Malware is malicious software designed to invade a computer system and take hostile action—such as stealing or encrypting sensitive information, taking over system functions, or spreading to other devices—most often for profit. There are many types of malware, including ransomware, spyware, adware, trojan horses, and more, helping make it one of the most common kinds of cyberattacks. Malware will often implant itself via an email attachment or as a fake advertisement on a web browser.
Malware protection is a cybersecurity essential as organizations across all verticals host more of their data online and remote access and mobile device/personal computer use become the norm. It will shield you from the latest social engineering attacks and ensure your defenses evolve to match the attackers.
Why Do Cybercriminals Use Malware?
Threat actors use malware because it’s easy to deploy once they discover a vulnerability in a system’s defenses. Quite often, that vulnerability is the human element—many internet users are easily deceived, especially when viewing content they believe to be from a trusted source, such as an email.
Depending on the attacker’s specific goals, malware can:
Trick users into handing over sensitive data
Install spyware to monitor activity on an endpoint
Install ransomware to lock systems or data until a ransom is paid
Steal sensitive information from a system
Gain access to financial information such as credit card numbers
Install adware to bombard users with pop-up ads
Install malicious software to disrupt, slow down, or damage computer systems
To accomplish all this, there are many different varieties of malware. Let’s take a closer look at some of the common types.
Types of Malware
The most common types of malware infections are:
Ransomware: Malware that encrypts data and demands payment, usually in cryptocurrency, before providing a decryption key. A subvariety, double extortion ransomware attacks, steals the data in addition to encrypting it, gaining leverage to demand additional ransom, usually paid through bitcoin.
Botnets: A large number of “bot” systems—infected computers remotely controlled by threat actors—can be used for various purposes, such as rapidly spreading malware or performing denial of service attacks.
Fileless malware: Unlike most malware, fileless malware does not require users to download files. Instead, it uses legitimate tools in a malicious fashion to carry out an attack, such as by embedding malicious code in an operating system.
Computer viruses: With the ability to replicate themselves, viruses can spread quickly across hosts on a network and corrupt or delete data, which can affect the stability of applications or even whole systems.
Trojan horse: Criminals can piggyback malicious code within legitimate software or files, such as by disguising it inside an update, hiding it in a document, or through a scam such as malvertising which subsequently runs when the file or program is used.
Rootkits: These malicious software tools can give hackers access to and control over a device. Most rootkits affect software and operating systems, but some can also infect hardware and firmware.
Spyware: Threat actors can use spyware to covertly gather information about the activity on an endpoint, such as keystrokes (through the use of keyloggers), login details, website visits, and more.
Adware: Although it’s not always malicious, adware displays advertisements to encourage views and clicks that generate revenue. Invasive adware can harm user experience and affect system performance.
Most, if not all, of these types of malware are advanced enough to where they can easily avoid legacy antivirus software that many endpoints devices have installed today.
How to Know If You’re Infected with Malware
Systems that have been infected with malware exhibit some common symptoms. Look out for:
Slow or faulty system operation: Malware attacks tend to use extra system resources and create process conflicts, so if a computer is running or booting up more slowly than normal, or frequently freezing or crashing, it may be a sign of malware infection.
Unwanted pop-up ads or security alerts: Many computer systems and browsers automatically block pop-up ads. If a system is getting bogged down with ads, it could indicate a malware infection tampering with the blocking protocols.
Ransom demands: If a system is infected with ransomware, some or all files may be encrypted, with access to be restored only after a ransom payment. You may get a pop-up instructing you in how to make the payment.
What’s the Best Way to Protect Your Network Against Malware?
In addition to using trusted anti-malware and security software to protect computer systems, here are some best practices to consider:
Apply updates as directed by IT: Software providers regularly offer updates to protect against malicious code, but they're not always secure. They might introduce a new vulnerability, contain a trojan, and so on—so it’s best to install updates based on IT's recommendations.
Educate your staff: Practicing good cyber hygiene online goes a long way against malware. Make sure your staff know the basics, such as how to spot phishing emails, malicious pop ups, and suspicious software. This gives bad actors the smallest window of opportunity to attack.
Rely on secure encrypted connections: Encrypt as much information as possible, both in transit and at rest, and ensure users only connect via secure tunnels.
Leverage advanced endpoint security: If your workforce requires remote access or uses personal devices not under IT control for work, make sure all endpoints connecting into your system are secured and monitored.
Use multifactor authentication: To better prevent unauthorized access, set up multifactor authentication to add further levels of verification when users request access to sensitive systems or data.
Implement zero trust security: With zero trust security, anyone—no matter who they are, what they’re accessing, or where they’re connecting—is treated as a potential threat until they can prove otherwise.
Advanced Malware Protection (AMP)
The security marketplace is full of anti-malware solutions, and organizations worldwide spend millions on them each year—yet the breaches continue. From a lack of full traffic visibility to fundamentally ineffective passthrough inspection architectures, traditional malware protection just doesn’t work the way it needs to in today’s threat landscape.
What’s more, advanced malware is capable of penetrating tougher defenses, such as those on Apple iOS, Android devices, or Microsoft, to deploy executable files that facilitate data breaches, distributed denial of service (DDoS) attacks, cryptojacking, and more. This makes it all the more important to have AMP in your security stack.
At a glance, legacy approaches fall short when it comes to:
Inspecting all traffic: Passthrough architectures like next-generation firewalls only perform packet-level inspection; they can’t inspect full content from start to finish.
Performing at scale: Physical appliances and their virtualized counterparts have limited processing power, which can leave you exposed, especially when encrypted traffic demands massive compute.
Stopping unknown malware: Legacy threat isolation solutions don’t operate inline, which means threats can’t be blocked—they can only be flagged after a compromise occurs, when it may be too late.
Protecting off-network users: When users drop off the traditional network and VPN, your IT and security teams lose any ability to enforce policy and security controls.
Implementing the latest holistic threat protection gives your organization the best chance to repel malware and keep your network, endpoints, and data secure. To make this happen, you need security solutions built in the cloud, for the cloud, with a worldwide footprint that shares new protection instantly, anywhere. You need Zscaler Advanced Threat Protection.
How Does Zscaler Protect Against Malware?
Zscaler Advanced Threat Protection delivers always-on, airtight protection against zero-day threats and unknown malware. Built on a cloud native proxy architecture, the Zscaler security cloud inspects every packet from every user, on- or off-network, from start to finish, with unlimited capacity even for TLS/SSL-encrypted traffic.
With an integrated suite of security services across Cloud Sandbox, Cloud IPS, machine learning, and threat intelligence, you’ll close security gaps and reduce risks that result from other security solutions’ shortcomings, gaining the advantages of:
Full inline prevention: An inline proxy architecture is the only reliable way to quarantine and block suspicious content and attacks.
Inline sandboxing and ML: Zscaler Cloud Sandbox uses advanced ML-powered analysis to quickly stop threats at any stage of the attack.
Always-on TLS/SSL inspection: Infinite inspection of encrypted traffic, distributed across a global platform of 150+ data centers, follows users wherever they go.
The Zscaler cloud: Leveraging threat data from the world’s largest security cloud, Zscaler shares threat protections cloud-wide in real time.
Malware can be a threat to individuals and businesses. If it gets onto your system it can access sensitive information, steal data or prevent access to your operating system. If not addressed, the costs can be massive.
How Does Malware Spread?
Malware can be spread when you click on a link or download a file from an email attachment. Like a virus, it can move laterally throughout your operating system, spreading its damage.
How Is Malware Created?
Most malware is created by cybercriminals looking to make money. However, motives can vary. Malware may also be created by states or political activists looking to cause trouble.
What Is the Difference Between Malware and Viruses?
Malware is an overarching term to describe any software which seeks to inflict harm. A virus, on the other hand, is simply one type of malware.
Are Trojans a Type of Malware?
Trojans are a particular type of malware that piggybacks on top of otherwise benign software or files to get past an environment’s normal defenses.