Introduction: Learn the Types of Malware

About: I have been an ethical gray-hat hacker and programmer for 10 years now.
Malware (short for "malicious software") is any program designed to enter and cause harm to a computer without authorization. There are many types of malware out in "the wild", and I'm here to tell you about the main types of them and how to protect yourself against them.

Many non-casual computer users use the term "virus" to encompass all types of malware. The term "virus" pertains only to a computer virus and has nothing to do with any of the other types of malware.

Step 1: Virus

A computer virus is any malware program that has the ability to replicate itself and inject its code into another executable file. Contrary to what most people believe, the ability to replicate does not make a virus a virus. The ability to inject its code into another program is what defines it.

A computer virus behaves just how a real world virus would act. It replicates, injects its DNA (code) into a host, and spreads to other hosts.

Some computer viruses exist merely to replicate. Others cause serious damage when they enter a system.

Some viruses spread through networks, others spread through infected emails, while some are manually spread by the hacker itself.

Below is the steps of how a virus operates.

1. Infected file is sent to target.
2. Target downloads file.
3. Virus is executed.
4. Virus scans for host files inside the target computer.
5. If a host file is found, the virus replicates and attaches the copy to the program.
6. Virus lays dormant until user clicks on the infected file.
7. User clicks on the infected file and executes the virus.
8. Process starts over from step 4.
9. Optional phase. Virus may look for exit points within the target computer to infect more targets.

The example above demonstrates how a generic virus would operate. There are many more sub-types of viruses out there, but I am going to tell you one that you should definitely look out for.


A polymorphic virus is trouble. These little critters mutate every time they replicate. This means that each copy of the virus is slightly different than the copy before it and the original virus. This makes it harder for antivirus programs to detect the virus, because it can not find a definite threat pattern. However, with today's antivirus programs using a detection algorithm called heuristics analysis, even polymorphic viruses are detectable. What you need to really watch out for are metamorphic viruses. The copies of these viruses are completely different from each copy rather than just a slight change with polymorphism. However, with the time and complexity it takes to make a metamorphic engine, you shouldn't worry too much. Only two successful metamorphic viruses have ever been made. That's because about 90% of the code in the virus is the metamorphic engine.

Step 2: Worm

A worm is like a virus in the way that it can propogate itself. Unlike a virus, it does not cause any serious damage to a computer and is an independent program. This means that the worm doesn't have to inject its code into another program like a virus must do. Worms replicate. That is all they do. They spread by networks, so a computer connected to an infected network will also get infected. Even though worms cause no damage, the amount of network traffic that a worm generates by replicating so often can potentially cause the network to crash and go offline for a couple of moments. The worst thing that could happen is that the worm could accidentally cause a DoS (Denial of Service) attack on the network.

Step 3: Trojan Horse

A Trojan Horse is a type of malware that disguises itself as a legitimate program, but in actuality is just another type of malware hidden behind covers. Trojan Horses are deceptively clever as they trick users to download the file containing the malware. The user thinks that they just downloaded a new program, but running in the background could be a virus or another type of malware. The Trojan Horse may come with the actual program that the user wants to download to lower suspicion. This type of Trojan is called a Trojan wrapper, as the program is "wrapped" with the Trojan Horse.

Trojan Horses are very bad news. They are commonly used by black-hat hackers (the criminal kind) to steal money from their victims and other confidential information like usernames and passwords. Most Trojans also open a backdoor (a secret opening into the target computer) so that the hacker may visit the infected computer at any time or so that the Trojan can install more malware from the Internet onto the computer.

Trojan Horses are usually spread through email, social media sites, and software download sites. These type of sites include FaceBook and MediaFire.

Step 4: Keylogger

Keyloggers are normally associated with Trojan Horse programs and may even count as a sub-type of it, but I am going to separate the two so that I can clearly define what a keylogger is.

Keyloggers are a type malware that logs the keystrokes that the infected user enters into the keyboard. The keylogger also creates a hidden text file that contains all of these keystrokes and routinely sends this file to the hacker. This allows the hacker to decipher usernames, passwords and other confidential information from the data collected.

The worst thing about a keylogger is that it is normally not detected by antivirus software. This is because the keylogger contains no legally malicious code. It is merely gathering data and the antivirus program thinks that it is probably an Internet cookie.

Step 5: How to Protect Yourself From Malware

1. Limit the files that you download from the Internet. The more programs you download, the higher your risk is of contracting a malware infection.

2. Download and install a good antivirus program. This is your first line of defense against malware. If you happen to find an infection on your system, let the AV software clean it up. If you don't know what you are doing and try to manually remove a piece of malware by yourself, you could accidentally cause more harm than good to your computer by deleting important files. If you don't want to spend a good thirty bucks on an AV program, I recommend downloading MalwareBytes and SpyBot: Search and Destroy. Both of those are really good AV and anti-spyware programs that are 100% free.

3. Don't go on any websites with suspicious or inappropriate content (guys, I'm looking at you). Both of those types of sites could potentially have a type of malware embedded in the script of the website.

4. Don't do anything stupid in general.

Step 6: Sources

●Me. I've been an ethical hacker and programmer for almost five years now.

Check out my "Learn How to Hack" and "The Hacking Process" instructables
to learn how to begin ethical hacking.