SkipToMainContent

Malware

10 types of malware + how to prevent malware from the start

a black woman in an office stares at her laptop with hands pressed to her forehead, indicating she might be experiencing some type of malware

August 27, 2021

The most common types of malware include viruses, worms, trojans, ransomware, bots or botnets, adware, spyware, rootkits, fileless malware, and malvertising. 

And while the end goal of a malware attack is often the same — to gain access to personal information or to damage the device, usually for financial gain —  the delivery methods can differ. Some might even involve a combination of these malware types. 

Detecting and dodging the malice begins with learning about these different types of malware. Here, we’re overviewing just that, listing out 10 prevalent malware types and pressing questions and queries associated with them, including:       

  • What is malware? 
  • What are the different types of malware? 
  • How is malware injected or deployed?      
  • How to prevent, detect, and remove malware

What is malware?

a desktop computer screen shows a red siren and is surrounded by icons that represent types of malware that could be potentially infecting the device

A contraction of the words malicious software, malware is software that cyberattackers develop to gain access or cause damage to a computer or network, usually without their victim’s knowledge. To define malware point blank, it’s any piece of software created with the intent to cause harm.  

Of course, the degree of that harm depends on the types of malware you’re dealing with. This is why it’s not only important to understand not only what does malware mean but also what each type of malware means — and what it means for targets. 

What are the different types of malware?

Even as there was a 39 percent decrease in malware worldwide in 2020, malware types continue to evolve.  

Over time, some malware types have even become hybrids of one another, as they deploy similar malware attack methods, such as by harnessing logic bombs, meaning pre-set attacks that are sometimes triggered by victims themselves; by leveraging phishing and social engineering tactics to deliver malware directly to victims; or via mobile malware, meaning malware that targets mobile devices. 

These are the most common types of malware to recognize:         

1. Malware viruses

a red and yellow virus icon represents malware viruses and is accompanied by a malware virus definition


Viruses
 are a type of malware that often take the form of a piece of code inserted in an application, program, or system and they’re deployed by victims themselves.  

Among the most common types of malware, viruses are similar to bodily viruses in that they require a host, meaning a device, to live. They lie dormant until triggered to attack, perhaps by users downloading an email attachment — oftentimes .exe files, that stands for “executable” files.  

From there, the virus replicates, spreading copies of itself from computer to computer, to wreak the most havoc.  

Ultimately, malware viruses can:        

  • Seize applications        
  • Send infected files to contact lists       
  • Steal data
  • Launch DDoS attacks   
  • Launch ransomware attacks

Malware viruses real-world example      

ILOVEYOU virus, 2000: This malware virus impacted millions of computers around the globe and was downloaded by clicking on an attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs” and from an email with the subject line “ILOVEYOU.”

2. Worm malware

Worms, similar to malware viruses, are a type of malware that replicates itself. Unlike viruses, however, worm malware can copy itself without any human interaction, and it’s not host-dependent, meaning it does not need to attach itself to a software program to cause damage.  

Worms can be transmitted via software vulnerabilities. They also can arrive as attachments in emails or direct messages or be installed by removable media. Once opened, these files could provide a link to a malicious website or automatically download the computer worm. Once installed, the worm silently goes to work and infects the machine or even entire networks without the user’s knowledge. 

Ultimately, worm malware can:        

  • Delete or modify files        
  • Steal data        
  • Install backdoors for hackers         
  • Launch DDoS attacks        
  • Launch ransomware attacks        
  • Create botnets        
  • Infect many computers at once

Worm malware example        

SQL Slammer, 2003: Regarded as one the fastest spreading worm malware ever, SQL Slammer exploited a vulnerability in Microsoft’s SQL Server software. The attack took all but 10 minutes and impacted thousands of servers.

3. Trojan malware

What are Trojans? Hence the valiant name, Trojans are a type of malware disguised as bona fide software, applications, or files to deceive users into downloading it and, unknowingly, granting control of their devices. Once installed, a trojan can perform the action it was designed for, be it to damage, disrupt, steal, or inflict some other harmful action on your data or network. 

Also known as a Trojan horse or Trojan horse virus, Trojan malware is often spread via email attachments, website downloads, or direct messages. Similar to viruses, they too require user action to be deployed. In comparing a malware virus vs trojans, the difference is that viruses are host-dependent and trojans are not. Trojans also do not self replicate like viruses.  

  • Ultimately, trojan malware can:         
  • Delete, modify, or steal data         
  • Spy on users        
  • Access networks        
  • Launch DDoS attacks        
  • Take remote control of devices

Trojan malware example        

ZeuS/Zbot, 2011: This banking Trojan leveraged keystroke logging to steal credentials and also account balances.

4. Ransomware

a money bag represents ransomware and is accompanied by a ransomware definition


Ransomware, as the name indicates, is a type of malware that comes with a ransom. It locks and encrypts a victim’s device or data and demands a ransom to restore access.  

How does ransomware happen? It’s often the result of victims mistakenly downloading this malware type through email attachments or links from unknown sources. Once installed, the malware might create a backdoor for hackers to gain access to a device and then begin encrypting the data on locking owners out of their devices entirely until they pay a ransom to regain ownership. 

Worth noting is ransomware is increasingly being paid in cryptocurrency and this is sometimes referred to as crypto-malware.  

Ultimately, ransomware can:        

  • Hold devices hostage        
  • Make data inaccessible through encryption        
  • Result in financial loss

Ransomware example        

WannaCry, 2017: This ransomware attack targeted thousands of computer systems around the world that were running Windows OS and spread itself within corporate networks globally. Victims were asked to pay ransom in Bitcoin to retrieve their data.

5. Bots or botnets

Botnets are a type of malware that gain access to devices through a piece of malicious coding. In some cases, botnets directly hack devices, with cybercriminals even taking remote control of devices.  

Other times, the bots might act more as a “spider,” meaning a program that crawls the internet looking for holes in security infrastructures to exploit, and the hacking is done automatically — or robotically if you will. 

Ultimately, bots or botnets can: 

  • Launch DDoS attacks
  • Record activity, including keystrokes, webcam, and take screenshots
  • Send phishing emails from your device
  • Give hackers remote control of devices

Bots + botnets example

6. Adware malware

Adware, as the name indicates, is malware that involves advertising. Also known as advertising-supported software, adware displays unwanted advertisements on your computer, sometimes in the form of pop-up ads, that track users’ browsing activity. 
 

Sometimes this is for marketing purposes. Where adware can go wrong is when these ads collecting your data with malicious intent, be it to sell it to third parties or leverage it for identity theft or credit card fraud.  

 

Mobile adware, meaning adware on mobile devices, has become increasingly common and can be contracted through third-party app downloads. 

Ultimately, adware can: 

 

  • Be an annoyance
  • Lure users to malicious sites
  • Install spyware
  • Share user data with third parties

Adware example

Fireball, 2017: This adware infected around 250 million devices by means of browser hijacking to track victims’ web activity.

7. Spyware

a pair of binoculars represent spyware and is accompanied by a spyware definition


Spyware
is a type of malware that infiltrates devices without the owner’s knowledge. This is often for the purpose of spying on internet activity, tracking log in and password information, or collecting sensitive information that can be used for fraudulent purposes. 

It’s a broad malware type, too, as adware, trojan malware, and tracking cookies could all be considered types of spyware. Keyloggers, as well, are a popular form of spyware that can be used to track and log the keys you strike on your keyboard, capturing any information typed.  

Ultimately, spyware can:

  • Breach personal privacy  
  • Collects confidential data, including by logging keystrokes
  • Steal data  
  • Result in identity theft or credit card fraud

Spyware example        

DarkHotel, 2014: This keylogger spyware targeted government and business leaders using hotel Wi-Fi. 

8. Rootkits

Rootkits are a type of malware that grants cybercriminals remote control of victims’ devices, oftentimes without the victims’ knowledge. Since rootkits are designed to remain hidden, they can hijack or subvert security software, making it likely that this type of malware could live on your computer for a long time causing significant damage. 

This type of malware is often spread through phishing and malicious downloads or attachment.  

Ultimately, rootkits can:

  • Take remote control of devices
  • Grant cybercriminals admin access to devices       
  • Spy on users’ activity

Rootkits example 

Zacinlo, 2012: This rootkit stayed stealthy until about 2017 when it was first detected, delivering adware
and disabling antivirus software on primarily Windows devices.

9. Fileless malware

Fileless malware is a type of malware that uses software, applications, and protocols already built-in or native to device operating systems to install and execute malicious activities. In other words, no files are needed to download this type of malware, hence the name fileless malware.  Fileless malware is memory-based, not file-based. 

Once installed, fileless malware piggybacks on legitimate scripts by executing malicious activity while the legitimate programs continue to run. Thanks to this stealthy nature, fileless malware is tough to spot. 

Ultimately, fileless malware can:

  • Disrupt antivirus software
  • Steal data

Fileless malware example

Astaroth, 2019: This fileless malware was a true info-stealer and primarily targetted Windows devices and in specific countries, including Brazil.

10. Malvertising

a pop-up ad reading “YOU WIN!” represents malvertising and is accompanied by a malvertising definition


Not to be confused with adware, malvertising is a type of malware that comes from ads on legitimate websites. Adware, however, is a type of malware that is already on a device. Both attacks rely on online advertising to do their damage.  

You can fall victim to malvertising by clicking on an infected ad — cybercriminals may even pay to place these on websites — or by visiting a website that is home to a corrupted ad and becoming victim to a drive-by download. 

Ultimately, malvertising can:     

  • Result in ransomware attacks
  • Steal data      
  • Result in credit card fraud

Malvertising example   

The media, 2016: The New York Times, BBC, AOL, and other news sites unknowing served malvertisements to readers that set out to hold hostage computers and demand a ransom.

How is malware injected or deployed?

Malware is overwhelmingly spread via email. By some counts, 94 percent of it is delivered by email. Still, cybercriminals harness many methods to pull off a malware attack. These are just some of their common tactics, some being combinations of one another.         

  • Man-in-the-browser attacks are when an attacker injects malware into a computer, which then installs itself into the browser without the user’s knowledge, to record the data that is being sent between the victim and specifically targeted websites.        
  • Exploiting security vulnerabilities is when cybercriminals manually look for security holes in devices and networks that they can then inject malware into.   
  • Exploit kits are an alternative to manually exploiting security vulnerabilities. They are prewritten codes used to search for vulnerabilities in devices and, ultimately, inject malware in those security holes.       
  • Drive-by downloads are when users visit a malicious website that is hosting an exploit kit for malware attacks.
  • Social engineering is manipulating people’s emotions to click malicious links, download bad attachments, or share sensitive information that can be used for fraudulent purposes. It can encompass phishing, vishing, or smishing.

How to prevent, detect, and remove malware

a desktop computer screen is full of icons representing the warning signs of different types of malware


Just as the types of malware may meld together, so too do malware prevention tactics. Consider a combination of these best practices to prevent malware, plus tips for how to detect malware and how to remove malware.

Use multi-factor authentication

Multi-factor authentication, or two-factor authentication, adds an extra layer of security to your accounts by introducing an additional step in the login process. That can come as a code sent to your phone or a biometric scan, that helps verify your identity. Ultimately, multi-factor authentication is meant to prevent cybercriminals from accessing your private information. 

Avoid suspicious emails, links, and  sites

Staying Cyber Safe means staying suspicious — suspicious of attachments from unknown sources, encouragements to click links, and even advertisements that seem too good to be true. All of these can be phishing attempts that result in malware. Play it safe, and don’t engage if your gut tells you not to.

Adjust spam filters

Since email is the primary delivery method for malware, it’s important to bone up on your email security — start by setting your spam filters high. This can ensure you’re never tempted to engage with a malicious link, email, or attachment from the start.

Keep software up to date

Software updates are important, because they repair security holes that could be exploited by cybercriminals. For this reason, make a point to run software updates as soon as they become available and consider even allowing automatic updates.

Know the warning signs of a malware infection

Staying apprised of the following warning signs of malware can help you detect malware fast:        

  • Your device is sluggish, freezing, or crashing        
  • Programs are opening, closing, and modifying on their own        
  • Your device has little to no storage space        
  • You’re bombarded with pop-ups or unwanted programs        
  • Emails are being sent without your consent

Consider antivirus software  

When the warning signs of malware infections aren’t apparent, antivirus software can be there to help. Antivirus can take the guesswork out of whether or not you have a malware infection by monitoring — and stopping — the cyber threats.

Back up files regularly

The main reason for a data backup is to have a secure archive of your important information, whether that’s classified documents for your business or treasured photos of your family. This way, you can restore your device quickly and seamlessly in the event of data loss, perhaps as the result of a malware infection.

Remove accordingly

Depending on your device, malware removal can come with different steps. Be sure to research how to remove malware from a Mac or PC before beginning your malware removal process.

There’s no getting around it: Malware is malicious. Knowing the different types of malware and how they spread can level up your holistic approach to avoiding cyber threats.


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.