Table of Contents
The most common types of malware include viruses, keyloggers, worms, trojans, ransomware / crypto-malware, logic bombs, bots/botnets, adware & spyware, and rootkits and we can prevent malware attacks by developing security policies, implementing security awareness training, using app-based multi-factor authentication, installing anti-malware & spam filters, changing default operating system policies, performing routine vulnerability assessment.
What is Malware?
Malware is software written specifically to harm and infect the host system. Malware includes viruses along with other types of software such as trojan horses, worms, spyware, and adware. Advanced malware such as ransomware are used to commit financial fraud and extort money from computer users.
Malware derived from the word “malicious software” is a file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants. That is all software that has malicious intent or malicious distribution method. Malware is software written specifically to harm and infect the host system that attempts to steal information from your computer, such as passwords, bank details, credit card details etc. The most common form of malware is a keylogger which does just what it says, every time you enter a site it will log the keys that you press and send them back to the originator of the keylogger.
Malware includes viruses along with other types of software such as trojan horses, worms, spyware, and adware. Advanced malware such as ransomware are used to commit financial fraud and extort money from computer users.
- Send spam from the infected machine to unsuspecting targets.
- Investigate the infected user’s local network.
- Provide remote control for an attacker to use an infected machine.
- Steal sensitive data.
Evolution of Malware
- In 1990 the computer scientist and security researcher YisraelRadai was first introduced to the term Malware.
- malicious software was referred to as computer viruses, before introducing the term malware.
- The Creeper virus in 1971 was one of the first known examples of malware, which was created by BBN Technologies engineer Robert Thomas as an experiment.
- Computer-enabled fraud and service theft evolved in parallel with the information technology that enabled it.
Types of Malware
Most common types of Malware are:
- Ransomware / Crypto-Malware
- Logic Bombs
- Adware & Spyware
One of the most common type of malware attack is a virus. In order to virus to infect a system it requires a user to click or copy it to media or a host. Some file types are more prone to be infected by virus that is – .doc/docx, .exe, .html, .xls/.xlsx, .zip.
Most of the viruses will be self-replicate without the knowledge of the user. These viruses can be spread from one system to another via email, instant messaging, website downloads, removable media (USB), and network connections. Viruses typically remain dormant until it has spread on to a network or a number of devices before delivering the payload.
Keyloggers can be a physical wire and it is sensibly connected to a external device like a keyboard, or installed by a Trojan.
Users are typically unaware that their actions are being monitored. While there are use cases for employers using keyloggers to track employee activity, they’re mostly used to steal passwords or sensitive data. Keylogging, or keyboard capturing, logs a user’s keystrokes and sends data to the threat actor.
Worms are similar to a virus, a worm can also self-replicate and spread full copies and segments of itself via network connections, email attachments, and instant messages. Worms are commonly used against email servers, web servers, and database servers. Once infected, worms spread quickly over the internet and computer networks. Unlike viruses, however, a worm does not require a host program in order to run, self-replicate, and transform.
This type of virus normally infects program files such as .exe, .com, .bat. Once this virus stays in memory it tries to infect all programs that load on to memory.
Macro Virus: These type of virus infects word, excel, PowerPoint, access and other data files. Once infected repairing of these files is very much difficult.
Master boot record files: MBR viruses are memory-resident viruses and copy itself to the first sector of a storage device which is used for partition tables or OS loading program.
Boot sector virus: Boot sector virus infects the boot sector of a HDD or FDD. These are also memory resident in nature. As soon as the computer starts it gets infected from the boot sector. Cleaning this type of virus is very difficult.
Multipartite virus: A hybrid of Boot and Program/file viruses. They infect program files and when the infected program is executed, these viruses infect the boot record.
Polymorphic viruses: A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.
Stealth viruses: These types of viruses use different kind of techniques to avoid detection. They either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing.
4. Trojan Horses
A Trojan horse programs are malware that is disguised as legitimate software. Trojan horse program will hide on your computer until it’s called upon. When activated, Trojans can allow threat actors to spy on you, steal your sensitive data, and gain backdoor access to your system. Trojans are commonly downloaded through email attachments, website downloads, and instant messages. Social engineering tactics are typically deployed to trick users into loading and executing Trojans on their systems. Unlike computer viruses and worms, Trojans are not able to self-replicate.
Trojan horses are broken down in classification based on how they infect the systems and the damage caused by them. The seven main types of Trojan horses are:
• Remote Access Trojans
• Data Sending Trojans
• Destructive Trojans
• Proxy Trojans
• FTP Trojans
• Security software disabler Trojans
• Denial-of-service attack Trojans
5. Ransomware / Crypto-Malware
Ransomware is a type of malware designed to lock users out of their system or deny access to data until a ransom is paid.
Crypto-Malware is a type of ransomware that encrypts user files and requires payment within a time frame and often through a digital currency like Bitcoin.
6. Logic Bombs
Logic bombs are a type of malware that will only activate when triggered, such as on a specific time or on the 25th login to an account. Most common types of logic bombs can be detected using Antivirus software when they’re executing.
Viruses and worms often contain logic bombs to deliver its payload (malicious code) at a pre-defined time or when another condition is met. The damage caused by logic bombs vary from changing bytes of data to making hard drives unreadable.
Botnet is a group of bots referred to short form for the roBOT NETwork, which are any type of computer system attached to a network whose security has been negotiated. The threat actors deployed a DDoS (distributed denial of service) attack by sending large amounts of data at a website hosting company, causing many popular websites to be taken offline.
8. Adware & Spyware
Adware and Spyware are both are unwanted software. Adware is designed to serve advertisements on screens within a web browser. It’s usually quietly installed in the background when downloading a program without your knowledge or permission. While harmless, adware can be annoying for the user.
Spyware is a type of malware designed to gain access and damage your computer. Spyware is often downloaded in a software bundle or from file-sharing-sites. Spyware, on the other hand, collects user’s information such as habits, browsing history, and personal identification information.
Rootkits are a back door program that allows a threat to maintain command and control over a computer without the knowledge of user. However, these rootkits are difficult to clean from a system. This access can potentially result in full control over the targeted system. Some antivirus software can detect rootkits. In most of the cases, it’s best to remove the rootkit and rebuild the negotiated system.
The controller can then log files, spy on the owner’s usage, execute files and change system configurations remotely. While traditionally deployed using Trojan horse attacks, it’s becoming more common in trusted applications.
Types of Malware Attacks
Malware also uses a variety of methods to spread itself to other computer systems beyond an initial attack vector. Malware attack definitions can include:
- Email attachments containing malicious code can be opened, and therefore executed by unsuspecting users. If those emails are forwarded, the malware can spread even deeper into an organization, further compromising a network.
- File servers, such as those based on common Internet file system (SMB/CIFS) and network file system (NFS), can enable malware to spread quickly as users access and download infected files.
- File-sharing software can allow malware to replicate itself onto removable media and then on to computer systems and networks.
- Peer to peer (P2P) file sharing can introduce malware by sharing files as seemingly harmless as music or pictures.
- Remotely exploitable vulnerabilities can enable a hacker to access systems regardless of geographic location with little or no need for involvement by a computer user.
How to Detect Malware
Malware can be detected using Advanced malware analysis and detection tools exist such as firewalls, Intrusion Prevention Systems (IPS), and sandboxing solutions. Some malware types are easier to detect, such as ransomware, which makes itself known immediately upon encrypting your files.
Some other malware like spyware, may remain on a target system silently to allow an adversary to maintain access to the system. Regardless of the malware type or malware meaning, its detectability or the person deploying it, the intent of malware use is always malicious.
How Does a Malware Spread
- Email: Some malicious emails can even infect your computer from the email client’s preview, without you opening or downloading an attachment or a link.
- The Internet: Perusing the Web may feel like a private activity, but actually, if you are revealing your computer to unwanted contact with anyone else who has a computer and Internet access.
- Outdated software: Malwares can creep the Internet, if you are looking for intrusions of out of dated software to spread its effects over computer systems.
- Local Area Networks (LANs): A LAN is a group of locally interconnected computers that can transform and share data and information through a private network. If one computer within the network gets malware infected, all other computers in the LAN network will automatically become infected as well.
- Instant messaging (IM) and peer-to-peer (P2P) file-sharing systems: If anyone is using a client for these online activities, malware may spread to your system.
- Social networks: If a website account is infected with a virus, anyone who visits the profile page of the website could “catch” the worm on their system. Malware creators take advantage of many popular social networks, infecting the giant user-data networks with viruses.
- Pop-ups: If anyone distinctly underhanded and widespread “hoax pop-up” claiming to scan your computer and detect malware. Some of the most refined malware spreads through mislead screen pop-ups that look like genuine alerts or messages. If you attempt to remove the malware as encouraged, you will be actually install the malware to the system
- Computer storage media: Malware can be easily transformed while you are transferring computer storage media with others, like USB drives, DVDs, and CDs. If it may seem safe to open a CD of photos from others, it’s always best to scan unfamiliar files first for possible security risks before you copy or open them.
- Mobile devices: Mobile malware threats have become progressively frequent, because more people are using their smartphones and tablets as mini-computers, helping malware problems accumulate across further platforms.
How to Remove Malware
Antivirus software can remove most standard infection types and many options exist for off-the-self solutions.
Antimalware and antivirus solutions
- Signature-based scanning. This is a basic approach that all antimalware programs use, including free ones. Signature-based scanners rely on a database of known virus signatures. The success of the scanner depends on the freshness of the signatures in the database.
- Heuristic analysis. This detects viruses by their similarity to related viruses. It examines samples of core code in the malware rather than the entire signature. Heuristic scanning can detect a virus even if it is hidden under additional junk code.
- Real-time behavioral monitoring solutions. These seek unexpected actions, such as an application sending gigabytes of data over the network. It blocks the activity and hunts the malware behind it. This approach is helpful in detecting file less malware.
- Sandbox analysis. This moves suspect files to a sandbox or secured environment in order to activate and analyze the file without exposing the rest of the network to potential risk.
How to protect against malware
Here is some tips on protecting against malware,
- Pay attention to the domain and be wary if the site isn’t a top-level domain, i.e., com, mil, net, org, edu, or biz, to name a few.
- Use strong passwords with multi-factor authentication. A password manager can be a big help here.
- Avoid clicking on pop-up ads while browsing the Internet.
- Avoid opening email attachments from unknown senders.
- Do not click on strange, unverified links in emails, texts, and social media messages.
- Don’t download software from untrustworthy websites or peer-to-peer file transfer networks.
- Stick to official apps from Google Play and Apple’s App Store on Android, OSX, and iOS (and don’t jailbreak your phone). PC users should check the ratings and reviews before installing any software.
- Make sure your operating system, browsers, and plugins are patched and up to date.
- Delete any programs you don’t use anymore.
- Back up your data regularly. If your files become damaged, encrypted, or otherwise inaccessible, you’ll be covered.
Computer viruses can damage your PC, send sensitive data to attackers, and cause downtime until the system is repaired. By the following some methods can take preventions on catching the system by viruses.
- Install antivirus software: Antivirus should run on any device connected to the network. It’s your first defense against viruses. Antivirus software stops malware executables from running on your local device.
- Keep your operating system updated: Developers for all major operating systems release patches to remediate common bugs and security vulnerabilities. Always keep your operating system updated and stop using end-of-life versions (e.g., Windows 7 or Windows XP).
- Don’t open executable email attachments: Many malware attacks including ransomware start with a malicious email attachment. Executable attachments should never be opened, and users should avoid running macros programmed into files such as Microsoft Word or Excel.
- Don’t use pirated software: Free pirated software might be tempting, but it’s often packaged with malware. Download vendor software only from the official source and avoid using software that’s pirated and shared.
- Avoid questionable websites: Older browsers are vulnerable to exploits used when just browsing a website. You should always keep your browser updated with the latest patches, but avoiding these sites will stop drive-by downloads or redirecting you to sites that host malware.
Download Entri App, Entri provides you effective learnings in a period of time with the help of expert teams and you can accomplish the goal with the Entri App. Start your preparation for your dream government job with Entri App. We provide a wide range of courses over different government exams. We are providing you the best platform for the preparations for every prestigious exam. Here you can get access to a number of mock tests and get daily practice GK and Current affairs questions.
For candidates preparing for competitive exams like Bank Exam, UPSC exam and other Government Exams. Static GK connotes general knowledge about the static facts, the facts that are never going to change in the future. Entri App provides you with the best knowledge in GK and coaches candidates on different exams in your local language.