Malware Categories

I will describe various malware types here briefly. I won’t go into much detail here I will explain each type in detail when we will analyze that. Let me clear one thing first today’s malware cannot be strictly categorized in one category as they have characteristics of more than one type. Malware is usually categorized based its capabilities and modern malware is hybrid malware that is designed to do multiple functions such as stealing data, providing backdoor access, infecting files, etc. The categories are merely created for classifying malware its not mandatory to spend much time on categorizing malware it’s just for convenience.

There are many categories of malware but I will cover only the popular and common one’s.

So don’t wasting time here are various types of malware:

Trojan

Trojan or Trojan horse name came from ancient Greek history, Trojan horse allowed an army to sneak into highly guarded gate.

This is most common type of malware. Every malware that tries to disguise itself as legitimate software can be categorized as Trojan. A sophisticated Trojan horse can look and even perform like legitimate software but in the background without user’s knowledge it can do its nasty activity. For example, when you visit a site to download pirated movie it can ask you to download latest flash player to play the movie when you download player it may have player installer icon and may also download and install latest flash player which usually is not the case. But in the background it downloads and installed other malwares or steals user’s passwords.

Backdoor

Backdoor as the name implies is a program that provides backdoor access to attacker. Once attacker compromises a system he usually installs one or more backdoors to ensure future access to system. It’s a tool that allows attacker to bypass normal security measures and gain access to system whenever he wants.

Rootkit

Rootkit name came from UNIX root is used to represent account at has access to all commands in short administrator account and kit means bundle of software. 

Rootkit is stealthy software designed to conceal presence of itself and other components on the system. It can hide presence of file on file system, registry keys, running processes, etc. depending upon its design. Rootkits alter the execution flow of OS or manipulate its data set that OS uses to accomplish its task. Most of the times rootkit functionality is used by malware but it can also be used by legitimate software’s.

Bootkit

Bootkit is very similar to rootkit in functionality. Primary difference between rootkit and Bootkit is that Bootkit starts early in booting process of system even before Operating system’s critical components. Bootkit modifies MBR (Master Boot Record) or VBR (Volume Boot Record) of system to ensure its startup.

Virus

Virus or file infector is a malware that has the capability to infect other files and replicate itself on system or shares. Virus requires human intervention to propagate. Virus can be divided into many categories such as Appender, Prepender, Cavity, etc. we will discuss in detail later. Some viruses even overwrite and destroy files. But modern viruses do not corrupt or destroy files and try to stay hidden as long as possible. First virus named BRAIN was Written in January 1986 by two brothers, Basit Farooq Alvi and Amjad Farooq Alvi, from Lahore, Pakistan.

Worm

Worm is capable of replicating across the network using shares, e-mails, removable media, or internet using exploits. Unlike Virus Worm does not require human intervention for replication they can replicate on their own. When it infects a machine it scans other vulnerable systems. Its can scan for vulnerable system using various custom algorithms. It can scan a specific range of IP’s or try to generate IP’s for scan using IP of infected system.

Banker

Banker is used to steal users banking credentials or automatically do fraudulent transactions from user side. As the primary motive of today’s malware writers is to earn money Bankers are quite popular among cybercriminals. Banker can target specific bank websites. It can sit in background and wait for the user to open that banks website when user opens bank website it starts its activity of capturing user’s banking credentials or modifies webpage in real time to include other fields in website and ask for additional information, user does to know and thinks legitimate bank website is asking for information and fills asked information.

Key-logger

As the name implies key logger logs keyboard input it can incept every keyword typed by user and sophisticated keyloggers can also log in which application or window user typed that text, they can also differentiate usernames and passwords and after capturing information they send this information to attacker after regular intervals.

Spyware

Used spy on users activity. Can take screenshot of user activity or may be able to record video. These can log visited site, opened documents, played videos, etc.

Scareware

These scare the user and make him/her to pay money to attacker or do something else. Fake security software and Ransomware come in this category.

Rogue Software

 Fake security software displays fake warnings about viruses or errors in users system and asks for registry it to clean those threats. Sometimes users pay them and they just say threats cleaned but there were no threats ever except that rogue software.

Ransomware/WinLocker

These are nasty ones; these lock the user out of system and ask ransom to unlock system. Sometimes they even encrypt files or just say files are encrypted but don’t actually encrypt files. Sometimes they pose to be FBI or Other Police of some country and say illegal/Porn content found on your system and ask to pay fine to unlock system. They may say that files will be deleted within some short time and ask to pay ransom within that time to scare user even more. Most of the times users having critical data fall for their trick pay ransom.

Hoax

Hoax is not actually a malware it does not do any nasty malicious activity it just fools the user to pay money to attacker. Attacker wraps already freely available software in his installer when user tries to install using that install that installer asks user to send SMS to premium number or pay money to attacker to complete the install. Sometimes unaware users pay for already freely available software.

Adware

Probably you have already guessed Adware’s display ads on users system. They can display ads in notification area, as popups or insert ads on websites visited by user and user thinks ads are displayed on website he/she visited. And the profit of these ads goes to attacker.

Botnet

It’s similar to backdoor but it allows attacker to control large number of computer from single point known as Command and control server. Infected systems are known as bots or zombies and network of the systems is called botnet. When system is infected it contacts Mothership/CnC server to get commands. Attacker gives commands using CnC and commands are issued to all bots. These can be used for DDos’ing(Distributed Denial of Service attacks), for stealing information, for displaying ads, installing additional malware.