What is Malware? The Most Common Types, How They Work, & How to Easily Avoid Them All
The total cost of malware in 2015 was about $500 billion dollars. In 2019, that jumped to $2 trillion, and it’s expected to hit $6 trillion in 2021.
To put that into perspective, all of the US’s retail sales throughout the entire country totaled $1.14 trillion or so in 2017.
The average cost of a data breach in the world in 2018 was $3.86 million (up 6.4% from the year before). Also, in the US, that number is $7.91 million.
Needless to say, there is a lot of money being made in cybercrime and malware and it’s only growing. It’s because of this, that I think for this episode of Decodr, a series on my channel where I explain new tech topics regularly, we all need a primer on exactly what malware even is, the different types (i.e. do you know your ransomware from your worms and trojans?), learn how they all infect computers and phones, and because of all that, the easy ways you can avoid them.
Really quick, shout out to Bitdefender for sponsoring this video. Being an expert in the antimalware industry they helped a ton with the research for this video. We’ll talk about them more though in a bit.
Now, I want to be clear, this video is not trying to scare you like a lot of these types of videos tend to do. But, in today’s connected and digital world we just have to accept that these threats exist and are pretty prominent actually but the more we know about them and understand them, the easier they are to avoid and, frankly, the less we can worry about them.
What is Malware?
So first up, what is malware?
Technically the term comes from a combination of the words “malicious” and “software” but that’s a pretty broad term. I mean, by that definition I could include Premiere Pro as I swear it crashes on purpose because it’s evil.
So Bitdefender’s definition is “software that has a bad intention as far as your personal information, computer and operating system are concerned.”
Now, of course, the first type of malware that comes to mind for most people based on that definition is viruses. But honestly, this term is used a lot interchangeably with the term malware and we need to just address it quickly.
A virus is an application that can copy itself by attaching it’s code to other files on the system (think like how a cold infects the cells in your body–hence the name). The worst of these would then do this and spread from computer to computer damaging and compromising the integrity of each infected computer.
For malware to be a virus, it needs to be able to infect files in this way and honestly, since they corrupt files they are easily identified by computers and anti-malware software like Bitdefender’s Total Solution 2020, for example, so they actually aren’t really used very often by hackers nowadays–accounting for less than 1% of the global threats according to Bitdefender’s studies.
To monetize infections (and remember this is all about the money for most of these guys), cyber-criminals need their malware to stay undetected for a long time and again since viruses infect files they make a lot of noise on the system and set off too many red flags.
There have been some cases of some viruses like Win32.Sality that in its 13 years of existence has infected more than 2 million computers, so they do still exist, but they’re rare.
Now that we have that covered, let’s go through the most common types of malware affecting computers today, how they work, and how to avoid them.
First up, we have keyloggers. These are essentially the malware equivalent of someone looking over your shoulder while you’re at the ATM entering in your pin code to withdraw money.
This software is installed on an infected computer and intercepts everything you type and puts it into a log (hence the name) along with screenshots and mouse clicks, etc. in some cases, and then sends that log to its owner. Essentially giving them your logins for things like your bank site, e-commerce sites for credit card info, email logins (which they can use to then log in to other financial accounts, etc.).
Frankly, keyloggers are difficult to detect especially on shared computers like in a cafe, library, hotel, etc. This is why you should avoid logging in to anything terribly sensitive on any of these types of computers and on your own computer again being careful not to download files from places/people you don’t know can help limit your exposure.
Ransomware, this one’s become very popular recently and is all over the news.
According to a study by Bitdefender in 2015, ransomware caused $350 million worth of damage and some estimates have organizations and individuals paying out over $11.5 billion in 2019 and it is only expected to continue to increase.
The idea behind ransomware is essentially the ransomware infects your computer and then proceeds to encrypt all of the data on it so you can no longer view/retrieve it. Then the program requires you to pay a ransom (usually between $300 and $900 in some form of hard to trace currency like Bitcoin) in order for it to decrypt the files and give you access to them again. And if that 11.5 billion number is anything to go by, there’s no wonder they’re the malware of the moment currently.
Now, the way that they are spread is, again, very similar to the other versions of malware here. Usually in some sort of cleverly crafted email that has an attachment in the form of an invoice, delivery note, resumes, or some other type of file related to the email.
Some ransomware though can also be disguised as advertising banners on some websites that use exploits (or known vulnerabilities) in usually older versions of browsers to then crash the browser and install their code. And some have even been found installed in illegal downloads found on popular torrent websites, as well.
Now, of course, again, be careful of any files through email or sites that you don’t know/trust, but because this malware has also been known to infect computers in other ways, you should take other precautions, as well.
Firstly, backup your important files regularly and to a drive that is not constantly connected to your computer (as a lot of ransomware out there is able to encrypt attached storage, as well). I have a quick list of some super fast and affordable drives that I just did a video and you can check out here if you need some recommendations.
Besides that, Bitdefender actually worked with the local authorities in added a new ransomware
Another one of the most common types of malware that you’ve also probably heard of is called phishing (although I’m not sure if it’s technically malware because it’s not really its own software… whatever, it happens way too often, we’re including it).
The idea behind this is that just like the hobby fishing that the name is based on an attacker will send out various emails/instant messages/and even put links on social networks/forums/etc. in the hopes that someone will fall for it, click it, and end up giving up some valuable information.
A common example of this you receiving an email supposedly from your bank. It’ll have your bank logos in it and other visual cues to make it seem like it is actually your bank sending the message (it’s not) and it’ll maybe have some sort of threat that if you don’t click the link within it and validate some personal info, your account will be suspended or something.
Then when you click on the link it takes you to a fake site that looks like the correct one and you’ll put in your login credentials for example and then viola the cyber-criminal now has that info and can use it to access your real bank, transfer money out of the account, etc.
Since these rely on conning you into clicking a link usually, a good way to protect yourself is to just learn to recognize these emails with a few telltale signs:
- The emails generally have spelling or grammar mistakes since most of the time they aren’t from a native English speaker.
- They’re usually not personal (since the attacker is again most of the time blasting these out to a large number of people hoping some click a la fishing again). So they’ll start with Dear sir/madam/user etc. heck some even start with just “dear dear” (clearly confused about how salutations work in English).
- Also, a lot of financial institutions like banks have policies where they will never ask for any info from you via email so automatically there is a good chance that your bank also has that policy and so any email coming in pretending to be them is fake. If you get an email like that though and want to confirm, just call your bank’s customer support number and ask them (just be sure to use the real phone number widely available and not one that is in the email because that too could easily be faked).
Besides that, spam filters are your first line of defense and if you’re using any sort of modern email services these are in place and removing some of these messages before they even reach your inbox.
If any accounts you use support two-factor authentication, use it. This is usually in the settings of your account and when turned on, it requires a unique code to be sent to your phone for you to input every time you log in. Personally, I have this on everything as it’s a huge help in fighting people gaining access to your accounts.
And finally, there are anti-phishing/fraud modules built into some software (like Bitdefender’s Total Security which I’ll link to below and we can talk about more in a sec) that analyzes webpages you land on and can tell if it’s fake or not and actually block you from entering in your info on it.
So there is some of the most common malware out there that you’ll encounter on a regular basis basically and how to try and protect yourself from it all.
Now, besides the things I mentioned, you can, of course, also install an anti-malware program, like Bitdefender, who even won Product of the Year from AV-Comparatives (getting top marks in all seven tests and beating 15 other malware companies you’ve heard of) and Best Protection and Best Performance from AV-Test, as well.
Their Bitdefender Total Security 2020 is just that–total. It has ransomware protection that can actually stop your files from being encrypted, Advanced Threat Defense tech that monitors processes and can easily identify keyloggers lurking in the background, the aforementioned phishing filters to stop you from accidentally inputting your info where it doesn’t belong, and even network monitoring, parental controls, a VPN to keep your data private, works across Android, iOS, Mac and Windows, and more.
The best part? They’re under $4/month for all of it for up to 5 devices. And right now if you use the link here, you’ll be able to even get a 4-month free trial to see how you like it. Check it out!
Thanks for reading, guys and let me know what you think in the comments below!