Different Types of Malware (Part II)

What is malware?

Malware, or malicious software, is an umbrella term that describes any malicious program, code, or software written with the intent of damaging devices, stealing data, and generally causing a mess.

What is a virus?

Virus - A virus is malicious executable code attached to another executable file.

What is a trojan?

Trojan - A Trojan horse is malware that carries out malicious operations under the appearance of a desired operation, such as playing an online game.

What is spyware?

Spyware - Spyware collects information and sends it to a hacker. It is malware designed to spy on you.

What is adware?

Adware - Aggressive advertising software can undermine your security just to serve ads.

What are worms?

Worms - Worms are malware similar to viruses, self-replicating in order to spread to other computers over a network, usually causing harm by destroying data and files.

What are botnets?

Botnets - Botnets are networks of infected computers made to work together under the control of an attacker.

What is a rootkit?

Rootkit - A rootkit is malicious software that allows an unauthorized user to have privileged access to a computer and restricted areas of its software.

What is malicious crypto mining?

Malicious crypto mining - Crypto mining and crypto-jacking are associated with extremely high processor activity that has noticeable side effects.

What is a keylogger?

Keylogger - A keylogger is spyware that secretly logs keystrokes so attackers can get account information, banking and credit card data, usernames, passwords, and other personal information.

What are backdoors?

Backdoors - A backdoor refers to any method by which authorized and unauthorized users can bypass normal security measures and gain high-level user access (root access) on a computer system, network, or software application.

What are exploits?

Exploits - Exploits are malware that takes advantage of bugs and vulnerabilities in a system to allow the creator to take control.

What is ransomware?

Ransomware - Ransomware is malicious software designed to deny access to a computer system or data until a ransom is paid. It typically spreads through phishing emails or by unknowingly visiting infected websites. This kind of malware can lock down computers and files and threaten to erase everything unless payment is made.

What are examples of malware initial infection vectors (IIV)?

Malware can spread through email, instant messaging, removable media, or websites. One challenge during an examination is determining how malware ended up on the system, also referred to as the malware's initial infection vector (IIV). Below are a few examples:

• Dropped - Malware delivered by other malware already on the system, an exploit kit, infected third-party software, or manually by a cyber threat actor.
• Multiple - Malware that currently favors at least two vectors.
• Malspam - Unsolicited emails that either direct users to download malware from malicious websites or trick users into opening malware through an attachment.
• Network - Malware introduced through abuse of legitimate network protocols or tools, such as SMB or remote PowerShell.
• Malvertisement - Malware introduced through malicious advertisements.