Malware Analysis is one of the hot topics you will find on the internet out today and it also possesses its core importance in the security field. Today is an era where every single company, be it’s small or big, is being hit with the cyber attacks. As we have already seen the case of a DDoS attack on one of the most popular security blog “Krebs On Security” which they faced from exploited IoT (Internet of Things) devices and recently GitHub also survived the massive DDoS attack and the vulnerability lies in the Memcached serves available in the internet.
So before diving to the depth of malware analysis part let’s just cover some of the basics of it that will make your base strong and will help you in future.
What is a Malware?
Malware is a malicious software or a program that is specifically designed to hamper your computer system in a way that it makes some undesired changes in your system like for e.g deleting or adding a registry file, creates some extra file that runs in the background as a process and makes your system inoperable. Malware is categorized in various forms which include viruses, worms, Trojans, adware, scare-ware and many more. We will get into the details of each and every of its form.
Forms of Malware
You will become a better malware analyst when you at least know what malware usually does and for that you need to understand the behaviour of malware and in what categories they fall into. Below are the categories or forms of malware that you are likely to encounter the most in your daily life:-
A computer worms, similar to virus, are a malicious program that infects your machine and causes a harm to your system in such a way that it cogs your system resources, halts or slows down your machine. Unlike viruses, it doesn’t need to infect any other programs. It can also replicate itself without any human interaction and infects other machines that are on the network. It basically looks for the system vulnerabilities in the networking protocols to infect other machines that are on the network.
A Trojan horse or a Trojan is a type of a malicious program that disguises itself as a benign program but in actual perform some different task than intended. Once you are tricked to install a trojan into your machine attacker can get full access to your machine and can compromise it as per his needs. He can then monitor your system and can monitor user activity, he can further drop the additional malicious program, install keylogger into your machine, steal your financial data (username, passwords, credit card info.) etc..
A virus is a malicious program or a form of malware that copies itself to some other processes or a piece of code and distributes itself to infect others. Users mostly get infected when they open the program which is infected with a virus. Viruses can steal other computers or networks, steal user’s financial information, create botnets which further gives an opportunity to the attacker to launch attacks from that compromised machine.
A spyware is a malicious program that spies on user activities without their knowledge. Once installed they can actively monitor the user machine, their activity, records keystrokes and harvest data including your financial data, account information, login data like username and passwords. They also have the ability to change the system settings, modify security settings.
Rootkits are a type of malicious software or programs that once installed can give a remote attacker to fully control your computer and with such ability that can remotely execute files, access/steal information, modify file system security settings or can control the computer as a part of botnet. Rootkits also has the capability to hides its presence from security products like anti-viruses and thus they fail to scan and remove them.
Short for advertising-supported software is a form of malware where they automatically delivers advertisements. Common example includes unnecessary pop-up ads on the websites or the advertisements on the software program. Most often they come bundled with free versions of software that are available on the Internet. The main motive behind this is to generate revenues from the users but it is also seen that adware often come bundled with spyware that has the sneaking capabilities.
A ransomware is a type of malicious program that holds the user computer captive and demands ransom mostly in cryptocurrency like bitcoins or Monero (XMR). The ransomware makes it impossible for a user to access to his computer either by encrypting the user files on the hard disk or locking down the machine and displaying messages to the user in order for him to pay the malware creator a ransom in a hope to get the decryption key and can get access back to their computer. Ransomware usually get into the user machine when they download and execute the attachment which they receive in mail or when they download files from the Internet. Ransomware typically spreads like a computer worm and infects the other computers that are on the network. WannaCry ransomware is the best example of the ransomware worm that had created outcry in last year.
8. Bots and Zombies
Bots and zombies are program used by hackers to take control of victim’s computer without his/her knowledge and often creates a backdoor and steal user’s keystrokes, credentials. Hackers often try to create and manage botnets, a large network of compromised systems, which they can further lease out to spammers, and other hackers seeking to commit fraud.
9. Fake Antiviruses
Fake antivirus are programs that fools people and detects thousands of viruses and the only way to get rid of those viruses is to purchase their full license.