The Essential Guide to Malware

Updated: April 30, 2009

Like hangnails, cracked sidewalks and flat tires, malware is a fact of life. Unfortunately, malware is no longer just a petty annoyance. For a growing number of enterprises, malware has become a major operational and financial burden.

According to a June 2007 survey conducted by technology-research firm Computer Economics Inc. , organizations experience an average of five malware events per year. For organizations with over 5,000 desktop computers, the number climbs to 10 events per year. In 2006, the most recent year for which statistics are available, malware damage cost businesses worldwide $13.3 billion.

Malware is an umbrella term that describes any type of software capable of damaging a computer, network or mobile device , or a tool that's designed to be used to surreptitiously view or steal data from targeted systems.

Malware Threats

Malware takes many different forms. Here are the top offenders:

Viruses: As malicious programs that are buried within an existing program, viruses replicate themselves and spread from machine to machine. Viruses are a top malware headache, generating everything from relatively harmless prank messages to commands that destroy valuable programs and data. A virus may activate immediately or lay dormant for a year or more before attacking its host system.

Worms: Worms and viruses are similar in that they both self replicate. But a worm is designed specifically to spread extremely rapidly and surreptitiously. It can hurt a system by rapid reproduction, sucking up storage and memory resources or network bandwidth. It may also deposit a Trojan horse.

Trojan horses: Like a virus, a Trojan horse is a destructive program that presents itself as a harmless application. Unlike viruses, however, Trojan horses don't replicate themselves. On the other hand, they do perform one or more destructive tasks once activated, such as stealing identity or financial data. A Trojan horse may also be designed to make its host more vulnerable to future attacks or simply activate to destroy hard-drive applications or data. Typically, Trojan horses gain access to systems by masquerading as a useful program or item.

Rootkits: A rootkit is a specialized and particularly dangerous from of malware. Rootkits essentially subvert the core operating system and its loading mechanisms, inserting their own code into the basic core software operating the system. This makes them extremely difficult to detect and eradicate.

Backdoors or Trapdoors: A hidden bypass to a program's security area, a backdoor or trapdoor may be created by a programmer to expedite troubleshooting or for some other innocuous purpose. But once discovered, the technique may be used by an attacker to damage, destroy or steal data. A program with a known backdoor or trapdoor may itself be considered malware.

Spam: Unwanted email , besides being a nuisance, is often used by attackers as a tool for leading unsuspecting recipients to Web sites where viruses, worms, spyware and other types of malware can be installed on their systems.

Spyware: Spyware is software surreptitiously installed on a computer to send information about a user's Web-surfing habits to an external location. Some spyware is relatively innocuous, designed to generate data about shopping, viewing or other habits without revealing the identities of individual users. Malicious spyware, however, may be used to hijack Web browsers in order to change their home pages, receive waves of pop-up ads or ignore user navigation commands.

Botnets: Armies of "zombie" computers infected by a Trojan horse and commanded by an attacker, botnets can be used to launch spam email campaigns, viruses or DDoS (distributed denial of service) attacks on Web sites for either amusement or extortion purposes. Typically, these botnets are built up secretly over several months before being activated.

Malware Protection

Since malware consists of multiple threats, many methods and technologies are employed to safeguard systems. Firewalls , for example, are used to filter out potentially destructive data. Spam filters , spyware blockers , IDSes (Intrusion Detection Systems) and IPSes (Intrusion Prevention Systems) are other popular tools are used to fortify networks and their computers against potentially destructive data. Anti-virus programs , one of the most powerful anti-malware defenses, are designed to protect computers from the threats posed by many common types of malware, including viruses, worms and Trojan horses. Over the past several years, anti-virus software publishers have gradually enhanced their products to provide protection against a growing number of malware threats, such as spam and spyware.

The malware threat has multiplied over the course of many years, and it's highly unlikely that the problem will vanish soon, if ever. It's therefore important for businesses to carefully create an IT defense system that includes tools covering the full spectrum of malware threats.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more