Writings

Malware Types

Yani Diagne

17 Mai 2022 • 3 min read

The following blog post is designed to give you a better overview of the different malware attack types that can be used to exploit a target. Hackers use different approaches when it comes to exploiting vulnerabilities. Many choose their target wisely and use an attack that has been thought through very carefully. In this blog post, I will provide you with those attacks.

Malware comes in many different forms. In general, malware is any software that has a malicious intent.

A virus is one example of malware. It represents malicious code that attaches itself to a host application. The host application must be executed, then the malicious code is executed. The virus tries to replicate by finding other host applications to infect its target. Eventually, the virus will activate and deliver the payload. The payload is typically damaging. For example, it could delete files, reboot, make changes, etc.

Another malware type is the worm. A worm is a self-replicating malware that travels throughout a network without assistance from a host application or user interaction. A strong characteristic is that it resides in memory and it can consume large levels of bandwidth.

A logic bomb is a string of code that will execute in response to an event. After being inserted into the system the code will be executed when specific conditions are met. Logic bombs are often contained in viruses or worms. It is especially dangerous since it can spread before being noticed. These attacks can happen on specific dates, also called "time bombs" or when a user has executed a specific action on his computer.

A backdoor provides another way of accessing a system. This is similar to how a backdoor of a house allows for another means of entry. Malware often installs backdoors to bypass security controls, meaning authorized or unauthorized people can get access to the system by avoiding security controls that have been implemented to keep them out. Hackers use backdoors to steal personal and financial data, or even install additional malware. They are very discrete and only known to a specific group that tries to exploit the target. Also, developers use backdoors during development and testing just in case they ever need it.

Now we are coming to the infamous Trojan, also called the Trojan horse. A trojan horse looks like something useful, but it’s actually something else, such as a malicious file that creates a backdoor without the knowledge of the user. Similar to the backdoor, it remains unnoticed. It can look like a normal code, program, or file to avoid getting noted by the user. However, behind its surface, it establishes a backdoor connection with the remote attacker. It usually deletes or replaces operating system-critical files, steals data, sends notifications to a remote attacker, and remotely controls the target.

A RAT is a remote access trojan. It is a type of malware that allows attackers to take control of systems from remote locations. With this access, they can collect keystrokes, and credentials, view emails/messages, and more.

You don't necessarily have to be familiar with cyberattacks in order to have heard from ransomware. Ransomware attackers encrypt the user’s data and/or lock the user out. After they successfully encrypted the target's data, their victim is unable to access the system anymore. Attackers demand money from their target in order for the user to regain access and get their data back. Ransomware that encrypts user data is sometimes called crypto-malware.

A Keylogger attempts to capture a user’s keystrokes. Keystrokes are stored in a file and either sent to an attacker or the attacker may manually retrieve the file. In simple words, a keylogger is a function that records keystrokes (pressing a key on the keyboard) on a computer. By accessing your keystroke records entered on the laptop, hackers can easily steal away your information. The attacker tries to interfere with the process that happens when you press a key and when that character appears on the display. This can be done by having, for instance, a hardware bug in the keyboard or software. A way to implement a keylogger is when a user clicks on a link or opens an attachment/file from a phishing mail, visits malicious websites, or downloads malware.

Rootkits are a group of programs (rarely a single program) that hide the fact the system has been infected by malicious code. Rootkit hides its running processes to avoid detection by anti-virus (AV). It does have system-level access (root/kernel-level access) and performs hooking which is intercepting system-level function calls, events, or messages. An efficient way to help discover hidden hooked processes is by inspecting RAM.

Spyware is software installed on a user's systems without their awareness or consent. This malware monitors the user’s computer and their activity.

Adware is initially identified malware that was used to learn a user’s habits for the purpose of targeted advertising. Internet marketers are more sophisticated and use web analytics and behavioral analysis to track user activity and provide targeted ads. The term adware is also used to describe free software that has ads.

Bots are software robots that can be used to crawl websites or perform automated tasks on commands. A Botnet is a network of bots. Bot herders are Botnet managers. They infect as many computers as possible and add them to their herd.

Sign up for more content.