[BreachExchange] Malware 101: An Overview Of Malware Types
audrey at riskbasedsecurity.com
Tue Jan 2 19:06:47 EST 2018
Most businesspeople today are familiar with the term malware - that is,
malicious software of some sort - but, in recent months I have heard
multiple otherwise knowledgeable people misuse various terms related to
malware types, so I decided to share a short primer that should be useful
for people of all backgrounds:
Malware is an all-encompassing term that includes many forms of
intentionally malicious software (in fact, the word malware was first
coined in 1990 by the late Israeli professor, Yisrael Radai, as a
conjunction of the words "malicious" and "software"). Malware includes
computer viruses, worms, Trojans, ransomware, scareware, spyware,
cryptocurrency miners, adware, and other programs intended to exploit
computer resources for nefarious purposes.
A computer virus is an instance of malware that, when executed, replicates
itself by inserting its own code into data files (often in the form of
rogue macros), "boot sectors" of hard drives or SSDs, or other computer
programs. Like biological viruses, computer viruses require hosts in order
to spread. While viruses still inflict tremendous damage, the majority of
serious malware threats today arrive in the form of Trojans and worms.
(Note: The plural of computer virus is accepted as "viruses," even if one
uses "viri" as the plural for a biological virus.)
A computer worm is a standalone piece of malware that replicates itself
without the need for any host in order to spread. Worms often propagate
over networks by exploiting security vulnerabilities on target computers
and networks. Because they normally consume network bandwidth, worms can
inflict harm even without modifying systems or stealing data.
A Trojan (or Trojan horse) is malware disguised as non-malicious software
or hidden within a legitimate application or piece of digital data. Trojans
are typically spread by social engineering - for example, by tricking
people into clicking a link, installing an app, or running some email
attachment - and, as such, unlike viruses and worms, Trojans typically do
not self-propagate - instead, they rely on human involvement.
Ransomware is malware that demands that a ransom be paid to some criminal
in exchange for the infected party not suffering some harm. Ransomware
often encrypts user files and threatens to delete the encryption key if a
ransom is not paid within some relatively short period of time, but other
forms of ransomware involve a criminal actually stealing user data and
threatening to publish it online if a ransom is not paid. Ransomware is
most often delivered as a Trojan or a virus, but can be, and has been, also
been packaged in a worm.
Scareware is malware that scares people into making some purchase. One
common example is malware that displays a message on a device that the
device is infected with some virus that only a particular security package
can remove, with a link to purchase that "security software."
Spyware is software that surreptitiously, and without permission, collects
information from a device. Spyware may capture a user's keystrokes (in
which case it is called a keylogger), video from a video camera or audio
from a microphone, screen images, etc. Some technologies that might
technically be considered spyware if users have not been told that they are
being tracked are in use by legitimate businesses; they include beacons
that check if a user loaded a particular web page, and tracking cookies
installed by websites or apps.
Cryptocurrency mining malware is malware, that, without permission of a
device's owner, uses the device's computing power to generate new units of
a particular cryptocurrency (which it gives to the criminals operating the
malware) by completing complex math problems that require significant
processing power to solve.
Adware is software that generates revenue for the party operating it by
displaying online advertisements on a device. Adware may be malware - that
is, installed and run without the permission of a device's owner - or may
be a legitimate component of software (for example, installed knowingly by
users as part of some free, ad-supported package.)
Blended malware is malware that utilizes multiple types of malware
technology as part of an attack - for example, combining features of
Trojans, worms, and viruses.
Zero Day Malware
Zero Day malware is any malware that exploits a vulnerability not
previously known to the public or to the vendor of the technology
containing the vulnerability.
In a future piece, I plan to provide a high-level overview of technologies
used by malware.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the BreachExchange