blog posts

What Is Malware And How Can It Be Prevented?

No Computer System Is Safe From Malware Attack, And Familiarity With The Types Of Malware And Mechanisms And Ways To Deal With It, Is A Requirement These Days.

Fans of series like Mr. Robot and Black Mirror are probably well acquainted with the very dangerous and terrifying face of malware and the depth of power and hacker influence in the lives of uninformed Internet users. 

In the series Mr. Robot, a genius hacker who even has the power to infiltrate the AFBI system designs malware to destroy the debt backup files of 70% of the world’s people owned by the vicious and corrupt E-corp company.

 Of course, in the rest of the story, we will see how easily hackers can access online account information, bank accounts, IoT-based systems, and mobile phones, and use this information to control people and extort money.

If you decided to cover your laptop camera with glue and paper after watching the Black Mirror series, you are probably not alone in this decision; Because hackers are waiting in ambush at any moment to enter your device from the smallest security hole and infect it with all kinds of malware.

The evolution of malware, which reportedly began with the advent of the Brain virus on floppy disks, has introduced a vast array of trojans, worms, vipers, ransomware, and other malware into the tech world that in many cases virtually cripples the lives of individuals and organizations. 

The various types of malware that troubled Internet users in the 1990s, such as erasing data, destroying the device’s hard drive, or harassing users by displaying ridiculous messages or playing audio, can now be viewed on the Malware Museum website in a safe environment. 

Some of this malware may now seem simple; But do not forget that it was the early malware that laid the foundation for more advanced and more dangerous versions. In this article, we will examine the different types of malware and their mechanisms, and at the end, we will introduce the methods of protection against them. 

What is malware?

Malware abbreviated to “malicious software” means malicious software. Malware is designed by cyber attackers to access or damage a computer or Internet network, and in most cases, the attacker is unaware that it exists on their system. When malware enters a computer, it allows hackers to access information, devices, and systems without permission. 

The malware was originally designed as a form of cyber-sabotage to corrupt the computer, changing the background image, or accessing personal information; But over time, it has become a tool for cybercriminals to make money by stealing valuable information to extort money from businesses, hacking passwords to access bank accounts or steal identities.  

Over the years, malware has come in many forms, and here is a brief history of the first computer virus.

The first computer virus and worm 

According to some, the first computer virus was Creeper, which showed up in the early 1970s, ten years before American computer scientist Leonard Adelman called the malware a “computer virus.”

The message displayed by the cripple virus on infected systems: “I cripple: if you can catch me!”

Creeper virus in the operating system Tenex and pre-conversion ARPANET ( ARPANET ) to the global Internet appeared to transfer from one system to another, the message to appear: “I Kryprm: if you can get me to throw!” The virus was removed from the previous system when it found a new device to infect; Because it could not infect multiple devices at the same time. 


Creeper was designed for harassment only and had no other function, But it was the first software to behave similarly to malware. Shortly afterward, another software called Reaper was designed to eliminate cripples. 

On the other hand, some believe that the title of the first computer virus should belong to Brain; Because unlike Creeper, it could be reproduced without having to delete itself from the previous system.

 Many malware today is self-replicating.  

But the first computer worm to get media attention was the Morris worm, which is 1988 was able to infect thousands of computers in the very early hours of the Internet, which was then in the hands of academics and engineers, and a large portion of the Internet. The financial estimate of lost productivity due to the Morris worm attack was estimated at around $ 100,000 to $ 10 million. 

Of course, the Morris worm, like the Brain and Creeper viruses, does not exactly fall into the category of malware; Because it was actually an experiment that got out of the developer’s control and the damage it caused was not intentional.

Source code for Morris cream on floppy disk at the Museum of Computer History in California

The software tried to estimate the size of the emerging Internet by performing a series of scans; But errors in the code led to the unintentional execution of DoS attacks, slowing down some computers to the point where they became virtually unusable.

After the Morris Worm attack, the integrated Internet connection was cut off for several days to prevent it from spreading and clearing the entire network. 

Types of malware

Types of malware
Computer Virus Worm
Trojan Spyware
Ransomware Wiper
Adware Botnet 
Cryptocurrency Extraction Malware  Rootkit 
Fileless Malware Windows malware 
Mac malware  Android malware 
iPhone malware  IoT malware 


Computer Virus

Most Internet and media users use the word “virus” to refer to any malware reported in the news; Fortunately, most malware is not a virus. The computer virus modifies the legally valid files of the host so that the virus can run with it whenever the infected file is executed.  

Pure computer viruses are no longer common these days and makeup only 10% of all available malware. This is a good thing; Because the virus is the only malware that infects the rest of the files, it is difficult and almost impossible to remove the virus alone. 

Even the best anti-virus software is not able to separate the virus from other files and in most cases, it will quarantine or delete the infected files altogether. 


Worms have a longer history of presence in computer systems than viruses, dating back to the era of big computers. Computer worms emerged with the advent of email in the late 1990s, and for almost ten years computer security experts were surrounded by malicious worms that were sent as email attachments. 

It was enough for the user to open the email infected with the worm to infect the whole company in a short time. 

A distinctive feature of a computer worm is its self-replicating ability. For example, the popular Iloveyou worm targets almost all e-mail users in the world, filling their phone systems with fake messages, shutting down TV networks, and even interrupting newspapers in some places. 

Worms such as SQL Slammer and MS Blaster also solidified the worm in the history of computer security. 
Unlike viruses, worms do not require user action to reproduce

Worms are more destructive and troublesome than viruses because they can reproduce without the need for user action. Viruses need a user to activate them to run them along with the infected program, But the worm uses files and other programs to perform its evil deeds. 

The SQL Slammer worm, for example, used a security hole fixed in Microsoft SQL to overflow the buffer of almost all unspoiled SQL servers connected to the Internet in 10 minutes; A record that has not been broken to date. 


One of the most common types of malware is a trojan, which often implies itself as a valid and useful tool to force the user to install. Trojans are older than viruses; But more than any other malware, it has damaged current computers. 

The malware’s name is derived from the story of the Trojan horse, in which the ancient Greeks hid inside a giant wooden horse given as a gift to the city of Troy, and when the horse entered the city, the Greeks came out and captured the city.

 Malware has a similar function; In this way, it enters the system secretly and in the form of a useful tool such as updating or downloading Flash, and as soon as it enters, it launches the attack. 

The trojan must be run by the user to access system information. 

This malware is often transmitted to the system via email or by visiting infected websites. The most common type of malware ironically manifests itself as an antivirus program, claiming in a pop-up message that your computer is infected with a virus and that you must install this “software” to remove it. Users are also deceived and by installing malware, they invite the trojan to their computer like a vampire who needs to be invited to enter the victim’s house. 

The most common type of malware in the form of antivirus program forces the user to download 

Depending on its capabilities, the Trojan can access all the information on the system; Including account login and password information, screenshots, system information, bank account details, and more; Once accessed, the trojan collects this information and sends it to the hacker. Sometimes malware allows hackers to modify the information or shut down a system anti-malware program. 

Trojans are difficult to deal with for two reasons:

1. Writing a trojan is easy and millions of copies are made every month.

2- The Trojan spreads by deceiving the user; Therefore, they can not be prevented with security packages or firewalls, or traditional methods.


The work of spyware comes from its name; Spying on other people’s computers and devices. Spyware has access to your browser history, the applications you use, or the messages you send. Spyware can be downloaded and entered into the device in the form of trojans or other methods. 

For example, the toolbar you download for your browser may contain spyware that monitors your activities on the Internet; Or malicious advertisements may secretly transfer spyware code to your computer through an unwanted download.

The presence of spyware in the alarm system is a warning for more serious threats in the future

In some cases, spyware is sold to parents as software designed to control a child’s Internet use and is designed to be ignored by security and antivirus software. On the other hand, some companies use spyware to covertly monitor their employees. 

Spyware is often easily removed; Because unlike other malware, they have no malicious intent; Just find the spyware executable file and prevent it from running. 

Spyware is not as bad as other malware, including remote access trojans; But they both use the same login method. As a result, the presence of spyware in the system is an alarm for the user whose system is weak and must be fixed before facing more serious threats. 


Most malware prefers to be hidden from the user as much as possible so that they can steal more information out of sight; But ransomware, by its very nature, usually does the opposite. 

The ransomware often enters the system through an attachment or a link in phishing emails, infects it, and extorts money from the user by encrypting or removing it from the system; And to give the user re-access to the system or their locked information, requires the user to deposit money into the hacker account via Bitcoin or other cryptocurrencies. 

This method may seem simple and you can tell yourself that no one will be fooled; But the fact is that this method is really effective and has often caused serious problems for companies, hospitals, police stations, and even the whole city.

 In 2016 alone,  cybercriminals pocketed more than $ 1 billion through ransomware attacks. 

According to Europol, ransomware attacks overshadowed many of the world’s cyber threats in 2017. 

Most ransomware, like trojans, is spread through some form of social engineering and psychological manipulation of the user. Once executed, they often find and encrypt user files within the first few minutes; however, some may use the wait-and-see technique and, after a few hours of watching, estimate how much they can extort from the user or, if there is a backup of the files, delete or encrypt them. 

A quarter of ransomware victims pay ransom to a hacker, and 30% of them never have access to their files.

 Like any other malware, ransomware attacks can be prevented; But once executed, if there is no good backup of files, it is difficult to repair the damage to the system.

 According to studies, about a quarter of the victims pay the ransom to the hacker, and 30% of them can not access their encrypted files even after paying the ransom. Unlocking encrypted files, if possible, requires special tools and a considerable amount of good luck.

 To protect yourself from a ransomware attack, the best advice is to back up all your critical files offline. Of course, if a genius like Elliott Alderson from the series Mr. Robot wants to organize this attack, there is almost no hope that your backup files will be safe. 


Viper malware has a simple purpose: to erase all information on the computer or network in question. The process of deleting data from the system may be carried out by attackers after the data has been extracted and moved to another location, or it may be done solely to destroy all data without any backup.

Examples of Viper malware have been used to attack oil and energy companies and steal information and then delete it from the system. 

Some of these wipers do not just erase the data and encrypt the entire hard drive containing this information and make it unusable. 

One of Viper’s most famous attacks was the Petya ransomware, which targeted central banks, international airports, and even nuclear power plants around the world. At first, it was thought that Patia’s intention was ransom; But investigators found that the victims had no way of gaining access to their information by paying a ransom and that Petya’s goal from the beginning was to destroy without returning information. 


The ultimate goal of most cybercriminals is to make money, and for some, using advertising software is a good and painless way to do so. Advertising software does exactly what its name implies and is designed to impose ads on the user. 

In some cases, the only way to get rid of these annoying ads is to click on them, and each click generates revenue for the cyber-criminal. 

In most cases, the adware has nothing to do with the victim’s information and does not harm the device; They are just extremely annoying and force the user to constantly click on pop-up windows to close them. However, if this happens on a mobile phone, it will quickly reduce the battery charge or make it virtually impossible to use the phone by occupying the entire screen.


In a robot attack, cybercriminals use malware to secretly take control of a network of Internet-connected devices and launch coordinated attacks by ordering infected and controlled computers (like a bunch of zombies!). On a large scale, such as DDoS attacks, during which a lot of traffic is directed to the victim’s website or service and causes it to go offline. 

Other common attacks with the help of botnets include large-scale spam, financial data theft, and, on a smaller scale, specific targets, including the university’s Internet network, to offline servers.

IP of devices infected with damping baton was observed in 164 countries

Buttons are designed so that the user is completely unaware of their activity and control of their device. The more devices connected to the Internet, the more victims are attacked by botnets. The popular Mirai botnet, which drastically slowed down Internet services in the United States in late 2016, ‌ was partly dependent on IoT-based devices that, due to low security and lack of tools to remove malware, easily connected to the network controlled by this botnet. Were. 

Cryptocurrency Extraction Malware 

The remarkable success of Bitcoin has put cryptocurrencies in the public spotlight. In many cases, these cryptocurrencies are not purchased, but users are extracting them by providing part of the processing power to a part of their computer network or website. 

Meanwhile, the extraction of cryptocurrencies has also been exploited by cybercriminals. Of course, extracting cryptocurrencies is not an illegal activity; But some cyber-attackers use malware to secretly control other users’ computers and attach them to the botnet to get the most out of it; Without the computer owner being aware of this. 

One of the largest networks of cybercriminals is called the Smominru botnet, which is said to consist of 500,000 systems and its operators have pocketed at least $ 3.6 million.  

The cryptocurrency extractor usually enters malicious code into the victim device to use the device’s processing power to perform the extraction operations in the background. This process slows down the user’s system until it finally stops and the user thinks the problem is unreasonable. 

PCs and Windows servers are commonly used to extract passwords; But recently, IoT-based devices have also come to the attention of cybercriminals due to their lack of security and the nature of their connection.

According to the analysis of the Cisco Talos cybersecurity team, an infected system can extract 0.28 units of Ramzarz Monroe daily; Thus, a network of 2,000 infected systems can generate $ 568 a day and more than $ 200,000 a year for hackers. 


A rootkit is a malware designed to remotely control a computer without the user or security software being aware of its presence. With the help of a rootkit, cybercriminals can execute files, steal information, manipulate system settings and software, or even install other malware. The rootkit can enter the system by installing and running applications or phishing attacks and security holes. 

A rootkit is one of the most dangerous cyber threats; Because it can hide its presence and even disable system anti-malware programs and cause serious damage to installed applications. With the help of a rootkit, hackers can spy, launch DDoS attacks, and steal valuable data. 

A rootkit is one of the most dangerous cyber threats; Because it can hide its presence

To prevent and detect a rootkit attack, do not click on suspicious links that are usually sent to your system via email, use specialized programs to scan your computer, keep your system up to date, and monitor your Internet traffic. 

It is very difficult to find and remove rootkits after installation on the system; This is why cybersecurity experts emphasize that in this case, as in all other cases, prevention is better than cure. 

Fileless Malware

Fileless malware does not fall into a separate category of malware but rather describes how it works. Older malware infects files on target devices; But file-less malware, which today accounts for more than 50% of all malware, does not use the file or file system directly; Instead, they are played only in the device memory or use registry keys, application programming interface (APIs), or scheduled tasks that are “lifeless.”  

This model of malware emerged after the success of anti-virus programs and anti-malware systems in detecting and resolving cyber-attacks, as well as increasing the user’s caution and awareness when dealing with strange and unexpected emails and attachments. 

Now that the user is reluctant to open infected emails and links, and most systems are using up-to-date anti-virus programs, hackers have been forced to design malware that can overcome these two barriers to achieve their intended goals. 

By attacking and accessing the system infrastructure, attackers create hidden files and folders or scripts to infect the system, connect networks, and eventually take control of servers. 

The nature of file-ess malware is such that it is very difficult to detect and protect the system against it with the help of antivirus software. However, fixing security holes, keeping the system up to date, and removing or reducing unnecessary admin access can reduce the risk of such malware being attacked to some extent. 

Windows malware

There was a time when many people thought that only the Microsoft Windows operating system would be targeted by malware; This was because Windows was once the most common operating system, and hackers designed viruses and malware to fit the operating system. 

Windows continues to struggle with malware, and older versions are more vulnerable to cyber-attacks than any other, But malware is by no means limited to the Windows industry, and any device that can connect to the Internet is threatened by malware.  

Mac malware

For years, the Mac operating system was thought to be completely immune to malware attacks. But during the 1990s, the malware was designed to target the Windows operating system; But managed to Mac OS X also pollute. Between 1995 and 1998, malware such as Concept and Laroux infected Macs running Microsoft Office applications. 

Of course, this malware was not malicious, and in the case of Concept, only a “1” message was displayed on PC and Mac, and Laroux opened only macro pages of the same name in the user’s Excel project.

But in the mid-2000s, hackers began designing malware that targeted the Mac operating system, and now, although Windows devices continue to bear the brunt of malware attacks; But the Mac OS is regularly targeted by cybercriminals, including malware, malware downloads, and ransomware attacks. 

Android malware

Any malware designed to infect computers, including trojans, ransomware, or adware, now has a version for infecting smartphones. The amount of information stored on mobile phones today has made them much more valuable and tempting than computers. 

When a smartphone is infected with malware, it allows the hacker to access the positioning, shooting, and eavesdropping capabilities of the phone’s camera and microphone. 

Among phones, those based on the Android operating system are more likely to be attacked by malware. The Android open-source ecosystem has made it a tempting target for cybercriminals. 

Hackers gain access to a smartphone by encouraging the user to download infected applications from stores other than Google Play. In some cases, the malware has taken the form of popular applications such as WhatsApp and has been downloaded more than a million times. 

iPhone malware

The iPhone ecosystem is more secure due to Apple’s stricter policies than Android. iPhone malware is a rare phenomenon, But there have been cases where hackers have found ways to break into these phones and install spyware. 

As long as your iOS device is not jailbroken, it will be very difficult for malware to infiltrate it. Viruses need to interact with system-building programs to spread, But the iPhone operating system greatly limits such interaction.

IOS is designed to run each application in cyberspace separately; As a result, the interaction of applications is limited and the spread of the virus becomes problematic. In addition, Apple apps are only downloaded from AppStore, and Apple is conducting a rigorous review of AppStore apps; As a result, it is very unlikely that malware-infected applications will emerge from the app. 

IoT malware

Any device that has the ability to connect to the Internet has the potential to be attacked by cyber. The advent of IoT devices has had many benefits for industry, the workplace, and the home; But it has opened the door to new cybercrime activities. 

Some IoT-based devices, from industrial control systems to children’s toys, do not have adequate cybersecurity. One of the most common cyber-attacks that target these devices is malware attacks that attach them to the botnet. 

Devices such as routers, intelligent lighting systems, video players, and CCTV cameras are easily infected with malware and can be as catastrophic as a Mirai DDoS attack.

The network of Mirai-infected devices was mostly made up of IoT-based products and was so strong that it could slow down or shut down a large portion of the Internet and even make it impossible to access many popular services. 

Mirai-infected devices continued to run normally and there was no problem with the device itself, But BrickerBot malware crashed the storage space of infected devices and practically disabled them. 

Home cameras connected to the Internet, like mobile phones, can become a tool to spy on hackers. Some of these CCTV cameras are so basic in terms of security that malware can easily infect many of them. 

Ways to Protect against malware

Some of the most basic cybersecurity techniques can help protect your systems and users from malware attacks. For example, ensuring that software and operating systems are up-to-date protects users from many cyber attacks as soon as updates and security packages are released. 

One of the reasons the UK Public Health Service was so badly damaged by the WannaCry ransomware was that large parts of the system had not yet been updated weeks after the release of the security packages.

Updating and installing security packages may be time-consuming, especially for a large network of connected systems; But it has been proven that this action can prevent many malware attacks and their sometimes irreversible consequences. 

Increasing user awareness and caution prevents many cyber attacks

Installing cybersecurity software can help.

 Many of this software regularly update the detection mechanism against new malware to be prepared for any potential threat. 

Users should also be educated about cybersecurity, secure internet browsing, and the dangers of phishing emails, and be more cautious about clicking and downloading suspicious links. Many malware attacks will fail to achieve their goals if users raise their awareness of cybersecurity.