Malware Types

Daniel Kasprzyk
7 min readJul 5, 2021

--

One thing that’s very popular is for people to call any sort of malicious program a “virus” when there’s much more to them than that. The name malware comes from the words malicious and software being mixed together thus creating malicious software. It comes in many different forms with each one being specialized for a certain task so lets explore them.

The first piece of malware on the list is the one that everyone refers to when something goes wrong. Viruses work pretty similarly to real life viruses in that they wreck havok and replicate themselves to achieve total chaos. Their main purpose is destroying anything they can reach which results in a lot of errors as the computer breaks down.

Viruses will try to copy themselves everywhere they can and then cause their damage. This makes them very difficult to remove as they will always lurk somewhere in the corner of a computer. An antivirus can be used to quickly detect them before they execute themselves. Running programs as a less privlidged user can also offer protection as the virus won’t be able to execute itself in the system directories.

Trojan

Named after the Trojan horse used by the Greeks to hide its soldiers and enter the city of Troy, Trojans behave very similarly in that they act as one thing but hide something far more mischievous within them. Their goal is to enter your computer by tricking you into believing you have downloaded something (such as the Windows repair shown above) when in fact you may have got what you wanted but with additional malicious code inside.

Trojans will work stealthily to infect your systems, often trying to go un-noticed to avoid suspicion. The best defense against this malware type is to be careful with the files you download as they may look ok on the outside but inside their contents might be more that what you’ve asked for.

RAT

Up next is an extension to the Trojan, the RAT which stands for Remote Access Trojan. As you might have guessed, this allows an attacker remote access into a machine after which they have owned you and can do whatever they want to. This can go quite far as malicious actors can take screenshots, manipulate files or even spy on you with your webcam.

RATs will often work when you’re not watching them to avoid detection. They do however require a network connection for the remote actions to be sent to the victim which can mean you can shut the attacker out by disconnecting from the internet but more likely than not, there are probably backdoors already planted on your system to easily sneak back in.

Ransomware

Another very destructive piece of malware is ransomware. Once executed, ransomware will typically encrypt all your personal files after which it will demand a ransom payment (usually done in Bitcoin for anonymity) to give you the decryption key. If you’ve been hit with this malware, NEVER pay the ransom and instead try to revert to a backup if you have one otherwise criminals keep on making money which motivates them to continue.

Some ransomwares will encrypt the entire drive or system files however doing so means the victim would be unable to make the payment which is why those are not so common as their only job would be to lock down an entire computer for pure destruction. Recently ransomwares have been rising in popularity as they allow criminals to profit from the attacks that they put out.

Rootkit

One of, if not the most powerful malware type on this list is the rootkit. The name stems from root which can mean the most privlidges user of the computer or the low level parts of the OS and kit referring to a set of tools. Once you’re infected with a rootkit, you’re gonna have a really tough time trying to remove it due to the fact that it will posses adminstrative user rights (which allow it to do whatever it wants) and because it will lay deep inside your computer along your regular system files which depends on the ring it sits in ring 0 being the kernel (most privlidged) and ring 3 being applications (least privlidged).

Surely I can just factory reset and it’ll be as good as new I hear you say? Sadly not, rootkits are very smart pieces of malware made to survive any type of removal. In many cases you may have to wipe the entire drive clean and install or reflash the operating system just to be sure you’re safe from one.

Worm

The name of this malware comes from the way it spreads itself across computers. It infects other devices by worming into them through the network and then repeating the same action to reach as many computers as it can. This is exactly what the Wannacry ransomware did to impact so many NHS computers due to the fact they were all networked together and contained vulnerabilities the worm exploited.

Protecting yourself from a worm attack can be done by making sure everthing is up to date as this makes your devices more secure and lowers the chance of an attack happening. Firewalls should also be in place to prevent any connections that shouldn’t be taking place such as an open port that a worm can get inside.

Adware

Probably the least dangerous malware on this list is adware. As the name suggests, this is software designed to deliver advertisements to any unfortunate victim that may become infected (I’ve dealt with adware in the past and it definately wasn’t pleasant). Adware will simply create pop up ads on your device whenever it wants to which then generates revenue for whoever’s responsible for spreading it.

Adware typically isn’t much of a threat itself as it can be stopped in action by disabling your network connection however the more reasonable solution is to remove it by uninstalling the adware. This shouldn’t be a tough task as adware has weak protection unless it has been unleashed by something else such as a rootkit.

Spyware

We’ve arrived at the most privacy invasive piece of malware, spyware. It does exactly what is says in the name which can be done in many ways such as keyloggers, recording your screen, camera or audio and even peeking into anything that may come in use like passwords. This malware will also stay very quiet to avoid being detected by the user as this would blow its cover.

A few things that can be done to detect spyware is checking for connections that could suggest it is communicating with something for information exfiltration. Files could also be found on the system where your information is stored however this is unlikely. The best solutions would be to either use an antivirus to detect such malware or reverting to a backup.

Botnet

The last piece of malware on this list is the botnet which stands for a network of robots. When a device is infected with this malware, it becomes a robot (or zombie) which is then joined to a network of other infected devices. These bots then listen to whatever the command & control server tells them to do.

Once your device becomes a zombie on the network, it can be used to launch many criminal campaigns such as causing distributed denial of service attacks and sending spam content. An obvious sign of a botnet instrusion is that your internet will become unusually slow and will be transmitting a lot of traffic that will congest the network.

Those were all the major types of malware that you may come across on the internet. So long as you remain vigilant, you should be able to avoid them all quite easily however an antivirus can also be a good backup in case something slips through and remember, not every malicious file is a virus!

--

--