Malware Tutorial: Learn About Malware, Vulnerabilities and How to Avoid Malware

What Is Malware?

Malware is short for “malicious software”: hostile applications that are created with the express intent to damage or disable mobile devices, computers or network servers. Malware’s objectives can include disrupting computing or communication operations, stealing sensitive data, accessing private networks, or hijacking systems to exploit their resources. The exponential growth in email and internet use over the last decade has brought with it a corresponding growth in malware.

Malware is deliberately malevolent, even when disguised as genuine software from a seemingly reputable source. Today’s malware primarily targets sensitive personal, financial or business information, typically for monetary gain. Other objectives include identity theft, cyberwarfare and espionage, or service disruption targeting specific companies. The victims can just as easily be governments, enterprises or individual users. For a malware program to accomplish its goals, it must be able to run without being detected, shut down or deleted.

Types of Malware

Any kind of intrusive software that is installed without consent can be classified malware… be it code, scripts or active content. Common types of malware include:

  • Virus: spreads via deliberate user action such as downloading a file or running a program
  • Worm: spreads automatically by replicating itself across computers or networks
  • Trojan: spreads by appearing safe or desirable but disguising its true intent (e.g., backdoors)
  • Spyware: monitors user activities for marketing purposes or keylogs user credentials
  • Adware: serves unwanted ads or redirects user’s browser traffic
  • Dialer or Zombie: runs in the background while hijacking computing resources (e.g., bot networks)

Microsoft recently reported that one in every 14 downloads from the internet may now contain malware. The rise of mobile computing and social media in recent years is witnessing an exponential rise in malware proliferation. Malware on the Android computing platform grew 3,325 percent in 2011 alone, according to a study by Juniper Networks.

Certain kinds of malware target websites or networks, not individuals. Web malware focuses on browser-based vulnerabilities as opposed to operating system vulnerabilities. Attacks can redirect site traffic to a fake phishing site, use the site as an endpoint in bot networks, or exploit the site’s hosting account for spam or other purposes. StopTheHacker has estimated that 6,000 websites fall prey to malware attacks every day.

How to Avoid Malware

Malware infection can cause network computing or communication processes to run unbearably slow or hijack them altogether. Individuals, employers and their software vendors can partner in shared anti-malware strategies. Here are some actions that can protect your computers and networks from malware:

  • Anti-malware software – It never hurts to have the latest version of a common malware-seeking program installed on all devices to seek and destroy rogue programs such as viruses. Scan personal or business computers regularly and update the software often.
  • Anti-spyware software – These packages provide real-time protection for computers against the installation of malware by scanning incoming traffic and blocking threats.
  • Spam filters – These block or quarantine email messages with suspicious content or from unknown senders to alert users not to open or respond. Most enterprises have centralized spam mitigation in place, and many personal email providers also provide this service.
  • Firewalls and IDS – Firewalls and intrusion detection systems act as traffic cops for network activity and block anything suspicious. This is enterprise-grade technology that protects user computers, servers or networks from malicious applications or cyberattack. Firewalls may not prevent malware installation, but they can detect nefarious in-process operations.
  • Security scans – This activity tests business websites and enterprise software for known malware that may have infected application code. Many app stores execute basic scans on software they host and sell, but this is no guarantee of safety so vigilance is needed.
  • Regular updates – Always keep network, desktop and device software and operating systems up to date. Security patches are issued regularly by trusted software vendors and should be installed to deflect the latest threats.
  • Common sense – The easiest way to deal with malware is to not get it in the first place. Experienced computer users avert potential disasters by practicing “skeptical computing,” which assumes that any new program is potentially harmful until proven safe.

Click here to learn how we can help protect applications from attack.

More Security Threat Tutorials from Veracode

Cross Site Scripting
Cross Site Request Forgery
LDAP Injection
Mobile Code Security


Written by: