Malicious Software (Malware) – Where Does the Threat Come From?

What Is Malicious Software (Malware)?

Malicious software, or malware, refers to software specifically designed to harm, steal data from, or gain unauthorized access to computer systems. It is often created and deployed by hackers, and infected devices typically exhibit unusual behavior or performance issues.

Main Types of Malware

Viruses are malicious programs that attach themselves to other files and spread within the system, often causing damage. They have self-replicating capabilities. Common types of viruses include:

• File Viruses: Infect executable files (.com, .exe, .apk) and activate when those files are run.

• Bootkits: Infect the boot sector and launch as soon as the system starts.

• Macro Viruses: Spread through Microsoft Office macros.

• Polymorphic Viruses: Change their code to evade antivirus detection.

• Resident Viruses: Infect the system’s RAM and stay active persistently.

Viruses commonly spread via spam emails, USB drives, pirated software (cracks), and more.

Like viruses, worms are destructive, but they differ in that they can replicate and spread independently across networked devices without the need to attach to a file. This makes them particularly dangerous, as infecting one computer in a network can lead to rapid propagation across the entire system.

Trojans disguise themselves as legitimate or useful software but operate maliciously in the background. Users are typically unaware of their presence. A system infected with a Trojan may overheat or slow down significantly. Tools like Task Manager can help detect Trojans by identifying processes that consume abnormal CPU or RAM.
Notable examples: Zeus Trojan (designed to steal banking credentials), Emotet, SpyEye.

Spyware covertly monitors a user's activities without their consent. These programs track user behavior such as websites visited, keyboard input (keylogging), and application usage, often transmitting sensitive data to attackers. Spyware often attempts to hide from antivirus detection.

Adware displays unauthorized advertisements on a user’s device. Its primary goal is to generate revenue through ad impressions or clicks. It can lead to system slowdowns, increased internet traffic, and data tracking.

Ransomware encrypts critical files on an infected system and demands a ransom payment (usually in Bitcoin) in exchange for the decryption key. In many cases, even if the ransom is paid, the files are never recovered.

Rootkits are highly dangerous malware designed to gain and maintain unauthorized and undetectable access to a system. They operate with root (administrator) privileges and are capable of hiding their presence from security software while granting full control to the attacker.

How Malware Spreads

Malware typically spreads through:

• Vulnerable or unsecure websites

• Malicious email attachments

• Infected USB and external storage devices

• Pirated/cracked software and torrents

• Social engineering tactics such as phishing and scareware

Real-World Examples

WannaCry was a large-scale ransomware attack that occurred in May 2017, affecting tens of thousands of computers worldwide. It is considered one of the most destructive cyber incidents in cybersecurity history, significantly impacting both public institutions and private sector organizations. The WannaCry malware exploited a vulnerability in Microsoft Windows operating systems known as EternalBlue. This vulnerability existed in various versions of Windows and involved improper handling of specially crafted packets in the SMBv1 protocol, allowing remote code execution on the target machine. WannaCry spread rapidly across networks. It encrypted files using AES + RSA algorithms, making them inaccessible without a unique decryption key. Victims were required to pay a Bitcoin ransom of $300–$600, with a threat that their encrypted files would be permanently deleted if the payment was not made within a specified time frame.

Stuxnet, discovered in 2010, is widely regarded as the first true cyberweapon used against industrial control systems. This sophisticated piece of malware marked a turning point in cybersecurity, demonstrating that cyberattacks can cause physical destruction — not just steal information. Stuxnet specifically targeted Iran’s nuclear facilities, disrupting the operation of centrifuges used in uranium enrichment. It was a highly complex and customized worm designed to infiltrate Siemens SCADA systems, particularly those using Programmable Logic Controllers (PLCs). By altering the PLC instructions while masking its activities from system operators, Stuxnet was able to sabotage industrial processes without immediate detection.

How to Protect Against Malware

The primary defense against malware is antivirus software — applications designed to detect, neutralize, and prevent malicious software on computers and digital devices. Modern antivirus tools offer real-time protection, frequent updates, and advanced scanning methods.

Types of Antivirus Detection:

• Signature-based: Relies on known virus definitions.

• Behavior-based: Detects malware by monitoring unusual activity (e.g., attempting to delete system files).

• Heuristic-based: Uses algorithms to detect unknown or modified threats.

• Real-time scanning: Continuously monitors new system events.

• In-disk protection: Scans the hard drive for dormant threats.

• In-memory protection: Monitors active memory (RAM) for infections.