10 Types of Malware You Need to Know About
Malware is a word that gets thrown around a lot lately, no thanks to the 600% uptick in cybercrime ever since the COVID-19 pandemic started. In the healthcare industry, it’s a word we hope we never have to hear because we know it’s only going to bring bad news.
But what is malware? And what types of malware should we be wary of?
What is malware?
Malware, shorthand for malicious software, is the collective name for software designed to compromise, cause damage, or gain unauthorized access to a computer, server, or network. They are created to exploit devices at the expense of the user and to the benefit of the hacker.
Malware can steal, encrypt, or delete data, hijack core computing functions, as well as monitor the computer activity of users.
Common Types of Malware
Now that we know what malware is, it’s important to keep in mind that malware is a very broad term and that there is a wide variety of malicious programs that fall under it.
And because you need to know them so you can better avoid them, it’s important that you’re familiar with the common types of malware.
Here are 10 common types of malware—some you may remember hearing about in the news many years ago, and some you should still keep an eye out for today.
File Infectors
A file infector is a type of malware that generally copies its code into executable programs such as .com and .exe files. When a corrupted file is run, the virus replicates the malicious code, spreads it to other executable applications on the computer, and, in the process, sometimes damages the host programs.
The
Cascade virus was a widespread file infector from the 1980s to the 1990s. It infected .com files and its effect was making text on the screen cascade or fall down, forming a heap of text at the bottom of the screen.
When an infected file is introduced to a system and executed, the Cascade virus checks the BIOS for the string COPR. IBM. If it finds the string, it will try to stop there. However, it will not be able to do so, and this is when the virus becomes memory resident. Every time a .com file is run, the virus begins to infect it.
The Cascade virus is almost extinct nowadays.
Stealth Viruses
A stealth virus is a type of malware that conceals the changes it makes by hijacking certain system functions. It hides in your system memory whenever a program scanner is run. When other applications request data from portions of the system modified by the virus, the infection reports back the accurate, unchanged data, instead of the malicious code.
The
Brain virus, the very first DOS virus, was a case of stealth infection. It was discovered in 1986 and was aimed at the IBM PC. When an infected disk was turned on, the virus installed itself into the memory and took up space. It did not infect the hard disk, but infected any other floppy disk accessed while it was in memory.
The Brain virus’s stealth capabilities came into play any time infected sectors were accessed. It redirected the accessing program to the stored original boot sector, and this made it undetectable to early disk utility tools.
The Brain virus is believed to be extinct.
System or Boot-record Infectors
A system or boot-record infector is a type of malware that attaches to a small program known as the boot record, which is run when the computer starts up. Starting up the computer using the infected disk will automatically execute the virus-infected code. Once your computer has been infected, any unprotected floppy disk put into the computer will also be infected.
The
Michelangelo virus was a boot-record infector first discovered in 1991. It infected the boot sector of floppy disks and hard disks. By moving the master boot record to a different section of the hard disk, the infector replaced the original master boot record with an infected one.
The Michelangelo virus infected all the floppy disks used in the infected computer that were not write-protected. When activated, it also overwrote some part of the information included in the hard disk, which meant losing approximately 8 MB of data.
Though there are still infected diskettes existing in the world, the Michelangelo virus is largely extinct.
Macro Viruses
A macro virus is a type of malware that is written in the same macro language as the software it infects. It is commonly found embedded in documents attached to emails or inserted as malicious code into word-processing programs. Macro viruses typically affect Microsoft Excel and Microsoft Word, and can affect both PC and Mac computers.
The Melissa macro virus was a mass-mailing malware that took over users’ Microsoft Word programs, and then hijacked their Microsoft Outlook email accounts to send emails that contained infected attachments.
Although it wasn’t designed to steal money or data, the Melissa macro virus was able to overload email servers, disrupt email accounts, and slowed Internet traffic in certain places around the world.
At present, variants of the Melissa virus still roam the Internet.
Worms
A worm is a type of malware that can replicate and spread itself on a network or system without the need for user interaction (e.g., opening a file, running a program, etc.). A worm can modify files, delete data, and even inject malicious software onto your computer. However, there are times when a worm’s purpose is to overload a network or deplete a computer’s resources by making copies of itself over and over.
The
Nimda worm was first discovered in 2001 when its worldwide outbreak led to the shutting down of Internet sites all across the globe. It targeted Windows-based computers and servers. Though it did not damage hardware, the Nimda worm significantly slowed down Internet traffic and email access by clogging them with junk.
Unlike most worms of its time, which spread through email attachments, the Nimda virus could be caught just by visiting an infected website. Cybersecurity experts have described it to be the fastest-spreading computer virus at the time.
Several variants of the Nimda worm exist and may still be around to this day.
Trojans
A trojan is a type of malware that camouflages itself as a legitimate code or software with the purpose of tricking you into executing malicious programs. Once activated, trojans allow cyber criminals to access and steal your data, as well as gain access to your system. Typically hidden in games, applications, or software patches, trojans can also be embedded in files attached to phishing emails.
The
Clampi virus is a trojan that specifically targets banking and financial data. It was first seen in the mid-2000s and is still found hiding in computer systems to this day.
Once it’s downloaded into your computer, the Clampi virus just waits for you to make a financial transaction online (e.g., online banking, entering credit card information, online purchase). As soon as you enter your login credentials, that information is recorded and sent over to the cybercriminals who control the virus.
Logic bombs
A logic bomb is a type of malware that executes its malicious functions when predefined conditions are met or at a predefined time. Until then, it lies dormant. Every logic bomb is unique and largely depends on who created it, which is usually someone with high-level access like a system administrator. Logic bombs are often designed to be as undetectable as possible.
In 2013, a
logic bomb set off a cyberattack that simultaneously wiped the hard drives and master boot records of at least three banks and two media companies in South Korea. The logic bomb dictated the time and date of the cyberattack (2 PM, March 20, 2013), and as soon as the internal clock on the machine hit 14:00:01, the wiping mechanism was triggered.
The cyberattack caused some ATMs to be put out of operation, which prevented people from withdrawing cash from them. The entity responsible for the attack has not been officially identified.
Polymorphic Viruses
A polymorphic virus is a type of malware that produces malicious code that replicates itself endlessly to sabotage systems. To outwit your system’s defenses and avoid detection, the virus executes a somewhat shapeshifting feature. It varies its physical file makeup during each infection by encrypting its code and using a different encryption key every time.
Virlock is a polymorphic virus that was first discovered in 2014. When successfully executed, the Virlock virus releases three instances of itself. The first one implements the file infection, the second one locks the device it infects, and the third one creates a persistence mechanism by registering as a service.
By dropping three instances of itself and varying the functionality of each instance, Virlock is able to successfully slip through and evade signature-based virus detection systems.
The Virlock virus is still very much a threat at present.
Droppers
A dropper is a type of malware whose signature purpose is to help viruses find their way into your networks and systems. Once it is present in your system, a dropper installs (or drops) other malware. An antivirus will most often be unable to detect droppers because droppers don’t contain the malicious code, they just lead to it. A dropper also avoids detection by deleting itself after its purpose has been fulfilled.
In 2014, a cyberattack launched against
Sony was discovered to have involved an executable dropper. The attack resulted in data theft involving personnel information, internal emails, and business documents.
The computer-killing malware was found to have been wrapped in a dropper. The dropper apparently installed itself as a Windows service. It then created a network file share and allowed any computer on the local network unrestricted access to it. The dropper then communicated with a set of IP addresses in Japan, and then shut itself down.
Ransomware
Ransomware is a type of malware that keeps you from accessing your files or your computer system until you pay the ransom. The attack is often done by encrypting data or files and demanding money in exchange for decryption keys. Ransomware is typically designed to spread across a network, target database, and file servers, so it can quickly paralyze an entire organization. Ransomware is currently a growing global threat, costing organizations billions of dollars in payments to cybercriminals.
In 2021, ransomware hit the world’s largest meat processing company,
JBS Foods. The attack caused the temporary shutdown of JBS beef plant operations across eight US states and four Australian states.
According to cybersecurity experts, the attack started with a reconnaissance phase in February 2021. It was followed by data exfiltration (unauthorized, copying, transferring, or retrieving of data) from March to May. By the start of June, the threat actors had encrypted the JBS Foods environment. The company was forced to pay $11 million in ransom.
Boost Your Clinic’s Cybersecurity Defenses
Over the years, malicious software have increased in number and have evolved into more destructive, more elusive forms. Cybercriminals have doubled down their attacks, which means you should double down on your cybersecurity defenses, too!
Because protected health information (PHI) is so valuable, the healthcare industry has become a warzone. Unfortunately, a free antivirus software and an unmanaged firewall just aren’t enough to keep you safe.
Contact your trusted technology partner and ask for a full IT assessment. Ask them to explain the results of the assessment as well as the necessary next steps to secure your precious practice data.
Don’t have a cybersecurity partner yet? We can help! Our IT pros here at ER Tech can do a
free IT assessment on your clinic’s infrastructure.
Search Articles
News & Resources
ER Tech Pros is a managed service provider (MSP) that specializes in catering to the IT needs of healthcare practices in and around the Sacramento area.
We use our cutting-edge technology, extensive experience, and 24/7 support to make sure your IT network is in its most secure and optimal state.
HIPAA- and SOC-compliant, we are healthcare’s trusted IT experts.
We take care of your IT so you can care for your patients.
8795 Folsom Blvd., Suite #205
Sacramento, CA 95826
info@ertech.io
Resources
Search this Site
Get Updates
Enter your email address below to receive healthcare tech tips and resources from ER Tech Pros.
Connect With Us