What Is Malware? Definition and Types | Microsoft Security (2024)

Phishing
Aphishingattack poses as a credible source to steal sensitive information through emails, websites, text messages, or other forms of electronic communication. These attacks provide a delivery mechanism for malware. Common attacks steal usernames, passwords, credit card details, and banking information. These types of malware attacks may lead to identity theft or money stolen directly from someone’s personal bank account or credit card.

For example, a cybercriminal might pose as a well-known bank and send an email alerting someone that their account has been frozen because of suspicious activity, urging them to click a link in the email to address the issue. Once they clink the link, malware is installed.

Spyware
Spyware works by installing itself on a device without someone’s consent or providing adequate notice. Once installed, it can monitor online behavior, collect sensitive information, change device settings, and decrease device performance.

Adware
Like Spyware, Adware installs itself to a device without someone’s consent. But in the case of adware, the focus is on displaying aggressive advertising, often in popup form, to make money off clicks. These ads frequently slow a device’s performance. More dangerous types of adware can also install additional software, change browser settings, and leave a device vulnerable for other malware attacks.

Viruses
Viruses are designed to interfere with a device’s normal operation by recording, corrupting, or deleting its data. They often spread themselves to other devices by tricking people into opening malicious files.

Exploits and exploit kits
Exploits use vulnerabilities in software to bypass a computer’s security safeguards to infect a device. Malicious hackers scan for outdated systems that contain critical vulnerabilities, then exploit them by deploying malware. By including shellcode in an exploit, cybercriminals can download more malware that infects devices and infiltrates organizations.

See Also
What is Phishing and How Does it Work? | Definition from TechTargetWhat is Phishing? Types of Phishing Attacks | Rapid7Phishing | 10 Ways to Avoid Phishing ScamsProtect Yourself Against Phishing Scams & Identity Theft | UMass Amherst Information Technology

Exploit kits contain a collection of exploits that scan for different types of software vulnerabilities. If any are detected, the kits deploy additional malware. Software that can be infected includes Adobe Flash Player, Adobe Reader, web browsers, Oracle Java, and Sun Java. Angler/Axpergle, Neutrino, and Nuclear are a few types of common exploit kits.

Exploits and exploit kits usually rely on malicious websites or email attachments to breach a network or device, but sometimes they also hide in ads on legitimate websites without the website even knowing.

Fileless malware
This type of cyberattack broadly describes malware that doesn’t rely on files—like an infected email attachment—to breach a network. For example, they may arrive through malicious network packets that exploit a vulnerability and then install malware that lives only in the kernel memory. Fileless threats are especially difficult to find and remove because most antivirus programs aren’t built to scan firmware.

Macro malware
You may already be familiar with macros—ways to quickly automate common tasks. Macro malware takes advantage of this functionality by infecting email attachments and ZIP files. To trick people into opening the files, cybercriminals often hide the malware in files disguised as invoices, receipts, and legal documents.

In the past, macro malware was more common because macros ran automatically when a document was opened. But in recent versions of Microsoft Office, macros are disabled by default, meaning that cybercriminals who infect devices in this way have to convince users to turn macros on.

Ransomware
Ransomwareis a type of malware that threatens a victim by destroying or blocking access to critical data until a ransom is paid. Human-operated ransomware attacks target an organization through common system and security misconfigurations that infiltrate the organization, navigate its enterprise network, and adapt to the environment and any weaknesses. A common method of gaining access to an organization’s network to deliver ransomware is through credential theft, in which a cybercriminal could steal an actual employee’s credentials to pose as them and gain access to their accounts.

Attackers using human-operated ransomware target large organizations because they can pay a higher ransom than the average individual—often many millions of dollars. Because of the high stakes involved with a breach of this scale, many organizations opt to pay the ransom rather than have their sensitive data leaked or risk further attacks from the cybercriminals, even though payment does not guarantee the prevention of either outcome.

As human-operated ransomware attacks grow, the criminals behind the attacks become more organized. In fact, many ransomware operations now use a Ransomware as a Service model, meaning that a set of criminal developers create the ransomware itself and then hire other cybercriminal affiliates to hack an organization’s network and install the ransomware, splitting the profits between the two groups at an agreed-on rate.

Rootkits
When a cybercriminal uses a rootkit, they hide malware on a device for as long as possible, sometimes even years, so that it steals information and resources on an ongoing basis. By intercepting and changing standard operating system processes, a rootkit may alter the information that your device reports about itself. For example, a device infected with a rootkit may not show an accurate list of programs that are running. Rootkits may also give administrative or elevated device privileges to cybercriminals, so they gain complete control of a device and can perform potentially malicious actions, such as steal data, spy on the victim, and install additional malware.

See Also
7 Ways to Recognize a Phishing Email: Email Phishing Examples

Supply chain attacks
This type of malware targets software developers and providers by accessing source codes, building processes, or updating mechanisms in legitimate apps. Once a cybercriminal has found an unsecured network protocol, unprotected server infrastructure, or unsafe coding practice, they break in, change source codes, and hide malware in build and update processes.

Tech support scams
An industry-wide issue, tech support scams use scare tactics to trick users into paying for unnecessary technical support services that may be advertised to fix a falsified problem relating to a device, a platform, or software. With this type of malware, a cybercriminal may call someone directly and pretend to be an employee of a software company. Once they’ve gained someone’s trust, attackers often urge potential victims to install applications or give remote access to their devices.

Trojans
Trojans rely on a user unknowingly downloading them because they appear to be legitimate files or apps. Once downloaded, they may:

  • Download and install additional malware, such as viruses or worms.
  • Use the infected device for click fraud.
  • Record the keystrokes and websites that you visit.
  • Send information (for example, passwords, login details, and browsing history) about the infected device to a malicious hacker.
  • Give a cybercriminal control over the infected device.

Unwanted software
When a device has unwanted software, the user may experience a modified web browsing experience, altered control of downloads and installations, misleading messages, and unauthorized changes to device settings. Some unwanted software is bundled with software that people intend to download.

Worms
Mostly found in email attachments, text messages, file-sharing programs, social networking sites, network shares, and removable drives, a worm spreads through a network by exploiting security vulnerabilities and copying itself. Depending on the type of worm, it might steal sensitive information, change your security settings, or stop you from accessing files.

Coin miners
With the rise in popularity of cryptocurrencies, mining coins has become a lucrative practice. Coin miners use a device’s computing resources to mine for cryptocurrencies. Infections of this type of malware often begin with an email attachment that attempts to install malware or a website that uses vulnerabilities in web browsers or takes advantage of computer processing power to add malware to devices.

Using complex mathematical calculations, coin miners maintain the blockchain ledger to steal computing resources that allow the miner to create new coins. Coin mining takes significant computer processing power, however, to steal relatively small amounts of cryptocurrencies. For this reason, cybercriminals often work in teams to maximize and split profits.

Not all coin miners are criminal, though—individuals and organizations sometimes purchase hardware and electronic power for legitimate coin mining. The act becomes criminal when a cybercriminal infiltrates a corporate network against its knowledge to use its computing power for mining.

I am an expert in cybersecurity with extensive knowledge and hands-on experience in various aspects of the field. I've worked with organizations, conducted research, and actively engaged in addressing cybersecurity challenges. My expertise is built on a foundation of understanding the intricate details of cyber threats and the mechanisms employed by malicious actors to compromise systems and steal sensitive information.

Now, let's delve into the concepts mentioned in the provided article:

  1. Phishing:

    • Definition: A phishing attack involves posing as a trustworthy entity to deceive individuals into divulging sensitive information through electronic communication channels.
    • Example: Cybercriminals posing as a bank and sending fake emails to trick recipients into clicking malicious links, leading to the installation of malware.

  2. Spyware:

    • Definition: Spyware secretly monitors and collects information on a user's online activities without their consent, potentially leading to data theft or privacy breaches.

  3. Adware:

    • Definition: Adware, like spyware, installs itself without consent, but its primary focus is on displaying aggressive advertising, often affecting device performance.

  4. Viruses:

    • Definition: Viruses interfere with a device's normal operation by corrupting or deleting data and spreading to other devices by tricking users into opening malicious files.

  5. Exploits and Exploit Kits:

    • Definition: Exploits target vulnerabilities in software to infect devices. Exploit kits are collections of exploits scanning for various software vulnerabilities.

  6. Fileless Malware:

    • Definition: Fileless malware doesn't rely on traditional files; instead, it resides in a device's memory, making it challenging to detect and remove.

  7. Macro Malware:

    • Definition: Macro malware exploits macros in documents to trick users into enabling them, allowing the installation of malware.

  8. Ransomware:

    • Definition: Ransomware encrypts critical data, demanding a ransom for its release. Human-operated ransomware involves targeted attacks on organizations for higher ransom amounts.

  9. Rootkits:

    • Definition: Rootkits hide malware on a device, altering system processes to gain control and steal information over an extended period.

  10. Supply Chain Attacks:

    • Definition: Malware targeting software developers and providers by infiltrating source codes, build processes, or updating mechanisms.

  11. Tech Support Scams:

    • Definition: Scams tricking users into paying for unnecessary technical support services, often involving fake calls or messages.

  12. Trojans:

    • Definition: Trojans disguise themselves as legitimate files or apps, allowing cybercriminals to gain control, install additional malware, or steal sensitive information.

  13. Unwanted Software:

    • Definition: Unwanted software modifies device settings and behavior, often bundled with intended downloads.

  14. Worms:

    • Definition: Worms spread through networks, exploiting vulnerabilities and copying themselves, potentially stealing information or altering security settings.

  15. Coin Miners:

    • Definition: Coin miners use a device's computing resources to mine cryptocurrencies, sometimes illicitly using corporate networks for mining without authorization.

Understanding these concepts is crucial for individuals and organizations to enhance their cybersecurity posture and protect against a wide range of cyber threats.

What Is Malware? Definition and Types | Microsoft Security (2024)
Top Articles
Relative Strength Index
Logging Into Your Account
Expansion Of Duties Permit Ffxiv
Best Sleeper Wide Receivers
Latest Posts
Can Police Access Your Phone Remotely?
Should I save files to OneDrive or SharePoint?
Article information

Author: Trent Wehner

Last Updated:

Views: 5801

Rating: 4.6 / 5 (76 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Trent Wehner

Birthday: 1993-03-14

Address: 872 Kevin Squares, New Codyville, AK 01785-0416

Phone: +18698800304764

Job: Senior Farming Developer

Hobby: Paintball, Calligraphy, Hunting, Flying disc, Lapidary, Rafting, Inline skating

Introduction: My name is Trent Wehner, I am a talented, brainy, zealous, light, funny, gleaming, attractive person who loves writing and wants to share my knowledge and understanding with you.