INTRODUCTION
Malware describes a broad range of malicious programs used by threat actors to try to do harm to a computer or network. Since the now infamous WannaCry attacks (which infected over 200,000 victims), malware has always been a thorny issue for users and organizations alike. While it is worrisome that some experimental threat actors will create new variations, these nine are the most common types of malware seen:
9 TYPES OF COMMON MALWARE
Ransomware- type of malware in which hackers gain control of a user’s data and prevent the user from accessing it until they pay a ransom. A threat actor uses ransomware if their main motive is money, but sometimes they ask for more critical information in exchange for the information that they have already locked.
Example: A threat actor gains access to a user’s documents on their computer and demands they pay $1,000 in 24 hours or all of their documents will be deleted.
Fileless Malware- type of malware that is embedded in the computer’s memory instead of the file system. It may masquerade as a legitimate program, but once it is downloaded to your computer, it will stay lodged on your machine’s memory even if you delete the file or application. Fileless malware is especially irksome, for it is necessary to do a factory reset if you want it completely rid of. In a previous post, “How To Clear Your Mac Of Popups And Fileless Malware” the process of performing a factory reset is explained.
Example: Downloading a suspicious application called “Noteburner” to the computer that stays lodged in the computer memory. After deleting it, you still get pop-up notifications about Noteburner activities even if you completely deleted the app.
Viruses- a type of malware in which pieces of malicious code are attached to regular programs and are activated when the program is opened or run. A virus can be identified by the way that a user’s computer slows down after a program is installed or if a user finds their information suddenly absent (meaning it has been stolen).
Example: A user downloads a program from the internet that a threat actor created, and the malicious code spreads to infect other programs on a user’s machine.
Trojan Horses- like the Greek “Trojan Horse” legend known from the Trojan War, Trojan malware pretends to be a benign program that will be useful to the user but it is actually a malicious tool.
Example: A threat actor creates a program called “List Manager” that is supposed to help a user create lists for their personal organization. When the program is downloaded, the threat actor uses the program as a backdoor into the user’s system; gaining access to all of their personal information.
Worms- type of malware that infects one computer and then spreads to other computers, infecting them along a line. Worm malware is especially horrible because it copies and multiplies. If one computer or account gets infected, assume that every contact in a list has been infected too.
Example: Worm malware is hidden in an email link sent to one user. The user clicks on the link to open it, and the worm copies itself in their email account. From there, the worm copies itself to all of the email accounts that the main user is connected with. Now when each other user opens the worm email, that will set off another chain of multiplying worms.
Rootkits- a rootkit is a collection of malicious software that threat actors use to create more malicious software. A threat actor often uses rootkits to hide certain programs or files that are malicious.
Example: ZeroAccess was a 2011 kernel mode rootkit that downloaded and installed malware to an infected machine. It was known to infect 2 million computers.
Botnets- a collection of bots (agent computers or devices infected by malware) that are programmed remotely to obey the instructions of the threat actor. A threat actor can control an impressive amount of bots, resulting in a botnet that stretches across an entire region, country, or even the world.
Example: The 3ve botnet attack in 2018 gained control of over 1.7 million computers and servers to generate fake web and ad traffic.
Spyware & Keylogging- a type of malware that a threat actor uses for the primary motive of collecting information about a user. Spyware gathers information about a user’s internet activity, uses “keylogging” (recording which keys a user hits on a keyboard) to determine a user’s password and logins, and -in the most disturbing of cases- a threat actor can manipulate a user’s camera technology to watch the user while they use their device.
Example: A threat actor uses spyware software to hack a user’s camera on their laptop to steal their facial identity or to use private film of them for blackmail without their knowledge.
Adware- type of malware/software that continuously presents unwanted ads or content to the user on their machine. This type of malware is probably the most well-known to regular users, for we have all been irritated before by ad pop-ups.
Example: During a routine surf on the internet, a user is bombarded by four unclosable ad pop-ups windows. The user is forced to try to click out of the windows, but if they accidentally click on an ad, they may accidentally activate a virus on their machine.
CONCLUSION
Malware is becoming more abundant as we continue to develop our user experiences and interfaces. It is a tricky thing to avoid, so the best advice is to stay alert! If you come across a suspicious program or file, do not open it! Be aware that many threat actors (if they are not experienced in coding) tend to purchase malware on the dark web to launch attacks through command instructions. Therefore, keep an eye on all things that get passed to your machine.
SOURCES
softwarelab.org “What is a Rootkit? The Top 5 Examples”
bbc.co.uk “What are viruses and malware?”
crowdstrike.com “11 Most Common Types of Malware + Examples”
Comentários