Malware & Viruses

“ Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. A virus is a form of malware that can replicate itself by inserting its code into other programs. ”

Malware is short for malicious software, programs designed to harm your computer, steal your data, or spy on your activity. Viruses are one type of malware, but there are many others: ransomware locks your files until you pay a ransom, spyware secretly collects your information, and trojans disguise themselves as safe apps or files to trick you into installing them.

Malware usually arrives by tricking the user or by exploiting holes in software. The most common routes are phishing emails with malicious attachments or links, fake downloads , and infected websites that silently run code when you visit them (called “drive-by downloads”).¹ Removable storage like USB drives can carry infections, and peer-to-peer or torrent downloads sometimes bundle malware with the files you want. Attackers also exploit unpatched vulnerabilities in operating systems, browsers, or plugins so malicious code can run without the user clicking anything. In short, a lot of infections start with either a click you didn’t mean to make or software that hasn’t been kept up to date.

Viruses

Viruses attach themselves to legitimate files or programs. When you open an infected file, the virus runs and can modify other files, corrupt data, or spread to files you share. Worms are similar but usually don’t need to piggyback on a file, they replicate across networks by themselves, exploiting weak passwords or network vulnerabilities to jump from one device to another. Both types spread quickly if left unchecked, and while many are old school, modern variants can still cause big headaches by clogging systems or delivering additional payloads.

Trojans

A trojan (getting its name from the Greek myth of the Trojan Horse) disguises itself as something harmless like an app, utility, or document to trick you into installing it. Once installed, it can open a backdoor that lets attackers access your machine, steal files, or download other malware. Trojans don’t self-replicate like worms, their danger is that they look legitimate and often arrive through social engineering when someone convinces you that installing the program is safe or necessary.

Ransomware

Ransomware encrypts your files and demands payment, usually in cryptocurrency, to give you the decryption key. It’s often delivered via phishing emails or trojans and can devastate a person who doesn’t have backups. Some ransomware also threatens to publish stolen data if you don’t pay. The best defense is regular, offline backups and not paying ransoms. People get into real trouble with ransomware when the files that have been encrypted aren’t backed up. The truth is, even if you pay a ransom, there is no guarantee you’ll be given the key to decrypt your files. It’s also worth noting that the top encryption algorithms today are incredibly sound, and that attempting to decrypt your files any other way than with the key would be a waste of time. Having a computer backup with duplicates of everything important on your computer is a simple way to avoid the consequences of a ransomware attack.

Spyware

Spyware is a type of malicious software that quietly gathers information from a person’s device without their knowledge or consent. It usually runs in the background, tracking a user’s online activity, collecting sensitive data like passwords or credit card numbers, and sometimes even monitoring keystrokes or capturing screenshots. This information is then sent to attackers or advertisers who use it for identity theft, fraud, or targeted marketing. Some common forms of spyware include keyloggers, which record every keystroke typed; adware, which displays unwanted advertisements and tracks browsing habits; and tracking cookies, which monitor users’ web activity to build detailed profiles of their interests and behaviors.

Rootkits

Rootkits are tools that hide the presence of malware by modifying the operating system, making detection very difficult. Fileless malware like this doesn’t rely on files sitting on your disk, it runs in memory or uses legitimate system tools to execute malicious commands. Both are favored by advanced attackers because they leave fewer traces and can persist through simple cleaning measures. Rootkits are placed on targets by sneaking them in through the same channels used for other malware, but they almost always require some way to get code running on the machine and to gain elevated privileges so the rootkit can hide itself.

Most malware follows a basic pattern: get into the system (delivery), run and install itself (execution), contact its operator (communication), and then perform its task (exfiltrate data, encrypt files, join a botnet, show ads, etc.). Some malware also tries to maintain access (persistence) by creating hidden accounts, installing services, or changing startup routines. Advanced types will also try to hide so standard antivirus misses them.

Signs you might be infected include slow performance, unexpected popups, browser redirects, unknown programs at startup, strange network activity, or files that have become inaccessible. If you suspect an infection, disconnect from the internet, run a reputable antivirus/antimalware scan, change passwords from a clean device, and restore important files from backups if necessary. If it’s ransomware or severe compromise, seek professional help. Don’t panic, and always avoid paying ransoms!

Defenses You Can Use

  • Keep software updated (OS, browser, plugins, apps). Most attacks exploit known vulnerabilities.

  • Use a reputable antivirus or antimalware tool and schedule regular scans.

  • Avoid suspicious downloads and email attachments. Don’t open files from unknown senders.

  • Use strong, unique passwords and a password manager. Combine with MFA wherever possible.

  • Back up important files regularly to an external or cloud backup that you can recover separately.

  • Be cautious on public Wi-Fi and avoid logging into sensitive accounts there without a VPN.

If you’ve read a few pages on this site already, you may have noticed that the defenses for a lot of these online threats overlap. For a moment, compare cybersecurity to a fairly well protected house. Whether you’re worried about a burglar, an animal, or a storm, the basic defenses are the same. You keep your doors locked, install good lighting, maybe add cameras, and avoid letting strangers in. You don’t need a completely different house for each threat, you only need one well built structure with strong locks and habits to protect against the majority of threats you’ll face.

It’s the same online. Most cyberattacks (phishing, malware, social engineering, ransomware, etc.) start the same way. Someone gains unauthorized access because of a weak password, outdated software, or misplaced trust in a fake message. That’s why defenses like strong authentication (MFA), software updates, cautious clicking, and backups are recommended again and again. Each of these steps doesn’t just protect against one threat, it reduces the attacker’s opportunities across the board. Good security is layered, like multiple locks on a door. Even if one layer fails (say you accidentally click a bad link), the next layer (like antivirus or multi-factor authentication) can still stop the attack.

¹ “Malware and market share”, Journal of Cybersecurity, December 2018