There are many different types of malware in existence and unfortunately the number is increasing year-on-year. According to a report by software company Symantec there were almost 670 million malware variants in 2017, with researchers estimating this has risen to more than 1 billion malware programs today.
While the presence of so many malware variants sounds daunting, they are broadly grouped into the nine main categories we describe below. But first let’s take a look at what the term ‘malware’ refers to specifically.
What is malware?
‘Malware’ is short for ‘malicious software’, and it encompasses all software created specifically to harm or exploit vulnerabilities in computer systems. It includes viruses, trojans, ransomware and spyware, each affecting computer systems in different ways.
It is an ever-evolving threat, with hackers continually adapting the software to bypass detection and cyber security programs. Aside from the disruption it causes, malware has a huge financial cost, with the FBI’s Internet Crime Report for 2021 estimating that potential losses from cyber crimes are costing around US$6.9bn a year in the US alone.
Let’s dive into the most common types of malware and how they have impacted the world.
The most well-known type of malware, viruses are self-replicating programs that attach themselves to files or applications and spread across systems when these are executed. They can corrupt or delete data, modify system settings, or even render the infected system inoperable. Fun fact: the first computer virus was created in 1971 as a security test to see if a self-replicating program was possible.
Melissa, the first widespread virus
The Melissa virus released in 1999 became the fastest-spreading virus the world had seen at the time, disrupting the email servers of more than 300 major organizations worldwide. It spread in online forums, via a Microsoft Word document alleging to contain free login details for adult websites. The document ran a malicious code when opened, spreading the Melissa virus to the first 50 contacts in the user’s address book and then repeating the process again each time it was accessed.
Around one million email accounts were disrupted, and the cleanup of infected devices cost at least $80 million. After Melissa, companies began to take cyber security seriously, but it also set a precedent for future threats.
Worms are standalone programs that replicate themselves to spread across networks and systems, but unlike viruses they don’t require a user interaction or a host file. Instead they exploit security vulnerabilities and can send copies of themselves over the network. They are typically used to steal sensitive information and corrupt files, causing network congestion by using large amounts of memory and bandwidth.
MyDoom, the indestructible worm
Much like Melissa five years previously, when MyDoom emerged in 2004 it quickly became the most destructive malware of all time, even taking down Google. It spread by scraping email addresses and sending itself to people’s contacts. MyDoom installed a ‘backdoor’ on infected systems, enabling malicious actors to remotely control compromised computers in order to launch further attacks and distribute spam emails. It is still active today, with experts estimating that as recently as 2019 around 1 percent of all emails containing malware attachments were infected with it.
Trojans appear to be legitimate software programs, but contain malicious code. Named after the Trojan horse from Greek mythology (the wooden horse where Greek soldiers hid to enter the city of Troy), they are used to steal sensitive information, provide unauthorized remote access to devices and systems, and to download other forms of malware.
Zeus, the most successful Trojan in cyber security history
Zeus is widely regarded as the most successful Trojan malware in the world, affecting millions of machines, primarily for the purpose of stealing financial data. It first appeared in 2007, infecting computers running Microsoft Windows but newer versions target Android devices too. It spreads through phishing emails and corrupted websites that download the malware onto the target device. Over the years Bank of America, NASA, Oracle and Amazon have fallen victim to Zeus.
Ransomware is a type of malware that encrypts or blocks access to files so users are unable to access them until a ransom is paid to the hacker. Ransomware can infiltrate a device through phishing emails, malicious downloads or software vulnerabilities.
After the files are encrypted or the system is locked, the ransomware displays a message giving instructions for paying the ransom (usually in cryptocurrency to make it difficult to trace), however paying this doesn’t always guarantee that the attacker will provide the decryption key or unlock the files.
WannaCry, the worm that shook the UK’s healthcare system
Ransomware attacks have become increasingly prevalent and damaging in recent years. Perhaps the best-known attack was the ‘WannaCry’ attack, which affected organizations in more than 70 countries in 2017. Hackers used a worm to encrypt data belonging to the UK’s National Health Service (NHS), FedEx, the Ministry of Internal Affairs of the Russian Federation, Renault, Hitachi and 02.
Although the attack only lasted a few hours until a kill switch was discovered that could halt it, it was particularly damaging to the NHS. Up to 70,000 devices including MRI scanners and theatre equipment were affected and a number of ambulances had to be diverted.
Spyware is designed to monitor a user’s activities without their consent. It can capture everything from browsing habits and personal data to keystrokes (known as keylogging malware) and screenshots.
While we typically associate spyware with surveillance programs deployed by government agencies, this type of malware includes software used by advertisers to track user behavior and create targeted marketing campaigns (see adware below); cybercriminals who want to steal login credentials and financial information; and software used by individuals to spy on partners or family members without their knowledge.
Pegasus, the spyware used to hack journalists’ phones
A type of spyware called ‘Pegasus’ made headlines in 2021 when it was revealed that it was being used to track the activity of investigative journalists, activists and politicians.
It was developed by cyber-arms company NSO Group to target mobile phones with highly sophisticated ‘zero-click’ software, meaning that it can install itself without a user having to do anything (in some cases by placing a WhatsApp call to a compromised number, even if no one replies). It has the ability to read texts and emails, monitor app usage, track location data, and access a device’s microphone and camera.
Adware, short for advertising-supported software, is primarily focused on displaying unwanted adverts to generate revenue. Adware is not always malicious as many companies use it to collect data in order to target users with ads, however some adware creates pop-up windows that direct users to infected pages that can put your device at risk of viruses. Adware can also use up a lot of data and slow down system performance.
Fireball, the adware that hijacks web browsers
In 2017, a particularly vicious type of adware called Fireball emerged, infecting more than 250 million computers around the world. The malware took over browsers and replaced default search engines with fake versions, which would collect personal data and install plug-ins to boost its ad revenue.
Botnets (a composite of ‘robots’ and ‘networks’) are networks of compromised computers or devices that are controlled by a central server and automated to perform malicious activities. These include spreading spam emails, mining and stealing cryptocurrencies, and denial-of-service (DDoS) attacks designed to overwhelm a website or server.
Kraken, the botnet evading detection
In 2008, a botnet capable of changing its code base so it could avoid detection by anti-malware programs emerged. Called ‘Kraken’, it spread quickly — it is estimated that at one point it had infected around 10 percent of all Fortune 500 companies, sending up to 600,000 spam emails a day.
Rootkits are a kind of malware created to gain control over a computer or network. They can come in the form of a single piece of software or a collection of tools designed to create backdoor access into systems, allowing hackers to steal data and perform other illicit activities. Rootkits are usually installed by clicking on an infected file or through a vulnerability, such as an operating system that has not been updated.
ZeroAccess, falsifying search engine results
ZeroAccess first emerged in 2011 and it is believed to have affected more than nine million systems since. Once ZeroAccess has taken over a device or system, it downloads other malware to fulfil its aims, which are primarily cryptocurrency mining and click fraud, which it does by manipulating search engine results.
9. Wiper malware
As its name suggests, the purpose of wiper malware is to permanently delete the contents of the computer or hard drive it infects. It usually targets databases, critical files and even whole operating systems, overwriting the data with random characters or deleting or formatting files. It is often used in corporate or state sabotage.
Shamoon, a weapon of cyber warfare
A good example of this is the Shamoon wiper malware, which in 2012 destroyed 30,000 computer systems belonging to oil company Saudi Aramco. A group of hackers calling themselves ‘Cutting Sword of Justice’ claimed responsibility for the attack, saying they were acting against the Saudi government who are the majority owners of the company.