Different Types of Malware | Hacker Combat Special
Malware is a general term, used to refer to all kinds of malicious files. Specifically speaking, there are many different kinds of malware. It’s always good to have an understanding as regards the different kinds of malware. That helps deal with security incidents as and when they happen; that also helps identify if a security issue is of serious nature or not.
Here’s a look at the different kinds of malware and how they function –
Adware (Advertising-supported malware) works by rendering advertisements so as to generate revenue for the hackers. Unwanted ads are presented to the user, often appearing as pop-up windows or bars on the program’s user interface and which cannot be closed by a user. Most of the time such adware are included with browser toolbars, free software etc and are used to collect user data, internet activity data and such other information.
Backdoor is a malware that helps attackers connect to and take control of infected systems. Backdoor provides unauthorized remote access to infected systems and most often requires no authentication to log in. Most often it’s a Trojan that generates a backdoor; such a Trojan would go unnoticed if the host system has no effective detection mechanisms in place. A backdoor communicates back home using different methods, the most common being port 80. The Reverse Shell and the RAT (Remote Access/Administration Tool) are the two basic kinds of backdoor malware.
Reverse Shell connections are initiated from infected systems to the attacker and are mostly generated by a Trojan that functions as a backdoor on the infected host. Once a reverse shell is set up, the attacker can execute commands in a manner as if it’s all executed locally. Hackers usually set up reverse shells using methods like Netcat and Windows CMD.
RAT (Remote Access/Administration Tool), also knows as Remote Access Trojan, refers to a malicious software that allows hackers to take control of infected systems using a backdoor. RAT is often included with free software and sent as an attachment by email.
A botnet refers to a network of computers that are controlled remotely with backdoors; they are controlled as a group and receive the same set of instructions from a server that is controlled by the hacker(s). Hackers use botnets to carry out DDoS attacks, send spam emails, distribute malware etc.
Browser hijackers are malware that control a user’s browser settings, like for example his homepage or search provider settings. Hackers can also use browser hijackers to change your proxy settings, invade your privacy and make you less secure. This malware is often included with browser toolbars or free software and might also comprise spyware, adware etc.
This is a malware that downloads other malware. Hackers, after gaining access to a system, infect it with download malware, which is then used to download other malware and thus infect the system further.
Information Stealing Malware
As the name suggests, this malware helps attackers steal information, including card data, personal information, email account details, bank account information etc. Such stolen data is sent to the attackers, who then either use the same to gain access to the victims’ accounts or would sell them off. Such malware usually come in the form of keyloggers, password grabbers, sniffers etc.
This malware is used to record keystrokes and thus steal passwords, personal details, online conversations etc. The malware records keystrokes and sends it to the attackers.
As the name suggests, this malware is used to launch another one and is often combined with downloader malware. To avoid detection, this malware mostly uses stealthy, unconventional launching methods.
Ransomware works by encrypting the hard drive and all files on a system and then asks for a ransom in exchange for giving the decryption key. Thus, when all files are encrypted, the user wouldn’t be able to access the system or the data therein and would be forced to pay the ransom, which is to be paid in bitcoin. Ransomware is currently one of the most widely used kinds of malware.
A rootkit malware is designed to conceal the existence of other malware, especially a backdoor that would be stealing and transmitting all data from a system. Removing rootkit malware may not always be easy; it depends on where it is. Those on the firmware level can be replaced by hardware replacement while those on the kernel level may necessitate OS re-installation. A rootkit malware hidden in the boot sector and infecting the Master Boot Record is known as a bootkit; bootkits can bypass drive encryption as Master Boot Record is not encrypted.
The name says it! This malware forces victims to purchase something by causing a scare, by frightening them. It’s also called blackmailing malware as it sometimes includes embarrassing viruses or files that work things out like blackmailing. There are blackmailing malware that look like virus scanners and would tell you that some virus has been detected on your system. You’d be asked to buy the scanner to get rid of the virus. Once the payment is made, it’s mostly the scareware that gets removed and those behind the malware trick thus earn easy money.
Spam Sending Malware
This malware uses the infected system to send spam, sometimes functioning as part of a botnet controlled by a command and control server. This malware functions very effectively because of the distributed approach, which minimizes chances of failure. Even if many machines are cleaned, many would remain infected and continue to send spam. It’s also a troublemaker as ISPs could cut off your internet connection or your email account could get blacklisted due to the spam sending. Cyber criminals also make money out of this malware by selling spam sending services.
Trojans are malicious programs that appear like regular applications, media files or other files and would contain a malicious payload. This would make it work as a backdoor. The name is derived from the Trojan horse in Greek mythology- the wooden horse which had soldiers hidden inside and which was used to vanquish Troy.
Virus refers to a malware that replicates itself into different applications, files or even the boot sector. In accordance with what it’s programmed to do, a virus could steal information, log keystrokes or damage a system fully. Viruses replicate themselves and insert malware into different programs without user content.
Worms are malware that replicate themselves and spread to infect other systems. The spreading happens by using either the network or by using links, P2P networks, emails etc, and by exploiting vulnerabilities. Unlike viruses, worms spread from machine to machine and might not have a payload as well.
Julia Sowells250 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.