What is malicious code that looks legitimate and takes control of your computer to damage disrupt and destroy data?

This page provides an overview of the most common malware applications. For specific steps you can take to protect against malware, see our Protect Against Viruses & Security Threats pages.

What is Malware?

Malware is a catch-all term for various malicious software, including viruses, adware, spyware, browser hijacking software, and fake security software.

Once installed on your computer, these programs can seriously affect your privacy and your computer's security. For example, malware is known for relaying personal information to advertisers and other third parties without user consent. Some programs are also known for containing worms and viruses that cause a great deal of computer damage.

Types of Malware

• Viruses which are the most commonly-known form of malware and potentially the most destructive. They can do anything from erasing the data on your computer to hijacking your computer to attack other systems, send spam, or host and share illegal content.
• Spyware collects your personal information and passes it on to interested third parties without your knowledge or consent. Spyware is also known for installing Trojan viruses.
• Adware displays pop-up advertisements when you are online.
• Fake security software poses as legitimate software to trick you into opening your system to further infection, providing personal information, or paying for unnecessary or even damaging "clean ups".
• Browser hijacking software changes your browser settings (such as your home page and toolbars), displays pop-up ads and creates new desktop shortcuts. It can also relay your personal preferences to interested third parties.

Facts about Malware

Malware is often bundled with other software and may be installed without your knowledge.
For instance, AOL Instant Messenger comes with WildTangent, a documented malware program. Some peer-to-peer (P2P) applications, such as KaZaA, Gnutella, and LimeWire also bundle spyware and adware. While End User License Agreements (EULA) usually include information about additional programs, some malware is automatically installed, without notification or user consent.

Malware is very difficult to remove.
Malware programs can seldom be uninstalled by conventional means. In addition, they ‘hide’ in unexpected places on your computer (e.g., hidden folders or system files), making their removal complicated and time-consuming. In some cases, you may have to reinstall your operating system to get rid of the infection completely.

Malware threatens your privacy.
Malware programs are known for gathering personal information and relaying it to advertisers and other third parties. The information most typically collected includes your browsing and shopping habits, your computer's IP address, or your identification information.

Malware threatens your computer’s security.
Some types of malware contain files commonly identified as Trojan viruses. Others leave your computer vulnerable to viruses. Regardless of type, malware is notorious for being at the root, whether directly or indirectly, of virus infection, causing conflicts with legitimate software and compromising the security of any operating system, Windows or Macintosh.

How do I know if I have Malware on my computer?

Common symptoms include:

Browser crashes & instabilities

• Browser closes unexpectedly or stops responding.
• The home page changes to a different website and cannot be reset.
• New toolbars are added to the browser.
• Clicking a link does not work or you are redirected to an unrelated website.

Poor system performance

• Internet connection stops unexpectedly.
• Computer stops responding or takes longer to start.
• Applications do not open or are blocked from downloading updates (especially security programs).
• New icons are added to desktop or suspicious programs are installed.
• Certain system settings or configuration options become unavailable.

Advertising

• Ads pop up even when the browser is not open.
• Browser opens automatically to display ads.
• New pages open in browser to display ads.
• Search results pages display only ads.

What is Malware?

As software designed to interfere with a computer's normal functioning, malware is a blanket term for viruses, trojans, and other destructive computer programs threat actors use to infect systems and networks in order to gain access to sensitive information.

Malware Definition

Malware (short for “malicious software”) is a file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants. And because malware comes in so many variants, there are numerous methods to infect computer systems. Though varied in type and capabilities, malware usually has one of the following objectives:

• Provide remote control for an attacker to use an infected machine.
• Send spam from the infected machine to unsuspecting targets.
• Investigate the infected user’s local network.
• Steal sensitive data.

Types of Malware:

Malware is an inclusive term for all types of malicious software. Malware examples, malware attack definitions and methods for spreading malware include:

Adware – While some forms of adware may be considered legitimate, others make unauthorized access to computer systems and greatly disrupt users.

Botnets – Short for “robot network,” these are networks of infected computers under the control of single attacking parties using command-and-control servers. Botnets are highly versatile and adaptable, able to maintain resilience through redundant servers and by using infected computers to relay traffic. Botnets are often the armies behind today's distributed denial-of-service (DDoS) attacks.

Cryptojacking – is malicious cryptomining (the process of using computing power to verify transactions on a blockchain network and earning cryptocurrency for providing that service) that happens when cybercriminals hack into both business and personal computers, laptops, and mobile devices to install software.

Malvertising – Malvertising is a portmanteau of “malware + advertising” describing the practice of online advertising to spread malware. It typically involves injecting malicious code or malware-laden advertisements into legitimate online advertising networks and webpages.

Polymorphic malware – Any of the above types of malware with the capacity to “morph” regularly, altering the appearance of the code while retaining the algorithm within. The alteration of the surface appearance of the software subverts detection via traditional virus signatures.

Ransomware – Is a criminal business model that uses malicious software to hold valuable files, data or information for ransom. Victims of a ransomware attack may have their operations severely degraded or shut down entirely.

Remote Administration Tools (RATs) – Software that allows a remote operator to control a system. These tools were originally built for legitimate use, but are now used by threat actors. RATs enable administrative control, allowing an attacker to do almost anything on an infected computer. They are difficult to detect, as they don’t typically show up in lists of running programs or tasks, and their actions are often mistaken for the actions of legitimate programs.

Rootkits – Programs that provide privileged (root-level) access to a computer. Rootkits vary and hide themselves in the operating system.

Spyware – Malware that collects information about the usage of the infected computer and communicates it back to the attacker. The term includes botnets, adware, backdoor behavior, keyloggers, data theft and net-worms.

Trojans Malware – Malware disguised in what appears to be legitimate software. Once activated, malware Trojans will conduct whatever action they have been programmed to carry out. Unlike viruses and worms, Trojans do not replicate or reproduce through infection. “Trojan” alludes to the mythological story of Greek soldiers hidden inside a wooden horse that was given to the enemy city of Troy.

Virus Malware – Programs that copy themselves throughout a computer or network. Malware viruses piggyback on existing programs and can only be activated when a user opens the program. At their worst, viruses can corrupt or delete data, use the user’s email to spread, or erase everything on a hard disk.

Worm Malware – Self-replicating viruses that exploit security vulnerabilities to automatically spread themselves across computers and networks. Unlike many viruses, malware worms do not attach to existing programs or alter files. They typically go unnoticed until replication reaches a scale that consumes significant system resources or network bandwidth.

Types of Malware Attacks

Malware also uses a variety of methods to spread itself to other computer systems beyond an initial attack vector. Malware attack definitions can include:

• Email attachments containing malicious code can be opened, and therefore executed by unsuspecting users. If those emails are forwarded, the malware can spread even deeper into an organization, further compromising a network.
• File servers, such as those based on common Internet file system (SMB/CIFS) and network file system (NFS), can enable malware to spread quickly as users access and download infected files.
• File-sharing software can allow malware to replicate itself onto removable media and then on to computer systems and networks.
• Peer to peer (P2P) file sharing can introduce malware by sharing files as seemingly harmless as music or pictures.
• Remotely exploitable vulnerabilities can enable a hacker to access systems regardless of geographic location with little or no need for involvement by a computer user.

Learn how to use Palo Alto Networks next-generation threat prevention features and WildFire® cloud-based threat analysis service to protect your network from all types of malware, both known and unknown.

How to Prevent Malware:

A variety of security solutions are used to detect and prevent malware. These include firewalls, next-generation firewalls, network intrusion prevention systems (IPS), deep packet inspection (DPI) capabilities, unified threat management systems, antivirus and anti-spam gateways, virtual private networks, content filtering and data leak prevention systems. In order to prevent malware, all security solutions should be tested using a wide range of malware-based attacks to ensure they are working properly. A robust, up-to-date library of malware signatures must be used to ensure testing is completed against the latest attacks

The Cortex XDR agent combines multiple methods of prevention at critical phases within the attack lifecycle to halt the execution of malicious programs and stop the exploitation of legitimate applications, regardless of operating system, the endpoint’s online or offline status, and whether it is connected to an organization’s network or roaming. Because the Cortex XDR agent does not depend on signatures, it can prevent zero-day malware and unknown exploits through a combination of prevention methods.

Malware Detection:

Advanced malware analysis and detection tools exist such as firewalls, Intrusion Prevention Systems (IPS), and sandboxing solutions. Some malware types are easier to detect, such as ransomware, which makes itself known immediately upon encrypting your files. Other malware like spyware, may remain on a target system silently to allow an adversary to maintain access to the system. Regardless of the malware type or malware meaning, its detectability or the person deploying it, the intent of malware use is always malicious.

When you enable behavioral threat protection in your endpoint security policy, the Cortex XDR agent can also continuously monitor endpoint activity for malicious event chains identified by Palo Alto Networks.

Malware Removal:

Antivirus software can remove most standard infection types and many options exist for off-the-shelf solutions. Cortex XDR enables remediation on the endpoint following an alert or investigation giving administrators the option to begin a variety of mitigation steps starting with isolating endpoints by disabling all network access on compromised endpoints except for traffic to the Cortex XDR console, terminating processes to stop any running malware from continuing to perform malicious activity on the endpoint, and blocking additional executions, before quarantining malicious files and removing them from their working directories if the Cortex XDR agent has not already done so.

Malware Protection:

To protect your organization against malware, you need a holistic, enterprise-wide malware protection strategy. Commodity threats are exploits that are less sophisticated and more easily detected and prevented using a combination of antivirus, anti-spyware, and vulnerability protection features along with URL filtering and Application identification capabilities on the firewall.

For more on Malware, its variants and how you can protect your organization against it, please download one of our resources:

• What is Malware Protection?
• What are Fileless Malware Attacks and “Living off the Land”
• Ransomware Threat Report
• What is Ransomware?
• Ransomware: Common Attack Methods
• Malware vs. Exploits
• What is a Payload-based Signature?
• Cortex XDR for Detection and Response
• Threat Prevention
• WildFire Malware Analysis Engine

What is malicious computer code?

What are the two types of malicious code?

What is a malicious program that can destroy data?

What is malicious software also called?