Welcome dear NetworkSecLearners to this new tutorial on Malware in which we are going to explore the various types of Malware.π If you are wondering what a Malware is, I am sure you have probably heard about it and even probably many times. In simple words, a Malware is a MALicious SoftWARE which means any type of Software that is intentionally created to break into Computer Systems with the goal to damage them or steal personal information. I hope it is clear for you now what a malware is but it is still not the case, let me give you another hint. Have you ever downloaded a software called Antivirus in order to protect your computer against viruses? I guess the answer is yes and a Virus in the in the digital world is a type of Malware.π
Malware is the favorite weapon of cybercriminals and it exists in many forms from traditional Viruses to modern and more advanced fileless Malware that hides in the computers memory. This topic is one of the most important topics in Cybersecurity and it is worth writing an article on it to sensitize you on the danger Malware can bring and also to help you prepare for your ComPTIA Security+ exam. Indeed Malware topic is part of CompTIA Security+ SY0-701 exam domain 2.0 Threats, Vulnerabilities and Mitigations and covered by the Objective 2.4 : Given a scenario, analyze indicators of malicious activity.
If you are not a technical person and have no clue about this topic but are interested in it, you are at the right place because as always, this article will be beginner friendly with a step by step approach and easy to understand explanations.π We will first review the types of malware and how they work, then we will walk through the techniques attackers use to deploy Malware and finally we will discuss the common signs that help you detect when a system is infected by a Malware. By the end, you will have a complete picture of Malware both for your exam and your practical knowledge. At least, I hope so.π
1. Types of Malware
As mentioned in the introduction, a Malware is a Malicious Software hackers will install on a computer without the user knowledge in order to cause damage. Let’s explore the various types of Malware and the damage they bring. Let’s get started with the most common type of Malware which are the Viruses.πͺ
1.1 Viruses
A virus is a piece of code that is attached to a clean file and get activated when that file is executed or opened. Once activated, it can corrupt host files, steal information or even crash entire systems. One important thing to remember is that a virus usually needs some form of user interaction to start like opening an infected attachment. Over the years, many types of viruses have been developed.
1.1.1 Boot Sector Viruses
The boot sector viruses hide in the first sector of your hard drive and load into the volatile memory every time your computer starts. Once it is loaded in the volatile memory, it can do everything it wants on the computer.π―
1.1.2 Macro viruses
Macro Viruses are embedded inside documents such as Word or Excel files and they execute when the user opens the file.
1.1.3 Program Viruses
Program Viruses will try to install themselves on application files so that everytime the application or program is executed, the virus code also gets executed.
1.1.4 Multipartite Viruses
Multipartite viruses combine both Boot Sector and Program Viruses making them very persistent.
1.1.5 Encrypted viruses
Attackers also try to hide their viruses from detection using encryption to stay hidden. Indeed, the Virus code is encrypted so that antivirus can’t read their content and detect that it is a malicious code.
1.1.6 Polymorphic Viruses
Polymorphic Viruses are advanced version of Encrypted Viruses but instead of just encrypting the contents they will actually change the viruses code each time it is executed by altering the decryption module in order for it to evade detection.π
1.1.7 Metamorphic Viruses
Metamorphic Viruses are able to completely rewrite themselves.
1.1.8 Armored Viruses
As the name suggests, the Armored Viruses add extra layers of protection to confuse analysts during their analysis of the malicious code.
1.1.9 Hoax Viruses
Hoax Viruses are not real viruses but they just trick and are designed to scare users into taking harmful actions.
1.2 Worms
Worms do not need user interaction to activate themselves or to spread unlike Viruses. A Worm is indeed a standalone program that can replicate itself and move from one computer to another on its own. Worms are therefore very dangerous because they can spread extremely fast across networks consuming bandwidth and infecting large numbers of machines in a short period of time. Historically, some of the most famous Cyber incidents were caused by worms spreading uncontrollably over the Internet. π―π
1.3 Trojans
A Trojan, just like in the story of the Trojan Horse is a type of Malware that hides itself by pretending to be something useful or harmless. It could be a fake program that claims to help you but in reality installs malicious code on your machine. Once inside, it can create a backdoor to provide persistant and remote access of your computer to the person attacking you, steal your sensitive files or give attackers remote control. One of the most common examples today of Trojan is the Remote Access Trojan (RAT) which allows an attacker to fully control a victim’s computer from anywhere in the world.
1.4 Ransomware
Ransomware is a type of malware that encrypts data making them unusable and the only way to get the data back is to pay a Ransom. This sounds scaring, right? I can tell you that it is indeed scaring because you find all your data unusable since they are all encrypted by the attackers who then leave a message telling you to pay a ransom usually in cryptocurrency if you want your data back. You might panic and then decide to pay immmediately but hold on please.π In fact, you should not pay the attackers since there is no guarantee that they will actually unlock your data. Instead, disconnect the infected machine from the network and report the incident to the authorities and restore your data from safe backups. In order to prevent this kind of attacks, it is recommeded to keep backups, install updates regularly and train people in recognizing suspicious emails that can be entry points for this kind of attacks. Also, enabling multi-factor authentication adds an extra layer of security.πͺ
1.5 Zombies and Botnets
Sometimes attackers do not want to steal your data directly but instead want to use your computer as part of a network of computers that they will use to carry out massive attacks. In fact, when a computer is infected and remotely controlled by an attacker, it becomes a Zombie. When thousands or millions of zombies are connected together they form a Botnet. Botnets are often used to launch massive cyberattacks like Distributed Denial-of-Service (DDoS) Attacks where many machines flood a single target to take it offline. They are also used to send spam, host illegal content or even to break Encryption by combining the power of many computers.π
1.6 Rootkits
Rootkits are types of malware that allow attackers to gain administrator level access (root access). They operate very close to the operating system kernel and then hide themselves inside the system which makes them extremely difficult to detect. Rootkits often use techniques like DLL injection or shims to insert their code into normal processes and hide their presence. Once a rootkit is installed, the operating system itself might not be able to see it so that the best way to detect them is by booting from an external device and scanning the system from outside.
1.7 Backdoors and Logic Bombs
A backdoor is a hidden entry point in a program that bypasses normal authentication. Originally, developers sometimes placed backdoors for debugging purposes but Attackers now use them to maintain secret access to systems. A logic bomb is another form of Malware that is triggered when certain conditions are met such as a specific date or a particular user action. For example, a disgruntled employee might hide a logic bomb in the system that deletes files if they are ever fired.
1.8 Keyloggers
Keyloggers do exactly what their name suggests : they record everything you type. There are software based keyloggers which are installed like normal Malware on a computer. In addition to the software mean, there are some Hardware based keyloggers which are small physical devices that are attached between a keyboard and a computer. You might wonder what attackers gain with the keyloggers. Well, Attackers use keyloggers to steal passwords, credit card numbers and other sensitive information.
1.9 Spyware and Bloatware
Spyware as its name suggests is a piece of Software that is installed on a computer with the goal of Spying. Scaring, right?π€ yes, it is because this Malware can monitor all your activities on a computer without your knowledge and send all the information back to Attackers. It can arrive bundled with other software, hidden in pop-ups or downloaded from malicious sites.
On the other hand, Bloatware is not always malicious but it refers to unnecessary programs pre-installed on new devices. Even if it is not harmful, Bloatware can slow down Systems and create extra security risks.
2. Malware Attack Techniques
Modern malware has become much more advanced than the early Viruses of the past. Today, many attacks use fileless malware which means they run entirely in memory and do not leave a file on disk for Antivirus Programs to detect. The process usually happens in multiple stages.
The first part called a dropper or downloader is a small piece of code delivered when a user clicks on a malicious link or opens a bad file.
This dropper then installs additional malware such as a Remote Access Trojan in the second stage After which the Attacker can begin their main objectives such as stealing or encrypting data.
Finally, they use concealment techniques like deleting logs or hiding evidence to stay undetected.
A very common strategy today is called “living off the land” where attackers use legitimate tools already present on the system like PowerShell to avoid detection.
3. Indications of Malware Attacks
Now that you know how Malware works, how can you tell if a system is infected? Here are some of the most common signs :
- Accounts getting locked out repeatedly because of brute force attempts for example brute forcing your passwords.
- The same account being logged in from different locations at the same time.
- Security tools suddenly blocking much more content than usual.
- Impossible travel where an account logs in from two different countries within seconds or few minutes which is technically impossible.
- Unexplained spikes in CPU, memory usage or network load.
- Files or systems suddenly becoming inaccessible often because of ransomware.
- Strange log activity such as logs appearing at unusual times or disappearing completely.
- Published reports showing that your network or your computers are part of a botnet.
- When you have any of the signs mentioned above, you should definitely investigate more.
Conclusion
Dear NetworkSecLearners, we have now reached the end of this tutorial on Malware.π Congratulations for reading till the end.
The world of malware is huge and sometimes a bit scary but by reading this article, you have just taken an important step in understanding how these threats work and how attackers use them.
Most people have already heard the word βvirusβ but few actually know the difference between viruses, worms, trojans, ransomware and rootkits.
If you made it this far, you already know much more than the average and that is something to be proud of.
My goal with this article was to explain everything in a simple way and I truly hope the explanations helped you understand not only how malware works but also the signs you should look for when something feels wrong on a System.
Whether you are reading this for your CompTIA Security+ exam or simply to protect your systems, understanding malware is an important defense you can build.
Thank you very much as always for reading the whole tutorial. If you have found this tutorial helpful and interesting, please share it with your friends and colleagues to help them prepare their coming CompTIA Security+ exam. And as always, if you have any query, don’t hesitate to leave a comment so that the whole Networkseclearners community can help you.π
Until the next tutorial, keep learning, stay motivated and above all stay safe and secure.π