- Trojan or Trojan horse: True to its namesake, a Trojan masquerades as a benign virus until it’s activated when it’s revealed to be a malicious one. Unlike viruses, Trojans don’t self-replicate.
What’s the result of a successful Trojan infection? Trojans actively undermine the victim’s system, frequently establishing vulnerabilities that the attacker can exploit, such as opening a high-numbered port that would allow an attacker to listen in on the victim and gain access to the victim’s system.29
Several results of a Trojan infection include the following examples:
Keyloggers monitoring the victim’s activity and helping the attacker steal the victim’s passwords, credit card numbers, or similar private information
Gaining control of the victim’s webcam to monitor or record video of them
Taking screen shots of the victim’s computer activity
Using the victim’s computer to forward Trojans and other viruses and malware to vulnerable computers on the victim’s network
Formatting the victim’s storage devices
Stealing, encrypting, deleting or otherwise manipulating files and file systems on the victim’s computer
Some of the most common types of Trojans include the following examples:
A backdoor Trojan creates a backdoor vulnerability in the victim’s system that allows the attacker to gain remote control over the victim’s infected computer, giving the attacker almost total control over the victim’s system.30
What’s the result of a successful backdoor Trojan infection? This Trojan is frequently used to link up a group of victims’ computers into a botnet or zombie network that can then be used for cybercrime.
Attackers use this Trojan to download from the internet and install other Trojans and viruses, and hide malicious programs.
What’s scary about a downloader Trojan? Some antivirus programs are unable to scan all the components within this Trojan.Infostealer Trojan:
This Trojan tries to steal private information from the victim’s computer and aggregate as much of it as possible. After the Infostealer collects the victim’s private information, it forwards it back to the attacker.
What’s scary about an infostealer Trojan? Infostealer Trojans often use keylogging to gather email passwords, bank account information, credit card numbers, and similar private information from the victim.31
Remote access Trojan (RAT):
Not to be confused with a remote administration tool, it’s a program with both legitimate and malicious applications. A RAT has a backdoor that gives the attacker administrative control over the victim’s computer. RATs are secretly downloaded along with a game or other user-requested program or as part of an email attachment.
After the victim’s computer is infected, the attacker may use it to spread the RAT to other computers on the network and create a botnet or zombie network.
What’s scary about a RAT? RATs don’t usually display in a computer’s list of running programs and tasks. This ability makes them difficult for antivirus software to detect.
This issue is exacerbated because, once a system is infected, the attacker can often hide any change in the victim’s system’s resources and performance, preventing any system alerts from occurring.32
This Trojan works to syphon private or other information from the victim’s computer back to the attacker. While this information is often like a victim’s passwords or credit card numbers, it can also be less malicious.
Data-sending Trojans can also aggregate information about a victim’s internet activity for relevant ads looking to target the user. A duplicitous version of this Trojan is found with antivirus or anti-malware software ads that inform victims that their computers are infected with a Trojan.
For example, “Your computer is infected with a virus. For $19.99, Trojan Buster, Inc. can remove it.” These ads are boosted by the data-sending Trojan for a product that’s meant to remove the virus itself from the victim’s computer.33
Similar to a data-sending Trojan, a Trojan.FakeAV is a program that masquerades as fake security status on the victim’s computer. This Trojan displays fake computer scans and alert messages of a non-existing malware or virus infection or similar security issues and prompts the victim to purchase its recommended antivirus product as a solution.
Trojan.FakeAVs can be installed by downloader Trojans or other malware. EnigmaSoft argues that one vendor is probably responsible for 80 percent of all misleading applications, and that most of these applications are cloned or reskinned to appear different but perform as they had previously.34
True to its name, a destructive Trojan is designed to destroy or delete files and not steal information. Destructive Trojans don’t replicate themselves.
What’s scary about a destructive Trojan? They’re usually programmed to perform like a logic bomb and attack the victim’s computer. After a system is infected, a destructive Trojan begins arbitrarily deleting files, folders and registry entries, which can cause OS failure.35
As its name implies, proxy Trojans hijack their victim’s computer, converting it into a proxy server, part of a botnet. Similar to a RAT, the proxy Trojan is secretly downloaded along with a legitimate download or attachment or is disguised as a legitimate software download or attachment.36
Similar to a data-sending Trojan, the Trojan-GameThief is a Trojan that steals its victim’s user account information, the information used for online games, and then transmit it back to the attacker.37
Similar to ransomware, this Trojan modifies victims’ computers using encryption or another means that prevents the victims from fully using or accessing their data until the attacker’s ransom has been paid.38
- Logic bomb, slag code or malicious logic:
This malicious software functions similar to a time bomb. A logic bomb remains inactive until it’s triggered at a preprogramed date and time or when certain logical conditions are met.
Once triggered and activated, the logic bomb damages the victim’s computer using data corruption, file deletion or hard drive clearing. Similar to Trojans, worms and other malware, logic bombs are secretly installed on a victim’s computer using malicious code, and then remain hidden until they’re triggered.
What’s a logic bomb used for? Logic bombs are frequently used by attackers to get revenge on a victim or for cyber sabotage against a victim’s work. Logic bombs can also be used for less malicious means, such as for free software trials that deactivate the program after a predetermined date or amount of time.
What’s scary about a logic bomb? Techopedia notes that former White House counterterrorism expert, Richard Clarke, expressed considerable concern about the vulnerabilities of the United States to logic bombs. Because the US infrastructure relied more on computer networks than other modern countries, a precise series of logic bomb attacks could shut down much of the US urban transit and banking systems.39
How can you prevent a logic bomb attack? In addition to the usual tips for boosting cyber resilience, such as maintaining up-to-date antivirus software and running regular virus scans for all files on your computer, you can also practice the following to protect your enterprise against logic bombs:
Promote regular cybersecurity and cyber resilience training and education.
Ensure that the auto-protect and email screening features are activated.
Individually protect all computers within your networks.
Establish regular recovery points for your systems. This process won’t necessarily protect you from a logic bomb attack, but it will allow you to recover more quickly following an attack.39
A worm is a type of malware that doesn’t attack a host file and replicates itself as it travels across computers and networks and leaves copies of itself in the memory of each computer.
Not every worm causes malicious activity. Some just don’t do anything. A malicious worm’s code is called a payload.
What does a worm target? Attackers will often attempt to infect their victim’s computers by sending worms as email attachments that masquerade as though they’re from trusted senders, tricking their victims into opening or downloading them and activating the worm.
What’s the result of a successful worm infection? Once infected, a worm will attempt to send copies of itself to the contacts listed in the victim’s email account and address book. Worm infection can result in overloading email servers and denial-of-service attacks against the network’s nodes and other malicious activities.40
Stuxnet: Arguably the most famous or infamous computer worm, Stuxnet was discovered by two Iranian security researchers in July of 2010. A weapon of cyber warfare and an intricately complex worm, research eventually concluded that Stuxnet was attacking an Iranian power plan to sabotage the Iranian production of a nuclear weapon.41
- Dropper or virus dropper:
What does a dropper target? A relatively new type of malware, droppers are programs that contain viruses meant to harm their victim’s computer. Droppers launch viruses by “dropping” or installing them onto their victim’s computer. They’re often hidden within downloads or malicious email attachments that appear to be from a trusted sender.
What’s the result of a successful dropper infection? After hiding themselves within their victim’s computer or directory, droppers launch the payload that was contained within them. Dropper viruses are often Trojans and virus installation happens in the form of the payload. A dropper’s payload can cause its victim’s computers to suffer performance issues like slowdown. Droppers can also be used to aggregate and steal private information.
What’s scary about a dropper? Because they don’t necessarily contain malicious code, droppers can be difficult for antivirus software to detect and isolate. Sophisticated droppers can connect to the web to receive updates against antivirus software to help them avoid detection.
How can you prevent a dropper infection? In addition to general cyber resilience practices, anti-spyware software is considered to be the most effective tool for dropper detection and removal.42
- Ransomware, crypto virus, crypto Trojan or crypto worm:
Malicious email attachments, infected software downloads and visiting malicious websites or clicking malicious links are how most computers get infected with ransomware. Some malicious applications can masquerade as the police or a government agency, claim that a victim’s system is locked down for security reasons and that a fee or fine is required for them to regain access to it.
What does ransomware target? This malware infects a victim’s computer or system and locks or otherwise limits access to that computer or system until a ransom is paid to relinquish the attacker’s control over it.
What’s the result of a successful ransomware infection? More sophisticated ransomware uses encryption for crypto-viral extortion, encrypting the victim’s files so that it’s impossible for them to recover them with the correct decryption key. The ransomware then sends the victim pop-up windows prompting the victim to pay a ransom to get full access to the victim’s computer.43
Ransomware attacks against governments worldwide:
As of the end of October 2019, CNN reports that there have been 140 ransomware attacks that targeted state and local branches of the US government, including attacks on government offices, hospitals and healthcare providers.
The US isn’t alone when it comes to ransomware attacks. Small and large governments around the world are falling victim to ransomware attacks.
The ensuing paralysis halts government functions and services, such as the distribution of water and power utilities or the ability of residents to pay their bills. In some cases, hospitals were unable to admit new patients and struggled to deal with the existing patients in their care.44
RobbinHood: This infamous ransomware was responsible for attacks on and damage to the following US cities:
Atlanta, GA, March 2018
Baltimore, MD, May 2019
Greenville, NC, April 201945
- Adware, freeware or pitchware:
Adware is commonly used in web-based marketing online as advertising banners that display while a program is running, such as pop-ups. Adware can be downloaded automatically to your computer without your permission while you are browsing online.
There are generally two categories of adware:
Legitimate, which offers free or trial versions of products
Spyware that compromises users’ privacy and tracks their website history and preferences
Blurring the line between these categories, some adware can appear legitimate but use spyware to collect search data from a victim’s browser for targeted, user-specific advertisements.
How can you prevent getting adware or remove it?
Licensed anti-adware software is often better at removing adware from a computer than unlicensed versions.
Some antivirus programs have packages that include anti-adware software.46
If you use peer-to-peer (PTP) file sharing software, then you’re at greater risk of getting spyware or a virus on your computer. Cookies and spyware can appear similar to your computer.
What does spyware target? Similar to how adware functions, spyware is infiltration software that monitors unsuspecting victims and collects information about them, their computers, and what sites they visit.
Victims often get spyware by installing a free online software that has spyware bundled with it or by clicking on a malicious link.
What’s the result of a successful spyware infiltration? Spyware discretely tracks user activity, including the user’s private information, and forwards it to a remote location or back to its creator. Spyware can download and install other malicious programs onto its victim’s computer.
How can you prevent a spyware infection? Updated anti-spyware software is a good tool for detecting and removing spyware from your computer. Just be aware that antivirus software isn’t always able to detect spyware, especially if it's very new spyware.47