10 types of malware + how to prevent malware from the start
An overview of the most common types of malware, including viruses, worms, trojans, ransomware, bots, adware, spyware, rootkits, fileless malware, and malvertising.
The most common types of malware include viruses, worms, trojans, ransomware, bots or botnets, adware, spyware, rootkits, fileless malware, zip bombs, and malvertising.
And while the end goal of a malware attack is often the same — to gain access to personal information or to damage the device, usually for financial gain — the delivery methods can differ. Some might even involve a combination of these malware types.
Detecting and dodging the malice begins with learning about these different types of malware. Here, we’re overviewing just that, listing out 10 prevalent malware types and pressing questions and queries associated with them, including:
- What is malware?
- What are the different types of malware?
- How is malware injected or deployed?
- How to prevent, detect, and remove malware
What is malware?
A contraction of the words malicious software, malware is software that cyberattackers develop to gain access or cause damage to a computer or network, usually without their victim’s knowledge. To define malware point blank, it’s any piece of software created with the intent to cause harm.
Of course, the degree of that harm depends on the types of malware you’re dealing with. This is why it’s not only important to understand not only what does malware mean but also what each type of malware means — and what it means for targets.
What are the different types of malware?
Even as there was a 39 percent decrease in malware worldwide in 2020, malware types continue to evolve.
Over time, some malware types have even become hybrids of one another, as they deploy similar malware attack methods, such as by harnessing logic bombs, meaning pre-set attacks that are sometimes triggered by victims themselves; by leveraging phishing and social engineering tactics to deliver malware directly to victims; or via mobile malware, meaning malware that targets mobile devices.
These are the most common types of malware to recognize:
1. Malware viruses
Viruses are a type of malware that often take the form of a piece of code inserted in an application, program, or system and they’re deployed by victims themselves.
Among the most common types of malware, viruses are similar to bodily viruses in that they require a host, meaning a device, to live. They lie dormant until triggered to attack, perhaps by users downloading an email attachment — oftentimes .exe files, that stands for “executable” files.
From there, the virus replicates, spreading copies of itself from computer to computer, to wreak the most havoc.
Ultimately, malware viruses can:
- Seize applications
- Send infected files to contact lists
- Steal data
- Launch DDoS attacks
- Launch ransomware attacks
Malware viruses real-world example
ILOVEYOU virus, 2000: This malware virus impacted millions of computers around the globe and was downloaded by clicking on an attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs” and from an email with the subject line “ILOVEYOU.”
2. Worm malware
Worms, similar to malware viruses, are a type of malware that replicates itself. Unlike viruses, however, worm malware can copy itself without any human interaction, and it’s not host-dependent, meaning it does not need to attach itself to a software program to cause damage.
Worms can be transmitted via software vulnerabilities. They also can arrive as attachments in emails or direct messages or be installed by removable media. Once opened, these files could provide a link to a malicious website or automatically download the computer worm. Once installed, the worm silently goes to work and infects the machine or even entire networks without the user’s knowledge.
Ultimately, worm malware can:
- Delete or modify files
- Steal data
- Install backdoors for hackers
- Launch DDoS attacks
- Launch ransomware attacks
- Create botnets
- Infect many computers at once
Worm malware example
SQL Slammer, 2003: Regarded as one the fastest spreading worm malware ever, SQL Slammer exploited a vulnerability in Microsoft’s SQL Server software. The attack took all but 10 minutes and impacted thousands of servers.
3. Trojan malware
What are Trojans? Hence the valiant name, Trojans are a type of malware disguised as bona fide software, applications, or files to deceive users into downloading it and, unknowingly, granting control of their devices. Once installed, a trojan can perform the action it was designed for, be it to damage, disrupt, steal, or inflict some other harmful action on your data or network.
Also known as a Trojan horse or Trojan horse virus, Trojan malware is often spread via email attachments, website downloads, or direct messages. Similar to viruses, they too require user action to be deployed. In comparing a malware virus vs trojans, the difference is that viruses are host-dependent and trojans are not. Trojans also do not self replicate like viruses.
- Ultimately, trojan malware can:
- Delete, modify, or steal data
- Spy on users
- Access networks
- Launch DDoS attacks
- Take remote control of devices
Trojan malware example
ZeuS/Zbot, 2011: This banking Trojan leveraged keystroke logging to steal credentials and also account balances.
4. Ransomware
Ransomware, as the name indicates, is a type of malware that comes with a ransom. It locks and encrypts a victim’s device or data and demands a ransom to restore access.
How does ransomware happen? It’s often the result of victims mistakenly downloading this malware type through email attachments or links from unknown sources. Once installed, the malware might create a backdoor for hackers to gain access to a device and then begin encrypting the data on locking owners out of their devices entirely until they pay a ransom to regain ownership.
Worth noting is ransomware is increasingly being paid in cryptocurrency and this is sometimes referred to as crypto-malware.
Ultimately, ransomware can:
- Hold devices hostage
- Make data inaccessible through encryption
- Result in financial loss
Ransomware example
WannaCry, 2017: This ransomware attack targeted thousands of computer systems around the world that were running Windows OS and spread itself within corporate networks globally. Victims were asked to pay ransom in Bitcoin to retrieve their data.
5. Bots or botnets
Other times, the bots might act more as a “spider,” meaning a program that crawls the internet looking for holes in security infrastructures to exploit, and the hacking is done automatically — or robotically if you will.
Botnets are a type of malware that gain access to devices through a piece of malicious coding. In some cases, botnets directly hack devices, with cybercriminals even taking remote control of devices.
Ultimately, bots or botnets can:
- Launch DDoS attacks
- Record activity, including keystrokes, webcam, and take screenshots
- Send phishing emails from your device
- Give hackers remote control of devices
Bots + botnets example
- Mirai, 2016 : This botnet attack targeted Internet of Things devices and, from there, leveraged DDoS attacks.
6. Adware malware
Adware, as the name indicates, is malware that involves advertising. Also known as advertising-supported software, adware displays unwanted advertisements on your computer, sometimes in the form of pop-up ads, that track users’ browsing activity.
Sometimes this is for marketing purposes. Where adware can go wrong is when these ads collecting your data with malicious intent, be it to sell it to third parties or leverage it for identity theft or credit card fraud.
Mobile adware, meaning adware on mobile devices, has become increasingly common and can be contracted through third-party app downloads.
Ultimately, adware can:
- Be an annoyance
- Lure users to malicious sites
- Install spyware
- Share user data with third parties
Adware example
Fireball, 2017: This adware infected around 250 million devices by means of browser hijacking to track victims’ web activity.
7. Spyware
Spyware is a type of malware that infiltrates devices without the owner’s knowledge. This is often for the purpose of spying on internet activity, tracking log in and password information, or collecting sensitive information that can be used for fraudulent purposes.
It’s a broad malware type, too, as adware, trojan malware, and tracking cookies could all be considered types of spyware. Keyloggers, as well, are a popular form of spyware that can be used to track and log the keys you strike on your keyboard, capturing any information typed.
Ultimately, spyware can:
- Breach personal privacy
- Collects confidential data, including by logging keystrokes
- Steal data
- Result in identity theft or credit card fraud
Spyware example
DarkHotel, 2014: This keylogger spyware targeted government and business leaders using hotel Wi-Fi.
8. Rootkits
Rootkits are a type of malware that grants cybercriminals remote control of victims’ devices, oftentimes without the victims’ knowledge. Since rootkits are designed to remain hidden, they can hijack or subvert security software, making it likely that this type of malware could live on your computer for a long time causing significant damage.
This type of malware is often spread through phishing and malicious downloads or attachment.
Ultimately, rootkits can:
- Take remote control of devices
- Grant cybercriminals admin access to devices
- Spy on users’ activity
Rootkits example
Zacinlo, 2012: This rootkit stayed stealthy until about 2017 when it was first detected, delivering adware
and disabling antivirus software on primarily Windows devices.
9. Fileless malware
Fileless malware is a type of malware that uses software, applications, and protocols already built-in or native to device operating systems to install and execute malicious activities. In other words, no files are needed to download this type of malware, hence the name fileless malware. Fileless malware is memory-based, not file-based.
Once installed, fileless malware piggybacks on legitimate scripts by executing malicious activity while the legitimate programs continue to run. Thanks to this stealthy nature, fileless malware is tough to spot.
Ultimately, fileless malware can:
- Disrupt antivirus software
- Steal data
Fileless malware example
Astaroth, 2019: This fileless malware was a true info-stealer and primarily targetted Windows devices and in specific countries, including Brazil.
10. Malvertising
Not to be confused with adware, malvertising is a type of malware that comes from ads on legitimate websites. Adware, however, is a type of malware that is already on a device. Both attacks rely on online advertising to do their damage.
You can fall victim to malvertising by clicking on an infected ad — cybercriminals may even pay to place these on websites — or by visiting a website that is home to a corrupted ad and becoming victim to a drive-by download.
Ultimately, malvertising can:
- Result in ransomware attacks
- Steal data
- Result in credit card fraud
Malvertising example
The media, 2016: The New York Times, BBC, AOL, and other news sites unknowing served malvertisements to readers that set out to hold hostage computers and demand a ransom.
How is malware injected or deployed?
Malware is overwhelmingly spread via email. By some counts, 94 percent of it is delivered by email. Still, cybercriminals harness many methods to pull off a malware attack. These are just some of their common tactics, some being combinations of one another.
- Man-in-the-browser attacks are when an attacker injects malware into a computer, which then installs itself into the browser without the user’s knowledge, to record the data that is being sent between the victim and specifically targeted websites.
- Exploiting security vulnerabilities is when cybercriminals manually look for security holes in devices and networks that they can then inject malware into.
- Exploit kits are an alternative to manually exploiting security vulnerabilities. They are prewritten codes used to search for vulnerabilities in devices and, ultimately, inject malware in those security holes.
- Drive-by downloads are when users visit a malicious website that is hosting an exploit kit for malware attacks.
- Social engineering is manipulating people’s emotions to click malicious links, download bad attachments, or share sensitive information that can be used for fraudulent purposes. It can encompass phishing, vishing, or smishing.
How to prevent, detect, and remove malware
Just as the types of malware may meld together, so too do malware prevention tactics. Consider a combination of these best practices to prevent malware, plus tips for how to detect malware and how to remove malware.
Use multi-factor authentication
Multi-factor authentication, or two-factor authentication, adds an extra layer of security to your accounts by introducing an additional step in the login process. That can come as a code sent to your phone or a biometric scan, that helps verify your identity. Ultimately, multi-factor authentication is meant to prevent cybercriminals from accessing your private information.
Avoid suspicious emails, links, and sites
Staying Cyber Safe means staying suspicious — suspicious of attachments from unknown sources, encouragements to click links, and even advertisements that seem too good to be true. All of these can be phishing attempts that result in malware. Play it safe, and don’t engage if your gut tells you not to.
Adjust spam filters
Since email is the primary delivery method for malware, it’s important to bone up on your email security — start by setting your spam filters high. This can ensure you’re never tempted to engage with a malicious link, email, or attachment from the start.
Keep software up to date
Software updates are important, because they repair security holes that could be exploited by cybercriminals. For this reason, make a point to run software updates as soon as they become available and consider even allowing automatic updates.
Know the warning signs of a malware infection
Staying apprised of the following warning signs of malware can help you detect malware fast:
- Your device is sluggish, freezing, or crashing
- Programs are opening, closing, and modifying on their own
- Your device has little to no storage space
- You’re bombarded with pop-ups or unwanted programs
- Emails are being sent without your consent
Consider antivirus software
When the warning signs of malware infections aren’t apparent, antivirus software can be there to help. Antivirus can take the guesswork out of whether or not you have a malware infection by monitoring — and stopping — the cyber threats.
Back up files regularly
The main reason for a data backup is to have a secure archive of your important information, whether that’s classified documents for your business or treasured photos of your family. This way, you can restore your device quickly and seamlessly in the event of data loss, perhaps as the result of a malware infection.
Remove accordingly
Depending on your device, malware removal can come with different steps. Be sure to research how to remove malware from a Mac or PC before beginning your malware removal process.
There’s no getting around it: Malware is malicious. Knowing the different types of malware and how they spread can level up your holistic approach to avoiding cyber threats.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.
Want more?
Follow us for all the latest news, tips and updates.