Types of Malware
• Virus- A virus is a form of malware that is capable of copying itself and
spreading to other computers, it is attached to a document or file that
supports a single instruction that expands automatically into a set of
instructions to perform a particular task when executed its code it is
capable of spreading from one host to another host. once
downloaded,
the virus will lay dormant until the file is opened and in use. Viruses
are designed to disrupt a system’s ability to operate. As a result,
viruses can cause significant operational issues and data loss.
• Worms- Computer worms are similar to viruses because they
replicate functional copies of itself and can cause the same type of
damage. But in case of a worm, it is standalone software and does
not require a host program or human help to propagate. Worms can
be transmitted via software vulnerabilities Sometimes a computer
worm’s purpose is only to make copies of itself over and over again
to consume system resources, such as hard drive space or
bandwidth, causing to overload the systems resource.
• Spyware- The definition of spyware is a software program that
secretly gathers personal information and sends it to the attacker,
without the user’s knowledge from a computer when it is online.
An example of spyware is an adware software program that records
a user’s keystrokes on online advertisements and reports.
• Trojan horse- Trojan, is a type of malicious code or software that
looks legitimate but can take control of your computer. It varies
from a virus because the Trojan binds itself to non-executable files,
such as image files, audio files. different types of Trojan are
discussed briefly on the previous chapter.
• Logic Bombs- It is essentially a trigger planted in a program when
the triggering condition is met, the planted code is then executed.
the logic bomb is programmed to execute when a specific date is
reached, it is referred to as a time bomb.
• Ransomware- Ransom malware, or ransomware, is a type of
malware that prevents users from accessing their system or personal
files typically by encryption, and payment is demanded before the
ransomed data is decrypted and access is returned to the victim.
• Rootkits: A rootkit is a piece of software installed on the machine that
allows an attacker to do many malicious things, including opening a
backdoor. A rootkit is illegally installed on the machine without the
owner knowing, it runs on a target machine when an attacker somehow
gained access to the system with root-level privileges.
Deadly Malwares of History
Emotet -
Emotet is a banking Trojan malware program that obtains financial
information, such as user credentials stored on the browser, by
eavesdropping on network traffic. Emotet malware also inserts itself into
software modules that are then able to steal address book data and perform
a denial of service attacks on other systems. It also functions as a
downloader or dropper of other banking Trojans Emotet continues to be
among the costliest and destructive malware affecting state, local, tribal,
and territorial (SLTT) governments, and the private and public sectors.
Wanacry-
WanaCry is a ransomware crypto worm using the EternalBlue exploit to
spread via SMB protocol. This ransomware worm spreads itself rapidly
across several computer networks in May of 2017. After infecting
Windows computers, it encrypts files on the PC’s hard drive, making them
impossible for users to access, then demands a ransom payment in bitcoin
to decrypt them. Version 1 has a killswitch domain, which stops the
encryption process after the demanded ransom payment is made.
kovter-
This malware has gone through various changes during its lifespan.
Initially, it appeared as police ransomware to the infected systems,
where it remained in a target system waiting for the right opportunity usually when the user downloaded illegal files or browsed illegal
websites. once triggered, it
notifies the user of illegal activity along with a fine, which equates to
its ransom demand. However, this early version was not too effective, as
it required the correct set of conditions and could easily be detected and
removed. The second, and perhaps most visible variant of kovter was
that of a click-fraud malware. This variant used code injection to infect its
target, after which it stole information that is then sent to its command & control servers. during 2014 the code base changed as updates were
committed and the ransomware conducted click fraud attacks as well.
I Love you -
The iloveyou virus is a computer worm. It spread through an email. iloveyou is one of the most well-known and worst computer viruses of
all time. It arrived with the subject line “iloveyou ” and an attachment, love letter for you.txt.vbs. If the attachment was opened, a Visual
Basic script was executed, and the computer was infected. The virus spread
quickly through email, websites and file sharing. The virus replicated itself
and exposed itself to everyone in the victim’s contact list. This virus was a
pioneer for other viruses, as it was one of the first to attach to an email.
Code Red -
The Code Red and Code Red II worms came up in the summer of 2001.
Both worms exploited an operating system vulnerability that was found in
machines running Windows 2000 and Windows NT. The vulnerability
was
a buffer overflow problem, Activities of the worm were based on the
date of the month, The Code Red worm initiated a distributed denial of
service (ddoS) attack on the White House. That means all the
computers infected with Code Red tried to contact the Web servers at
the White House at the same time, overloading the machines.
• Days 1-19: Trying to spread itself by looking for more IIS servers
on the Internet.
• Days 20–27: Launch denial of service attacks on several fixed IP
addresses. The IP address of the White House web server was
among those.
• Days 28-end of month: Sleeps, no active attacks.
Comments
Post a Comment