Malware or malware attack or malicious software: The most well-known type of cyber attack, malware is unwanted software that’s installed on a victim’s computer without consent. This software is meant to bring harm to the victim’s computer or the victim, although the effects of the malware may not be immediate. Once installed, malware can hide in the victim’s computer and quietly replicate itself.
What does malware target? Malware usually works to steal private data from a victim, delete the victim’s documents or install other malicious software. It can be used to spy on a victim’s internet traffic or user information or damage the victim’s computer system.
How can you prevent getting malware? Preventing your computer from getting malware is vastly easier to do than to remove malware from your computer once you’ve been infected.
- Ensure that you have supported antivirus and anti-malware software that’s enabled and up to date.
- Use a firewall for additional security, since having security redundancies fosters cyber resilience.
- Regularly establish recovery points, so that if your computer does become infected, can always restart it from that recovery point.
Several of the most common types of malware include the following:
Macro viruses are computer viruses that replace a macro, which is what allows a program to function and sets off an assigned group of actions or commands. After a micro virus has embedded itself into a program, it will hijack the app’s actions or commands, such as those for launching the program when the computer starts up or opening an existing document.
What does a macro virus target? This malware begins by infecting applications within programs, with Microsoft Word and Excel being prominent examples.
What’s the result of a successful macro virus? The macro virus will replicate itself, and gradually infect other parts of the computer. This process leads to permanent damage to the computer, making it unusable, and potential theft of the victim’s private information.
What’s scary about a macro virus?
Not all macro viruses are detectable by antivirus software, though most are.
Word processing programs are especially vulnerable because macro viruses replace prompt commands and macros viruses work to hijack these commands. Therefore, the simple act of opening an existing document can launch a malicious macro virus.
Email attachments, modems, networks and flash drives can be used to spread macro viruses.
A macro virus developed by David Smith in 1999, Melissa came in a Word document that, after it was downloaded, would replicate itself into the victim’s email. Melissa would then send automated messages with copies of the Word document attached to the first addresses in the victim’s contacts list, perpetuating the infection of others as these contacts downloaded the Word document, allowing the infection process to proliferate.
Melissa reportedly affected 1 million computers and caused USD 80 million worth of damages.23
- File infector virus, file infecting virus or file injector virus: One of the most common types of malware
What does a file infector virus target? A file infector virus overwrites existing code or inserts infected code into an executable file (.EXE) and files with .COM extensions. Similar to macro viruses, this malware also infects executable programs, such as word processors, spreadsheet applications and video games. When it’s launched, the file may partially or totally be written over by the file infector virus.
What’s the result of a successful file infector virus?After an infector virus infects a program, it then works to spread itself to other programs on the same computer, and onto other computers on the same network. Some file infector viruses are capable of totally reformatting a hard drive.
What’s scary about a file infector virus?
Macintosh, Windows and UNIX are all operating systems that are vulnerable to infector viruses.
Win32.Sality.BK: This file-infector virus was one of the 10 most common malware infections of 2011 and 2012.24
- System or boot-record infectors:
What does a system infector target? System infector viruses infect the executable code by attaching itself to the following, depending on the storage device:
Master boot record – hard drive
DOS bootsector – diskette or USB thumb drive
Victims of system infectors usually become infected after they receive a storage device that contains the virus. A system boot or reboot triggers a boot disk and if an infected storage device is connected with the system, then the infected device can modify or replace the system’s boot code. The system infector loads and runs itself into the master boot record.
What’s the result of a successful system infector? After the computer has booted and the virus is loaded into memory, the virus can then proliferate and spread to other storage devices and computers on the network.
How common are system infector viruses today? SearchSecurity argues that system infectors and other boot viruses are “less common now as today's devices rely less on physical storage media”.25
Upon infection, the polymorphic virus duplicates itself by creating usable, albeit slightly modified, copies of itself.
What does a polymorphic virus target? This complicated malware affects functions and data types. Polymorphic viruses actively conceal themselves using encryption and decryption. A decryption program begins by decrypting an encrypted polymorphic virus an affiliated mutation engine.
Infection usually proceeds in the following process:
1. The polymorphic virus infects an area of code.
2. The mutation engine creates a decryption routine.
3. The virus encrypts the following:
a. The mutation engine
b. A modified duplicate of the virus containing an algorithm that corresponds with the new decryption routine
4. The mutation engine and virus are attached to new code.
5. Repeat steps 1 through 4.
What’s the result of a successful polymorphic virus? In addition to copying itself and spreading throughout the victim’s computer, polymorphic viruses alter functions and data types. For example, a polymorphic virus could switch the function so that when you press the “A” key, it inputs the letter “D” instead.
What’s scary about a polymorphic virus? Since functions and data types are part of polymorphism and functional programming languages broadly use polymorphism, polymorphic viruses can be created with a broad range of purposes.
Because of how they modify their source code, polymorphic viruses are considerably difficult to detect by scanning. Techopedia argues that to detect polymorphic viruses, [you need] a scanner with strong string detection and the ability to scan different strings is necessary.
Most scanners won’t be able to detect a polymorphic virus unless “brute-force programs [are] written to combat and detect the polymorphic virus with novel variant configurations”.26
Removing a polymorphic virus is more difficult than detecting it. Programmers must rewrite language strings, a process that’s time-consuming, costly and complex.
How can you prevent a polymorphic virus infection? Antivirus software, with the latest updates, definitions and tools like Process Hacker, can often detect polymorphic viruses before an infection when they copy and modify themselves.
Stealth viruses target operating system processes and antivirus or anti-malware detection software, manipulating them so they believe that uninfected areas of a system are infected and infected areas are uninfected. This process helps the malware to remain hidden from the victim’s system.
What’s the result of a successful stealth virus? As the virus spreads, the compromised software isn’t able to detect or remove it. It hides manipulated computer data and similar harmful control functions within system memory.
Stealth viruses can further avoid antivirus detection by using the following types of self-modification:
Code modification: Altering the code and virus signature of each file that it infects
Encryption: Using simple encryption to encrypt data and using a different encryption key for every infected file
What's scary about stealth viruses? Stealth viruses can avoid antivirus software detection by self-copying themselves into files, and partitions, boot sectors and other undetectable places on your computer.
How can you prevent a stealth virus infection? Antivirus software with the latest updates and definitions should be able to detect a stealth virus as it attempts to get to your system.27
Brain: Widely considered to be the first stealth virus, Brain operated on MS-DOS. During the 1980s, it infected 5.25-inch floppy disks and spread itself onto computer systems worldwide.28
- Trojan or Trojan horse: True to its namesake, a Trojan masquerades as a benign virus until it’s activated when it’s revealed to be a malicious one. Unlike viruses, Trojans don’t self-replicate.
What’s the result of a successful Trojan infection? Trojans actively undermine the victim’s system, frequently establishing vulnerabilities that the attacker can exploit, such as opening a high-numbered port that would allow an attacker to listen in on the victim and gain access to the victim’s system.29
Several results of a Trojan infection include the following examples:
Keyloggers monitoring the victim’s activity and helping the attacker steal the victim’s passwords, credit card numbers, or similar private information
Gaining control of the victim’s webcam to monitor or record video of them
Taking screen shots of the victim’s computer activity
Using the victim’s computer to forward Trojans and other viruses and malware to vulnerable computers on the victim’s network
Formatting the victim’s storage devices
Stealing, encrypting, deleting or otherwise manipulating files and file systems on the victim’s computer
Some of the most common types of Trojans include the following examples:
A backdoor Trojan creates a backdoor vulnerability in the victim’s system that allows the attacker to gain remote control over the victim’s infected computer, giving the attacker almost total control over the victim’s system.30
What’s the result of a successful backdoor Trojan infection? This Trojan is frequently used to link up a group of victims’ computers into a botnet or zombie network that can then be used for cybercrime.
Attackers use this Trojan to download from the internet and install other Trojans and viruses, and hide malicious programs.
What’s scary about a downloader Trojan? Some antivirus programs are unable to scan all the components within this Trojan.Infostealer Trojan:
This Trojan tries to steal private information from the victim’s computer and aggregate as much of it as possible. After the Infostealer collects the victim’s private information, it forwards it back to the attacker.
What’s scary about an infostealer Trojan? Infostealer Trojans often use keylogging to gather email passwords, bank account information, credit card numbers, and similar private information from the victim.31
Remote access Trojan (RAT):
Not to be confused with a remote administration tool, it’s a program with both legitimate and malicious applications. A RAT has a backdoor that gives the attacker administrative control over the victim’s computer. RATs are secretly downloaded along with a game or other user-requested program or as part of an email attachment.
After the victim’s computer is infected, the attacker may use it to spread the RAT to other computers on the network and create a botnet or zombie network.
What’s scary about a RAT? RATs don’t usually display in a computer’s list of running programs and tasks. This ability makes them difficult for antivirus software to detect.
This issue is exacerbated because, once a system is infected, the attacker can often hide any change in the victim’s system’s resources and performance, preventing any system alerts from occurring.32
This Trojan works to syphon private or other information from the victim’s computer back to the attacker. While this information is often like a victim’s passwords or credit card numbers, it can also be less malicious.
Data-sending Trojans can also aggregate information about a victim’s internet activity for relevant ads looking to target the user. A duplicitous version of this Trojan is found with antivirus or anti-malware software ads that inform victims that their computers are infected with a Trojan.
For example, “Your computer is infected with a virus. For $19.99, Trojan Buster, Inc. can remove it.” These ads are boosted by the data-sending Trojan for a product that’s meant to remove the virus itself from the victim’s computer.33
Similar to a data-sending Trojan, a Trojan.FakeAV is a program that masquerades as fake security status on the victim’s computer. This Trojan displays fake computer scans and alert messages of a non-existing malware or virus infection or similar security issues and prompts the victim to purchase its recommended antivirus product as a solution.
Trojan.FakeAVs can be installed by downloader Trojans or other malware. EnigmaSoft argues that one vendor is probably responsible for 80 percent of all misleading applications, and that most of these applications are cloned or reskinned to appear different but perform as they had previously.34
True to its name, a destructive Trojan is designed to destroy or delete files and not steal information. Destructive Trojans don’t replicate themselves.
What’s scary about a destructive Trojan? They’re usually programmed to perform like a logic bomb and attack the victim’s computer. After a system is infected, a destructive Trojan begins arbitrarily deleting files, folders and registry entries, which can cause OS failure.35
As its name implies, proxy Trojans hijack their victim’s computer, converting it into a proxy server, part of a botnet. Similar to a RAT, the proxy Trojan is secretly downloaded along with a legitimate download or attachment or is disguised as a legitimate software download or attachment.36
Similar to a data-sending Trojan, the Trojan-GameThief is a Trojan that steals its victim’s user account information, the information used for online games, and then transmit it back to the attacker.37
Similar to ransomware, this Trojan modifies victims’ computers using encryption or another means that prevents the victims from fully using or accessing their data until the attacker’s ransom has been paid.38
- Logic bomb, slag code or malicious logic:
This malicious software functions similar to a time bomb. A logic bomb remains inactive until it’s triggered at a preprogramed date and time or when certain logical conditions are met.
Once triggered and activated, the logic bomb damages the victim’s computer using data corruption, file deletion or hard drive clearing. Similar to Trojans, worms and other malware, logic bombs are secretly installed on a victim’s computer using malicious code, and then remain hidden until they’re triggered.
What’s a logic bomb used for? Logic bombs are frequently used by attackers to get revenge on a victim or for cyber sabotage against a victim’s work. Logic bombs can also be used for less malicious means, such as for free software trials that deactivate the program after a predetermined date or amount of time.
What’s scary about a logic bomb? Techopedia notes that former White House counterterrorism expert, Richard Clarke, expressed considerable concern about the vulnerabilities of the United States to logic bombs. Because the US infrastructure relied more on computer networks than other modern countries, a precise series of logic bomb attacks could shut down much of the US urban transit and banking systems.39
How can you prevent a logic bomb attack? In addition to the usual tips for boosting cyber resilience, such as maintaining up-to-date antivirus software and running regular virus scans for all files on your computer, you can also practice the following to protect your enterprise against logic bombs:
Promote regular cybersecurity and cyber resilience training and education.
Ensure that the auto-protect and email screening features are activated.
Individually protect all computers within your networks.
Establish regular recovery points for your systems. This process won’t necessarily protect you from a logic bomb attack, but it will allow you to recover more quickly following an attack.39
A worm is a type of malware that doesn’t attack a host file and replicates itself as it travels across computers and networks and leaves copies of itself in the memory of each computer.
Not every worm causes malicious activity. Some just don’t do anything. A malicious worm’s code is called a payload.
What does a worm target? Attackers will often attempt to infect their victim’s computers by sending worms as email attachments that masquerade as though they’re from trusted senders, tricking their victims into opening or downloading them and activating the worm.
What’s the result of a successful worm infection? Once infected, a worm will attempt to send copies of itself to the contacts listed in the victim’s email account and address book. Worm infection can result in overloading email servers and denial-of-service attacks against the network’s nodes and other malicious activities.40
Stuxnet: Arguably the most famous or infamous computer worm, Stuxnet was discovered by two Iranian security researchers in July of 2010. A weapon of cyber warfare and an intricately complex worm, research eventually concluded that Stuxnet was attacking an Iranian power plan to sabotage the Iranian production of a nuclear weapon.41
- Dropper or virus dropper:
What does a dropper target? A relatively new type of malware, droppers are programs that contain viruses meant to harm their victim’s computer. Droppers launch viruses by “dropping” or installing them onto their victim’s computer. They’re often hidden within downloads or malicious email attachments that appear to be from a trusted sender.
What’s the result of a successful dropper infection? After hiding themselves within their victim’s computer or directory, droppers launch the payload that was contained within them. Dropper viruses are often Trojans and virus installation happens in the form of the payload. A dropper’s payload can cause its victim’s computers to suffer performance issues like slowdown. Droppers can also be used to aggregate and steal private information.
What’s scary about a dropper? Because they don’t necessarily contain malicious code, droppers can be difficult for antivirus software to detect and isolate. Sophisticated droppers can connect to the web to receive updates against antivirus software to help them avoid detection.
How can you prevent a dropper infection? In addition to general cyber resilience practices, anti-spyware software is considered to be the most effective tool for dropper detection and removal.42
- Ransomware, crypto virus, crypto Trojan or crypto worm:
Malicious email attachments, infected software downloads and visiting malicious websites or clicking malicious links are how most computers get infected with ransomware. Some malicious applications can masquerade as the police or a government agency, claim that a victim’s system is locked down for security reasons and that a fee or fine is required for them to regain access to it.
What does ransomware target? This malware infects a victim’s computer or system and locks or otherwise limits access to that computer or system until a ransom is paid to relinquish the attacker’s control over it.
What’s the result of a successful ransomware infection? More sophisticated ransomware uses encryption for crypto-viral extortion, encrypting the victim’s files so that it’s impossible for them to recover them with the correct decryption key. The ransomware then sends the victim pop-up windows prompting the victim to pay a ransom to get full access to the victim’s computer.43
Ransomware attacks against governments worldwide:
As of the end of October 2019, CNN reports that there have been 140 ransomware attacks that targeted state and local branches of the US government, including attacks on government offices, hospitals and healthcare providers.
The US isn’t alone when it comes to ransomware attacks. Small and large governments around the world are falling victim to ransomware attacks.
The ensuing paralysis halts government functions and services, such as the distribution of water and power utilities or the ability of residents to pay their bills. In some cases, hospitals were unable to admit new patients and struggled to deal with the existing patients in their care.44
RobbinHood: This infamous ransomware was responsible for attacks on and damage to the following US cities:
Atlanta, GA, March 2018
Baltimore, MD, May 2019
Greenville, NC, April 201945
- Adware, freeware or pitchware:
Adware is commonly used in web-based marketing online as advertising banners that display while a program is running, such as pop-ups. Adware can be downloaded automatically to your computer without your permission while you are browsing online.
There are generally two categories of adware:
Legitimate, which offers free or trial versions of products
Spyware that compromises users’ privacy and tracks their website history and preferences
Blurring the line between these categories, some adware can appear legitimate but use spyware to collect search data from a victim’s browser for targeted, user-specific advertisements.
How can you prevent getting adware or remove it?
Licensed anti-adware software is often better at removing adware from a computer than unlicensed versions.
Some antivirus programs have packages that include anti-adware software.46
If you use peer-to-peer (PTP) file sharing software, then you’re at greater risk of getting spyware or a virus on your computer. Cookies and spyware can appear similar to your computer.
What does spyware target? Similar to how adware functions, spyware is infiltration software that monitors unsuspecting victims and collects information about them, their computers, and what sites they visit.
Victims often get spyware by installing a free online software that has spyware bundled with it or by clicking on a malicious link.
What’s the result of a successful spyware infiltration? Spyware discretely tracks user activity, including the user’s private information, and forwards it to a remote location or back to its creator. Spyware can download and install other malicious programs onto its victim’s computer.
How can you prevent a spyware infection? Updated anti-spyware software is a good tool for detecting and removing spyware from your computer. Just be aware that antivirus software isn’t always able to detect spyware, especially if it's very new spyware.47