The e-InnoSec team recently completed a 6-part series to guide organizations with leveraging GDPR preparation for CCPA. The Malware/Ransomware 4-part series is focused on helping every organization on how to protect from Malware/Ransomware.
- Part I – How do I get malware?
- Part II – Different types of malware
- Part III – How can I tell if I have a malware infection?
- Part IV – How to protect against malware?
Malware, or “malicious software,” is an umbrella term that describes any malicious program or code or any piece of software that was written with the intent of damaging devices, stealing data, and generally causing a mess.
The Part I was focused on “How do I get malware?” and the Part II discusses “Different types of Malware”. Here is brief about different types of Malware:
Virus – A Virus is a malicious executable code attached to another executable file.
Trojan – A Trojan horse is malware that carries out malicious operations under the appearance of a desired operation such as playing an online game.
Spyware – Spyware collects information and sends it to the hacker. It is malware designed to spy on you.
Adware – The aggressive advertising software can undermine your security just to serve you ads.
Worms – Worms are a type of malware similar to viruses, self-replicating in order to spread to other computers over a network, usually causing harm by destroying data and files.
Botnets – Botnets are networks of infected computers that are made to work together under the control of an attacker.
Rootkit – A rootkit is malicious software that allows an unauthorized user to have privileged access to a computer and to restricted areas of its software.
Malicious Crypto mining – Crypto mining and crypto-jacking are associated with extremely high processor activity that has noticeable side-effects.
Keylogger – A keylogger is a type of spyware that secretly logs your keystrokes so thieves can get your account information, banking and credit card data, user names, passwords, and other personal information.
Backdoors – A backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high-level user access (aka root access) on a computer system, network, or software application.
Exploits – Exploits are a type of malware that takes advantage of bugs and vulnerabilities in a system in order to allow the exploit’s creator to take control.
Ransomware – Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization. This kind of malware typically locks down your computer and your files and threatens to erase everything unless you pay a ransom.
There are different ways to spread malware. Email, instant messaging, removable media, or websites are just a few options leveraged to infect systems. One challenge when performing an examination is determining how the malware ended up on the system which is also referred to as identifying the malware’s initial infection vector (IIV). Below are a few examples:
- Dropped – Malware delivered by other malware already on the system, an exploit kit, infected third-party software, or manually by a cyber threat actor.
- Multiple – Refers to malware that currently favors at least two vectors.
- Malspam – Unsolicited emails, which either direct users to download malware from malicious websites or trick the user into opening malware through an attachment.
- Network – Malware introduced through the abuse of legitimate network protocols or tools, such as SMB or remote PowerShell.
- Malvertisement – Malware introduced through malicious advertisements. Slayer, a macOS trojan, is the first malware since May 2018 to rely on this vector within the Top 10 Malware list.