Hello, Malware infection is a nightmare for all computer users and here i will show you a list of different types of malware, so be aware about malwares.
Malware can be classified by it’s behavior, target platform, or attack commands. Of the three classifications, we will look more specifically at malware based on behavior.
- Network Worms
- The Trojan Horse
- Remote Access Trojans
- Information Stealers
- Overwriting viruses overwrite the host files they infect with their own malware code, making the original host file unusable. Without a backup there is no way to recover this file.
- Companion viruses operate by renaming the host file’s extension and then create a copy of itself with the original name of the host file. The renamed host file is then given a hidden attribute. When the file is called by the user or the operating system, the companion virus will execute it’s malicious code and then pass the instruction to the renamed/hidden original file.
- Parasitic viruses attach themselves to the host file during infection. A prepending parasitic virus attaches itself to the top of the host file, while an appending parasitic virus attaches itself to the end of the host file.
B. Macro and Script viruses are created using an application-specific macro language. Although macros are not confined to Microsoft Office alone, it has become the main platform for macro viruses. An example of this would be the Melissa virus from 1999 which spread via email and embedded itself in both saved and new documents. The macro language is a form of scripting and macro viruses showed the malicious possibilities of scripts. A script is code that exists independently and is executed by the operating system or service to do an action. Again, they are used to automate a routine task.
2. Network Worms
A. Mass mailer worms spread via e-mail. Usually involves social engineering techniques to fool the user into opening or clicking links/attachments. Utilizes the users address book to spread.
B. File-Sharing worms spread by adding copies of themselves to publicly facing file-sharing folders with enticing names. The idea is to get other users to see via a peer-to-peer program.
C. Instant Messaging worms, as the name indicates, use IM software as the main vectors for infection and is similar to the Mass Mailer worm. It infects the user’s contact list and sends malicious links that result in downloading/installing itself on the next target machine. Since IM is coming from a “known” contact it is likely to be accepted.
D. Internet Relay Chat (IRC) worms spread, yup you guessed it, through IRC channels by sending messages containing malicious links or instructions that socially engineer the user to type in a series of commands that can result in infection not just of the user’s system, but the other users in the channel as well.
E. Local Area Network (LAN) worms spread within the confines of a LAN by scanning for write-able shared folders on hosts connected to the network and copying itself into said folders. It also searches for public folders in a network to drop a copy of itself.
F. Internet worms spread to other systems by scanning the Internet for vulnerable machines.
3. The Trojan Horse (or Trojan to most)
5. Remote Access Trojans (RAT)
6. Information Stealers
- Keyloggers capture keystrokes and log them. These logs can either be stored locally for later retrieval or sent to a remote server setup by the attacker. Keyloggers are not limited to software alone, there are also hardware implementations available.
- Desktop Recorders work by taking screenshots or active window on the users platform. They can be setup on a time interval or when triggered by an event such as a mouse click or a pressing of the enter/return key. The downside of this malware is the amount of data that results from this type of operation. The file size of each screenshot can add up quickly.
- Memory Scrapers steal information in memory while it is being processed. Data that is processed in memory is unencrypted which makes it an ideal place to target.
- User-Mode rootkits operate in user mode or ring 3 of the Computer Security Protection Ring. Their control and influence is limited to the user or the process space of the affected application. User-mode rootkits operate mostly by hooking or hijacking system function calls made by an application.
- Kernel-mode rootkits operate in kernel mode or ring 0 of the Computer Security Protection Ring. This rootkit is much more powerful b/c it places itself in the lowest level possible. This means it has more control over the OS and the underlying hardware. Ideally, a kernel-mode rootkit is what malware authors want their rootkits to be, but since it requires familiarity with OS internals and hardware it is not always possible considering the time needed to build these skills. Poorly written rootkits in kernel-mode that has system influence will most likely crash the system.
Next time we will learn about malware infection vectors. Stay Tuned!, Thank you.