What is malware? How it works & how to remove it?

What does malware do?

Malware isn’t all homogenous. Lots of different kinds of malware do different things. However, they all have one thing in common: malware helps its creator at the expense of the victim and their computer.

Types of malware

Many kinds of malware exist; more appear every year. Here’s a non-comprehensive list of malware types and its definitions:

• Viruses. These malicious programs modify other files programs to spread. Every virus is unique in terms of its actual payload, but they all spread the same way.
• Ransomware. Occasionally also known as crypto-lockers, these programs encrypt important files on the victim’s computer and make them pay up to decrypt. Ransomware is profitable and devastating to larger organizations, with some high-profile examples causing millions in damages.
• Spyware. Whether it’s used by a suspicious spouse or a fraudster, spyware allows criminals to access their victims’ keystrokes, passwords, and other sensitive information. Some kinds of spyware are more nefarious than others—those used to steal bank credentials are usually more sophisticated than those used to monitor a loved one’s computer usage.
• Rootkits and bootkits. These extremely advanced types of malware hide in the lowest levels of a computer’s running software. Rootkits can’t be found through traditional means because they infect low-level, highly-trusted code. Bootkits run at an even lower level, starting before the operating system itself does.
• Adware. As the least malicious type of malware, adware just displays ads on the victim’s computer. Adware frequently comes bundled alongside more sophisticated malware, however, so don’t treat an adware infection as no big deal.
• Bots. With botnets, criminals remotely control hundreds or thousands of computers simultaneously. Botnets are used for distributed denial of service (DDoS) attacks on websites and other systems. To join a botnet, a device must be infected with bot malware.

How does malware spread?

Different kinds of malware spread differently. Some types, like viruses and worms, are characterized by how they spread.

• Viruses insert their own code in other programs.
• Worms take advantage of flaws in software to spread without input from the user.
• Trojan horses trick users into installing malware by masquerading as a legitimate program.
• Fileless malware exploits bugs in software or uses built-in tools like PowerShell to remain resident with no traces left on the user’s hard drive.

Although some kinds of malware spread with no user interaction, email is the most common distribution method for malware. According to data from Cisco, over 90% of malware infections start with malicious or infected emails.

Mobile device malware generally spreads through infected apps on third-party app stores, although it occasionally ends up in the official platform store as well.

What is the purpose of malware?

Like other white-collar crime, malware is generally intended to make money for its creator. Although some of the first worms were experiments or toys, modern malware is a serious crime.

Each specific type of malware makes money or gains power in a unique way. Banking trojans, for example, serve to steal banking credentials, allowing attackers to drain victims’ bank accounts. Some spyware is used to blackmail victims with sensitive data. Other malware is built for industrial espionage.

How do I detect malware?

Although many kinds of malware don’t leave a trace, others are less subtle. Adware is very easy to detect: you’ll start seeing ads in places you wouldn’t expect them. Ransomware is similarly easy to detect—you’ll see the ransom message. Other times, the only symptom is a slower computer.

Antivirus software can detect common malware with reasonable accuracy. If your antivirus software warns you that you have malware installed, heed its warnings. False positives, while possible, are fairly rare.

How do I remove malware?

Whether you’re using a PC or a Mac, there are some of the things that you should do if you suspect that your device was infected by malware. Here’s a step by step how you could remove it without losing all your files in the process.

Remove malware on Windows or Mac

1. Disconnect your device from the Internet

The first thing you have to do is unplug yourself from the Internet. It would even be better to disable the home router as well. This is because most malware types have some mechanisms to prevent them from being shut off. They might be pumping your private data into the hacker’s home server. When you disconnect, the main link to your device is broken. If you disable the whole router, it’s an even better choice since that way, you completely disappear from the radar.

2. Boot into the safe mode

Assuming that it isn’t ransomware and you can actually access your system, what you should do is boot into your system’s Safe mode. It launches only the core functionalities of your system. That’s why Windows 10 even have a separate partition for system files when it installs. Here’s how to enter this mode:

• On Mac, restart your system. Before the Apple logo shows up, press, and hold the Shift key. Enter your password, and you’ll access the system in a safe mode.
• On Windows, during bootup, you should press Ctrl + F8. Then out of the list of options, select Safe mode without networking.

If you’re able to boot in a safe mode, this means that the malware didn’t corrupt the essential system files, so it’s a pretty good chance that you’ll be able to clean up. If you’re unable to enter even into the safe mode, it might be that you should resort to system wipe.

3. Run a malware scanner

If you can, you should get a thumb drive and download the malware from a separate machine and network. Plugin the thumb drive and install the antivirus, perform a scan. Resolve any identified threats. It’s also a good practice to use antiviruses from different makers. That way, you will rely on the highest malware labs data, which might include the one that currently inhabits your system.

4. Re-install browser

Various malware types usually mess up your default browser’s homepage to infect your system the next time you connect to the Internet. While you’re there, uninstall your current browser and delete all saved settings. Don’t forget to delete the cache. It will help if you reinstall it once you confirm that the malware is gone.

5. Check if the malware is gone

Finally, you should initiate a normal startup and boot into normal mode. You can go to the process monitor to verify that nothing suspicious is running in the background. To be on the safer side, you should always perform another antivirus scan once you’ve booted into the system. If it returns no errors, you should be in the clear.

Computer wipe

Wiping your computer is another effective way to remove malware. This involves a few general steps:

1. On a clean computer, create an install drive. This is easy and free for Windows. Just download the ISO file and use Microsoft’s tool to create a bootable flash drive.(If you’re a Mac user, you can skip this step by using Internet Recovery. Regular recovery mode may be infected, so don’t use it.)
2. Back up your data from the infected computer. Files you backed up might be infected, so don’t open them on a clean computer just yet.
3. Boot from the USB drive or Internet recovery and install your operating system onto your computer’s internal hard drive. This will overwrite all of your data.
4. Boot your computer from the internal drive and continue the setup process. It will feel like you got a brand-new computer.
5. Install an antivirus solution on your computer, plug in your backup drive, and scan the files you backed up. Don’t open any until the antivirus software shows that your backup has a clean bill of health.

Remove malware on Android or iOS

Getting rid of malware from your Android or iOS is a bit different than removing it from your computer.

We talk about this in great detail in the article on how to remove malware from Android or iPhone devices. For example, here are the things you can do if you get a virus on your smartphone:

1. Reboot your device. This might eliminate simple viruses.
2. Delete suspicious apps. If an application has a high permission level, bad reviews online, and you don’t use it often, it’s best to get rid of it.
3. Connect to a different network. Sometimes, connecting to another network helps if the threat is network-related (like pop-ups).
4. Change your iCloud or Google password and add Two-Factor Authentication. Make sure that your new password is strong enough. It’s a good idea to use a password generator.
5. Perform a complete wipe. If you’ve already tried everything but your iOS or Android device is still not virus-free, performing a complete wipe should do the trick.

How can I protect against malware?

Hundreds of corporations offer software that protects against malicious software. However, some work better than others. Plus, the tradeoffs differ between antivirus programs. Some emphasize extra features, while others focus solely on speed and performance.

Both macOS and Windows include antivirus software out of the box. Windows has Microsoft Defender preinstalled, while macOS includes a variety of security features like XProtect and Gatekeeper. While these options are great baseline protection, they’re not enough for many computer users today.

• The software should offer active scanning so that you are continuously protected in the background.
• It should come from a reputable vendor. Amusingly, some malware disguises itself as antivirus software, so pay attention to reviews and make sure to download a legitimate option, not a fake.

Your cell phone or tablet can also fall victim to malware. To protect yourself there, only install apps from the Apple App Store or Google Play Store. Most smartphone malware comes from third-party app stores and sideloaded apps. Additionally, keep your device up to date to avoid worms and other similar malware that relies on security vulnerabilities.

History of malware

Believe it or not, the humble beginnings of malware were not so malicious at all. In fact, the very first “virus”, the Creeper, was created in 1971 by Bob Thomas as an experimental computer program. It could spread itself by using local connections, displaying the message “I'm the creeper: catch me if you can” without causing any damage to the infected device.

Another notable piece of malware was called Elk Cloner. Created by a 15-year old as a joke, it was the first virus found “in the wild” and could infect a device (in this case, Apple ll computers) through infected floppy disks. Just like the Creeper, it was completely harmless - it simply showed you a short poem about itself.

However, things started to get serious in 1988 when Vienna, a MS-DOS virus, was discovered. It was much more malicious than its predecessors because it actually caused trouble to the user by corrupting files. Around that time, lots of other viruses started to appear, including Lehigh and Cascade.

One of the biggest offenders at that time (1989) was the AIDS Trojan, the very first ransomware that would pave the way for the most annoying and dangerous threats in the future like Petya and WannaCry.

Since then, more and more dangerous pieces of malware started appearing, including some notable examples:

• The Michelangelo virus in 1992 - a worm that ruined the hard drive
• Melissa in 1999 - one of the first email-based viruses that sent infected documents
• ILOVEYOU in 2000 - a virus spread via email that would download a Trojan, infecting more than 10 million Windows users
• WannaCry in 2017 - a worldwide cyber-attack that encrypted Windows computers and demanded a ransom in Bitcoin

Today, viruses and malware are a huge problem yet to be solved. Thankfully, you can avoid most of the threats by having a reliable antivirus tool and practicing cyber hygiene.

Beyond antivirus software

Even though antivirus software is useful, you can improve your security further by going beyond simple file scanning. Many Internet security suites and corporate endpoint protection solutions scan email attachments, websites, and other common attack vectors. Gmail and Outlook also scan attachments by default.

Protecting against the potential effects of malware is often just as important as protecting against malware itself. Ransomware encrypts files, so having a backup of your data beforehand makes it a lot less dangerous. Using multi-factor authentication means that credential-stealing spyware can’t log into your accounts without you approving the second factor.

No matter what software or techniques you choose to use, vigilance and common sense matter. Most malware requires convincing you that it’s legitimate, so stay on your toes and don’t trust software blindly.