What Is Malware? Understanding the Basics of Website Malware

Malware has infected roughly a third of the world’s computers, costing companies across the globe trillions of dollars each year. Yet in a recent report by Nationwide, only 13% of small business owners said they’d been targeted by a cyberattack, but when they saw specific examples of cybercrime — from phishing to ransomware — that number shot up to 58%. Malicious code isn’t confined to operating systems, either. Millions of websites across the internet also contain vulnerabilities that make them easy targets.

Unfortunately, this rise in cybercrime shows no signs of slowing down. In 2014, nearly 1 million new pieces of malware were released every day, but most hackers relied on old techniques to create new threats. Today, threats are increasingly sophisticated, and as web traffic volume grows and more connected devices come online, the attack surface is rapidly expanding. In 2018 alone, we saw thousands of data breaches expose more than 446 million records.

In this blog post, we’ll explain the signs of malware, how malware gets on a website, and why it can be so damaging to small businesses in particular. But first we’ll answer a basic question: What is malware?

A Brief History of Malware

In the early ’70s, Bob Thomas, an engineer at BBN Technologies, wrote the Creeper worm, the first program able to self-replicate over a computer network. The experimental program spread via the ARPANET (a predecessor of the internet) to infect computers running the Tenex operating system, causing them to display an ominous message: “I’m the creeper: Catch me if you can.”

The Creeper worm was more of an annoyance than a threat, but it prompted iterations that behaved much like the modern computer virus, a term developed in the ’80s by pioneering computer scientist Fred Cohen. According to Cohen, a virus is “a program that can infect other programs by modifying them to include a, possibly evolved, version of itself.” His definition has stood the test of time.

Today, we use the term “malware” to refer to any software created for malicious purposes, which can include website redirects, malvertising, viruses, adware, Trojans, and several other types of software. This software will generally fall into one of two categories: website or computer malware.

Website Malware Versus Computer Malware

Most discussions about malware center on programs that attach to an operating system or another program or file in a computer’s memory. As soon as that program or file is executed, the infection is launched. When malware infects a computer, it can steal passwords or data, log keystrokes, corrupt files, and spam email contacts — it can even take over the infected machines, spreading through electronic attachments, file downloads, social media links, or physical media.

Luckily, there are many computer-based antivirus platforms in the marketplace that are equipped to detect signs of malware and defend against most types.

Another class of malware — known as website malware — is perhaps less discussed but equally pervasive and insidious. So how does malware get on a website? Well, using website malware, attackers can sneak into a website undetected, steal sensitive customer data, alter a website’s appearance, and generally damage a company’s reputation and even its bottom line.

An attack on your website may be relatively harmless, or it could result in a website suspension or blacklisting. Unmitigated malware infections can even allow cybercriminals to take control of your site.

If you do experience any of the above scenarios, you certainly aren’t the first victim — or the last. In fact, according to our research, a single website will experience nearly 60 attacks a day, and every website on the internet is a potential target.

Managing a Malware Attack

The fact of the matter is, a malware attack impacts corporations and small businesses differently. After hackers used malware to compromise about 380,000 credit card payments on British Airways’ site and app, for instance, the London-based airline had to deal with several weeks of negative press and pay hefty fines. However, business carried on.

For small to midsize business owners, the consequences of such an attack would be catastrophic. Most SMB owners manage their own websites, but few have the time and resources to invest in adequate protection. Moreover, most of these companies lack the financial and human capital required to cope with the fallout of an attack, leaving them especially vulnerable. As a result, 60% of small businesses are forced to shut down in the aftermath of a cyberattack.

Customer trust is the bedrock of the small business advantage, but trust is quickly eroded when you fail to protect customers on your site. Fortunately, there are easy, effective, and affordable ways to protect your small business and keep that trust intact. To learn more about those strategies, check out our “Ultimate Guide to Website Malware,” and discover why more than 12 million websites trust SiteLock.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally.