Malware or malicious software is defined as a wide range of software that has malicious intent.
Often, malware is not software that you would knowingly download.
It is installed onto your system through devious means.
Infected systems can show various symptoms including: running slower, starting unknown processes, sending out email without user action, rebooting randomly, and more.
These are common malwares that are frequently used by attackers:
A virus is a malicious code that attaches itself to a host application.
The host application must be executed in order to run and alongside it, the malicious code executes when the host application is executed.
The virus will try to replicate other host applications with malicious code.
At some point, the virus will activate and deliver its payload which can be damaging by deleting files, causing random reboots, join the computer to a botnet or even enable backdoors.
A worm is a self-replicating malware that travels through a network without the assistance of a host application or any user interaction.
A worm can reside inside of memory and can also use different transport protocols to travel over the network.
One of the significant problems caused by worms is that they consume a lot of network bandwidth, which can cause congestion and slower run times.
A logic bomb is a string of code embedded into an application or script that will execute in response to an event.
The event might be a specific date or time, or a user action such as when a user launches a specific program.
A backdoor is a of providing another way of accessing a system, similar to how a backdoor in a house provides another method of entry.
Usually this way of accessing is hidden from the public.
Malware often install backdoors on systems to bypass normal authentication methods.
There are many types of malware that create a backdoor quickly after infecting a system or a network.
A trojan, or trojan horse, is typically something that looks beneficial but is actually something malicious.
Named famously after the trojan horse, it can come as pirated software or a useful utility that users may be enticed to download or try out.
Alongside this, attackers often use drive-by downloads to deliver trojans.
In the drive-by download, web servers that include malicious code that attempts to download and install itself on users computers after the user visits the site.
Spyware is a software that is installed on users’ systems without their awareness or consent.
Its purpose is to mainly monitor the user’s computer activity.
With spyware, they are able to learn about information and send this to a third party.
Spyware can access user’s private data, which results in a loss of confidentiality.
A rootkit is a group of programs that hide the fact that the system has been infected or compromised by malicious code.
The goal of the rootkit is to modify the internal operating system processes such as the Registry.
Rootkits have system-level access to systems “root access” and use hooked processes to intercept calls to the operating system.
It is hard to detect rootkits, but antivirus software can detect hooked processes by examining the contents of the system’s RAM or by booting into safe mode.
Ransomware is used by attackers to take control of computers or networks, locking out users.
Similar to ransomware, crypto malware is used to encrypt the data on the computers within the network to prevent access.
In both cases, attackers then demand that the user or organization pay a ransom to regain access to the data or computers.
Sometimes, they won’t even give you your data back (they are criminals at the end).
Today, almost all ransomware attacks use crypto malware techniques.
Criminals often deliver these attacks through drive-by downloads or embedded in other software delivered via email.