Understanding Malware: Types and Classifications

Malware

a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system or otherwise annoying or disrupting the victim.

Advanced Persistent Threat (APT)

Long-term cyberattacks targeted at businesses or political entities, often state-sponsored.

Adware

Software that displays ads, leading to pop-ups or browser redirections.

Attack kit

Tools for creating new malware using various propagation and payload methods.

Auto-rooter

Tools for hackers to remotely break into machines.

Backdoor (trapdoor)

Mechanisms that bypass security to allow unauthorized access.

Downloaders

Code that installs additional malware on a compromised machine.

Drive-by-download

Attacks exploiting browser vulnerabilities on compromised websites.

Exploits

Code targeting specific vulnerabilities.

Flooders (DoS client)

Tools generating data to carry out denial-of-service (DoS) attacks.

Keyloggers

Software capturing keystrokes on compromised systems.

Logic bomb

Code that triggers a payload when a specific condition is met.

Macro virus

Virus using macro code in documents to replicate itself.

Mobile code

Scripts or macros that run identically on different platforms.

Rootkit

Hacker tools used after gaining root-level access.

Spammer programs

Software sending large volumes of unwanted emails.

Spyware

Software collecting and transmitting information from a system.

Trojan horse

Programs with hidden malicious functions.

Virus

Malware replicating itself into other executable code.

Worm

Self-propagating program exploiting system vulnerabilities.

Zombie, bot

Program on an infected machine launching attacks on others.

Propagation Mechanisms

Methods by which malware spreads, including infection of existing content, exploitation of software vulnerabilities, and social engineering attacks.

Payload actions performed by malware

Actions such as corruption of system or data files, theft of service, theft of information, and stealthing.

Characteristics of Advanced Persistent Threats (APTs)

Attackers use a mix of tools and technologies, carry out determined and prolonged attacks, and are well-organized and well-funded.

Attacks of APTs

Attackers target organizations to steal sensitive information or disrupt infrastructure using methods like social engineering and targeted phishing.

Goal of attack

The goal is to infect systems with sophisticated malware with multiple propagation mechanisms and payloads.

Virus

A virus is software that infects programs by replicating itself and spreading to other content, especially in networked environments.

Infection Mechanism

How the virus spreads (a.k.a. infection vector).

Trigger

A condition or event (like a logic bomb) that activates the virus's payload.

Payload

The main action of the virus, which could be harmful or simply noticeable.

Dormant Phase

The virus is idle, waiting for an event to activate it (not always present).

Triggering Phase

The virus gets activated to perform its intended function.

Propagation Phase

The virus replicates and infects other programs or system areas.

Execution Phase

The virus carries out its function, which may be harmless or harmful.

Boot Sector Infector

Infects boot records and spreads when booting from an infected disk.

File Infector

Infects executable files used by the operating system.

Macro Virus

Targets documents with macro or scripting code that is interpreted by an application.

Multipartite Virus

Infects files in multiple ways.

Encrypted Virus

A portion of the virus creates a random encryption key and encrypts the remainder of the virus.

Stealth Virus

Designed to avoid detection by antivirus software.

Polymorphic Virus

Changes its code with every infection.

Metamorphic Virus

Completely rewrites itself with each iteration, altering behavior and appearance.

Macro and Scripting Viruses

A virus that attaches itself to documents and uses the macro programming capabilities of the document's application to execute and propagate.

Why They're Dangerous (Macro Viruses)

They work across different platforms, infect documents instead of executable files, spread easily among user documents, and are simpler to create or alter compared to traditional executable viruses.

Worm

Program actively seeks out more machines to infect and serves as automated launching pad for attacks on other machines.

Worm Replication Methods

Methods include Email & Instant Messaging, File Sharing, Remote Execution, Remote File Access & Transfer, and Remote Login.

Target Discovery Methods for Worms

Methods include Scanning (Fingerprinting), Random Scanning, Hit-List Scanning, Topological Scanning, and Local Subnet Scanning.