Malware, short for “malicious software”, refers to any program or code intended to cause damage or gain unauthorized access to computer systems and networks. Malware can spread in various ways, including through email attachments, infected websites, social engineering tricks, and vulnerabilities in software. Some of the most common and impactful types of network-spreading malware include worms, viruses, trojans, and ransomware.
A computer worm is a type of self-replicating malware that spreads by exploiting vulnerabilities in operating systems or application software. Worms are designed to spread automatically from one infected system to other vulnerable systems across a network without any human intervention or action required. Some of the most infamous and impactful worms include:
- Code Red – A 2001 worm that exploited a buffer overflow vulnerability in Microsoft IIS web servers. It quickly infected over 359,000 hosts across the internet.
- Conficker – The 2008 Conficker worm infected millions of computers worldwide, including government, business and home computers. It spread by exploiting a network vulnerability in Windows OS.
- ILOVEYOU – This 2000 worm spread as an email attachment titled “LOVE-LETTER-FOR-YOU.TXT.vbs”. It ultimately affected over 50 million Windows PCs and caused billions in damages.
- Morris Worm – One of the first major worms, it hit in 1988 and shut down approximately 10% of all computers connected to the early internet at the time.
- Nimda – Hit in 2001 shortly after Code Red, infecting Windows PCs largely via email attachments and scanning for vulnerable web servers.
- SQL Slammer – This fast-spreading 2003 worm doubled internet traffic and took down Bank of America’s ATMs.
Worms can replicate and travel unaided through networks, allowing them to spread rapidly. They often consume significant bandwidth and system resources, impairing network speeds and availability.
Computer viruses are malicious programs that infect and propagate by inserting or attaching their code to other files or documents. Viruses require human action to spread – for example, sending an infected email attachment to additional people or visiting an infected website. Examples of major viruses include:
- Melissa – A mass-mailing virus from 1999 often sent in email with an infected Word document attached. It ultimately affected computers at over 20% of the largest companies in the US.
- Storm Worm – A 2007 virus spread through malicious links and downloads. It created a large botnet used for spamming, phishing attacks and more.
- ILOVEYOU – Discussed above, this damaging worm was also considered a virus due to spreading via malicious email attachments.
In networks and enterprises, viruses can spread between systems rapidly by exploiting human interactions like email exchange. They can infect multiple files types and operating environments by attaching themselves to portable documents.
Trojans are a type of malware disguised as legitimate software. Once installed they can enable cybercriminals to access systems, steal data, monitor users and spread additional infections. Trojans spread when unsuspecting users are tricked into downloading malicious programs, infected attachments or visit compromised websites. Trojans are a preferred method for targeted cyber espionage and data exfiltration. Examples include:
- Trickbot – A banking trojan active since 2016. It stole banking credentials and distributed ransomware payloads.
- Emotet – A major trojan spread largely via phishing emails containing infected Office documents. It became an extremely destructive malware ecosystem.
- Qakbot – An information stealing trojan used to compromise banking credentials and networks for monetary gain.
Within enterprise networks, trojans can spread laterally once a system is infected – granting access for attackers to install additional malware, obtain credentials and locate valuable assets.
Ransomware is a form of malware the encrypts files and systems, demanding a ransom payment for decryption. Some of the most prolific examples include:
- WannaCry – A 2017 ransomware worm that exploited a Windows vulnerability to spread globally in hours. It crippled hospitals, transportation infrastructure and businesses worldwide.
- CryptoLocker – An early and profitable ransomware detected in 2013. It spread via infected email attachments and used RSA public key encryption.
- REvil – Also known as Sodinokibi. An aggressive 2020 ransomware that exfiltrated data prior to encrypting networks.
Modern ransomware often uses a combination of self-propagation techniques like worms to spread, while employing RSA encryption to lock down files and systems across organizational networks. Financial, healthcare, education and government networks have been especially impacted.
Malware Propagation Techniques
Malware like viruses, worms, trojans and ransomware leverages many common methods to spread through networks, including:
- Email Attachments – Malicious files or macro-enabled documents sent in email.
- Infected Websites – Malicious scripts, downloads or exploits on compromised sites.
- Social Engineering – Tricking users via email, chat or websites to install malware.
- Network Shares – Targeting visible network shares, open ports or standard protocols.
- Removable Media – Infected USB sticks, external hard drives or similar.
- supply chain attack – Compromising third-party software or managed service providers to distribute malware to targets.
Minimizing Malware Spread in Networks
Organizations can take various steps to mitigate the potential spread of malware within networks, including:
- Installing and updating antivirus and antimalware tools on all systems.
- Patching and upgrading software regularly, especially OSes and apps.
- Restricting software installation permissions for users.
- Blocking unsafe file types from email attachments.
- Monitoring network traffic patterns for anomalies.
- Adding email security and web filtering to block known threats.
- Restricting external drive usage and blocking unapproved devices.
- Educating employees on cyber risks and best practices.
- Segmenting networks and limiting excessive user permissions.
Malware like worms, viruses, trojans and ransomware can pose major risks as they spread within organizational networks, infecting additional systems and potentially causing massive damage. Leveraging techniques like malicious email attachments, compromised websites, infected removable media and user deception, malware can propagate rapidly across network endpoints and servers. By keeping software patched and updated, monitoring for suspicious traffic, restricting user permissions and educating employees on cyber risks, organizations can minimize malware infections and contain outbreaks. Ongoing malware prevention and swift incident response helps protect institutional networks and data from cyber threats.