Malware definitions

malware

Malware is unfortunately far too common to ignore or be unaware of in this day and age. However I am still asked every now and then about how it works and the differences between terms. So this article should hopefully remedy some of the common questions.

I guess the first one should be “What is Malware?”
Well malware is a portmanteau of the words malicious and software, so simply put malware is malicious software. It’s a term to describe a lot of different programs, such as viruses, trojans, spyware etc.

All computers can get malware, no matter what operating system you are running (Windows, Linux, Mac or any other) and even the most up to date OS running the latest up to date antivirus is not immune. The trick is to stay as up to date as possible lowering the risk as much as you can.

 

Infectious malware

Viruses – A virus is a piece of software or code that attaches to a program or file carrying a payload. These are transferred by human interaction: email attachments, USB drives, etc. The payload could be anything, generally a backdoor or trojan, sometimes some software that will download other payloads from the internet without the user knowing.

Worms – These are a sub-class of viruses, Worms also carry payloads, the difference is how they are transmitted, with worms being autonomous. They need no interaction from the user and are sent through networks, either a local one or the internet.

Scareware – This is software that tries to trick the user into doing something, usually for money. it is know as scareware because they try to trick the user with fear, a common technique is a fake antivirus program that says you have loads of problems and will charge you for a fix (whether they remove or change anything after payment varies, usually they will just remove themselves)

Adware – As the title suggests, and hopefully you are seeing a pattern now, This is software that displays adverts, where they display the adverts could be anywhere, it seems like the most common for of this is from installing browser toolbars, plugins or add ons which will be packed with adware to display it’s own ads on websites.

Concealment

Trojan horses – These are programs which give the attacker remote access to your computer, the level of access greatly varies depending on the software used, the most severe compromise giving full access or possibly even more than the user, allowing them to modify the registry & filesystem, view the webcam without the user knowing or even more malicious things.

Rootkits – A rootkit, like a virus, can also contain a payload to do some other task. The main function of a rootkit is to hide the presence of another program or process to allow it to remain undetected.

Spyware – This is designed to spy on the user, either through keyloggers or webcam captures, all the way up to bank account information. The method of retrieval differs between version with some uploading the logs remotely or emailing them to a dump email address, others will just store them somewhere secure for later retrieval.

Backdoors – A backdoor is a piece of software that resides constantly running in the system, to allow the attacker to keep access, they try to hide their existence (with varying success) Another type of backdoor will modify the system to make access easier for the attacker, such as creating an account with the highest privileges, such that the attacker will know the username/password combination.

Packers – Both worms and viruses are attached to programs or files using another piece of software called a “packer” which simply takes 2 files (or programs) and packs them into one. for example pack notepad.exe with virus.exe to create notepad2.exe and when the user runs notepad2.exe it will launch notepad as expected, but also launch the virus.exe.

Crypters – This is software used to bypass antivirus. It encrypts or obfuscates the underlying code of the application making detection harder. Sometimes instead it will try to make it harder for researchers to understand whats happening, again avoiding detection.

I hope this article has helped you, maybe made some terms clear. As always, like, share & comment.

Leave a Reply