Malware

Description
Malware is the combination of the terms "malicious" and "software", and is a program designed to commit malicious actions on a computer system or network. It is a generic term for malicious applications, but there are wide range of different classifications of malware, based on how it works and what it does undefined. Malware can be written in almost any programming language, but some are more popular than others depending on how much functionality they give the malware author. Some common languages are C++, visual basic script, Python, JavaScript and C#. But in the late 1980s and early 1990s, assembly language was the popular choice for malware developers, but is still used occasionally today undefined. Malware can be designed to steal information, disrupt or damage systems, exploit vulnerabilities, alter system configurations and behaviors, and conduct covert surveillance operations. Over the years, malware has evolved significantly as attackers are constantly trying to find new ways to bypass security mechanisms and also find better ways of tricking victims into downloading and installing malware onto their systems (see social engineering). At the same time, security companies are trying to develop new ways to detect malware, prevent attacks and remove malware after successful infections.

Types of Malware
There is a wide variety of malware that can infect systems and each have a a different function and purpose. Below is a brief description of some of the more common malware types:

Adware
Adware is an application designed to promote advertising campaigns. This is commonly used to help generate revenue for the developer or organization using the software. This is regarded as malware because in many cases adware has been seen altering system configurations so that the user is exposed to high volumes of adverts, mainly on their web browser but also on the computer itself. This can be considered an aggressive marketing campaign and although it is not exactly harmful, it may annoy the user and in some cases monitor browsing habits help the application decide what adverts to show, which to an extent violates privacy laws in some countries undefined. Adware has also been linked to malvertising.

Backdoor
Backdoors are a type of malware designed to allow remote hackers to gain access to an infected system without the need for authentication and bypass security mechanisms. Apart from granting access to the infected system it may also grant the attacker control which can allow them to alter security mechanisms in place (often to weaken or disable them) and allow additional malware to be installed on the system undefined.

Browser Hijacker
A browser hijacker is a program designed to alter your web browser's configuration so that your home page, new tabs and search settings behave differently to what they are suppose to and redirect to an alternative web browser to the one you are actually trying to use. For example if you are using Google Chrome and you open the browser from your desktop, a different browser opens up like the Trotux browser. The purpose of these applications is to redirect users to pages with high volumes of adverts, and in some cases these pages are not secure and may result in malware being downloaded without the user's consent undefined. Some browser hijackers are easily removed by simply uninstalling them, where some may require specialized tools or in extreme cases a reinstallation of the operating system. Out of the thousands of browser hijackers, here are just some examples of more commonly seen ones:
 * Conduit
 * Trotux
 * Startpageing123
 * Ask Toolbar
 * istartsurf
 * CoolWebSearch
 * Babylon Toolbar
 * MyWebSearch Toolbar
 * Bonanza
 * BrowseFox
 * Genieo Search
 * SwiftBrowse
 * BuzzSearch

Keylogger
This is a simple application designed to monitor the key strokes of an infected machine (and also the mouse actions in some cases) undefined. Some keyloggers are designed in such a manner that they also log where the user navigated to on the computer, and on web browsers, what mouse actions took place and what keys were pressed. This information is then sent over to a remote attacker who can use this information to gain access into user accounts without having to use any hacking tools and also reduce the risk of detection by suspicious activity. This is a possible method used to gain access to financial accounts (such as bank and cryptocurrency accounts), email accounts and social network accounts such as Facebook and Twitter.

Malvertising
This is an online-based malware where the attackers embed malware on online ads that appear on web pages. When the user clicks on the ad, the malware downloads and installs itself onto their computer. In some cases the attacker will pay legitimate adware companies to have their infected ads displayed on websites undefined, and this is one of the main reasons why it's always advised that users should never interact with adverts (such as banners, pop-ups etc.) on web pages.

Potentially Unwanted Applications (PUA)
* Also known as potentially unwanted software (PUS) or potentially unwanted programs (PUP).

PUAs are often not malicious but can still cause issues on an infected computer. They are often legitimate applications that use aggressive marketing tactics to convince users to purchase a premium version of the product. These applications are also noted for having poor security mechanisms in place and are easily susceptible to being compromised by malware.

They are often applications that pose as free utility downloads (such as registry cleaners computer performance enhancers), and allow the users to perform free scans or checks on their computers. The applications will then exaggerate the results and tell the user that if they want to fix the problem, they need to buy the premium package of the product. An example of this is the malware removal tool called SpyHunter. The free version has been noted to indicate the user has a ransomware file on their computer, but when the same scan is run with the premium version (having not instructed SpyHunter to remediate the issues found with the trial version), the ransomware detection does not come up. This is an example of a scare tactic to get users to buy the product.

There are some cases where applications make it seem like they are useful tools to improve computer performance, however they are fake applications designed to try an con users into paying for their services. rogue security software is a good example of this. Another general issue with PUAs is that they can make changes to computer configurations and this ultimately results in poor computer performance, in some cases it can be very difficult to remove the PUA, and there have been incidents of PUAs being found to act as spyware tools tracking the user's activity. Today many antiviruses can detect and remove PUAs or block them from successfully executing on computers. Below is a list of some well-known PUAs:
 * BrowserDefender
 * Web Assistant
 * MyPCBackup
 * Bandoo Media
 * Yontoo
 * Delta Toolbar
 * PCSpeedUp
 * Ask Toolbar
 * CCleaner
 * MyWebSearch
 * Spigot
 * Start Page Search
 * Conduit
 * Babylon
 * Speedupmypc
 * OpenCandy
 * RegCleaner

Ransomware
Ransomware is often regarded as one of the most destructive malware types around. This malware is mainly designed to encrypt files on an infected device and demand a payment (ransom) in Bitcoin in order for the decryption of affected files undefined. In rare cases the ransomware may only lock the screen but this was designed more for mobile devices. Once encrypted, the files cannot be used and essentially the user is locked out of their device until they pay and even if they do pay, there's no guarantee that they will get their files back. Here are a list of well-known ransomwares:
 * WannaCry
 * Reventon
 * CryptoLocker
 * CryptoWall
 * Petya (2016)
 * Locky
 * Fusob
 * Crysis
 * zCrypt
 * Cerber
 * Jigsaw
 * CryLocker
 * HDDCryptor
 * Mamba

Rogue Security Software
This is an application that tries to portray itself as a sophisticated computer security package but in reality is often a scam to trick people into paying for a false service. Once on a computer, it will keep informing the user that they have malware on their computer undefined. Some of these systems will trigger system crashes as a scare tactic to try and pressure the user into buying the software. They will also exaggerate malware detections and even tamper with registry keys to alter computer performance to make their "detections" appear legitimate. There are hundreds of rogue security applications available on the internet. Below is a list of some examples:
 * Cleanator
 * Dr Guard
 * DriveCleaner
 * HDD Rescue
 * Live Security Platinum
 * Malware Defense
 * My Security Shield
 * PC Clean Pro
 * Security Shield
 * SpyGuarder

Rootkit
A rootkit is a collection of applications that can be used to grant a remote user administrative access to a computer, even though they aren't suppose to have such access undefined. Apart from granting elevated privileges for a remote attacker, modern rootkits can be used to try hide a malicious payload when it enters a target computer. Backdoors are often included in rootkits to help grant an attacker remote access and control to the computer, and also help create a botnet which can later be used in distributed denial of service (DDoS) attacks.

Software Bundler
A software bundler is an application that contains additional applications in it and often tries to install these applications without the user's consent. A lot of adware and PUAs are contained in software bundlers. This type of malware is often found on downloaded content from the internet and when the user runs the installation file, the bundled software installs as well. In some cases an attacker may bundle other malware with the legitimate application and when the user installs the application, the malware is installed automatically as well and infects the computer.

Spyware
Spyware is a type of software designed to collect information about the user of a system without them knowing. This can include user credentials, personal information, financial information, geographical location, audio and video capture, and user activity. Spyware is often a stealthy application and runs in the background making it harder for the user to notice anything suspicious, however some can hinder computer performance which may make the user suspect something is not right on their computer undefined. Spyware is often bundled with applications claiming to be free downloads and in adware.

Trojan
A Trojan is a malware that is designed to mislead a user as to what its true nature is and what it really does. This is a common malware found in social engineering attacks such as phishing emails. The Trojan application itself is often not malicious undefined, rather it's the payload that it conceals which is dangerous as it could be a malicious script or another malware. The possibilities of what the payload could be are virtually endless, but modern Trojans have been found to contain programs designed to install backdoors and let the attacker control how they want their attack to be carried out, rather than risk a malware to be dropped only to later get detected and removed. Here is a list of some notable Trojans:
 * Feliz
 * AOL4Free
 * ProMail
 * Back Oriface
 * SubSeven
 * The Thing

Virus
This is the most well-known type of malware and can range from anything like a program simply designed to annoy the user to something more destructive like file deletion and system corruption. A virus will replicate itself and inject its own code into other processes on the infected computer undefined. Viruses can affect computer performance, change how applications behave and often use sophisticated techniques to avoid detection and prevent being removed from the infected computer. A virus generally a very diverse set of possible actions compared to other forms of malware. An interesting fact, the first concept of a computer virus was theorized as far back as 1949 and was only proved possible in 1971. Some notable viruses are:
 * Creeper
 * ILOVEYOU
 * Melissa
 * CIH
 * Abraxas
 * Michaelangelo
 * CMOSDead
 * Sality
 * Virut

Worm
Computer worms are another very popular type of malware. What makes a worm particularly dangerous is that it is capable of spreading to multiple devices quickly without the need (or very limited) human interaction, as opposed to other malware types undefined. Worms can be combined with other malicious programs thereby spreading viruses, malicious scripts and can also be designed to use up a lot of computer resources which may result in hindering computer and network performance. The majority of some of the most famous malware outbreaks in history have been a result of worms. Below is a list of famous worms:
 * Blaster
 * Code Red
 * Klez
 * Morris
 * Mydoom
 * Nimda
 * Sasser
 * Stuxnet
 * Conficker
 * Slammer

Cause and Prevention
Most malware rely on vulnerabilities to exploit in computer and network systems in order to infect their targets. Human error is still considered the biggest vulnerability as there will always be people unaware of how malware works and unable to identify signs of potential threats and social engineering attempts. There are a wide range of security companies dedicated to developing security software and tools to protect systems from successful malware infections, and malware is becoming more advanced and sophisticated to try and bypass these security mechanisms.

Antiviruses, firewalls, and intrusion detection systems (just to name a few) are common tools used and often joined to work together to strengthen security and therefore applying multiple layers for malware to have to go through, and hopefully one of the layers will block the potential threat. In recent years, due to severe cyber attacks, organizations have lost billions of dollars and are now investing more and more money into security systems to prevent falling victim to more attacks. However, some security systems or upgrades cost a considerable amount and many organizations try to avoid such costs, even after massive attacks like the WannaCry outbreak.