Malware | What is Malware & How to Stay Protected from Malware Attacks
What is Malware?
As software designed to interfere with a computer's normal functioning, malware is a blanket term for viruses, trojans, and other destructive computer programs threat actors use to infect systems and networks in order to gain access to sensitive information.
Malware Definition
Malware (short for “malicious software”) is a file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants. And because malware comes in so many variants, there are numerous methods to infect computer systems. Though varied in type and capabilities, malware usually has one of the following objectives:
- Provide remote control for an attacker to use an infected machine.
- Send spam from the infected machine to unsuspecting targets.
- Investigate the infected user’s local network.
- Steal sensitive data.
Types of Malware:
Malware is an inclusive term for all types of malicious software. Malware examples, malware attack definitions and methods for spreading malware include:
Adware – While some forms of adware may be considered legitimate, others make unauthorized access to computer systems and greatly disrupt users.
Botnets – Short for “robot network,” these are networks of infected computers under the control of single attacking parties using command-and-control servers. Botnets are highly versatile and adaptable, able to maintain resilience through redundant servers and by using infected computers to relay traffic. Botnets are often the armies behind today's distributed denial-of-service (DDoS) attacks.
Cryptojacking – is malicious cryptomining (the process of using computing power to verify transactions on a blockchain network and earning cryptocurrency for providing that service) that happens when cybercriminals hack into both business and personal computers, laptops, and mobile devices to install software.
Malvertising – Malvertising is a portmanteau of “malware + advertising” describing the practice of online advertising to spread malware. It typically involves injecting malicious code or malware-laden advertisements into legitimate online advertising networks and webpages.
Polymorphic malware – Any of the above types of malware with the capacity to “morph” regularly, altering the appearance of the code while retaining the algorithm within. The alteration of the surface appearance of the software subverts detection via traditional virus signatures.
Ransomware – Is a criminal business model that uses malicious software to hold valuable files, data or information for ransom. Victims of a ransomware attack may have their operations severely degraded or shut down entirely.
Remote Administration Tools (RATs) – Software that allows a remote operator to control a system. These tools were originally built for legitimate use, but are now used by threat actors. RATs enable administrative control, allowing an attacker to do almost anything on an infected computer. They are difficult to detect, as they don’t typically show up in lists of running programs or tasks, and their actions are often mistaken for the actions of legitimate programs.
Rootkits – Programs that provide privileged (root-level) access to a computer. Rootkits vary and hide themselves in the operating system.
Spyware – Malware that collects information about the usage of the infected computer and communicates it back to the attacker. The term includes botnets, adware, backdoor behavior, keyloggers, data theft and net-worms.
Trojans Malware – Malware disguised in what appears to be legitimate software. Once activated, malware Trojans will conduct whatever action they have been programmed to carry out. Unlike viruses and worms, Trojans do not replicate or reproduce through infection. “Trojan” alludes to the mythological story of Greek soldiers hidden inside a wooden horse that was given to the enemy city of Troy.
Virus Malware – Programs that copy themselves throughout a computer or network. Malware viruses piggyback on existing programs and can only be activated when a user opens the program. At their worst, viruses can corrupt or delete data, use the user’s email to spread, or erase everything on a hard disk.
Worm Malware – Self-replicating viruses that exploit security vulnerabilities to automatically spread themselves across computers and networks. Unlike many viruses, malware worms do not attach to existing programs or alter files. They typically go unnoticed until replication reaches a scale that consumes significant system resources or network bandwidth.
Types of Malware Attacks
Malware also uses a variety of methods to spread itself to other computer systems beyond an initial attack vector. Malware attack definitions can include:
- Email attachments containing malicious code can be opened, and therefore executed by unsuspecting users. If those emails are forwarded, the malware can spread even deeper into an organization, further compromising a network.
- File servers, such as those based on common Internet file system (SMB/CIFS) and network file system (NFS), can enable malware to spread quickly as users access and download infected files.
- File-sharing software can allow malware to replicate itself onto removable media and then on to computer systems and networks.
- Peer to peer (P2P) file sharing can introduce malware by sharing files as seemingly harmless as music or pictures.
- Remotely exploitable vulnerabilities can enable a hacker to access systems regardless of geographic location with little or no need for involvement by a computer user.
Learn how to use Palo Alto Networks next-generation threat prevention features and WildFire® cloud-based threat analysis service to protect your network from all types of malware, both known and unknown.
How to Prevent Malware:
A variety of security solutions are used to detect and prevent malware. These include firewalls, next-generation firewalls, network intrusion prevention systems (IPS), deep packet inspection (DPI) capabilities, unified threat management systems, antivirus and anti-spam gateways, virtual private networks, content filtering and data leak prevention systems. In order to prevent malware, all security solutions should be tested using a wide range of malware-based attacks to ensure they are working properly. A robust, up-to-date library of malware signatures must be used to ensure testing is completed against the latest attacks
The Cortex XDR agent combines multiple methods of prevention at critical phases within the attack lifecycle to halt the execution of malicious programs and stop the exploitation of legitimate applications, regardless of operating system, the endpoint’s online or offline status, and whether it is connected to an organization’s network or roaming. Because the Cortex XDR agent does not depend on signatures, it can prevent zero-day malware and unknown exploits through a combination of prevention methods.
Malware Detection:
Advanced malware analysis and detection tools exist such as firewalls, Intrusion Prevention Systems (IPS), and sandboxing solutions. Some malware types are easier to detect, such as ransomware, which makes itself known immediately upon encrypting your files. Other malware like spyware, may remain on a target system silently to allow an adversary to maintain access to the system. Regardless of the malware type or malware meaning, its detectability or the person deploying it, the intent of malware use is always malicious.
When you enable behavioral threat protection in your endpoint security policy, the Cortex XDR agent can also continuously monitor endpoint activity for malicious event chains identified by Palo Alto Networks.
Malware Removal:
Antivirus software can remove most standard infection types and many options exist for off-the-shelf solutions. Cortex XDR enables remediation on the endpoint following an alert or investigation giving administrators the option to begin a variety of mitigation steps starting with isolating endpoints by disabling all network access on compromised endpoints except for traffic to the Cortex XDR console, terminating processes to stop any running malware from continuing to perform malicious activity on the endpoint, and blocking additional executions, before quarantining malicious files and removing them from their working directories if the Cortex XDR agent has not already done so.
Malware Protection:
To protect your organization against malware, you need a holistic, enterprise-wide malware protection strategy. Commodity threats are exploits that are less sophisticated and more easily detected and prevented using a combination of antivirus, anti-spyware, and vulnerability protection features along with URL filtering and Application identification capabilities on the firewall.
For more on Malware, its variants and how you can protect your organization against it, please download one of our resources:
- What is Malware Protection?
- What are Fileless Malware Attacks and “Living off the Land”
- Ransomware Threat Report
- What is Ransomware?
- Ransomware: Common Attack Methods
- Malware vs. Exploits
- What is a Payload-based Signature?
- Cortex XDR for Detection and Response
- Threat Prevention
- WildFire Malware Analysis Engine
Malware FAQs
There are several types of malware, including:
- Viruses: Programs that attach themselves to legitimate files and spread to other files.
- Worms: Standalone programs that replicate themselves to spread to other computers.
- Trojans: Malicious software disguised as legitimate software to trick users into installing it.
- Ransomware: Malware that encrypts a user’s files and demands a ransom for the decryption key.
- Spyware: Software that secretly monitors and collects user information.
- Adware: Software that automatically displays or downloads unwanted advertisements.
- Rootkits: Programs designed to gain unauthorized root or administrative access to a system.
- Keyloggers: Software that records keystrokes to steal sensitive information.
Malware spreads through various methods, including:
- Email attachments or links in phishing emails.
- Infected websites or advertisements (malvertising).
- Downloading software from untrusted or compromised sources.
- Removable media like USB drives.
- Exploiting vulnerabilities in software or operating systems.
- Peer-to-peer file sharing networks.
- Social engineering techniques that trick users into executing malicious files.
Common signs of a malware infection include:
- Slow computer performance.
- Unexpected pop-up ads.
- Programs crashing or failing to start.
- Unusual network activity.
- Unauthorized changes to system settings.
- Files or data becoming inaccessible or encrypted.
- Increased CPU or memory usage.
- Unauthorized user accounts or processes running.
Organizations can protect themselves from malware by implementing several security measures:
- Using up-to-date antivirus and anti-malware software.
- Regularly patching and updating software and operating systems.
- Educating employees about phishing and safe internet practices.
- Implementing firewalls and intrusion detection/prevention systems.
- Conducting regular security audits and assessments.
- Backing up data regularly and ensuring backups are secure.
- Restricting administrative privileges to minimize the impact of a malware infection.
If your computer is infected with malware, you should:
- Disconnect from the internet to prevent further damage or data exfiltration.
- Run a full system scan using reliable antivirus or anti-malware software.
- Remove or quarantine the detected malware.
- Change all passwords, especially for sensitive accounts.
- Restore affected files from a clean backup.
- Update all software and operating systems to close vulnerabilities.
- Monitor for any signs of continued infection or unusual activity.