Malware overview

Malicious software or malware is an all-encompassing term for any software that has been created to damage, disable or produce an unwanted condition within a computer system. This definition, while functional is also very broad in its categorization of malware. There is malware that is coded specifically to steal credit card numbers from payment systems while other malware is utilized to take control of a system allowing an attacker to remotely control that system. Analysts who observe these specific behaviours, such as how a compromised system sends communications out to the internet after infection, or what actions are taken on an infected system, may be able to determine what type the malware is, and what the end goal of the attacker may be.

In general, when discussing malware, the following are some of the more specific categories:

  • Virus: For a time, the term virus was used as the term for any malicious code that had a determinantal impact on a computer system. As the types of malware increased, the term virus was relegated to mean any code that has an intentional malicious impact on a system.
  • Worm: Often part of a virus, a worm can not only have an impact on a system, but is able to self-replicate and impact other systems connected to it. One of the most famous worms was the Morris Worm that spread worldwide causing denial of service attacks across the internet in 1988.
  • Trojan: The Trojan horse of mythology is the inspiration for this class of malware. Trojan malware is often hidden within a legitimate application or file. When an unsuspecting user opens the file, the malware infects the system. This type of malware often leverages a social engineering attack to infect a system.
  • Keylogger: This specific malware hides in the background of a running system and captures the keystrokes of the user. It then takes this information and sends it to a controller for review. Coders who write keyloggers are often interested in obtaining credentials.
  • Root Kit: Rootkits are utilized to conceal other malicious code such as a Remote Access Trojan (RAT), which allows for an attacker to take remote command of an infected system.
  • Information Stealing Malware: Often coded for a single purpose, this type of malware is used to capture information such as credit card numbers or banking credentials such as the Shylock malware which was created specifically to capture banking logins.
  • Backdoor: Another variation of remote access, this type of malware infects a system and then allows the attacker to take control of the infected system.
  • Downloader: As defensive have gotten more sophisticated, so have the malware writers. A downloader is part of a multi-stage malware program. The downloader often infects a system and then reaches out to a remote server for the rest of the code. This method is often utilized to by-pass security controls and is useful for malware coders to utilize larger and more sophisticated malware.
  • Botnet: A botnet is a series of computers all controlled through a central system on the internet called a botnet controller. First, the botnet malware infects a system. As the number of infected systems grows, the malware writers can then utilize this botnet to conduct Distributed Denial of Service (DOS) attacks against a single target.
  • Ransomware: A relatively new type of malware, ransomware encrypts a victim's files. The malware then solicits a payment, often in the form of a crypto currency such as Bitcoin from the victim for the decryption key.
  • File Wipers: A file wiper either destroys the files or is able to infect the Master Boot Record and modify records so that files are no longer accessible to the system.

Many of the variants are used together in a chain. For example, a malware coder may conduct an initial infection of a system with a Remote Access Trojan disguised as a legitimate application. When an unsuspecting user opens the application, code executes itself. It then downloads a second payload and further infects the system, allowing the coder remote access. Finally, with remote access, the attack continues with the attacker identifying a payment system. From there, they load a second piece of malware onto the payment system and capture clear text credit card numbers.

Another key aspect to malware is how it has evolved over time. There has been an explosion in how many variants of malware there are and the sheer number of malicious codes there are currently in the wild. Malware is evolving every day with new techniques of encoding and delivery as well as execution, changing rapidly. Analysts will be well advised to make a point to keep abreast of these changes as they are happening, so that they are prepared for the latest and more damaging code.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.165.247