Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information. As Microsoft says, "[malware] is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network." In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it.

This means that the question of, say, what the difference is between malware and a virus misses the point a bit: a virus is a type of malware, so all viruses are malware (but not every piece of malware is a virus).

There are a number of different ways of categorizing malware; the first is by how the malicious software spreads. You've probably heard the words virus, trojan, and worm used interchangeably, but as Symantec explains , they describe three subtly different ways malware can infect target computers:

• A worm is a standalone piece of malicious software that reproduces itself and spreads from computer to computer.
• A virus is a piece of computer code that inserts itself within the code of another standalone program, then forces that program to take malicious action and spread itself.
• A trojan is a program that cannot reproduce itself but masquerades as something the user wants and tricks them into activating it so it can do its damage and spread.

Malware can also be installed on a computer "manually" by the attackers themselves, either by gaining physical access to the computer or using privilege escalation to gain remote administrator access.

Another way to categorize malware is by what it does once it has successfully infected its victim's computers. There are a wide range of potential attack techniques used by malware:

• Spyware is defined by Webroot Cybersecurity as "malware used for the purpose of secretly gathering data on an unsuspecting user." In essence, it spies on your behavior as you use your computer, and on the data you send and receive, usually with the purpose of sending that information to a third party. A keylogger is a specific kind of spyware that records all the keystrokes a user makes—great for stealing passwords.
• A rootkit is, as described by TechTarget, "a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system." It gets its name because it's a kit of tools that (generally illicitly) gain root access (administrator-level control, in Unix terms) over the target system, and use that power to hide their presence.
• Adware is malware that forces your browser to redirect to web advertisements, which often themselves seek to download further, even more malicious software. As The New York Times notes, adware often piggybacks onto tempting "free" programs like games or browser extensions.

With spam and phishing emails being the primary attack vectors used by Malware, the best way to prevent it is make sure your email is locked down tight and you know how to spot danger:

• Enable two-factor authentication where available
• Create a second email account, which is solely responsible as a backup to your main email. Don't sign up to sites with this email thus putting it at risk.
• Don't click on links through emails, even if you know the person who sent it unless they can verify what is being sent. If a website is linked, go through any search engine to the page, thus eliminating the chance of the website being fake.
• Don't open attachments from unknown senders.

CryptoLocker

Released in September 2013, CryptoLocker spread through email attachments and encrypted the user’s files so that they couldn’t access them. The hackers then sent a decryption key in return for a sum of money, usually somewhere from a few hundred pounds up to a couple of grand.
In June 2014, Operation Tovar took down Evgeniy Bogachev, the leader of the gang of hackers behind CryptoLocker. In February, the FBI offered a $3 million reward for Bogachev.

Cost of the malware: With 500,000 victims, CryptoLocker made upwards of $30 million in 100 days

ILOVEYOU

ILOVEYOU is one of the most well-known and destructive viruses of all time. in 2000, malware was a bit of a myth. In fact, it was such a myth that malware could get away with being completely unsubtle. If you got an email today like the one that was sent around in 2000, you’d never open it. The virus came in an email with a subject line that said “I love you”. people clicked into the email regardless of the fact the email wasn’t from anyone they knew.
The malware was a worm that was downloaded by clicking on an attachment called ‘LOVE-LETTER-FOR-YOU.TXT.vbs’.ILOVEYOU overwrote system files and personal files and spread itself over and over and over again. ILOVEYOU hit headlines around the world and still people clicked on the text—maybe to test if it really was as bad as it was supposed to be.

ILOVEYOU was so effective it actually held the Guinness World Record as the most ‘virulent’ virus of all time. A viral virus, by all accounts. Two young Filipino programmers, Reonel Ramones and Onel de Guzman, were named as the culprits but because there were no laws against writing malware, their case was dropped and they went free.

Cost of the malware: $15 billion.

MyDoom

MyDoom is considered to be the most damaging virus ever released. MyDoom, like ILOVEYOU, is a record-holder and was the fastest-spreading email-based worm ever. MyDoom was an different in the way it hit tech companies like SCO, Microsoft, and Google with a Distributed Denial of Service attack.

25% of infected hosts of the .A version of the virus allegedly hit the SCO website with an immense amount of traffic in an attempt to crash its servers. In 2004, roughly somewhere between 16-25% of all emails had been infected by MyDoom.

Cost of the malware: $38 billion

StormWorm

Storm Worm was a particularly vicious virus that made the rounds in 2006 with a subject line of ‘230 dead as storm batters Europe’. Intrigued, people would open the email and click on a link to the news story and that’s when the problems started.

Storm Worm was a Trojan horse that infected computers, sometimes turning them into zombies or bots to continue the spread of the virus and to send a huge amount of spam mail.
By July 2007, Storm Worm was picked up in more than 200 million emails.

Cost of the malware: An exact cost is yet to be calculated

Sasser & Netsky

17-year-old Sven Jaschan created Sasser & Netsky, two worms, in the early noughties. Sasser & Netsky are actually two separate worms, but they’re often grouped together because the similarities in the code led experts to believe they were created by the same person.

Sasser spread through infected computers by scanning random IP addresses and instructing them to download the virus. Netsky was the more familiar email-based worm. Netsky was actually the more viral virus, and caused a huge amount of problems in 2004.

Sasser was so effective it actually ground one third of the post offices in Taiwan to a halt, shut down 130 branches of a Finnish bank, and forced rail and transatlantic flights to be cancelled.

Cost of malware: Around $31 billion.

Anna Kournikova

The Anna Kournikova virus is pretty tame compared to many on the list. In the early to mid-noughties, Anna Kournikova was one of the most searched terms on the internet.

A 20-year-old Dutch man wrote the virus as ‘a joke’. The subject was “Here you have, ;0)” with an attached file called AnnaKournikova.jpg.vbs. Anna was pretty harmless and didn’t do much actual damage

Cost of the malware: $166,000.

Slammer

While most of the malware on this list strictly hit computers, Slammer was created with broader ambitions. Slammer is the kind of virus that makes it into films, as only a few minutes after infecting its first victim, it was doubling itself every few seconds. 15 minutes in and Slammer had infected half of the servers that essentially ran the internet.

The Bank of America’s ATM service crashed, 911 services went down, and flights had to be cancelled because of online errors. Slammer, quite aptly, caused a huge panic as it had effectively managed to crash the internet in 15 quick minutes.

Cost of the malware: Around $1 billion.

StuxNet

Stuxnet is easily the scariest virus on the list as it was built by government engineers in the US with the intention of obstructing nukes from being built in Iran.
Stuxnet spread by a USB thumb drive and targeted software controlling a facility in Iran that held uranium. The virus was so effective it caused their centrifuges to self-destruct, setting Iran’s nuclear development back and costing a lot of money.

Stuxnet is the first real venture into cyberwar and it definitely asks the question as to what will come next.

Cost of the malware: Unknown.

1. Docs.microsoft.com. 2009. Defining Malware: FAQ. [online] Available at: https://docs.microsoft.com/en-us/previous-versions/tn-archive/dd632948(v=technet.10)?redirectedfrom=MSDN [Accessed 4 December 2020].
2. Fruhlinger, J., 2019. What Is Malware: Definition, Examples, Detection And Recovery. [online] CSO Online. Available at: https://www.csoonline.com/article/3295877/what-is-malware-viruses-worms-trojans-and-beyond.html [Accessed 4 December 2020].
3. Uk.norton.com. 22 February 2016. The 8 Most Famous Computer Viruses Of All Time. [online] Available at: https://uk.norton.com/norton-blog/2016/02/the_8_most_famousco.html [Accessed 1 December 2020].