing power to run cryptocurrency mining-related operations. The users of the systems wouldn’t even know and the hackers would make millions.
Fileless malware are also on the rise. Thus hackers don’t have to use the traditional method, of getting malicious files downloaded and then executed on a system, Fileless malware can infect systems or endpoints leveraging zero-day exploits, launching scripts from memory etc. This makes it easy for the malware to avoid being detected by an antivirus or antimalware solution. Such attacks use a system’s own trusted system files and services to gain access to the system and the hackers create hidden files and folders or create scripts which they use to compromise systems.
We also classify malware based on the kind of device or OS that’s infected. These include Windows malware, Android malware, Mac malware, mobile malware etc, IoT malware etc.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.