Cybersecurity — Understanding the Fundamentals III (Malware Types)
Malware is a portmanteau for malicious software that is designed to infiltrate or damage a computer system without the user’s informed consent.
Understanding the types of malware can let us develop better prevention and defense strategies against them as cybersecurity enthusiasts.
A computer virus is a malware that is designed to spread itself via replication and by infecting other computers. Computer viruses usually contain 3 main parts;
- Infection Mechanism: A virus typically has a search routine, which locates new files or new disks for infection.
- Trigger: The trigger, which is also known as a logic bomb, is the compiled version that could be activated any time within an executable file when the virus is run that determines the event or condition for the malicious “payload” to be activated or delivered such as a particular date, a particular time, particular presence of another program, capacity of the disk exceeding some limit, or a double-click that opens a particular file.
- Payload: The “payload” is the actual body or data that performs the actual malicious purpose of the virus.
Virus phases are the life cycle of the computer virus, described by using an analogy to biology. This life cycle can be divided into 4 phases:
- Dormant Phase: The virus is idle.
- Propagation Phase: The virus places an identical copy of itself into other programs or into certain system areas on the disk.
- Triggering Phase: The Virus is activated to perform the function for which it was intended.
- Execution Phase: The virus function is performed.
A piece of malware that can replicate itself in order to spread the infection to other connected computers.
On November 2, 1988, Robert Tappan Morris, a Cornell University computer science graduate student, unleashed what became known as the Morris worm (also known as The Worm, the first known computer worm), disrupting many computers then on the Internet, guessed at the time to be one-tenth of all those connected.
One of the most known worms is Stuxnet that targets SCADA systems.
III. Trojan Horse
Malware that a user installs believing the software to be legitimate, but the software actually has a malicious purpose. It takes its name from the classical story of the Trojan horse that acts as a harmless to trick the system. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.
A type of Malware that locates and saves data from users without them knowing about it. There are 4 main types of spyware and each uses a different type of method to track.
- Adware: A software program that delivers advertising content in a manner that is unexpected and unwanted by the user. Adware is mostly used for marketing purposes.
- Trojan: Malware that a user installs believing the software to be legitimate, but the software actually has a malicious purpose.
- Tracking Cookies: Tracking cookies are usually used for marketing purposes that track searches, history, and downloads, etc.
- System Monitors: A software program that tracks keystrokes, emails, chat-room dialogs, websites visited, and programs run.
A type of malicious software designed to block access to a computer system until a sum of money is paid. In May 2017, one of the most famous ransomware known as WannaCry targeted computers running the Microsoft Windows OS by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. Petya is the other most known ransomware which was discovered in March 2016.
VI. Logic Bomb
A computer program or part of a program that lies dormant until it is triggered by a specific logical event. When this kind of malicious software is set to start or stop functioning after a predetermined date or time is reached, it is called a time bomb.
A program that obtains the highest level of privilege on a device sometimes used intentionally by a mobile device owner to override the protections installed by the service provider. User-mode rootkits run in Ring 3, along with other applications as a user, rather than low-level system processes Kernel-mode rootkits run with the highest operating system privileges (Ring 0) by adding code or replacing portions of the core operating system.
VIII. Keystroke Logging
Often referred to as keylogging is a small hardware device or a program that monitors search keystroke a user types on the computer’s keyboard. Keyloggers can be divided into 2 categories;
- Form Grabbing Based
- Keyboard Hardware
- Wireless Keyboard and Mouse Sniffers
- Keyboard Overlays
- Acoustic Keyloggers
- Electromagnetic Emissions
- Optical Surveillance
- Physical Evidence
- Smartphone Sensors
- Body Keyloggers
IX. Rogue Security Software
Rogue Security Software is a type of malware that misleads users into believing there is a virus on their computer, and to pay money for a fake malware removal tool.
Exploit is a piece of software or a sequence of commands that takes advantage of a bug or vulnerability.