Malware

What it is: An encompassing term for malicious software intentionally designed to cause damage to computer systems, networks, or data; disrupt normal operations; or gain unauthorized access to resources. Malware encompasses a wide range of subtypes, including viruses, worms, Trojans, ransomware, spyware, adware, and rootkits, each with distinct characteristics and functionalities.

How it works: Malware typically propagates through various vectors such as infected email attachments, malicious websites, software vulnerabilities, infected removable media, or drive-by downloads. Upon execution, it can perform a multitude of harmful actions, including data theft (exfiltration of sensitive information, credentials), data modification or deletion, system corruption, denial-of-service attacks, unauthorized remote control of infected systems, and the establishment of persistent backdoors for future access. Advanced malware often employs techniques like obfuscation, polymorphism, and anti-analysis mechanisms to evade detection by security software.

Example with key data: The Emotet malware, first identified in 2014, evolved from a banking trojan into a highly sophisticated and modular threat. It primarily spread through spam emails containing malicious attachments or links. Once a system was infected, Emotet could perform various malicious activities, including stealing banking credentials, spreading laterally to other systems on the network, and acting as a dropper for other malware payloads, such as ransomware (e.g., Ryuk). Its modularity and ability to adapt made it a persistent and significant threat, with campaigns often involving hundreds of thousands of emails and resulting in substantial financial losses for targeted organizations. Key characteristics included its use of heavily obfuscated code and its ability to evade traditional signature-based antivirus detection.