Malware can be defined as any code-based attack that can be utilized against a system or network. In most cases, malware has been specifically designed to perform a malicious action. That is, it’s been designed to cause harm. As such, it can also be defined as any software that harms or misuses the system, which by the way, can include just slowing the system down. That also means that a poorly written software package can also fall into the definition of malware, even if harm was not the intent. Always thoroughly test any software package before deploying it in a production setting. This will help to reduce the chances of introducing unintentional malware into the network.
With the definition of malware covered, let’s discuss common types of malware. We begin with the virus. A virus is malware that has two jobs: to replicate and to activate, that is to activate its payload. It requires a host program, a host machine, and user action to spread.
Viruses cannot spread on their own. Viruses only affect drives, as in hard-drives or USB drives. A virus often contains a destructive payload.
Then there are Trojans. This is malware that hides its purpose by disguising itself as something that the end user desires, like a free game or a video of kittens on the Internet. They’re used to get the end user to download a virus package. Trojans are often the method that is used to establish botnets or zombie nodes. Then there is the worm; it is similar to a virus, but it replicates itself across a network without user interaction. It doesn’t need a host file in order to operate. Worms will replicate themselves across the network, creating havoc. Then we have the rootkit. Now this is a software package that gets installed on a system, giving the attacker privileged access to the system. It’s usually installed in the root file; that’s why it’s called a rootkit. Most often, the attacker attempts to hide the rootkit from the administrator to avoid being removed from the system. It hopes that by being installed in the root, the rootkit will avoid detection. Then there are logic bombs. It’s a virus that, after getting installed on a system, waits for a specific event to occur before activating its payload. The application carrying the logic bomb will function normally until the trigger event occurs. Often, logic bombs are triggered by date and time.
Over the last couple of years, ransomware has become a popular type of malware. It’s a virus package that takes over an infected system for the purpose of extorting money from the end user. Often, the virus will encrypt all the files and folders on the infected system, effectively locking out the end user. The attacker extorts money from the owner because the owner can’t access their files and folders until they get the encryption key to unlock the encrypted files. Then there are botnets; it’s a collection of infected systems, often called zombie nodes, under the control of the attacker. The zombies are used to perform other types of attacks. The zombie controller will often rent out the use of a botnet for other attackers to use.
Adware is also considered a type of malware; it’s a software package designed to automatically load advertisements on a system, usually in the form of popup windows. The goal is to entice users to purchase something. The result is usually just annoyance and poor system performance. Thankfully, today, adware is easy to block.
Then there is spyware; this is malicious code that collects information about the system and may change some settings on the system. Spyware may be programmed to send the collected information to an attacker at specific times. Or the spyware may be programmed to save the collected information until the attacker performs another action, as in inserting a USB flash drive and issuing a command. A polymorphic virus is a virus package that self-mutates in order to avoid detection by antivirus applications. This allows the virus to avoid signature-based malware detection, which is why you might want to use a combination of signature-based and anomaly-based antivirus applications.
Armored viruses are a virus package that attempts to harden itself against defensive action, making it difficult to be decompiled. Antivirus vendors often
Finally, we have backdoor access. This is a type of malware that may be unintentional. When creating applications, developers often create backdoors into the program. Backdoors are a means of accessing an application or service while bypassing the normal authentication process.
In most cases, the application is listening on a specific port for a request for access. If the developer forgets to shut the backdoor, then you may have an application that gets into production with a backdoor that is open. Also, there is malware out there that can be used to open a backdoor into a program, a computer system, or even a network.