As we have already seen the case of a DDoS attack on one of the most popular security blogs “Krebs On Security” which faced exploited IoT (Internet of Things) devices recently GitHub also survived the massive DDoS attack and the vulnerability lies in the Memcached serves available in the internet.
So before diving into the depth of malware analysis part let’s just cover some of the basics of it that will make your base strong and will help you in the future.
What is a Malware?
Malware is malicious software or a program that is specifically designed to hamper your computer system in a way that it makes some undesired changes in your system for e.g deleting or adding a registry file, creating some extra file that runs in the background as a process and makes your system inoperable.
Malware is categorized in various forms which include viruses, worms, Trojans, adware, scareware, and many more. We will get into the details of each and every of its form.
Forms of Malware
You will become a better malware analyst when you at least know what malware usually does and for that, you need to understand the behavior of malware and in what categories they fall. Below are the categories or forms of malware that you are likely to encounter the most in your daily life:
Computer worms, similar to a virus, are the malicious program that infects your machine and causes harm to your system in such a way that it cogs your system resources, and halts or slows down your machine.
Unlike viruses, it doesn’t need to infect any other programs. It can also replicate itself without any human interaction and infects other machines that are on the network. It basically looks for system vulnerabilities in the networking protocols to infect other machines that are on the network.
A Trojan Horse or a Trojan is a type of malicious program that disguises itself as a benign program but actually performs some different task than intended.
Once you are tricked to install a trojan into your machine attacker can get full access to your machine and can compromise it as per his needs.
An attacker can then monitor your system and can monitor user activity, he can further drop the additional malicious program, install a keylogger into your machine, steal your financial data (username, passwords, credit card info.), etc.
A virus is a malicious program or a form of malware that copies itself to some other processes or a piece of code and distributes itself to infect others.
Users mostly get infected when they open a program that is infected with a virus. Viruses can steal other computers or networks, steal users’ financial information, and create botnets which further gives an opportunity for the attacker to launch attacks from that compromised machine.
Spyware is a malicious program that spies on user activities without their knowledge.
Once installed they can actively monitor the user machine, and their activity, record keystrokes, and harvest data including your financial data account information, and login data like usernames and passwords.
They also have the ability to change the system settings and modify security settings.
Rootkits are a type of malicious software or programs that once installed can give a remote attacker full control of your computer and with such ability can remotely execute files, access/steal information, modify file system security settings, or can control the computer as a part of a botnet.
Rootkits also have the capability to hide their presence from security products like anti-viruses and thus they fail to scan and remove them.
Short for advertising-supported software is a form of malware where that automatically delivers advertisements.
A common example includes unnecessary pop-up ads on websites or advertisements on software programs.
Most often they come bundled with free versions of software that are available on the Internet.
The main motive behind this is to generate revenues from the users but it is also seen that adware often comes bundled with spyware that has sneaking capabilities.
Ransomware is a type of malicious program that holds the user’s computer captive and demands ransom mostly in cryptocurrency like bitcoins or Monero (XMR).
The ransomware makes it impossible for a user to access his computer either by encrypting the user files on the hard disk or locking down the machine and displaying messages to the user in order for him to pay the malware creator a ransom in the hope to get the decryption key and can get access back to their computer.
Ransomware usually gets into the user’s machine when they download and execute the attachment which they receive in the mail or when they download files from the Internet.
Ransomware typically spreads like a computer worm and infects the other computers that are on the network. WannaCry ransomware is the best example of the ransomware worm that created an outcry in last year.
8. Bots and Zombies
Bots and zombies are program used by hackers to take control of a victim’s computer without his/her knowledge and often creates a backdoor and steal users’ keystrokes, and credentials.
Hackers often try to create and manage botnets, large networks of compromised systems, which they can further lease out to spammers, and other hackers seeking to commit fraud.
9. Fake Antiviruses
Fake antivirus is programs that fool people and detects thousands of viruses and the only way to get rid of those viruses is to purchase their full license.