What is Malware?

Cyber_00011011 · January 28, 2021

(Estimated Reading Time: 8 minutes)

Malware Definition

Malware is any software intentionally designed to cause damage. (source is wikipedia)

Who Creates Malware

Anyone….With easy access to information on the internet and samples easy to come by really anyone can create malware and easily target anyone in the world given the global connectivity of the internet. Usually, malware authors or grouped into a category by their skill level.

Name Skills Description
Script Kiddie Beginner Students or other folks looking to learn and maybe prove themselves
Organized Crime Moderate to Advanced Individuals or groups with skills and usually motivated by making money
Nation State Advanced, Cutting Edge Highly skilled and well funded national groups which gain unauthorized access to a computer and remains undetected for an extended period

The term APT or Advanced Persistance Threat is used to refer mainly to Nation States but more recently can also include well funded organized crime groups conducting large scale intrusions. Mitre has probably the best searchable catelog of APT groups. As of this blog posting Mitre is tracking 110 APT Groups.

Types of Malware

There are many types of malicious software and very often a given sample of malware will contain pieces of code from multiple categories. For example, a MalDoc might drop to disk a keylogger and a dropper, then the dropper may later pull down some ransomware or a rootkit. The best list of malware types I’ve seen comes from Crowdstike. I’ve copied Crowdstrike’s list and made a few additions of my own.

Type Description Examples
Ransomware disables victim’s access to data until ransom is paid RYUK
Fileless Malware uses files and functions that are native to the OS Astaroth
Spyware collects user activity data without their knowledge DarkHotel
Adware serves unwanted advertisements Fireball
Trojans disguises itself as desirable code Emotet
Worms spreads through a network by replicating itself Stuxnet, WannaCry
Rootkits gives hackers remote control of a victim’s device Zacinlo
Keyloggers monitors users’ keystrokes Olympic Vision
Bots launches a broad flood of attacks Echobot, Emotet
Mobile Malware infects mobile devices Triada
Dropper code that downloads other malicious code OnionDuke
MalDoc malicious documents like Word or PDFs that are effective at bypassing anti-virus detection and can act as a Dropper to download more malicious code Epic Manchego
Malvertising the incorporating of malicious code in online advertisements Malsmoke
PUA/PUP Potentially Unwanted Applications that include additional malicious code  

Spam & Phishing is a type of social engineering attack, rather than a type of malware. But is one of the most common methods of getting a user to unknowingly run one the above types of malware.

To help protect yourself it is vitally important to 1. PATCH and 2. DON’T CLINK STRANGE LINK’S

Twitter, Facebook