In today's world, viruses and malware and rife; there are many different variants and we will look at each of these in turn:

• Virus: A virus is a program that embeds itself into a program and is executed in many different ways, for example by clicking on a link on a web page or opening up an email attachment. Once it has been activated, it replicates itself, going from host to host. A lot of viruses use port 1900.
• Ransomware: Ransomware is when the attacker encrypts the files on a user's computer and then a link comes up asking for money to release the files. An example of this is shown in the following screenshot. Ransomware could also be when you download a free program and it says that you have problems with your computer so you need to purchase the full version of the software. Remember, this is quite subtle—the rule of thumb is that if you have to part with money, then it is ransomware:

• Crypto-malware: Crypto-malware is a type of ransomware that encrypts a user's files and demands ransom. Sophisticated crypto-malware uses advanced encryption methods so that files cannot be decrypted without a unique key.
• Worm: A worm is a program that replicates itself to spread to other computers, exploiting weaknesses in security. Common ports are 1098, 4444, and those in the 5000 range. An example of a worm is Nimda. The Nimda virus was released in September 2001; its name is admin spelt backwards and that referred to a file called admin.dll. When it runs, it continues to propagate itself. The main target of Nimda was Microsoft's IIS web server and file servers. It would create a Denial of Service attack and its job was to simply slow down networks to a halt. When it accessed a server, it would run down mapped network drives to everyone connected to the server, then it rewrote the system files so that they had an EML extension. Once it had totally destroyed a machine, a huge white envelope appeared on the desktop; this meant that it would no longer function.
• Trojan: Trojans are known for creating a backdoor on your computer that gives malicious users access to your system, stealing confidential or personal information. They try to exploit system32.exe and then run a DLL file to attack the operating system kernel; this is the management of the operating system. The Trojan will try and find password information, so set up a SMTP engine that uses a random port to send these details to the attacker.
  Trojans attack the /System 32 and the SysWOW64 directory by placing a .dll file there.
  • Trojan.BHO.H File C:WINDOWSSysWOW64fezegepo.dll
  • Trojan.Vundo File C:WINDOWSsystem32fezegepo.dll

For example, Ghost RAT is a remote access Trojan that was originally designed by threat actors in China. A user clicks on a link and a dropper program called server.exe installs Ghost RAT with a svchost.dll that then allows the attacker to take control of the computer. It can then log keystrokes, download and upload files, and run a webcam and microphone feeds.

• Remote Access Trojan (RAT): A RAT is a program that sends login details back to the attacker to enable them to take full control of the computer.
• Rootkit: A rootkit is a designed to enable access to a computer or areas of its software that is not otherwise allowed to access. For example, it could be either c:windowssystem32 for a Windows computer or bin/ and /usr/bin/ for Linux/Unix computers.
• Backdoor: A backdoor in a piece of software or a computer system that is created by the program developers in case someone locks themselves out of the program; it is generally undocumented. Attackers use this to gain access to the system.
• Logic bomb: A logic bomb is a virus that is triggered by either an action or a time; an example would be the Fourth of July or Christmas Day. On March 20, 2013, in South Korea, a logic bomb dictated the date and time, and the malware began erasing data from machines to coordinate the destruction across multiple victims. The malware consisted of four files, including one called AgentBase.exe that triggered the wiping. Contained within that file was a hex string (4DAD4678) indicating the date and time the attack was to begin—March 20 2013 at 2 p.m. local time (2013-3-20 14:00:00). As soon as the internal clock on the machine hit 14:00:01, the wiper was triggered to overwrite the hard drive and master boot record on Microsoft Windows machines and then reboot the system. It attacked the government and banking sector.

• Keylogger: The main idea behind keyloggers is to track and log keystrokes; you can install the keylogger by putting it on a very small thin USB drive on the rear of a desktop computer. It will never be seen.
• Adware: Adware is an unwanted program that keeps popping up with unwanted advertisements. One way to stop adware is to enable a pop-up blocker.
• Spyware: Spyware is renowned for slowing down computers as it uses your computer's processor power and RAM resources to continually track what you are doing on your computer and send the information to a third party.
• Botnet: A bot is a program that takes over control of a computer; a botnet is a collection of bots that have been set up for malicious purposes normally to carry out a Denial of Service (DoS) attack.