Adware, as the name suggests, is an advertising-supported malware that affects your computer with the objective of serving up advertisements. This is quite a money earner for the author as they get paid based on the number of advertisements they serve up. Adware is designed to be persistent and may not be easy to remove by simply uninstalling it. Adware can be annoying at the least and it can also be part of a blended threat, as shown in the following image:

Adware reaches a victim by either downloading a supposedly useful software or visiting a site designed to affect the browser, operating system, or both.

Spyware is a malicious software that has the objective of gathering covert information about the victim. Spyware is used to collect information related to a victim's Internet usage, e-mail and online accounts, online financial transactions, credit card and bank details, username and passwords, and so on. Spyware is becoming increasingly common in financial frauds.

Spyware can also be used to compliment Adware. This is done by monitoring the user's Internet browsing patterns and then serving up adware based on the intelligence gathered. Sometimes adware (and all malware) can masquerade as another useful program such as an anti-virus or anti-malware tool. The following pictorial representation gives us an overview of spyware:

Virus is a malicious software that is designed to replicate itself as a propagation mechanism and it usually has a payload that it delivers at a particular point of time or if certain conditions are met. A virus usually attaches itself to another piece of software and is executed every time that software is run, as shown in the following image:

A common infection vector is the copying of software or files between multiple computers. Viruses usually modify or corrupt files on a victim's computer.

A worm, as the name suggests, is a malicious software that burrows itself in the operating system and data on a computer and then proceeds to destroy it. It has an inbuilt replication mechanism. While a virus tends to attach itself to another program, a worm is a standalone program that replicates itself and usually spreads via the network. Worms are usually the cause of some damage on a network even if it is just the consumption of bandwidth and consequent slowing of the network. The following picture shows how worms operate in a digital environment:

Different worms have different payloads. A payload is what a worm is designed to do other than replicate. This may involve mass mailing, data deletion, or even hard drive or file encryption based on extensions.

Worms spread by taking advantage of the vulnerabilities on the network. If the worm has been in the wild for a while, patches are usually available for the vulnerabilities it exploits and if successfully applied, its spread can be restricted. However, if it is a zero-day worm that takes advantage of an unknown/unpatched vulnerability, it can cause havoc on the network.

It is a well-known fact that in ancient times, a hollow wooden Trojan horse, containing soldiers, masquerading as a farewell gift from the Greeks was the cause of the downfall of the city of Troy. In today's day and age, malicious software masquerading as some useful tool is known as a Trojan malware. Trojan malware can be dangerous as it has been intentionally downloaded and installed and can be identified by the user to the system as a trusted tool. This could result in unintended escalation of privileges.

The preferred infection vector for Trojans is via social engineering. For example, an infection occurs when a user clicks on an attachment of an e-mail assuming it to be something of use or alternatively lands up at a website with malicious code. Trojans usually have a payload. An increasingly common mode is to open a backdoor and provide access to a controller. It is not easy to detect such backdoors; however, these do result in increased traffic and more load on the processor, which shows up in the form of a compute that responds slower than normal, as shown in the following image:

There have been a number of extremely destructive Trojans in the past and I am sure that we will see more in the future. Some of the notable ones have been NetBus, Sub7, Back Orifice, Zeus, and so on.

The names of the malware are really quite descriptive. As we have seen, each type of malware derives its name from some characteristic of its functioning. Along the similar lines, rootkits are actually a collection of malicious software (kits) that work at the root (or administrator) level. These could be automated or require a miscreant to obtain root privilege before installing the software. Due to the rooted nature of its operation, rootkits are typically hard to detect. Rootkits, once installed, establish complete control over critical functions and can prevent malware detection tools from functioning or even misreport information related to the malware presence. Rootkits can be installed in the kernel, which makes them even harder to trace and remove and may need a complete fresh reinstallation of the OS. Certain rootkits target firmware, which at times, requires a replacement of the hardware or at the very least, specialized equipment to permit a return to normalcy. A pictorial depiction of rootkits is shown as follows:

Rootkits use a number of different techniques to take control of the system. Among the most common is the exploitation of any vulnerability that exists in any component of the system under attack. This is rapidly followed by privilege escalation.

To prevent detection, rootkits use advanced cloaking techniques. Once installed and having acquired the necessary privileges, rootkits work at subverting the operating system to enable evasion and prevent detection by OS security tools as well as security APIs. This is achieved by hiding the visibility of running processes, injecting code in the operating system and modifying drivers and kernel modules. Rootkits also tend to disable event logging in order to prevent detection at a later stage.

Backdoors are specialized malware whose purpose is to open a backdoor into the infected system. This can be used to allow incoming requests from hackers, steal valuable data, and take complete control of the system. Backdoors can also be used to send out viruses, SPAM, or manage a network of bots. The following graphic explains backdoors in a nutshell:

Malware that monitors keystrokes are known as keyloggers. They log, store, and forward every key pressed on the computer on a predefined periodic basis. These keyloggers send the collected data to a specified computer, website, FTP server, online database, or e-mail address that may be hardcoded or could even be dynamically coded. These routinely capture all the data, including usernames and passwords. This data is usually captured and stored in an encrypted form. Some advanced keyloggers also send screenshots along with the key strokes captured by them. These screenshots help in correlating the key strokes captured with the context where they have been collected. Some corporate organizations employ these as a means of employee monitoring. The following graphic gives us an overview of keyloggers:

While our focus is on malware and software-based keyloggers in there, it is worthwhile to understand that hardware-based keyloggers are also available. These can be small USB-based devices or flow-through connectors through which the keyboards are connected. These can be both PS2 or USB types.

Ransomware is a straightforward extortion tool. This is a malicious software designed to encrypt your data and then demand a ransom for it. The encryption used these days is RSA-2048 and it is strong enough to prevent users from breaking it in any reasonable amount of time and this forces them to pay the ransom or forget about the data altogether. The payment mode is via Bitcoin or other digital currency and the payment is made via dedicated servers hosted in the Deep Web.

Security researchers had examined the earlier versions of Ransomware, such as CryptoLocker and CryptoWall, and had determined that these worked by encrypting a copy of the original file and then deleting the original. As the original file was deleted, victims could actually undelete the original files with the help of data recovery software and in the bargain, avoid paying the extortionists.

As soon as the malware authors realized this, they changed their approach. Not only did they begin to wipe the deleted files, they also added the threat of exposing the contents of the encrypted files in public. This dramatically increased their payment rates and they are rumored to have made over tens of millions of dollars from the payments made by the victims. The following graphic gives us an overview of what ransomware is about:

The usual infection vector for ransomware, such as CryptoWall, is by e-mail attachments. E-mails with enticing subjects are sent, containing files with the zip extension as attachments that, in reality, contain compromised executables disguised as PDF files. Some of these malware can infect files in network shares as well, allowing the infection to spread across the network.

Another dangerous variant of malware are browser hijackers. A browser hijacker takes over the browser and directs search activities to the websites that it wants the user to visit. This could be with the objective of making money from your surfing or redirecting the browser to fraudulent websites. This can be a cause of major concern, especially, when using a hijacked browser to carry out online financial transactions. A pictorial depiction of browser hijackers is shown as follows:

Remember the old B-grade movies with an army of zombies that would go on to do their master's bidding; botnets follow the same principal, as shown in the following image:

A botnet (a network of robots) consists of Internet computers that have been infected and forced to perform tasks that the user did not plan. Such infected computers are called bots. A network of such computers is called a botnet and the computer controlling a number of such bots is called a bot herder. A group of bot herders can report to a command and control center. The owner of a botnet can utilize their network in a number of ways. Botnets can be used to propagate infections, send out spam, carry out denial-of-service attacks, and so on. It is fairly common for botnets to be rented out or outright sold in the underground community.