Malware

Malware is a type of harmful software created to cause trouble for computers, servers, or networks. It can leak private information, take control of systems without permission, or stop people from using their devices normally. There are many kinds of malware, such as computer viruses, worms, and ransomware.

Malware is a big problem for people and businesses online. The number of different malware types grew quickly over the years, and it can cost a lot of money to fix the damage it causes. Sometimes, malware is even used to target important systems like electricity networks.

To stay safe from malware, it's important to use antivirus software, keep systems updated, and make backups of important files. These steps help protect computers and keep information safe.

History

Main article: History of computer viruses

For a chronological guide, see Timeline of computer viruses and worms.

The idea of a computer program that can copy itself dates back to early theories about how complicated machines work. A scientist named John von Neumann showed that such a program was possible. Later, a researcher named Fred Cohen tested computer viruses and learned more about how they work.

Before the Internet was common, viruses spread by hiding in programs or special parts of old computer disks called floppy disks. When someone used an infected program or turned on a computer with an infected disk, the virus would start running too. One of the first known viruses, called (c)Brain, was created in 1986.

Today, malware is used to steal important information, and it can spread through many ways, including emails and everyday devices like toys or lights that connect to computers.

Purposes

Since many people started using the Internet widely, harmful software has often been made to make money. Since 2003, most viruses and worms have been created to take control of people's computers for wrong purposes. These infected computers, called "zombie computers," can be used to send unwanted messages, store illegal data, or attack websites to stop them from working. Such software is also used to target government or company websites to steal important information or stop them from working. It can also be used to get personal details from individuals, like passwords or bank information.

Besides being used for crime, harmful software has also been used to cause damage for political reasons. One famous example is Stuxnet, which was made to disrupt certain industrial systems. Sometimes, these attacks can affect many networks at once, deleting files and damaging important parts of computers. Notable examples include an attack on Sony Pictures Entertainment in November 2014, and another on Saudi Aramco in August 2012.

In 2024, someone who controlled many infected computers was caught for doing this for profit.

Types

Malware is software designed to harm computers or cause trouble. It can do many different things, like stealing information, slowing down the computer, or locking files until money is paid.

Malware

Virus

Main article: Computer virus

A computer virus is hidden inside another program and makes copies of itself. It can damage data or files when it spreads.

Worm

A worm spreads itself over networks to infect other computers without needing a user to run anything.

Rootkits

Main article: Rootkit

Rootkits hide harmful software on a computer by changing the operating system. This makes the harmful software hard to find.

Backdoors

Main article: Backdoor (computing)

A backdoor lets someone access a computer without permission, often using another type of malware to get in.

Trojan horse

Main article: Trojan Horse (Computing)

A Trojan horse looks like a normal program but has hidden harmful functions. It can steal information or slow down the computer.

Droppers

Main article: Dropper (malware)

Droppers are a type of Trojan that download more harmful software to the computer.

Ransomware

Main article: Ransomware

Ransomware locks a computer or files until a payment is made. Some types also hide (encrypt) the files.

Click fraud

Some malware makes it look like a user clicked on ads to earn money from advertisers.

Grayware

See also: Privacy-invasive software and Potentially unwanted program

Grayware includes unwanted programs that can slow down a computer or cause security problems but aren’t clearly harmful enough to be called malware. Examples include programs that show extra ads or track what you do online.

Potentially unwanted program

Potentially unwanted programs (PUPs) are apps that users might not want, even if they downloaded them on purpose.

Adware

Some adware turns off protection programs; fixes exist to solve this.

Spyware

Programs that watch what you do online, show extra ads, or change where money goes are called spyware. They don’t spread like viruses but are often hidden in other software.

Detection

Antivirus software uses two main ways to find harmful programs: looking at the code and watching how the program behaves. By studying the code, it can create a pattern to recognize known harmful programs. However, this doesn't help with new, unknown programs. To catch those, antivirus software watches how the program runs and stops it if it does something unusual.

Harmful programs try hard to stay hidden. It's tricky to tell if a program is harmful because these programs use clever tricks to avoid being noticed. About one-third of harmful programs can slip past antivirus software.

One common trick is to hide the harmful part of the program using special tools. This makes it harder for antivirus software to recognize it. Some harmful programs can change their appearance constantly, making it harder to spot them. Other tricks include waiting for just the right moment to act, hiding information, and running only in memory instead of on the computer's hard drive. These types of attacks have become more common in recent years.

Risks

Software can have weak spots, called vulnerabilities, that bad actors can use to harm computers. For example, older versions of certain programs had weaknesses that allowed unwanted code to run. Malware can use these weak spots to do things it shouldn’t, like taking control of your computer.

Sometimes, programs ask for more access than they really need. This extra access can be misused by malware. Using strong passwords and adding extra steps to log in, like a special code sent to your phone, helps keep accounts safe. Having many different types of computers and software on a network can also reduce the risk, because bad software might not work on every system.

Mitigation

Anti-malware programs, also called antivirus, help block and remove harmful software. Examples include Microsoft Security Essentials for older Windows versions and Windows Defender for newer ones like Windows 8, Windows 10, and Windows 11. These tools work in a few ways:

1. Real-time protection: They watch for harmful software as it tries to install, stopping it before it can harm your computer.
2. Removal: They can find and delete harmful software that is already on your computer.
3. Sandboxing: They keep apps in a safe, controlled area so they can't hurt other parts of your computer. This helps protect against harmful code from the internet.

Website security scans check for weaknesses that could let harmful software in. Keeping your network split into smaller parts can also slow down harmful software spreading. As a last step, some computers are kept completely offline, called an "air gap", though this isn't perfect protection either.

Research

Researchers have been studying harmful software, called malware, from 2005 to 2015. They looked at important journals, articles that were read a lot, different areas of study, how many papers were published, common words used, and which institutions and authors were involved. They found that the amount of research grew by about 34.1% each year.

North America did the most research, followed by Asia and Europe. China and India are becoming important places for this kind of study too.