Decades after the invention of the Internet, human kind has come to accept evolution as an unavoidable happening. As minds evolve, so does technology. And while we’re at that, cybersecurity is pretty much obliged to maintain itself at the very forefront of this phenomenon in order to keep up the pace with the mutations arising from the cyber-criminal world.
That being said, not only have computer viruses gotten stronger, but they’ve also gotten more and more complex. And with this unwavering malware evolution, terminology was bound to catch up. Or at least try to do so.
Only last year, the total number of active malware detected went up to 230,000 unique samples /day (according to Panda Security), with an increase of 43% compared to the same period in 2014. Obviously, cyber-experts didn’t come up with new names for all of them.
Instead, they’ve gathered all malicious software under one single umbrella term – malware, with a handful of sub-terms ranging from your average virus to the infamous ransomware. As such, whereas malware typology is not all that rich, some of these sub-terms may explain how a malware is distributed or installed, while some focus only on the actions it performs.
Press articles often try to simplify reading and, as a result, don’t always go that much into detail when illustrating a new cyber-attack to the broad public. That being said, we thought it might be helpful to write a post on this exact topic and demystify malware typology.
Because, whereas we might not all be cybersecurity prodigies, understanding more about the threats on our machines can help us better protect ourselves. Without further ado, we give to you our very own Malware Dictionary.
A is for Adware
This is perhaps one of the mildest of all malicious threats we encounter on the Internet. Adware is a malware that, as the name would have it, pollutes users with unrequested advertising. Over the course of our digital lives, we’ve all stumbled upon the notorious pop-up window that just refuses to close. Whereas this is its most common form, adware can also be distributed along with free software and/or browser toolbars. While it may sometimes be used with the aim of collecting user data in order to push targeted advertising campaigns, this type of malware can also contain or be classified as spyware (see below I is for ISM).
B is for Backdoor
The term ‘backdoor’ is pretty much self-explanatory. It refers to a state of established access within an information system, all the while staying under the radar. A backdoor enables hackers to remotely connect onto the victim’s computer and take over control. Although the line between a backdoor and a network vulnerability can be quite fine, the two are not to be confused – a backdoor is created (remember the FBiOS?), while a vulnerability has always been there (thanks for sharing, NSA). This particular threat category provides a network connection for hackers to take advantage of in many and various ways.
B is also for Botnet
As we’ve already covered in a previous article, several connected bots form a botnet, a network made entirely out of remote controlled zombie computers, all coordinated by a C&C Zombie-Master server. While this army of undead machines can be used to send out spam, it can also be deployed to take down entire servers, by flooding them, among others, with a huge amount of simultaneous connections (your typical DDoS attack).
C is for Cryptolocker
Given the hype created around cryptolocker this year, we might think a definition isn’t really necessary. But, for the sake of it, here goes. First of all, one has to know that this type of malware is a subcategory of the ransomware family, the blanket term for all malware which may prevent a user from accessing his/her computer or files. Taking its name from the first of its kind, cryptolockers nowadays follow the exact same pattern as the original one, starting with the encryption of the files taken hostage. And, unfortunately, we all know how the rest of story goes: in exchange for regaining access to one’s beloved data, one does not just simply ignore the ransom.
D is for Downloader
A downloader malware is a malicious programme used to download other malicious pieces of code on the infected workstation. In theory, this doesn’t sound that bad: a bunch of software just waiting around to strike when the moment’s right. If you’ve read our previous article which talks about the core modules of Project Sauron, then you probably know that this stepping-stone is, in fact, a killing one.
H is for Hijacker
Browser hijackers are made of malicious code developed especially in order to take control of your browser settings. It is distributed very much the same way as adware – after installing free software or browser toolbars. The result? You may notice that your homepage or your standard search provider was switched, for example. What you may not notice right away is that some hijackers can also mess around with your browser’s proxy settings. Online safety compromised.
I is for ISM…
…or Information Stealing Malware. Just another fancy name for spyware, this category describes all malware developed to unlawfully recover sensitive user data (such as your banking details and other personal information). It accounts for no more and no less that 5% of the malware surge. But since stealing for the fun of it is not really that profitable, this data then ends up for sale on the Dark Web (see Operation Ghoul and the HawkEye malware).
K is for Keyloggers
One of the fascinating traits of the HawkEye malware is its ability to trace a user’s keystrokes. This alone was reason enough for us to create a separate category for this refined type of spyware – the keylogger. Able to retrieve basically everything you might type using your keyboard, from passwords to personal conversations, keylogger is a fairly powerful malicious software. When there’s no need to crack password hashes, we should think so.
L is for Launcher
A launcher goes hand in hand with a downloader malware. While the downloader recovers the malicious piece of code, the launcher software uses advanced stealthy methods in order to launch it on the target machine. What a pair, right?
P is for Phishing
You all know by now that traditional phishing attacks usually consist in sending spam emails to a large public. What you might have failed to take notice of is that there are types of malware out there that can be used to infect a machine, enroll it into their bot network, with precise instructions to send out malicious emails (see B is also for Botnet). This type of malicious software is usually a part of a botnet under the control of a C&C server, one programmed to function as a distributed spam sending network. This phishing malware then fools its victims by posing as trustworthy sources using the newly spoofed email addresses.
R is for Rootkit
A root kit is a very dangerous type of software that allows its owner to gain root privileges on the targeted machine. It is then capable of – among other things – concealing its presence entirely. As such, a rootkit is almost impossible to detect, as it digs deep into the lower levels of your machine, next to the kernel.
S is for Scareware
A scareware is a malware that preys on people’s weaknesses, blackmailing users with content it might find on the targeted machines. As opposed to being afraid of losing their data (see C is for Cryptolocker), the victims of a scareware fear their data being exposed. The added ‘bonus’ here? A scareware will employ tactics which strongly embarrass the victim and prevent him/her from escalating the issue to a system administrator.
T is for Trojan (horse)
A Trojan horse is one of those malware that would probably win an Oscar for its performance (if you’re even the slightest into Greek mythology, then you’ve probably already got the hint). It’s also the most widely spread cyber-threat (71% of all IT security incidents are Trojans). Basically, what it does is that it acts as something you might need to install/launch on your machine. A Trojan presents itself as an ordinary application or so it would seem, since it also contains a malicious payload. Once launched, this particular cyber-threat is used to… oh well, it’s all depends on the hacker’s imagination. It can steal your information, establish a backdoor, escalate privileges, launch other types of malware and even turn your machine into a zombie-bot.
V is for Virus
Viruses accounts for over 10% of the entire cyber-threat pallete. A virus is a malicious software capable of spreading from one computer to another by associating itself to existing programs, script files or documents. It then replicates itself when the vector in use is launched by the user. The end goal? Let’s just say it takes after the Trojan horse in this department.
W is for Worm
A worm’s modus operandi is very much alike to that of a computer virus. The main difference here is that, on top of stealing data and/or turning your computer into a member of the botnet sect, worms will also attempt to ‘eat’ the information on the host machine. Although classified into the viral family, a worm can do increasingly more damage as it does not rely on human interaction to self-replicate.
So our dictionary might be missing a few letters. New ones will probably be added in the years to come because, guess what, the malware revolution is not over. With attacks increasing in sophistication, we urge enterprises everywhere to stay alert and reinforce their systems and security solutions. Businesses need to be able to speak fluently the cybersecurity language in order to not fail the ultimate spelling exam.
(About the author: Cristina Ion is a community manager at Reveelium Inc. a subsidiary of ITrust. This post originally appeared on her blog, which can be viewed here)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access