Cybersecurity — Understanding the Fundamentals III (Malware Types)

Types of Malware

Malware is a portmanteau for malicious software that is designed to infiltrate or damage a computer system without the user’s informed consent.

illustration-virus-detection created by rawpixel.com

Understanding the types of malware can let us develop better prevention and defense strategies against them as cybersecurity enthusiasts.

I. Virus

Photo by Dlanor S on Unsplash

A computer virus is a malware that is designed to spread itself via replication and by infecting other computers. Computer viruses usually contain 3 main parts;

1. Infection Mechanism: A virus typically has a search routine, which locates new files or new disks for infection.
2. Trigger: The trigger, which is also known as a logic bomb, is the compiled version that could be activated any time within an executable file when the virus is run that determines the event or condition for the malicious “payload” to be activated or delivered such as a particular date, a particular time, particular presence of another program, capacity of the disk exceeding some limit, or a double-click that opens a particular file.
3. Payload: The “payload” is the actual body or data that performs the actual malicious purpose of the virus.

Virus phases are the life cycle of the computer virus, described by using an analogy to biology. This life cycle can be divided into 4 phases:

1. Dormant Phase: The virus is idle.
2. Propagation Phase: The virus places an identical copy of itself into other programs or into certain system areas on the disk.
3. Triggering Phase: The Virus is activated to perform the function for which it was intended.
4. Execution Phase: The virus function is performed.

II. Worm

A piece of malware that can replicate itself in order to spread the infection to other connected computers.

A message left for Microsoft CEO Bill Gates in the Blaster Worm

On November 2, 1988, Robert Tappan Morris, a Cornell University computer science graduate student, unleashed what became known as the Morris worm (also known as The Worm, the first known computer worm), disrupting many computers then on the Internet, guessed at the time to be one-tenth of all those connected.

Floppy disk that contains the source code for the Morris Worm at the Computer History Museum

One of the most known worms is Stuxnet that targets SCADA systems.

III. Trojan Horse

Photo by Michael Geiger on Unsplash

Malware that a user installs believing the software to be legitimate, but the software actually has a malicious purpose. It takes its name from the classical story of the Trojan horse that acts as a harmless to trick the system. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.

IV. Spyware

Photo by Chris Yang on Unsplash

A type of Malware that locates and saves data from users without them knowing about it. There are 4 main types of spyware and each uses a different type of method to track.

1. Adware: A software program that delivers advertising content in a manner that is unexpected and unwanted by the user. Adware is mostly used for marketing purposes.
2. Trojan: Malware that a user installs believing the software to be legitimate, but the software actually has a malicious purpose.
3. Tracking Cookies: Tracking cookies are usually used for marketing purposes that track searches, history, and downloads, etc.
4. System Monitors: A software program that tracks keystrokes, emails, chat-room dialogs, websites visited, and programs run.

V. Ransomware

A type of malicious software designed to block access to a computer system until a sum of money is paid. In May 2017, one of the most famous ransomware known as WannaCry targeted computers running the Microsoft Windows OS by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. Petya is the other most known ransomware which was discovered in March 2016.

Screenshot of an infected system by WannaCry

VI. Logic Bomb

Photo by Eder Pozo Pérez on Unsplash

A computer program or part of a program that lies dormant until it is triggered by a specific logical event. When this kind of malicious software is set to start or stop functioning after a predetermined date or time is reached, it is called a time bomb.

VII. Rootkit

A program that obtains the highest level of privilege on a device sometimes used intentionally by a mobile device owner to override the protections installed by the service provider. User-mode rootkits run in Ring 3, along with other applications as a user, rather than low-level system processes Kernel-mode rootkits run with the highest operating system privileges (Ring 0) by adding code or replacing portions of the core operating system.

Rings of Processor Privilege Levels

VIII. Keystroke Logging

Photo by Ilya Pavlov on Unsplash

Often referred to as keylogging is a small hardware device or a program that monitors search keystroke a user types on the computer’s keyboard. Keyloggers can be divided into 2 categories;

Software-based Keyloggers

• Hypervisor-based
• Kernel-based
• API-based
• Form Grabbing Based
• Javascript-based
• Memory-injection-based

Hardware-based Keyloggers

• Firmware-based
• Keyboard Hardware
• Wireless Keyboard and Mouse Sniffers
• Keyboard Overlays
• Acoustic Keyloggers
• Electromagnetic Emissions
• Optical Surveillance
• Physical Evidence
• Smartphone Sensors
• Body Keyloggers

IX. Rogue Security Software

Photo by NeONBRAND on Unsplash

Rogue Security Software is a type of malware that misleads users into believing there is a virus on their computer, and to pay money for a fake malware removal tool.

X. Exploit

Photo by Pankaj Patel on Unsplash

Exploit is a piece of software or a sequence of commands that takes advantage of a bug or vulnerability.