Have you ever had malware on your computer or do you know someone that have? The answer to that is Yes. As computers have become an integrated part of our lives and an essential tool to do most important everyday tasks(like checking Facebook, this blog etc.), people with criminal intents have seen a market with wide open doors.
The word malware represents Malicious Software -> MalWare and simply means software used for malicious purposes like stealing data, gaining permissions to restricted systems, damage a system or application or even take remote control of the targeted system.
Know your enemy
To know how to prevent or fight malware effectively you’ll need to “know your enemy” to take the correct measures. There is thousands of different types of malware but there they can generally be categorised into 7 categories.
Virus is a general term for malware that can replicate itself and thereby spread throughout your system and even to an entire network by infecting shared resources or sending itself to other targets.
Entry: A distinct trait of a virus is that it needs human interaction to spread to a system or network. Usually a virus will be attached to an executable file or even a document sent via email and will be activated the moment the receiver runs the program or opens the document sent via email.
Threat type: The purpose of a virus varies but usually it’ll harm your system by corrupting files which makes your system slow down or even crash. But what is even worse is that it might steal information and send it to the attacker.
Afterlife: After infecting your system it’ll try to spread itself to your contacts or other systems on your network by sending emails or placing files on shared file locations.
We all know the story of the Trojan Horse and how it was treated as a gift by the receivers not realizing the danger inside. The exact same could be said about malware trojans.
Entry: A trojan will usually come disguised as a legit application and you won’t necessarily notice anything before you have installed the application and by then it’s to late to go back.
Threat Type: A trojan will usually extract malware to your system which often will allow the attacker to take control of the system via remote access, key logging to steal password and other critical information.
Afterlife: A trojan will typically not do more than installing its package of malware and then the malware will take care of what needs to be done.
Bot malware is used to infect the system with some software that enables the attacker to take control of the system and connect it to a central control point. When the attacker have gathered multiple systems and converted them to bots he has created a botnetwork which can be used for sending spam, executing DDoS attacks or even used to mine virtual currency, e.g. BitCoins.
Entry: A trojan or rootkit can infect the system and install files needed to convert the target to a bot.
Threat Type: Usually the main purpose is to add the target to a botnetwork to target other services or systems, but with control of your system there is no limit to what the attacker can do with your system.
Afterlife: After infection your systems resources will be utilized to perform some of the objectives mentioned earlier which will likely affect performance. Besides of performance you risk theft of information or unwanted access to your webcam.
A rootkit is malware designed to gain full access to a system without notifying either the user or antivirus by covering it’s activities.
Entry: This kind of attack usually happens because the attacker is using an exploit in the system to gain full access to the system and thereby be able to cloak its activities.
Threat type: If the attacker manages to gain full control there is no limit to the uses. The system could be used as a bot, a keylogger can be installed and monitor for user credentials.
Afterlife: The rootkit will usually not spread itself but simply stick to the target and open the gates to enable the attacker to exploit the system.
Adware or advertisement software intends to show advertisement to the user and will often generate pop-ups, or open websites displaying ads.
Entry: Often this type of malware will be installed with free programs as a way to create revenue. Usually you’ll have the possibility to remove a checkmark during in the installation to avoid this kind of software.
Threat Type: Even though adware isn’t necessarily dangerous it might come along with spyware which is able to steal information or monitor user behavior.
Afterlife: Usually adware will only be installed and display ads. But you can’t know for sure if it’s actually sending critical data to the attacker.
The purpose of spyware is as the name suggests to spy on you to gain information and leak this the attacker.
Entry: Spyware will usually come bundled with legitimate software or through trojans.
Threat Type: If you use your system for accessing any account such as your bank account or email the login information might be at risk. Credit card information or business data is often high value targets.
Afterlife: It will continue to spy on you and often try to spread to other devices it can spy on.
If you’re ever targeted by this form of malware you won’t be in doubt as its purpose is to encrypt your files and ask for ransom to decrypt the files again. If this type of malware gets into a company fileshare it can be devastating.
Entry: Ransomware can get in through many doors, but usually through a visit on a website or installing a files you shouldn’t have.
Threat Type: Depending on the files on your system this kind of attack can bring your business to its knees. As it will encrypt the files on your system it’ll be useless unless you pay the ransom and the attacker actually retreats from your system.
Afterlife: When the ransomeware has done its job it’ll remain on the system and try to spread to any file storage it can get to making especially networkshares / sync services vulnerable.