(Estimated Reading Time: 8 minutes)
Malware Definition
Malware is any software intentionally designed to cause damage. (source is wikipedia)
Who Creates Malware
Anyone….With easy access to information on the internet and samples easy to come by really anyone can create malware and easily target anyone in the world given the global connectivity of the internet. Usually, malware authors or grouped into a category by their skill level.
| Name | Skills | Description |
|---|---|---|
| Script Kiddie | Beginner | Students or other folks looking to learn and maybe prove themselves |
| Organized Crime | Moderate to Advanced | Individuals or groups with skills and usually motivated by making money |
| Nation State | Advanced, Cutting Edge | Highly skilled and well funded national groups which gain unauthorized access to a computer and remains undetected for an extended period |
The term APT or Advanced Persistance Threat is used to refer mainly to Nation States but more recently can also include well funded organized crime groups conducting large scale intrusions. Mitre has probably the best searchable catelog of APT groups. As of this blog posting Mitre is tracking 110 APT Groups.
Types of Malware
There are many types of malicious software and very often a given sample of malware will contain pieces of code from multiple categories. For example, a MalDoc might drop to disk a keylogger and a dropper, then the dropper may later pull down some ransomware or a rootkit. The best list of malware types I’ve seen comes from Crowdstike. I’ve copied Crowdstrike’s list and made a few additions of my own.
| Type | Description | Examples |
|---|---|---|
| Ransomware | disables victim’s access to data until ransom is paid | RYUK |
| Fileless Malware | uses files and functions that are native to the OS | Astaroth |
| Spyware | collects user activity data without their knowledge | DarkHotel |
| Adware | serves unwanted advertisements | Fireball |
| Trojans | disguises itself as desirable code | Emotet |
| Worms | spreads through a network by replicating itself | Stuxnet, WannaCry |
| Rootkits | gives hackers remote control of a victim’s device | Zacinlo |
| Keyloggers | monitors users’ keystrokes | Olympic Vision |
| Bots | launches a broad flood of attacks | Echobot, Emotet |
| Mobile Malware | infects mobile devices | Triada |
| Dropper | code that downloads other malicious code | OnionDuke |
| MalDoc | malicious documents like Word or PDFs that are effective at bypassing anti-virus detection and can act as a Dropper to download more malicious code | Epic Manchego |
| Malvertising | the incorporating of malicious code in online advertisements | Malsmoke |
| PUA/PUP | Potentially Unwanted Applications that include additional malicious code |
Spam & Phishing is a type of social engineering attack, rather than a type of malware. But is one of the most common methods of getting a user to unknowingly run one the above types of malware.
To help protect yourself it is vitally important to 1. PATCH and 2. DON’T CLINK STRANGE LINK’S