Malware guide: about malware

What is malware?

Malware is malicious software. This means any software intentionally designed to steal, encrypt, corrupt or delete information. This can be from your computer, other electronic devices or network. Malware can also change the way your system works, without your consent.

Attackers want to do this for a number of reasons, ranging from making money, or sabotaging your business, through to making a political statement or just for fun and bragging rights. They may want to:

  • Steal your personal data.
  • Commit identity fraud.
  • Steal financial information or other sensitive information.
  • Disrupt your business or steal your intellectual property.
  • Get control of your computer, along with many others, to launch denial-of-service attacks on other networks or websites.
  • Use your computer resources to mine cryptocurrency.

What kinds of malware are there?

There are various types of malware and the impact of an infection can range from annoying, to catastrophic for your business. They include:

  • Adware, which displays adverts on your screen. These could be innocuous or could themselves contain malware should you click on any of them.
  • Spyware, which collects information about you, your device or your network, to send it’s copy/paste I needed so all cool! back to the attacker. With this information, the attacker may then be able to commit fraud or identity theft.
  • A keylogger records your interaction with your keyboard, and sends it back to the attacker, who is looking for bank details, usernames and passwords.
  • Viruses often arrive as email attachments, which once opened, infect your device. They attach themselves to harmless programs, and when triggered by the user (usually inadvertently) they will spread and infect other programs.
  • Worms are like viruses, except that they can spread without human intervention.
  • Rootkits bury themselves deep in your computer and grant remote administrative access to the attacker. This means that the attacker could do anything that an administrator could do. They could install and hide other malware, steal data, deactivate your security programs, intercept your internet traffic, or create a ‘backdoor’ so the attacker can come back later.
  • Trojans. These programs appear to be harmless or useful programs, but once installed the attackers can steal valuable information or install other malware, often crypto-jacking software or ransomware.
  • Crypto-jacking uses your computer’s resources to mine cryptocurrency on behalf of the attacker.
  • Ransomware locks you out of your computer or encrypts your data and demands a ransom to restore your access—but there’s no guarantee that paying the ransom would give you back your data.

All these types of malware rely on the installation of malicious files on your computer, but there is another type of malware, which is becoming increasingly common: fileless malware.

Fileless malware is not written to disk, but is written to memory (RAM). It uses the trusted software that is already installed on your computer, to create and carry out malicious activity. Because the malware isn’t saved as a file on your computer, it doesn’t leave behind any traces, making the malware harder to detect.

Fileless malware that is written to memory, stops working when your computer is rebooted but some sophisticated attacks store code deep in device firmware (such as the BIOS), or in a peripheral device (such as a USB), so that the attacks can recur even after a system reboot.

Fileless malware attacks might involve:

  • Making changes to your registry.
  • Injecting malicious code into the memory of legitimate applications.
  • Using macros, which are used in Office applications to automate tasks, to execute tasks with malicious intent.
  • Using scripts (that are normally used by system administrators) to load executable files to launch attacks without leaving a footprint.

The intentions of fileless malware are the same as file-based malware, but it is harder to spot and control. It uses trusted tools that are intended for normal day-to-day use by administrators, so it is hard to detect if these are being used for malicious purposes.