Malware
Malware, short for malicious software, is any program or code intentionally designed to damage, disrupt, gain unauthorized access to, or otherwise harm a computer system, network, or its users.
Definition
Malware, short for malicious software, is any program or code intentionally designed to damage, disrupt, gain unauthorized access to, or otherwise harm a computer system, network, or its users.
Overview
Malware is an umbrella term covering many distinct categories of malicious software, each with different goals and behaviors. Viruses attach themselves to legitimate programs and spread when the infected program runs. Worms self-replicate and spread across networks without needing a host program or user action. Trojans disguise themselves as legitimate software to trick users into installing them. Spyware covertly monitors user activity, while a Rootkit hides its own presence and that of other malware deep within a system, and a Botnet is a network of malware-infected devices controlled remotely by an attacker. Ransomware, one of the most financially damaging malware categories today, encrypts victim data and demands payment for its release. Malware typically gains initial access to a system through Phishing emails, exploitation of unpatched software vulnerabilities, malicious downloads, or infected removable media, then executes its payload — which might steal data, provide the attacker remote access, encrypt files, or recruit the device into a botnet. Defending against malware involves multiple overlapping layers: traditional antivirus and modern Endpoint Detection and Response (EDR) tools to detect and block malicious code, network security controls like firewalls to limit how malware can communicate with attacker infrastructure, regular patching to close the vulnerabilities malware commonly exploits, and user training to reduce successful phishing-based delivery. Modern malware increasingly uses techniques specifically designed to evade detection — obfuscating its code, using legitimate system tools instead of dropping obviously malicious files ("living off the land"), or communicating with attacker infrastructure through encrypted, seemingly normal-looking traffic — which is a major reason security teams increasingly rely on behavior-based detection and proactive Threat Hunting rather than signature matching alone.
Key Concepts
- Umbrella term covering viruses, worms, trojans, spyware, rootkits, and more
- Delivered through phishing, exploited vulnerabilities, or malicious downloads
- Payloads range from data theft to remote access to file encryption
- Modern malware increasingly uses evasion techniques to avoid detection
- Defended through layered controls: EDR, firewalls, patching, and training
- Ransomware and botnets represent particularly damaging malware categories
- Detection is shifting from signature matching toward behavior-based analysis