By 
One of the most common cyber threats out there is represented by malware.
What is Malware
Malware a general term used for describing ‘malicious software‘, hence the mal+ware. Essentially the software that penetrates a system without authorization. We can further sort them depending on their code, plan of action and evasive methods.
One way or the other, we all encountered malware in our digital world, and it was a common occurrence even when access to the internet was limited or not available, and usually people would share files using Floppy Disks or CD / DVDs.
If recognised, the proto-malware of the early days of the internet is patched and ‘remember’ by the defensive software. Just like a human body that was infected and if the same pathogen tries to infect you again, memory cells quickly mobilize, producing the right antibodies to combat the infection more efficiently than before.
New variants are constantly arriving, and even old infectious software is emerging and attacking any unprotected device.
Malicious software includes Viruses, Trojans, Adware, Ransomware, Spyware and the list continues. Some malware can encompass multiple components. As an example with EagleSpy 3, that could primarily function as a Trojan, while also features keylogging capabilities, having ransomware features to encrypt user files and demand payment, and the ability to self-replicate and spread across networks like a worm. Now it can get a bit complicated.
Classifying Malware By Nature of Code
While viruses and worms are commonly recognized for their replication and spread, there are also worth mentioning fileless malware, rootkits, and logic bombs. Each of these have distinct operational tactics. In upcoming guides, we’ll go deeper into the intricacies of these malware types, exploring their mechanisms and what defensive strategies we need to plan for them.
Virus Malware
Virus malware is the classic threat in the digital world, designed to infect, replicate, and spread to other files. It attaches itself to clean files and it can spread uncontrollably, damaging a system’s core functionality and deleting or corrupting files. The adaptability and diversity of viruses make them a persistent threat, with new variants constantly emerging to exploit vulnerabilities in software.
Worm Malware
Worm malware shares similarities with viruses in its ability to replicate and spread, but it can do so autonomously, without the need for human interaction or by ‘replicating’ from file to file. Worms topically exploit vulnerabilities in software or operating systems to spread across networks, making them particularly effective at rapidly infecting a large number of devices.
The damage inflicted by worms can vary, from consuming bandwidth and slowing down networks. This slow down usually is an after effect of the worm carrying malicious payload that enables remote control or data theft.
I can still recall my first computer infected with a Worm on my computer 20 years ago. It was intriguing to observe the gradual degradation of the system to see how the computer starts to operate slower and slower up to a point of no resources available for the system to apply basic computation or movement of the mouse. The only solution then was a full system format.
The impact of worms is ranging, from consuming bandwidth to diminishing network speeds. Often, this slowdown is a secondary consequence of the worm delivering a malicious payload that facilitates unauthorized access.
Classifying Malware By Behavioral Patterns
Just as viruses and worms are recognized for how they replicate, other malware types like Trojans, adware, and spyware exhibit unique behavioral signatures. These signatures dictates their interactions with systems.
Trojan
Trojans are designed to appear as legitimate software, deceiving users into installing it under the disguise of legitimate software. This malware is particularly dangerous because they rely also on social engineering to deceive users, bypassing many traditional security measures by leveraging the user’s trust.
Ransomware
Ransomware is characterized by its ability to encrypt files or lock users out of their systems. Attackers then demand a ransom, typically in cryptocurrency, for the decryption key. The impact of ransomware can vary deepening on the data it holds ‘hostage’.
Adware
Adware, while often perceived as a lesser threat, is still a type of malware I really do not want to see in my devices.
This type of malware inject the user’s device with unsolicited advertisements. Also, it’s not really a lesser thread because some adware also tracks user activity and gathers personal information.
Spyware
Spyware is designed observe the user’s activities and collect personal information.
Cryptojacking
A malware that hijacks the victim’s computing resources to mine cryptocurrency without their consent. This stealthy form of malware operates in the background, using the processing power of infected computers, servers, and even mobile devices.
This is harder to detect or assess whenever it’s cyrptojacking or different malware such as a Worm, because the symptoms might include noticeable slowdowns in performance, and overheating of devices.
In some fun way I often joke that this is truly the lesser of the evils. But, as always with malware, you rarely get something that only performs one specific task, usually multiple capabilities are present with cryptojacking, either hijacking data, or even preparing the system for further malicious code injection.
Classifying By Method of Evasion
Botnets
A networks of infected devices, known as “bots” that are commanded remotely by attackers. These networks can be then used for a variety of malicious activities, such as launching Distributed Denial of Service (DDoS) attacks, sending spam emails, or conducting large-scale fraud schemes.
This is a potentially scary one because with multiple devices being part of the bot network, you can rarely take them down completely. Additionally, if your devices fall prey to such a network, they would unknowingly become accomplices in executing harmful operations.
Polymorphic Malware
The all mentioned malware types can manifest as polymorphic. Polymorphic malware is unique because it can change its pattern with each infection, evading traditional detection methods and requiring more advanced security solutions.
Metamorphic Malware
Unlike polymorphic variants that change their appearance while keeping the malicious code intact, metamorphic malware can rewrite its own code entirely with each new infection, effectively creating a completely new version of itself. This transformation makes it even more challenging to detect, or to create a immunisation pattern against it.
In Closing
While no two malware threats are identical, categorizing the key types is an essential first step in understanding what tools the attackers might use in their various schemes.
Everything we do online can and will leave traces, and it’s impossible to know exactly how many attackers are out there, casting their nets in hopes of catching unsuspecting users.
Cybersecurity Advice
Adopting a multi-layered approach to security is beneficial. Here are some basic tips:
- Antivirus and Firewalls. The foundation of device security.
- Conscious Web Exploration. Be aware of what you click and where you browse.
- Multi-Factor Authentication. An extra layer for securing essential accounts.
- Complex Passwords: Create strong passwords that are hard to break, never reuse, never use simple passwords even for unimportant accounts.
- Password Managers: Use them to keep track of your passwords securely.
- Multiple Email Accounts: Use different emails for signing up on websites versus personal or business communication. Keep your primary email extra protected.
- Backup plan: Have a ‘teoretical’ plan for when you get hacked. This includes multiple backups on several devices for critical files, having restore keys for essential accounts and authenticator apps.
As always, stay safe!