Understanding the 7 Most Common Types of Malware

(And How the Best Offense is Still a Good Defense)

Malware is a term that confuses some people. Many people use the word erroneously and don’t understand how to protect their companies against each type of program. In this blog, let’s take a look at the different types of malware so you can understand how each one is a danger, and what steps you can take to prevent being a victim.


One of the earliest types of malware is the worm, dating back to the time of mainframes. They saw a resurgence in popularity amongst hackers in the 1990s when email became all the rage. Infected message attachments played on the naive curiosity of company employees who opened and shared with co-workers, and by the time someone figured out there was a worm, most of the office had been taken out.

Worms are different from other types of malware because they are by nature self-replicating. Some viruses can do this too, but its not always a calling card What makes worms particularly dangerous is that they don’t require end-user action. Meaning, that unlike some types of malware that require tricking the human being sitting at their computer into activating it, worms can propagate independently as soon as they find a breach in the network.


Most malware gets labeled as a “virus” but the truth is that statistically, less than 10% of malware are pure viruses. They typically are attached to or hidden in a file that is being shared with the user. And viruses differ from worms, mentioned above because they do require participation; usually, the person must download or open the file for it to get access to their operating system. It always needs a host. DOC and EXE are often the files of choice. Typically, the way a virus gains access to an operating system involves a person getting an email with a subject line that begs attention, like “Please read IMMEDIATELY!” Once you open the email, if it’s a DOC file, the virus is only activated once you download the file and enable to macros. If it’s an EXE, then it’s downloading it and running the file that triggers the virus.


You’ve probably heard lots about Trojan malware but other than the immediate connection to Greek mythology (the Greeks presented Troy with the “gift” of a giant wooden horse to gain access to the city. Once inside the gates, men hidden in the hollow belly emerged to sack Troy from within.) many people don’t know much about them, much less how to identify or prevent becoming the victim of one.

Trojan malware has been around longer than viruses, but not quite as long as worms. And they have gradually become more popular with hackers than worms mainly because they can easily be disguised as legitimate programs. But chances are, if you’ve spent any amount of time online, you’ve been the target of one, especially if you have inadvertently visited an infected website. The most popular scheme is an antivirus pop up informing you that you’ve been infected with a virus, but offers to save the day by having you click on a program to clean up your PC. And users who take the bait then get infected with Trojan malware. Not surprisingly, they are infected more computers than any other type of malware.


Several of our previous blogs have been about ransomware because of the disturbing rate that it has been growing since 2012, when the first attacks were recorded. Ransomware is a subtype of Trojan, and as you may have guessed, gets its name from the ransom that is demanded by cybercriminals once they’ve hacked into a company’s database and gained access to sensitive information. Once in, they can block the company’s access or threaten to go public with the information they’ve obtained. Also known as cyber-extortion, the hackers have been known to double to amount of ransom if the company goes to the police or can’t raise the ransom in time. You can read more about ransomware in our previous blogs here.


Probably more annoying than any of the types of malware, it can still wreak havoc on users if they’re not paying close attention to what they click on. Adware, short for advertising-supported software, comes in the form of unwanted pop-ups. Often, adware programs direct browser searches to similar-looking but bogus webpages that promote their products. It can add spyware and bombard your device with unwanted ads. If you’ve ever been on a website and your web address suddenly changed, that’s also adware. The purpose of adware is mainly to access your browsing history and target you with advertising that is tailored specifically according to what you might be likely to purchase. But sometimes when you get redirected to a new page, new adware and other forms of less innocuous malware may be downloaded into your computer. Soon, you’ll notice that your system is operating much slower, frequently crashing, and more ads. The main ways to come in contact with adware are downloading freeware or shareware, and going to infected websites.


The simple definition is the online use of advertising to spread malware. It’s often confused with adware, but there’s a distinct difference. Malvertising uses legitimate ads to covertly deliver malware, and is deployed on a publisher’s webpage. Cybercriminals may even buy ad space on reputable websites to do so. The New York Times Online, The Atlantic Monthly, Spotify, and The London Stock Exchange have all been victims of malvertisers. But the endgame is still the same with both: get you to click and download malware onto your computer.

Hybrid Forms

More and more, cyber damage is done in the form of a nasty cocktail comprised of worms, Trojans, and viruses all rolled into one. This is often done to mask their presence from anti-malware programs by modifying the operating system and taking complete control.

So now that we’ve looked at the 7 most common types of malware, we know you want to understand how to lessen the chances of being a victim of each. To start with, most malware often exploit vulnerabilities and bugs. We can’t stress the importance of staying current with OS application updates and patches. Lastly, for business owners, comprehensive cybersecurity is a must these days for all of your devices- laptops, desktops, tablets, and smartphones. You need real-time security that can keep track of essential activities like emails and web browsing, rather than periodic scans. The best security software is not static, meaning a one-time installation with occasional updates. We offer Cloud Solutions and Integration that can help with this. We also recommend training your employees to understand what to be on the lookout for. We offer a free Lunch and Learn program that will teach them to spot red flags. Feel free to reach out and talk with us if you have more questions.

Photo by Michael Geiger on Unsplash