Malware is malicious software or code designed to disrupt, damage, spy on, extort from, or gain unauthorised access to computer systems, networks or user devices. The word is short for "malicious software" and covers a wide range of threats, including viruses, worms, trojans, spyware, ransomware and destructive tools.
Malware is not defined by one technical shape. It is defined by purpose and effect. A malicious attachment, a stolen browser extension, a compromised update package and a ransomware payload can all be malware if they are used to harm systems or users.
Common Types
Virus
A virus attaches itself to another file or programme and spreads when that host is opened or executed. Modern viruses are less dominant than they once were, but the term is still widely used by the public for many kinds of malware.
Worm
A worm spreads without needing a user to move an infected file manually. Worms often exploit network weaknesses or unpatched services, making them dangerous in large organisations.
Trojan
A trojan is malware disguised as something useful or harmless. It may appear to be a cracked application, a fake document, a game cheat, a support tool or a software update.
Ransomware
Ransomware blocks access to files or systems, usually by encryption, and demands payment for restoration. Modern ransomware groups may also steal data and threaten to publish it.
Spyware
Spyware collects information without proper consent. It may capture keystrokes, browser activity, screenshots, messages, credentials or financial data.
Adware and Potentially Unwanted Software
Adware displays unwanted adverts or redirects traffic. Some adware is merely intrusive, while other examples track users, change browser settings or install additional unwanted components.
Infection Routes
Malware commonly spreads through:
- Phishing emails and malicious attachments.
- Compromised websites or malicious adverts.
- Stolen credentials and remote access tools.
- Unpatched software vulnerabilities.
- Pirated software, cracked applications or fake installers.
- Infected removable media.
- Supply-chain compromise, where a trusted vendor or update channel is abused.
Impact
The impact can range from nuisance pop-ups to total business disruption. Malware can steal data, destroy files, encrypt systems, monitor users, add devices to botnets, interrupt public services or provide a foothold for later attacks.
For organisations, the damage is often wider than the infected device. Incident response, downtime, customer notification, data protection duties, recovery costs and reputational harm can all follow.
Defence
Good malware defence is layered. Useful controls include:
- Keeping operating systems, browsers and applications patched.
- Using reputable endpoint protection.
- Restricting administrator privileges.
- Enabling multi-factor authentication for important accounts.
- Filtering email and blocking dangerous attachment types.
- Training users to report suspicious messages quickly.
- Maintaining offline or otherwise protected backups.
- Testing recovery plans before an incident happens.
Backups matter because ransomware can turn a security incident into a business continuity crisis. A backup that is connected to the same network may be encrypted or deleted by the attacker, so backup design is part of security.
Detection and Response
Signs of infection can include unusual network traffic, unexpected processes, disabled security tools, unknown browser extensions, ransom notes, suspicious logins, or alerts from endpoint protection.
Response normally involves isolating affected systems, preserving evidence, identifying the entry route, removing persistence, restoring from clean backups and changing compromised credentials. In serious cases, specialist incident response support may be needed.
See Also
References
Discussion log
Use comments for sourcing notes, corrections, and disputed details.
No comments yet.