Malware 101 – A Pocket Guide

This post is a general round up of the various types of malware that is in circulation today.

Typical types of malware are:

  • Backdoors
  • File-less Malware
  • Key Loggers
  • Ransom Ware
  • Root Kits
  • Trojan Horses
  • Viruses
  • Wipers
  • Worms.

This can also include social engineering methods, which are often used to get the first foothold in installing some form of malware.

Lets look at the various forms of malware doing the rounds today.

Back Door – This is often something malware will install on a computer system that allows the attacker to gain privileged access to the computer system. These can also exist in systems due to programming mistakes (vulnerabilities, exploits), or by design so that the vendor, or the security services, can access to the system without often requesting access.

File-less Malware – This is a form of malware that exists purely in memory (RAM) and does not persist itself through dropping files to a file system or infecting existing files. This is a typical form of infection for routers and embedded systems that do not have a Read/Write filesystem. Normally a simple reboot of the infected system is enough wipe the malware, however this does not close the vulnerability as the malware can just re-infect its host using the same attack vector and vulnerabilities unless these are able to be patched.

Key Loggers – This is a form of malware that records all the keystrokes you make on your computer. Typically the attacker is looking for usernames and passwords to gain access to computer systems, but this can also be used to capture private information. Key loggers can be delivered by various means, including a social engineering attack.

Ransom Ware – This is a form of malware that typically encrypts your files on your computer and forces you to pay the hacker (normally in some form of Crypto Currency) to provide the key to decrypt your files. In many cases there is no intention by the cyber criminal to provide the unlock code, and you will be left with a totally encrypted, and therefore useless, system. This form of attack often uses a social engineering method to implant the initial malware, or some other vulnerability within the computer system.

Root Kit – This is a form of malware that often sits in the background gathering information, and in most cases the victim won’t even know it is there. The software can also act as a backdoor allowing the attacker access to otherwise inaccessible parts of the system. Root Kits can reside in the lowest levels of the system (kernel), and can often reside in an area of the hard drive where the operating system resides (boot drive) and can be activated at boot time before all the normal defences are in place. These are particularly an issue with systems that don’t support a secure boot process.

Trojan Horse – Sometimes just called a Trojan. In the context of malware, this is a piece of software that looks benign, but actually is disguised malware. This malware is typically used in combination with a social engineering attack. The actual purpose of the malware has many forms, but a lot of them install a back door to critical systems that allows attackers to perform additional cyber attacks.

Virus – This is a malicious programme/malware that exhibits a lot of the characteristics of biological viruses, in that they can self replicate and use the host system to propagate themselves into otherwise unaffected parts of the compute systems by attaching to existing files in the system. They typically exploit vulnerabilities in existing software. They can infect host systems via many methods, including social engineering and targeted attack on unsecured systems.

Wiper – A wiper is a malware program designed to delete data on a computer. Unlike ransomware, which is designed to ransom your encrypted files for a payment, wipers are designed to destroy your data with no way of recovering the files.

Worm – This is very similar to a virus, in that it is self replicating, but typically does not attach to existing files in the system to do so. They often use the computer network to spread their payload. They are often delivered using a social engineering attack via email or instant messaging.

How does Malware get into our computers?

Typically the hacker needs some opening to install malware. This is often through methods such as:

  • Social Engineering
  • Targeting specific vulnerabilities (e.g. Remote Desktop protocol (RDP), zero-day’s)
  • Drive-by attacks where you visit a website that hosts malware
  • Clicking on a malicious link or advert
  • Installing an app/software on your phone/PC that has been infected with malware
  • Apps, Software and operating systems that has undisclosed/unpatched vulnerabilities.

How do we defend against this?

Typically you would employ some form of electronic defence (e.g. Internet Security package, end point protection) that would detect any malware lurking on your system as well as any trying to get in. Firewalls can also be employed to limit the ability for malware to get a foothold.

You should also ensure your PC’s, Phones and Servers have been fully updated with the latest security patches to limit known vulnerabilities (see my blog post on The Dangers to using Unsupported Devices and Software for more info). You can also look at the following blogs under our Guidance on Combatting Malware for additional posts on this subject.

The number one method of combating malware is education. You need to be aware of the circumstances where you could be compromised and allow malware to invade your systems. A few pointers are:

  • Do not install software form untrusted/unofficial sources (examples of official sources are the Google PlayStore, Apples AppStore, and for PC’s the Microsoft Store and the developers of the application you are installing).
  • Think before you click – is that website you are clicking on malicious and are there any tell-tale signs that it is not genuine?
  • Be aware of emails and messages you receive and ask yourself if they are genuine or if they are a phishing attack.

This website has a lot of blog posts that are directed to educating you on various cyber security matters, and you might be well advised to look over our guidance pages for further information.

In addition, it is rare these days for a malware attack to rely on just one method of compromising a system. Cyber Criminals often employ multi-attack vectors to get into our systems and often string together low level vulnerabilities to provide a chain that allows them to get deeper into our systems. The only real defence here is to keep our systems up to date with all the issued security patches.

Conclusion

Cyber criminals are always inventing new ways to infect our systems. However, they often use some of the above methods to get a foothold so that they can perpetrate some form of cyber attack. This could be some of the following:

  • Data Breaches
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS)
  • Credential Stuffing
  • Brute Force Attack/Dictionary Attack
  • Business Email Promise Attack.

Awareness and education is by far best way to safeguard yourself, as even the best security software won’t always protect you.


Headline photo provided by Shutterstock.

Comments are closed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: