Often used in tandem, “malware” and “exploit” can sometimes be confused with one another. However, they are not synonymous and bear several clear distinctions. To better understand the differences between malware and exploits, we first have to define them and their purposes.
Malware
Short for malicious software, malware refers to a file, program or string of code used for malicious activity, such as damaging devices, demanding ransom and stealing sensitive data. Malware is typically delivered over a network, though it can also be delivered via physical media, and it is classified by the payload or malicious action it performs. The classifications of malware include worms, Trojans, botnets, spyware and viruses. Although each malware strain behaves uniquely, automated spreading behavior is most commonly associated with worms. Most malware today is delivered over email by way of a link or file attachment, but more and more adversaries are beginning to leverage non-email communication platforms, such as social media and instant messaging, for malware delivery.
Today, there are millions of variants of malware that are constantly being tweaked ever so slightly to evade signature-based protection. Some malware types are easier to detect, such as ransomware, which makes itself known immediately upon encrypting your files. Other malware types, like spyware, may remain on a target system silently to allow an adversary to maintain access to the system. Regardless of the malware type, its detectability or the person deploying it, the intent of malware use is always malicious.
Exploits
An exploit is a piece of code or a program that takes advantage of a weakness (aka vulnerability) in an application or system. Exploits are typically divided into the resulting behavior after the vulnerability is exploited, such as arbitrary code execution, privilege escalation, denial of service, or data exposure. In addition, exploits may be categorized into known and unknown (i.e., zero-day) exploits. Zero-day exploits generally present a significant threat to an organization as they take advantage of unreported vulnerabilities for which no software patch is available. At times, adversaries may attempt to exploit vulnerabilities via collections or kits hidden on invisible landing pages or hosted on advertisement networks. If a victim lands on one of these sites, the exploit kit will automatically scan the victim’s computer to find out the operating system the computer is using, which programs are running, and if there are any vulnerabilities associated with those software packages. Once it identifies a vulnerability, the exploit kit will use the appropriate exploit code and attempt to install and execute malware.
Unlike malware, exploits are not inherently malicious, but they are still likely to be used for nefarious purposes. The key takeaway here is that exploit code may be used to deliver malware, but the code is not the malware itself. Although malware and exploits are used in combination for multiple types of malicious objectives, they present distinct issues that should be examined individually to provide well-rounded security.
To learn more about malware and exploits, check out our lightboard video Malware vs Exploits: What’s the Difference?