Malware

Harmful software or programs, often referred to as malware or incorrectly grouped under the term computer viruses, are applications developed for criminal purposes. They are used by criminals for a variety of purposes, which can range from creating a kind of "backdoor" in computers, to spying on information, or even destroying hardware. There are different types of malware, varying in their characteristics and functions, but they all have one thing in common: they pose a significant threat to information security. Modern malware is mostly modular, so potentially a wide range of functions can be used depending on the scenario.

Malware exists for all types of devices, no longer just for "classic" Windows computers. In particular, smartphones are also becoming an increasingly popular target for criminals, as many critical actions are carried out via them nowadays, such as the authorization of bank transfers or the generation of one-time passwords for two-factor authentication.

  • Ransomware / Blackmail- / Encryption Trojans

    Ransomware is a particularly tricky type of malware. Criminals gain access to the victim's critical data and encrypt it. Users no longer have access to their own data afterwards. The criminals demand a "ransom" for the release or decryption of the stolen data. In many cases, the data is stolen before it is encrypted, so that an additional threat of publication is made if payment is not made. Very popular is also the encryption of personal content (documents, pictures, etc.) in a private context.

    For more information on the topic, see blackmail, blocking & loss of data.

  • Trojans

    Trojans are a form of malware that, like the Trojan horse, brings additional content undetected. Trojans are often distributed as or with freeware (free software) such as games or antivirus programs. After the Trojan is installed, it reloads and installs unwanted software that infects the system. These reloaded programs can have different functions, and the effects can range from annoying ads to the loss of all important files.

  • Botnets

    The goal of criminals is not always to infect a specific system with malware, but to infect as many systems as possible and misuse them for further attacks. Usually, the masses of infected systems are combined into so-called botnets. This enables the criminals to carry out the desired actions, e.g. sending spam, on a large number of infected systems, the so-called bots, at the same time and thus cause greater damage. Often, the users themselves do not even notice the infection and integration into a botnet, as the malware behaves as discreetly as possible - after all, the criminals want to keep access to the systems for as long as possible.
     

Ways of infection

Infection with malware can occur via a wide variety of ways, and criminals are becoming increasingly sophisticated in their approach to spreading it. Malware is not always recognized as such in the first instance, so that an infection may already have occurred some time before the attackers become active.

  • Via e-mail or Direct Message

    The most common method of infection is still via e-mail attachments. The malware is sent by e-mail disguised as an image, Word or Excel file, for example, and the recipient is persuaded to open the file. Social engineering methods are often used to put pressure on the recipient. Also links to websites placed in e-mails can initiate the download of malware when they are opened. Similarly, distribution can also take place via direct messages in a messenger, via SMS or on social media. You can find out how to recognize such e-mails or direct messages under Phishing and E-mail Security.

  • Via Download

    Internet sites can offer malware files for download, which are advertised as supposedly useful and free programs, for example. Security gaps in the Internet browser can also be abused by attackers to install malware while visiting a website (drive-by infections).

    Attackers may also gain access to legitimate websites and place malicious content there unknown to the legitimate operators. Even offers disguised as promising advertisements can be backed up with malware. This infection path is called malvertising.

  • Via USB stick or other devices

    Another option apart from the Internet is to infect a system via connected devices, e.g. USB sticks, external hard drives or even prepared keyboards. Unknown devices should be treated with caution, just like unknown attachments or links, and if in doubt, should not be used.