• Know your Malware – 5 common types

Malware involved and how they work. This especially applies to small and medium businesses that aren’t likely to possess IT personnel whose sole focus is network security.

This article examines drivers of malware development and the details their characteristics.

Viruses

Most likely the best-known form of malware is the virus. Computer viruses have existed for many years; however, the fundamental premise has remained constant. Typically, made to inflict damage against the end user, computer viruses can purge a complete hard disk, rendering data useless in a matter of moments.

Just like biological viruses that replicate themselves when infecting a host cell, computer viruses will often replicate and spread themselves via an infected system. Other forms of viruses are employed to ‘seek and destroy' where specific files types or sections of the hard disk are hit. Criminals conducting cyber-thefts will often release a virus on penetrated systems after extracting the specified information as a method of destroying forensic evidence

 Computer viruses were originally spread through the sharing of infected floppy disks. As technology evolved so too did the distribution method. Today, viruses are commonly spread through email attachments, file sharing, and web downloads. To infect a system, the virus should be executed on the target system; dormant computer viruses which have not been executed don't pose an instantaneous threat. Viruses typically don't possess any legitimate purposes and in a few countries, are illegal to possess.

Claim your FREE* Cyber Security assessment
 

Worms

Computer worms have existed since the late 1980s, but weren't prevalent until networking infrastructures within organisations became common. Unlike computer viruses, worms have the ability of spreading themselves through networks without the human interaction.

Once infected with a worm, the compromised system will begin scanning the local network to locate additional victims. After locating a target, the worm will exploit software vulnerabilities in remote system, injecting it with malicious code to complete the compromise. Because of its method of attack, worms are threats that continuously evolve however your firewall protection may not. Now is the time to be looking beyond traditional network security and incorporate protection against malware and exploits that pass-through PCs when users browse the Internet, send or receive email and download applications. Worms tend to be viewed more as a pain than a real threat. However, they work extremely well at spreading other malware or inflict damage against target systems.


Designed by Freepik

Trojans

Like viruses, Trojans typically require sort of user interaction to infect a system. However, unlike most worms and viruses, Trojans often try to stay undetected on the compromised host. Trojans are small bits of executable code embedded into another application. Typically, the infected file is an application the victim would use regularly (such as Microsoft Word or Calculator). The aim is for the victim to unknowingly execute the malicious code when launching a normally innocent program. This often results in Trojans infecting a system without triggering any kind of notification.

There are numerous forms of Trojans, each fulfilling an alternative purpose. Some Trojans are created specifically to extract sensitive data from the infected system; these types of Trojans typically install keyloggers or take screenshots of the victim's computer and automatically transmit the data back to the attacker. Other, more dangerous “remote access Trojans” (RATs), will seize control of the infected system, opening a back door for an attacker to later access. Remote access Trojans are usually found in the creation of botnets.


 

Spyware/ Adware 

Like some forms of Trojans, spyware is used to gather and relay sensitive information back to its distributor.

Spyware typically isn’t malicious in nature. However, it’s a major nuisance, typically infecting web browsers, making them nearly inoperable. Spyware is frequently used for deceitful marketing purposes, such as for example monitoring user activity without their knowledge. Occasionally, spyware might be disguised as a legitimate application, providing the user with some benefit while secretly recording behaviour and usage patterns.

Like spyware, adware really is a major nuisance for users. But it’s usually not malicious in nature. Adware, as the name implies, is normally used to spread advertisements providing some sort of financial benefit to the attacker. After becoming infected by adware, the victim becomes bombarded by pop-ups, toolbars and other forms of advertisements when attempting to gain access to the Internet. Adware usually doesn't cause permanent harm to a computer. However, it may render the device inoperable if not removed properly.
 

Claim your FREE* Cyber Security assessment
 

Rootkits

Arguably probably the most dangerous form of malware is the rootkit. Like remote access Trojans, rootkits supply the attacker with control over an infected system. However, unlike Trojans, rootkits are exceptionally difficult to detect or remove. Rootkits are usually installed into low level system resources (below the operating system). Due to this rootkits often go undetected by conventional anti-virus software. Once contaminated with a rootkit, the target system might be accessible by an attacker providing unrestricted access to the remaining network.

rootkit.png

Knowing when you've got one

Malware in network traffic or on a pc makes its presence known one of three ways:

  • “signature” is a fingerprint or pattern in the file that may be recognised with a network security system such as a firewall even before it reaches a computer. If this kind of file reaches a pc, the anti-virus/antimalware software on the device should catch it.
  • A suspect file type appearing out of context, like an executable (.exe) or registry value hidden in a compressed file such as .zip.
  • Behaviour; even a good rootkit may reveal itself when it “phones home” to the operator who controls it. If this behaviour is abnormal for example, in volume or time of day- this is an indicator of a compromised system. The conventional security measures of having anti-virus software installed and constantly updated on all machines will address the most typical culprits.

 

 

Claim your FREE* Cyber Security assessment

 

 

  • Up to 4 hour’s consultancy from one of Probrand's qualified ACE practitioners
  • Identify and analyse issues
  • Guidance on improvements needed
  • Part of the Government Cyber Essentials campaign


Claim your FREE Cyber Security Assessment

Related

View all Case Studies

Recent Articles