The current world war isn’t happening in the physical world. However, cyber attacks have stepped into the foreground, and blackhat hackers can gain millions with their targeted attacks. Their main weapon in this war: malware.
In this article, we’ll diversify the different types of malware so that you can better understand their behaviour.
There are many ways in which malware can be categorized, but now we’d like to introduce Christopher C. Elisan’s classifications from his book, Malware, Rootkits & Botnets.
Infectors have a very important limitation: they can only spread through files and removable media. So, if a computer is infected in the U.S. with an infector malware, it’s unlikely that this infector will compromise another computer in Germany (unless the owner of the first computer gives a pendrive containing the infected files to another person).
Let’s see the different types of infectors:
As the platform changed, the file format of the computer viruses changed as well. The old DOS viruses didn’t work in Windows, as it had a new file format: the NewEXE (New Executable). But because Windows is based on DOS, there was a chance to get infected by DOS viruses, which corrupted Windows computers because of the different file format (e.g., DIE_HARD 2). Of course, computer viruses quickly emerged into the new file format thereafter.
Windows 95 brought in a new file format, the PE (Portable Executable), and guess what? Computer viruses conformed as well (even against the belief that the PE would be the end of these viruses).
We talked about Windows, but don’t believe that it’s the only OS that can be the victim of executable viruses. Linux can be a target, too!
Macros are able not only to perform specific tasks, but they are also used in application-specific macro language. Macro language is a helpful tool to automate text formatting and crunch numbers in word processors and spreadsheets. Macro viruses target mostly Microsoft Office (e.g., Word, Excel, Access, and PowerPoint), and if they are successfully exploited, the opened and newly created files will be infected.
It’s important to note that macro viruses depend on the application-specific macro language, so it means that they are OS independent.
Examples: DMV (Document Macro Virus), Concept, Laroux, JetDB, Attach
In spite of the infectors, network worms can spread quickly thanks to the Internet. This type of malware can replicate itself on different devices. It spreads mainly on used network services: browsing, email, and chat.
Network worms can be diversified into different categories according to the channel on which they are spreading:
-Instant Messaging Worms
-Local Network Worms
A Trojan is a software that looks legitimate so that users will think it’s a harmless game or tool. But it actually isn’t. Trojan horses are very dangerous malware which can destroy your files, software, or even the whole OS.
The only solution after an exploitation of a Trojan is a reinstallation or backup.
They are able to gain root access to the compromised machine through an undocumented OS and network functions. Backdoors operate in stealth mode in order to avoid being detected.
Remote Access Trojans (RAT) are like an “extended backdoor.” The attack can gain root access to the compromised system, but there’s something more. RAT has a user interface—the client component—which allows the attacker to run commands, install programs, steal information, and also destroy the machine.
If the attacker can access thousands of such compromised systems and use them to attack others, that’s called a botnet.
This type of malware’s purpose is to steal different kinds of information such as passwords, financial credentials, private information, and anything else. How is this possible? Information stealers can capture your keystrokes (Keyloggers), take screenshots of the desktop (Desktop Recorders), or steal information from the memory (Memory Scrapers).
It’s a very spectacular malware. The attacker doesn’t want to hide it from you. Instead, they put ransomware right in front of us. Why do they do that? The answer is really simple: they want to earn money. Ransomware holds data or access to the system as long as you don’t transfer the requested amount of money (or Bitcoin) to them. In most cases, the attacker uses encryption to lock the computer.
The most known ransomware was the WannaCry, which started to spread last year.
Malware doesn’t only infect PCs/servers. There are different types of malware which operate on mobile devices. Nowadays, the number of these infections is increasing on Android and iOS as well.
The ordinary way: downloading it through a user interaction such as an email attachment, an infected software (e.g., game) or a phishing website. But the techniques are improving and there are new trends on the horizon according to Jack Danahy:
“1. More attacks are going “clickless,” bypassing user interaction altogether
2. Attackers are increasingly evading detection by “living off the land”
3. “Plug-and-play” worming components are on the rise”
As you can see, the world of malware is really huge. There are many types of malware and various techniques to compromise your devices. But there’s light at the end of the tunnel! Linux server owners don’t have to worry about getting infected. Our Malware Detection is an effective tool against malware. Some statistics: this year, we detected almost 300,000 infected files! But there’s more! The other BitNinja modules are stopping the hackers in the first phases of the attack cycle, so they won’t even have the chance to exploit malware.
We believe that every server owner is responsible for their servers and have to proactively protect them. So, if you aren’t a part of our Ninja Community, don’t wait any more minutes! Join us to watch how BitNinja kicks hackers’ asses.
Start the 7-day free trial with full functionality without spending a cent.
After the “Hello, Peppa!” zero-day botnet, our Attack Vector Miner detected another zero-day...
At the end of the last year, we made...