Malware Types and How to Detect Them 

Malware preys on so many facets of modern life and times, from remote work to back-to-school shopping to geopolitical relations. And it continues to spread. By one account, attempted cyberattacks using malware increased 11% in the first half of 2022 compared to the same time last year.[1]

As its name implies, malware is the evil twin of legitimate software, slipping into networks posing as harmless code inside other programs, hiding in attachments to email or abusing other digital communications and assets. Once inside the network, it proceeds to do its intended business, whether crashing a system, stealing credentials, or encrypting data to hold for ransom. Cybercriminals often combine multiple types of attacks to achieve their ends as they constantly refine their tactics.

Likewise, security professionals employ multiple tactics to defend against malware — from threat detection to security awareness training — and security vendors like Mimecast continue to innovate anti-malware tools to make them more effective and easier to use. 

10 Common Types of Malware 

The kinds of malware used in attacks are only limited by the imagination of cybercriminals who continually improve on their designs and combine different types of malware to get around defenses. Most malware falls into one or more of several categories, including: 

• Worms: As malicious code that replicates itself, jumping from user to user, the worm is a hallmark of some denial of service attacks, where the contagion eventually crashes the target network. 
• Trojans: Like the proverbial horse, these are seemingly harmless links or downloads that come bearing malicious code. They are a key ingredient in many phishing attacks. 
• Spyware: Spies and fraudsters can help themselves to a jackpot of information and credentials thanks to these bits of malware. Spyware can capture screen images or copy user session activity and report it back to the attackers. 
• Keyloggers: This kind of spyware lets the attackers virtually look over the user’s shoulder and see every keystroke. 
• Rootkits: These programs run code that gives fraudsters control of the victim’s computer, a useful tool for impersonation attacks and for cryptojacking, where a computer is hijacked to mine cryptocurrency. 
• Ransomware: One of the most popular and profitable types of malware, this malicious code encrypts data so the legitimate user can’t access it. The fraudster holds the data for ransom, extorting payment in exchange for the encryption key. And/or, the attacker may extract sensitive information and threaten to sell or publish it. 
• Wipers: As the name implies, these viruses wipe the slate clean, deleting data so it can’t be recovered. Wipers are weapons for both extortion and cyber sabotage.  
• Fileless malware: Here, malicious code typically piggybacks on legitimate software and applications. Because no files are written to a device’s disk, this kind of malware is tough to spot. 
• Botnets: Bots are in use for any number of applications, and fraudsters have adopted them too, using bots to test defenses, looking for weak spots to attack. These malicious bots can automate the task of hacking into a system.
• Adware: If your device suddenly becomes a non-stop server of popup ads, adware may be the reason. It is not necessarily cybercrime, but it slows down networks and makes users vulnerable to other malware and viruses. 

Real-World Examples of Malware Attacks    

Malware has facilitated many of the largest and most devastating cyberattacks. Despite constant efforts to defend against malware and the proliferation of tools to screen and protect against it, it remains front and center in many recent incidents: 

• A major garment manufacturer reported in mid-2022 it had suffered a ransomware attack that caused $100 million in lost sales when it couldn’t fulfill orders for three weeks during the key back-to-school season.[2] The company never disclosed how it was attacked or if it paid a ransom, but reported profits were hit to the tune of $35 million for that quarter. 
• Trojans were blamed for a spate of cyberattacks on Taiwanese organizations in the days leading to a visit by House Speaker Nancy Pelosi. [3] The Taiwanese government said Chinese state-sponsored hackers were suspected in the attacks, which affected government websites and changed digital displays in convenience stores and train stations to flash negative messages about the visit.
• Ukrainian infrastructure faced multiple cyberattacks using wiper malware in the early stages of the Russian invasion, including an attack that tried to shut down the country’s power grid.[4]

How to Detect Malware          

The first case of malware was a 1971 worm called Creeper that moved across ARPANET, the Internet’s ancestor, displaying a message: “I’m the Creeper, catch me if you can.”[5] It was followed shortly by Reaper, the first antivirus program, meant to catch it and delete it. [6] The cat-and-mouse game has been on ever since. Malware is often hard to spot, but telltale signs can include: 

• Slowdowns: Some malware will overwhelm the processors of the device it’s infected, causing it to run slow, freeze, or crash. 
• “Out of memory” warnings: If a device suddenly warns that it can’t perform certain functions, a malware program may be running in the background, taxing its memory. 
• No storage: A sudden space crunch in a hard drive may be the result of a malware program or stolen data taking up space. 
• A plague of pop-ups: An adware infection could be behind this. 
• Unwanted email: Beyond the usual spam, a sudden surge of automatic out of office replies and blocked email warnings could be a sign that malware has taken control of an email box. 

Any user who experiences one or more of these should know to report it to IT immediately, before the malware has a chance to spread, as it is designed to do. 

Protect Against Malware

Much like fraudsters employ multiple tactics to plant malware in networks, defenders need to deploy multiple protections to guard against them. A combination of awareness training, threat detection, and remediation must be deployed to head off ever-evolving threats. But in an environment where IT and information security staff are scarce and often outnumbered by the bad guys, protections should be easy to install and maintain without causing an additional burden. 

Email security services use detection engines and threat intelligence to stop malware and other threats from entering company networks in the guise of business communications. Techniques include spam filters and services that scan links in all incoming email to identify potentially dangerous URLs to prevent users from accessing them. 

The Bottom Line

Malware, like the flu, is a fast-spreading and changing contagion that organizations are learning to live with and fight. Email security tools can help shield systems against infection, but defenders must be on guard at all times and continually improve their defenses against this evolving threat. Learn more about stopping malware with Mimecast.

[1] “Cyber Threat Report,” Sonic Wall 

[2] “Ransomware attack costs HanesBrands $100 million in net sales,” Axios

[3] “From 7-11s to train stations, cyberattacks plague Taiwan over Pelosi visit,” Reuters

[4] “Ukrainian power grid 'lucky' to withstand Russian cyberattack,” BBC.com

[5] “The Evolution of Viruses and Worms,” Thomas Chen and Jena-Marc Robert

[6] “Creeper and Reaper,” Core War