MALWARE

BRYAN S. TRINIDAD
WHAT IS MALWARE
• Malware, short for malicious software, refers to
any intrusive software developed by
cybercriminals (often called hackers) to steal
data and damage or destroy computers and
computer systems. Examples of common
malware include viruses, worms, Trojan viruses,
spyware, adware, and ransomware.
WHAT IS THE INTENT OF
MALWARE?
•Malware is developed as harmful software
that invades or corrupts your computer
network. The goal of malware is to cause
havoc and steal information or resources for
monetary gain or sheer sabotage intent.
 WHAT IS THE INTENT OF
MALWARE?
• Intelligence and intrusion
• Exfiltrates data such as emails, plans, and
especially sensitive information like passwords.
• Disruption and extortion
• Locks up networks and PCs, making them
unusable. If it holds your computer hostage for
financial gain, it's called ransomware.
WHAT IS THE INTENT OF
MALWARE?
• Destruction or vandalism
• Destroys computer systems to damage your network
infrastructure.
• Steal computer resources
• Uses your computing power to run botnets, crypto mining
programs (cryptojacking), or send spam emails.
• Monetary gain
• Sells your organization's intellectual property on the dark
web.
HOW DO MALWARE INFECTIONS HAPPEN?
• Removable drives. Malicious programs can be delivered to a system with a USB
drive or external hard drive. For example, malware can be automatically installed
when an infected removable drive connects to a PC.
• Infected websites. Malware can find its way into a device through popular
collaboration tools and drive-by downloads, which automatically download
programs from malicious websites to systems without the user's approval or
knowledge.
• Phishing attacks. Phishing attacks use phishing emails disguised as legitimate
messages containing malicious links or attachments to deliver the malware
executable file to unsuspecting users. Sophisticated malware attacks often use a
command-and-control server that lets threat actors communicate with the infected
systems, exfiltrate sensitive data and even remotely control the compromised
device or server.
HOW DO MALWARE INFECTIONS HAPPEN?
• Obfuscation techniques. Emerging strains of malware include new
evasion and obfuscation techniques designed to fool users, security
administrators and antimalware products. Some of these evasion
techniques rely on simple tactics, such as using web proxies to hide
malicious traffic or source Internet Protocol (IP) addresses. More
sophisticated cyberthreats include polymorphic malware that can
repeatedly change its underlying code to avoid detection from
signature-based detection tools; anti-sandbox techniques that enable
malware to detect when it's being analyzed and to delay execution
until after it leaves the sandbox; and fileless malware that resides only
in the system's RAM to avoid being discovered.
HOW DO MALWARE INFECTIONS HAPPEN?
• Software from third-party websites. There are instances
where malware can be downloaded and installed on a system
concurrently with other programs or apps. Typically, software
from third-party websites or files shared over peer-to-peer
networks falls under this category. For example, a computer
running a Microsoft operating system (OS) might end up
unknowingly installing software that Microsoft would deem as
a potentially unwanted program (PUP). However, by checking
a box during the installation, users can avoid installing
unwanted software.
TYPES OF MALWARE
• Virus. A virus is the most common type of malware that can
execute itself and spread by infecting other programs or files.
• Worm. A worm can self-replicate without a host program and
typically spreads without any interaction from the malware
authors.
• Trojan horse. A Trojan horse is designed to appear as a
legitimate software program to gain access to a system.
Once activated following installation, Trojans can execute
their malicious functions.
TYPES OF MALWARE
• Spyware. Spyware collects information and data on the device
and user, as well as observes the user's activity without their
knowledge.
• Ransomware. Ransomware infects a user's system and encrypts
its data. Cybercriminals then demand a ransom payment from the
victim in exchange for decrypting the system's data.
• Rootkit. A rootkit obtains administrator-level access to the victim's
system. Once installed, the program gives threat actors root or
privileged access to the system.
TYPES OF MALWARE
• Backdoor virus. A backdoor virus or remote access Trojan (RAT)
secretly creates a backdoor into an infected computer system that lets
threat actors remotely access it without alerting the user or the system's
security programs.
• Adware. Adware tracks a user's browser and download history with the
intent to display pop-up or banner advertisements that lure the user into
making a purchase. For example, an advertiser might use cookies to
track the webpages a user visits to better target advertising.
• Keyloggers. Keyloggers, also called system monitors, track nearly
everything a user does on their computer. This includes writing emails,
opening webpages, accessing computer programs and typing keystrokes.
TYPES OF MALWARE
• Logic bombs. This type of malicious malware is designed to
cause harm and typically gets inserted into a system once
specific conditions are met. Logic bombs stay dormant and are
triggered when a certain event or condition is met, such as
when a user takes a specific action on a certain date or time.
• Exploits. Computer exploits take advantage of existing
vulnerabilities, flaws or weaknesses in a system's hardware or
software. Instead of depending on social engineering tactics to
execute, they exploit technical vulnerabilities to gain
unauthorized access and perform other malicious activities
such as executing arbitrary code inside a system.
HOW TO DETECT MALWARE
• A sudden loss of disk space. antivirus software.

• Unusually slow computer or device speeds. • Changes in file names and sizes.

• A blue screen of death. • Pop-up advertisements.

• Repeated system crashes or freezes. • Programs opening and closing by

themselves.
• Changed browser settings and redirects.

• Increase in unwanted internet activity.

• Disabled security features in firewalls and

Antivirus and antimalware software can be installed on a device to

detect and remove malware. These tools can provide real-time
protection through constant scanning or detect and remove malware by
executing routine system scans.