Many different types of malware exist; unfortunately, the number is increasing yearly. According to a report by software company Symantec, there were almost 670 million malware variants in 2017, with researchers estimating this has risen to more than 1 billion malware programs today.
While the presence of so many malware variants sounds daunting, they are broadly grouped into the nine main categories described below. But first, let’s look at what the term ‘malware’ refers to specifically.
What is malware?
‘Malware’ is short for ‘malicious software,’ it encompasses all software explicitly created to harm or exploit vulnerabilities in computer systems. It includes viruses, trojans, ransomware, and spyware, each affecting computer systems differently.
It is an ever-evolving threat, with hackers continually adapting the software to bypass detection and cyber security programs. Aside from the disruption it causes, malware has a substantial financial cost, with the FBI’s Internet Crime Report 2021 estimating that potential losses from cyber crimes cost around US$6.9bn a year in the US alone.
Let’s dive into the most common types of malware and how they have impacted the world.
The most well-known type of malware, viruses, are self-replicating programs that attach themselves to files or applications and spread across systems when these are executed. They can corrupt or delete data, modify system settings, or render the infected system inoperable. Fun fact: the first computer virus was created in 1971 as a security test to see if a self-replicating program was possible.
Worms are standalone programs that replicate themselves to spread across networks and systems, but unlike viruses, they don’t require user interaction or a host file. Instead, they exploit security vulnerabilities and can send copies of themselves over the network. They are typically used to steal sensitive information and corrupt files, causing network congestion using large amounts of memory and bandwidth.
Trojans appear to be legitimate software programs but contain malicious code. Named after the Trojan horse from Greek mythology (the wooden horse where Greek soldiers hid to enter the city of Troy), they are used to steal sensitive information, provide unauthorized remote access to devices and systems, and download other malware.
Ransomware is malware that encrypts or blocks access to files so users cannot access them until a ransom is paid to the hacker. Ransomware can infiltrate a device through phishing emails, malicious downloads, or software vulnerabilities.
After the files are encrypted or the system is locked, the ransomware displays a message giving instructions for paying the ransom (usually in cryptocurrency to make it difficult to trace); however, paying this doesn’t always guarantee that the attacker will provide the decryption key or unlock the files.
Spyware is designed to monitor a user’s activities without their consent. It can capture everything from browsing habits and personal data to keystrokes (known as keylogging malware) and screenshots.
While we typically associate spyware with surveillance programs deployed by government agencies, this type of malware includes software used by advertisers to track user behavior and create targeted marketing campaigns (see adware below), cybercriminals who want to steal login credentials and financial information, and software used by individuals to spy on partners or family members without their knowledge.
Adware, short for advertising-supported software, primarily displays unwanted adverts to generate revenue. Adware is not always malicious, as many companies use it to collect data to target users with ads. However, some adware creates pop-up windows that direct users to infected pages that can put your device at risk of viruses. Adware can also use up much data and slow down system performance.
Botnets (a composite of ‘robots’ and ‘networks’) are compromised computers or devices controlled by a central server and automated to perform malicious activities. These include spreading spam emails, mining and stealing cryptocurrencies, and denial-of-service (DDoS) attacks designed to overwhelm a website or server.
Rootkits are a kind of malware created to gain control over a computer or network. They can come as a single piece of software or a collection of tools designed to make backdoor access into systems, allowing hackers to steal data and perform other illicit activities. Rootkits are usually installed by clicking on an infected file or through a vulnerability, such as an operating system that has not been updated.
As its name suggests, the purpose of wiper malware is to permanently delete the contents of the computer or hard drive it infects. It usually targets databases, critical files, and whole operating systems, overwriting the data with random characters or deleting or formatting files. It is often used in corporate or state sabotage.