0 / 10 flipped
Malware
Tap to reveal
Short for malicious software β any program or code designed to damage, disrupt, spy on, or gain unauthorized access to a system. Malware is a category, not a single threat type. It includes viruses, worms, ransomware, Trojans, rootkits, keyloggers, spyware, bloatware, and logic bombs. The common thread is unauthorized harmful intent. Understanding the type matters because each type requires different detection and response approaches.
Ransomware
Tap to reveal
Malware that encrypts the victim's data files and demands payment for the decryption key. The OS remains functional β the attacker needs the victim to be able to see the ransom demand and pay. Encryption uses strong public-key cryptography: the public key (embedded in malware) encrypts files; only the attacker's private key decrypts them. Payment is typically cryptocurrency. The only reliable defense is an offline backup β a clean copy the ransomware cannot reach.
Trojan Horse
Tap to reveal
Malware disguised as legitimate software. The victim installs it willingly, believing it serves a real purpose. Once executed, the Trojan performs malicious actions: opening a backdoor, downloading additional malware, stealing data, or providing remote access. Unlike viruses and worms, Trojans do not self-replicate β they rely on social engineering to trick the user into running them. The name comes from the Trojan horse of Greek mythology: a gift concealing hidden attackers.
Rootkit
Tap to reveal
Malware that gains administrator-level control of a system while hiding its presence from the OS and security tools. Rootkits operate at kernel level or deeper, intercepting OS calls to conceal files, processes, and network connections belonging to themselves and other malware. Their primary value to attackers is persistence and concealment β an attacker with a rootkit installed can maintain long-term access that standard antivirus scans will not detect.
Keylogger
Tap to reveal
Malware that records every keystroke typed on the system and transmits the log to the attacker. Captures usernames, passwords, PINs, credit card numbers, private messages, and search terms. Keyloggers are a direct credential-theft tool β the captured data gives the attacker the ability to impersonate the victim in any system the victim accessed while the keylogger was running. Often installed by Trojans as part of a multi-stage attack chain.
Logic Bomb
Tap to reveal
Malicious code that lies dormant until a specific trigger condition is met, then executes a destructive payload. Triggers include: a specific date, a user account being deleted, a file being accessed or modified, or a boolean condition becoming true. Logic bombs are commonly planted by insiders β disgruntled employees who embed them in legitimate code before departing. Because they lie dormant, they are difficult to detect through behavioral monitoring; code review is the primary defense.
Drive-by Download
Tap to reveal
A malware infection triggered by simply visiting a compromised web page β no user click required. Exploit code embedded in the page (or served through a malicious ad) targets vulnerabilities in the visitor's browser, browser plugins, or JavaScript engine. If a matching unpatched vulnerability is found, malware is downloaded and executed silently in the background. The victim may see no indication anything occurred. Drive-by downloads are stopped by keeping browsers and plugins fully patched.
Botnet
Tap to reveal
A network of malware-infected machines ("bots") under centralized attacker control via a command-and-control (C2) infrastructure. Each compromised system silently awaits instructions while its owner uses it normally. Botnets are used for: DDoS attacks (directing thousands of bots to flood a target), spam distribution, credential stuffing, cryptocurrency mining, and distributing additional malware β all using the victims' computational resources and network bandwidth without their knowledge or consent.
Offline Backup
Tap to reveal
A backup copy stored on media physically or logically disconnected from the production network, making it unreachable by ransomware or other malware on connected systems. Examples: tape backups removed from the drive after writing, external hard drives disconnected after backup, air-gapped systems. Online backups (network shares, cloud drives accessible from the infected system) can themselves be encrypted by ransomware. An offline backup is the single most effective defense against ransomware: if the production data is encrypted, restore from the offline copy.
The Four Defense Fundamentals
Tap to reveal
The baseline defenses against the malware threat landscape: (1) Offline / immutable backups β recovery path when data is encrypted or destroyed; (2) OS patching β closes vulnerabilities exploited by worms and drive-by downloads; (3) Application patching β closes browser, plugin, and software vulnerabilities used as entry points; (4) Current AV signatures β allows security software to recognize and block known malware variants. None is individually sufficient; together they address the primary delivery vectors and recovery scenarios for the vast majority of malware in the wild.