Exploring Malware Types

Malware is the term given to a set of software with one specific function: Malicious activity. Most users know of this danger as a “Computer Virus”, but the term virus these days has a very specific meaning. When we break down the dozens of terms given to Malware, we can build an understanding of the level of infection we face during the removal process.

Here are a few of the major types of Malware users should be aware of:

Trojan

  • Malware that disguises itself as a normal file or program to trick users into downloading and installing malware. Does not self replicate or spread.

Virus

  • Malware that replicates and spreads based on user interaction. Opening infected files or running an infected executable usually triggers the virus.

Worm

  • The most common type of malware. They spread over networks by exploiting operating system vulnerabilities. Worms can contain “payloads” that perform certain actions (such as deleting or stealing data). Worms differ from Viruses in that they are able to self-replicate and spread independently. Ex. Polymorphic or Metamorphic.

Rootkit

  • Malware that enables continued privileged access to a computer. As a result, it can subvert software that is designed to circumvent or destroy it.  Typically deployed through Trojans, or security vulnerabilities. Can reside in the kernel of the OS, or even firmware of devices.

Spyware

  • Focuses on data harvesting or modifying security/permissions settings. Typically deployed through trojans.

Ransomware

  • Malware that essentially holds a system captive while demanding ransom. The most damage will come from users with Admin/root access running  a trojan.

Adware

  • Automatically delivers advertisements. Not always malware. When bundled with Spyware, can create elaborate phishing attempts.

Bot

  • Software that performs specific operations using a host computer. This can include cheating at video games, but more dangerously used in botnets to perform DDoS attacks.

Zero Day Attack

  • Not a type of Malware, but a description of the threat. A Zero-day attack is a threat that exploits a previously unknown application vulnerability. It is named as such because developers have had no time to address and patch the issue.

With an understanding of the different types of Malware, we can hope to prevent further infection and reinfection, as well as build a background to understand the newest threats.