All of the malware!!!

Avengers: Endgame (2019)

This is for those who have relatively no experience with IT or Cybersecurity concepts. Awareness is the first step to protecting yourself and this is a good place to learn about the basic threats that exist within the digital realm!

Encountering one or several of these threats can truly be considered an inevitability. One would have to be totally digitally secluded, like an Amish person, to guarantee not encountering some form of malware.

I can imagine the camaraderie is great, but I like having electricity Photo by Randy Fath

What’s Malware?

Malware is the short hand name for malicious software. It is software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent. Basically, malware includes all of the bad things on the internet that can harm our computers. Here’s a list of the types of malware:

  • Viruses
  • Worms
  • Trojan horses
  • Ransomware
  • Spyware
  • Rootkits
  • Spam

Viruses

Generally speaking, there are 10 different categories of viruses. A virus is a malicious code that runs on a machine without the user’s knowledge and infects the computer when executed.

For example, when malicious code runs in the background on some game that was downloaded from the internet.

One important aspect of viruses is that they require user action to be able to reproduce and spread.

These are the categories of viruses:

  • Boot sector — these viruses are stored in the 1st sector of a hard drive and are loaded into memory upon boot up; difficult to detect and require a boot sector scan to detect them
  • Macro — virus embedded into a document and is executed when the document is opened by the user; these are actually very commonly used for productive office work but they can also be exploited maliciously so it’s important to be aware of them within word docs, spreadsheets, PowerPoints and other similar files
  • Program — these viruses infect an executable or application
  • Multipartite — a virus that combines characteristics from boot sector viruses and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer; allows for persistence on the target machine
  • Encrypted — they use a cypher to encrypt themselves from being detected by a scan
  • Polymorphic — Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection; morphs its code to be even less detectable by scans
  • Metamorphic — these types can completely rewrite themselves entirely before it attempts to infect a file (advanced version of a polymorphic virus)
  • Stealth — this is basically a broader category of viruses that includes Encrypted, Polymorphic and Metamorphic viruses
  • Armored — have a layer of protection to confuse a program or person from analyzing it, this is to improve the infection rate of the virus
  • Hoax —a virus where social engineering is the strategy for instigating user action; the user is tricked to call the hacker, click on a malicious link, or willingly provide remote access; for example they’ll send you a message saying “your machine is compromised,” or something like that and then click on a link to fix it; in this scenario it’s important to remember that you don’t actually have the virus until you carry out the hoax’s instructions

Worms

This malware is similar to a virus with the exception that worms can replicate themselves without user interaction. Worms self-replicate and spread without a user’s consent or action. They can cause disruption to normal network traffic and computing activities. Their effectiveness comes from taking advantage of security holes in operating systems & applications.

Some headline examples include nimda in 2001 which propagated across the internet in a matter of minutes and conficker in 2009 which infected about 9–15 million computers.

Worms spread and replicate really fast and they end up consuming large amounts of computer resources very quickly.

Trojans

Named for the historical reference to the trojan horse used in the siege of Troy by the Greeks. This type of malware is disguised as a piece of harmless or desirable software. So, it will perform a desired function, while a malicious function runs in the background.

One common type of trojan is called a R.A.T. (Remote Access Trojan). This will provide the attacker with remote control of a victim machine. That includes control over the attached hardware also, like webcams, mics and so on.

Hauntingly enough, trojans are quite easy to create with software products called ProRAT and VirusMaker.

Ransomware

This that sh** we’ve been hearing about in the news! This is the malware that restricts access to a victim’s computer system until a ransom is received. Ransomware uses a vulnerability found within your OS to gain access and then encrypts your files for ransom.

The City of Atlanta paid several millions of dollars in damages after the SamSam ransomware attack. However cities and governments are not the only entities susceptible to these attacks. Anyone or thing can be a target, like a hospital’s file system or an individual’s personal photo files.

It’s considered best practice to not give-in to ransom demands…

Single best way to protect oneself from ransomware is to keep good backups of all systems & files. Then, simply roll back to an earlier time and restore from the backups.

Spyware

Malware that secretly gathers information about the user without their consent. These viruses are used to look at files, emails, calendars, etc… in order to gather info and create a profile of the target. Some spyware will even incorporate a keylogger to capture keystrokes made on the target machine as well as take screenshots, all of which are sent back to the attacker.

There are also two other sub-categories of spyware: Adware and Grayware.

Adware

This type will display advertisements based upon the profile it has created from spying on you. It is usually benign but still always creepy.

Grayware

Software that isn’t benign or malicious and tends to behave improperly without serious consequences, also thought of as ‘jokeware.’

Rootkits

This is software designed to gain administrative level control over a system without detection. For Windows, this top level of control is called the Administrative account and for Linux, Unix & MacOS it is called root access. Accessing this level of control is dangerous because it brings the infiltrator closer to the kernel. Having access closer to the kernel means the malware can become harder to remove and more difficult to detect.

Rootkit attacks can be carried out by some strategies which include DLL Injection and Driver Manipulation.

SPAM

Simply stated, SPAM is just the abuse of electronic messaging systems. I’m sure many of us are most familiar with email SPAM, but anything that facilitates communication online can be spammed, like facebook messenger, reddit forums, DMs on any social media platform, SMS messaging, etc…

One exploitation commonly leveraged by spammers involves looking for a company that hasn’t properly secured their mail relays. If not secured the mail relays can be considered “open.” With an open mail relay, a spammer can exploit it and send their SPAM.

If you are a small business owner please be aware of the CAN-SPAM Act of 2003.

Here’s a ‘one liner’ for each type of malware:

Virus — code that infects a computer when a file is opened or executed

Worm — acts like a virus but can self-replicate

Trojan — appears to do a desired function but also does something malicious

Ransomware — takes control of your computer or data unless you pay

Spyware — software that collects your information without your consent

Rootkit — gains administrative control of your system by targeting boot loader of kernel

Spam — abuse of electronic messaging systems

Bonus Tips:

rootkit: if this is suspected, it is best to reformat and reimage the system

ransomware: one should restore their machine from a known good backup and restore personal files from the backup, as well. NEVER PAY THE RANSOM because you can never trust these attackers to unlock your system or files even after you’ve paid them

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store