Security: Types of Malware. - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Adware
    • typically "harmless" as it just displays ads for products or wanting the user to click on a banner
    • the banner ads will usually appear as browser window popups
    • can be a sign of a larger infection
  • Virus
    • Malware that requires a program to piggyback on.
    • Needs the program to execute for the virus to execute its payload
    • Needs some type of user interaction.
  • Spyware
    • Malware that is intended to report information on a user's habits. an invasion of privacy.
    • Spyware can also be targeting a specific set of files or information such as browsing history to financial information
  • Trojan
    • Malware posing as a legitimate program
    • Trojans do not replicate or attach to other files
    • Composed of a suite of exploits allowing the attacker to remotely control and/or monitor a pc
  • Rootkits
    • Malware that is intended to take full or partial control of a pc at the lowest system levels without authentication
    • A service that listen on a specific port
    • Microsoft Protection Center on RootKits
  • Logic bomb
    • Malware that sits dormant until it is triggered by a specific action or event
    • When the trigger is reached logic bomb executes whatever it was programmed to do
    • UBS PaineWebber Attack
  • Botnets
    • A set of computers that have been infected by a control program acting at the will of the attacker to mount various attacks
    • Once infected the pc in considered a zombie or drone
    • Hard to detect since rootkits can "hook" themselves onto various system files evading detection by reporting to be a legitimate process
    • Various types of rootkits depending on where they reside
    • Examples of Size
  • Backdoors
    • Programs that enable attacker to enter at any time
    • Large botnets can be used to issue DDoS attacks
    • Mine for data
    • Send spam emails
  • Ransomware
    • Malware that will infect a pc restricting the user access to the files or information contained on it
    • Encryption can be used to encrypt documents
    • Money must be paid to the attackers to receive the private key to decrypt the data
    • example is CryptoLocker
    • examples of ransomware
  • Polymorphic malware
    • A virus that encrypts itself while each time it runs alters itself and encrypts again
    • Paired with a decryption module
    • The virus is changing is code and encryption
    • It is difficult for AV companies to write definitions for them
  • Armored virus
    • These viruses can be large in size because they include garbage code to make themselves hard to identify and for AV companies to properly reverse engineer them to write definitions
  • Worms
    • These are not mentioned but worth noting
    • Worms do not require a program to piggyback on or a separate program to execute. they simply propagate
    • some worms can contain a payload that can open up backdoors allowing the attacker in
    • many times a worm spreading is enough to slow network traffic
    • Watch how fast Code Red Worm Spread