Cybersecurity — Understanding the Fundamentals III (Malware Types)

Malware is a portmanteau for malicious software that is designed to infiltrate or damage a computer system without the user’s informed consent.

Image for post
illustration-virus-detection created by rawpixel.com

Understanding the types of malware can let us develop better prevention and defense strategies against them as cybersecurity enthusiasts.

I. Virus

Image for post
Photo by Dlanor S on Unsplash

A computer virus is a malware that is designed to spread itself via replication and by infecting other computers. Computer viruses usually contain 3 main parts;

  1. Infection Mechanism: A virus typically has a search routine, which locates new files or new disks for infection.
  2. Trigger: The trigger, which is also known as a logic bomb, is the compiled version that could be activated any time within an executable file when the virus is run that determines the event or condition for the malicious “payload” to be activated or delivered such as a particular date, a particular time, particular presence of another program, capacity of the disk exceeding some limit, or a double-click that opens a particular file.
  3. Payload: The “payload” is the actual body or data that performs the actual malicious purpose of the virus.

Virus phases are the life cycle of the computer virus, described by using an analogy to biology. This life cycle can be divided into 4 phases:

  1. Dormant Phase: The virus is idle.
  2. Propagation Phase: The virus places an identical copy of itself into other programs or into certain system areas on the disk.
  3. Triggering Phase: The Virus is activated to perform the function for which it was intended.
  4. Execution Phase: The virus function is performed.

II. Worm

A piece of malware that can replicate itself in order to spread the infection to other connected computers.

Image for post
A message left for Microsoft CEO Bill Gates in the Blaster Worm

On November 2, 1988, Robert Tappan Morris, a Cornell University computer science graduate student, unleashed what became known as the Morris worm (also known as The Worm, the first known computer worm), disrupting many computers then on the Internet, guessed at the time to be one-tenth of all those connected.

Image for post
Floppy disk that contains the source code for the Morris Worm at the Computer History Museum

One of the most known worms is Stuxnet that targets SCADA systems.

III. Trojan Horse

Image for post
Photo by Michael Geiger on Unsplash

Malware that a user installs believing the software to be legitimate, but the software actually has a malicious purpose. It takes its name from the classical story of the Trojan horse that acts as a harmless to trick the system. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.

IV. Spyware

Image for post
Photo by Chris Yang on Unsplash

A type of Malware that locates and saves data from users without them knowing about it. There are 4 main types of spyware and each uses a different type of method to track.

  1. Adware: A software program that delivers advertising content in a manner that is unexpected and unwanted by the user. Adware is mostly used for marketing purposes.
  2. Trojan: Malware that a user installs believing the software to be legitimate, but the software actually has a malicious purpose.
  3. Tracking Cookies: Tracking cookies are usually used for marketing purposes that track searches, history, and downloads, etc.
  4. System Monitors: A software program that tracks keystrokes, emails, chat-room dialogs, websites visited, and programs run.

V. Ransomware

A type of malicious software designed to block access to a computer system until a sum of money is paid. In May 2017, one of the most famous ransomware known as WannaCry targeted computers running the Microsoft Windows OS by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. Petya is the other most known ransomware which was discovered in March 2016.

Image for post
Screenshot of an infected system by WannaCry

VI. Logic Bomb

Image for post
Photo by Eder Pozo Pérez on Unsplash

A computer program or part of a program that lies dormant until it is triggered by a specific logical event. When this kind of malicious software is set to start or stop functioning after a predetermined date or time is reached, it is called a time bomb.

VII. Rootkit

A program that obtains the highest level of privilege on a device sometimes used intentionally by a mobile device owner to override the protections installed by the service provider. User-mode rootkits run in Ring 3, along with other applications as a user, rather than low-level system processes Kernel-mode rootkits run with the highest operating system privileges (Ring 0) by adding code or replacing portions of the core operating system.

Image for post
Rings of Processor Privilege Levels

VIII. Keystroke Logging

Image for post
Photo by Ilya Pavlov on Unsplash

Often referred to as keylogging is a small hardware device or a program that monitors search keystroke a user types on the computer’s keyboard. Keyloggers can be divided into 2 categories;

Software-based Keyloggers

  • Hypervisor-based
  • Kernel-based
  • API-based
  • Form Grabbing Based
  • Javascript-based
  • Memory-injection-based

Hardware-based Keyloggers

  • Firmware-based
  • Keyboard Hardware
  • Wireless Keyboard and Mouse Sniffers
  • Keyboard Overlays
  • Acoustic Keyloggers
  • Electromagnetic Emissions
  • Optical Surveillance
  • Physical Evidence
  • Smartphone Sensors
  • Body Keyloggers

IX. Rogue Security Software

Image for post
Photo by NeONBRAND on Unsplash

Rogue Security Software is a type of malware that misleads users into believing there is a virus on their computer, and to pay money for a fake malware removal tool.

X. Exploit

Image for post
Photo by Pankaj Patel on Unsplash

Exploit is a piece of software or a sequence of commands that takes advantage of a bug or vulnerability.

Cybersecurity | Artificial Intelligence | Blockchain

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store