MALWARE
Malware - program designed to gain access to computer systems, generally for the benefit of some third party, without the user’s permission.
- Also known as “malicious software.” It refers to any type of software specifically designed to harm, exploit, or infiltrate computer systems, devices, or networks without the owner's consent or knowledge. It is created with malicious intent, and it can take various forms and perform a wide range of harmful activities.
Intent of Malware
· Intelligence and intrusion
· Disruption and extortion
· Destruction or vandalism
· Steal computer resources
· Monetary gain
Type of Malware
VIRUS - a malicious executable code attached to another executable file. The virus spreads when an infected file is passed from system to system.
- can replicate themselves.
- may have various damaging instructions, such as destroying data or corrupting files.
- can be harmless or they can modify or delete data. Opening a file can trigger a virus. Once a program virus is active, it will infect other programs on the computer.
Examples:
ILOVEYOU - This was one of the most infamous computer viruses in history. It spread through email in the early 2000s and enticed users to open an attachment with the subject line "ILOVEYOU”.
MELISSA - was a macro virus that infected Microsoft Word documents in 1999. It propagated via email attachments and when opened, it would send itself to the first 50 contacts in the victim's email address book.
Creeper Virus - The first instances appeared in 1970’s. It displays the message, “I’m the creeper, catch me if you can!”.
WORMS - replicate themselves on the system, attaching themselves to different files and looking for pathways between computers, such as computer network that shares common file storage areas.
- Worms usually slow down networks. A virus needs a host program to run but worms can run by themselves. After a worm affects a host, it is able to spread very quickly over the network.
Examples:
MYDOOM - which emerged in 2004, is one of the fastest-spreading email worms ever. It opened backdoors on infected computers and allowed remote access to the attacker, making it a significant security threat.
SASSER - worm that spread in 2004 and targeted Windows XP and Windows 2000 systems. It exploited a vulnerability to spread through the internet and local networks, causing system crashes and slowdowns.
NIMDA - which is "admin" spelled backward, was a multi-faceted worm that spread in 2001. It could spread through email, web servers, and network shares, causing significant disruptions.
MORRIS - Created by Robert Morris on November 3, 1988, which he released the first computer worm into the internet from the Massachusetts Institute of Technology (MIT) in sort of prank.
What is the difference between Computer Virus and a Computer Worm?
viruses require an active host program or an already infected and active operating system in order for viruses to run, cause damage and infect other executable files or document
while worms are stand-alone malicious program that can self replicate and propagate via computer networks, without human help.
TROJAN HORSE - carries out malicious operations under the appearance of a desired operation such as playing an online game. A Trojan horse varies from a virus because the Trojan binds itself to non-executable files, such as image files, and audio files. network.
- can perform harmful actions, such as stealing data or providing unauthorized access to the attacker, but they do not replicate on their own.
Common types of Trojan Malware, form A to Z
1. Backdoor Trojan - This trojan can create a “backdoor” on your computer. It lets an attacker access your computer and control it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your device.
2. Distributed Denial of Service (DDoS) attack Trojan – This Trojan performs DDoS attack. The idea is to take down a network by flooding it with traffic. The traffic comes from your infected computer and others.
3. Downloader Trojan - This Trojan targets your already-infected computer. It downloads and installs new versions of malicious program. These include Trojans and adware.
4. Fake AV Trojan - This Trojan behaves like antivirus software, but demands money from you to detect and remove threats, whether they’re real or fake.
5. Game-thief Trojan - The losers here may be online gamers. This Trojan seeks to steal their account information.
6. Infostealer Trojan - As it sounds, this Trojan is after data on your infected computer.
7. Mailfinder Trojan - This Trojan seeks to steal the email addresses you’ve accumulated on your device.
8. Remote Access Trojan - This Trojan can give an attacker full control over your computer via a remote network connection. Its uses include stealing your information or spying.
9. SMS Trojan - This type of Trojan infects your mobile device and can send and intercept text messages. Texts to premium-rate numbers can drive up your phone costs.
10. Trojan Banker - This Trojan takes aim at your financial accounts. It’s designed to steal your account information for all the things you do online. That includes banking, credit card and bill pay data.
ZEUS (ZBOT) - well-known Trojan that first emerged around 2011. It primarily targeted financial institutions and aimed to steal banking and financial information. It could also install additional malware on infected computers.
SPYEYE - Similar to Zeus, SpyEye was a banking Trojan designed to steal financial information, login credentials, and credit card data. It was active from around 2009 until its author's arrest in 2010.
BACK ORIFICE - Back Orifice is a remote administration tool (RAT) that can be used maliciously as a Trojan. It allows an attacker to gain unauthorized access to a victim's computer and control it remotely. It was created by the hacker group Cult of the Dead Cow in the late 1990s.
SUBSEVEN (SUB7) - SubSeven is another remote administration tool that can be used as a Trojan. It allows an attacker to gain control over an infected computer, execute commands, and steal information. It was active in the late 1990s and early 2000s.
RANSOMWARE - Ransomware grasps a computer system or the data it contains until the victim makes a payment. Ransomware encrypts data in the computer with a key that is unknown to the user. The user has to pay a ransom (price) to the criminals to retrieve data. Once the amount is paid the victim can resume using his/her system.
WANNACRY - WannaCry was a ransomware attack that made headlines in 2017. It exploited a Windows vulnerability and spread quickly across computers, encrypting files and demanding a ransom in Bitcoin for decryption keys.
NOTPETYA (PETYA, EXPETR) - NotPetya, which appeared in 2017, was a ransomware strain that spread rapidly, initially masquerading as a ransomware attack. However, its primary purpose seemed to be to cause widespread disruption rather than financial gain. It targeted Ukrainian organizations but affected systems worldwide.
CRYPTOLOCKER - CryptoLocker, which emerged in 2013, was one of the earliest high-profile ransomware strains. It encrypted files on infected systems and demanded a ransom to decrypt them. Law enforcement efforts led to the takedown of the CryptoLocker infrastructure in 2014.
ADWARE - it displays unwanted ads and pop-ups on the computer. It comes along with software downloads and packages. It generates revenue for the software distributer by displaying ads.
SUPERFISH - Superfish was pre-installed on some Lenovo laptops in 2014. It injected third-party advertisements into web pages, even secure HTTPS websites, which raised significant privacy and security concerns.
SHOPATHOME TOOLBAR - ShopAtHome Toolbar is a browser extension that claims to provide shopping discounts but often displays unwanted advertisements and collects browsing data.
GENIEO - Genieo is an adware program known for its intrusive browser changes and the display of unwanted ads. It has been linked to unwanted homepage and search engine changes without the user's consent.
SPYWARE - Its purpose is to steal private information from a computer system for a third party. Spyware collects information and sends it to the hacker.
FINFISHER (FINSPY) - FinFisher is a commercial spyware product developed by Gamma Group. It has been used by governments and law enforcement agencies for surveillance purposes. It can capture keystrokes, intercept communications, and record screenshots.
MSPY - mSpy is a commercial spyware application designed for parents and employers to monitor the activities of mobile devices. However, it has been misused for illegal surveillance as well.
Keyloggers - record keystrokes a on computer ordevice, enabling attackers to capture sensitive information like passwords and credit card numbers. One of the earliest known keyloggers was the hardware-based device called “KeyKatcher” in the 1990’s, through the innovation of computers and internet software-based keyloggers had been developed for illegal purposes.
Rootkits are a form of malware that burrows deep into an operating system, making them extremely difficult to detect and remove. They often grant attackers full control over a compromised system. It was primarily used for system maintenance and troubleshooting in 1990s, however in early 2000’s it was used for cyberattacks.
Botnets are networks of compromised computers, or "bots," controlled by a central entity, a “Bot Herder.”Attackers use these networks for various purposes, such as launching distributed denial of service (DDoS) attacks or distributing spam. Appeared in the late 1990’s. A famous botnet attack was the “Mirai Botnet Cyberattack” in 2016, which targeted the telecom company OVH, that results to thousands of servers and web services were affected.
Fileless malware resides in a computer's RAM (random access memory) and doesn't leave traditional file traces on disk, making it useful for stealthy attacks and can be difficult to detect. One of the most notable fileless malware attack was the “Power Ghost” malware which targeted the Microsoft company and other corporate networks in 2018, which caused financial loss and significant damages.
Mobile Malware specifically designed for mobile devices, including smartphones and tablets. They can steal personal data, send premium SMS messages, or hijack mobile banking sessions. First appeared way back around early 2000’s, short after the proliferation of mobile devices with internet connectivity. Notable mobile malware attack was around 2004, which targeted devices with Symbian OS, which is common in Nokia phones, that drains the battery and tracks the device’s location.
Scareware tricks users into believing their computers were infected and prompts them to purchase fake antivirus or security software. It started appearing on mid 2000’s.
How To Know If Our Devices Are Infected With Malware?
· Unusual Computer Behavior
· High CPU or Memory Usage
· Security Software Alerts
· Changed Browser Settings
· Excessive Data Usage
If you suspect your device is infected with
malware, here's what you should do:
· Update Your Software
· Run a Full Malware Scan
· Disconnect from the Internet
· Change Passwords
· Restore from Backup
· Seek Professional Help