The Different Types of Malware

A few people asked me to do this, so here it is! šŸ™‚

Trojans

Trojans are malicious software that are usually designed to steal confidential data from a victim. There are different types of trojan, each designed to perform a specific job. Usually they come with a keylogger to record every key pressed on a victims computer to steal usernames, passwords and other important information.

  • Banking trojans are designed to steal money from someones bank account by manipulating bank websites to send money from a victims bank account to the attackers.
  • Trojan downloaders are designed to download updated malicious code to the computer, potentially allowing someone to control your computer, this is known as a backdoor.
  • Trojan horses pretend to be legit and safe software, but when the user downloads and runs them, they perform a malicious action on the victims computer.
  • Other types of trojans can be simply created for fun or to annoy the user.

Trojans can sometimes be downloaded automatically through websites that have either been comprimised or contain malicious code, this is known as a drive-by download.

Worms

Worms install themselves once to a computer, and then look for another computer to infect. Usually, worms spread through networks or Wi-Fi connections.

However, email-worms require the user to activate them, instead of spreading automatically. Email worms require that you run the worm in order to spread, however, in most cases, if you activate the worm’s payload, it will spread by itself using your contact lists in OutLook to spread.

One example of a Network Worm would be the Sasser worm created by Sven Jaschan. An example of an Email Worm would be the Kiray worm, which you can see here.

Viruses

Viruses are designed to infect applications and documents on a disk and travel autonomously from computer to computer. Some of them do this by inserting their code into other documents, these are known as injectors. When the infected document is opened, the virus is activated and it spreads once again. Other viruses literally copy themselves everywhere on your hard drive, while others hide themselves amongst your portable devices, documents and system files.

Viruses are usually very noticeable and can be seen easily using the Windows Task Manager or other applications alike.

Rootkits

Rootkits are very notorious for the ability to hide themselves amongst system files. Rootkits also have a few of the characteristics of worms, which can lead to people confusing a worm for a rootkit. Like worms, rookits can also spread via network connections, however the main job of the rookit is just to hide and spread. Because rootkits can hide themselves with system files, it is extremely hard for anti-malware programs to detect rootkits, thus making them more likely to activate their payload successfully.

Adware

Adware is probably the most simple out of all malware. Adware simply just causes annoying advertisements to popup on a victims computer. Adware does not spread, therefore making it possible to categorise them as trojans. Adware can surprisingly be annoying to detect, as they usually perform their malicious actions indirectly through web browsers such as Internet Explorer or Google Chrome.

Ransomware

Ransomware is a type of malware designed to block access to certain things on a computer and then demand money to unblock them. There are 2 types of ransomware.

  • Crypto-ransomware is designed to encrypt documents and pictures, and demand the user for money in exchange for a decryption key. This type of ransomware is very easy to be successful, especially if a business is infected.
  • Locker-ransomware is designed to lock certain devices (such as phones or tablets) and then demand credit card information or money to unlock the device

Since the early 2000’s, crypto-ransomware has been used more successfully to target businesses than locker ransomware. One example lf this, would be the CryptoLocker ransomware. The creators of that piece lf ransomware have earned several hundreds of thousands of dollars (US) due to the widespread infection of computers with their ransomware. Ransomware often comes with anti-debugging features, making it harder for malware researchers to look for vulnerabilities or ways to disable it.

Spyware

Spyware is designed to spy on the victims computer tasks. Like trojans, spyware does not spread and they usually come with a key logger. Spyware is also notorious for the ability to hijack a victims web-cam, which is why you should never have a camera near you when getting changed or in the shower.

Note that spyware can automatically turn on the web-cam, without the users permission.

Exploits

Exploits are bundles of malicious code that are designed to use vulnerabilities in other software to their advantage. Like trojan downloaders, exploit kits usually download and install other pieces of malware onto the victims computer.

Most of the time, exploit kits donwload ransomware onto the users computer. Exploits are usually found in Microsoft Word Documents, PDF files or even comprimised webpages, moreover, exploits kits are occasionally sent to victims via email.

Hybrid Malware

Hybrid malware is 2 or more different types of malware combined in one application or webpage, allowing cyber-criminals greater flexibility in their method of infection, payloads and spreading. Anti-malware programs sometimes find that removing hybrid malware can be tricky, because of the malwares complexity and/or anti-debugging features.

Different forms of malware

Forms of malware include scripts, word documents, webpages, pdf documents, applications and more.

Anti-malware programs

You can protect yourself against many types of malware by using Kaspersky Internet Security. You can also protect yourself against exploits using Malwarebytes Anti-Exploit.

There are many reviews and comments about both of those products, so go check them out!

Summary

This took a VERY long time to write, and a lot of research.

Note that many tutorials/fact videos on YouTube are not very reliable. When researching malware, please make sure you get your facts from a reasonably professional source (Example: ThreatPost or Kaspersky Lab) to ensure that you are getting the right information and not some computer noob telling you that everything is a virus šŸ˜‰

If I missed any type of malware, please tell me on Twitter here

Sources

Kaspersky Lab:

https://kaspersky.co.uk

https://securelist.com

ThreatPost:

https://threatpost.com

Britec09:

http://www.briteccomputers.co.uk

https://youtube.com/user/Britec09

Others:

ThePCSecurityChannel

MaxCyberDefense

Danooct1

Malwarebytes

Advertisements

2 thoughts on “The Different Types of Malware

    1. There may still be parts of the rootkit left in the system, as the rootkit could have injected code into system applications.

      Kaspersky TDSS Killer is a great tool designed to completely remove rootkits and worms from your system.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s