What is Malware?
Malware is malicious software or program designed to infiltrate a computer system/network and possible damage it without the user’s knowledge or consent. These malicious program can perform a variety of functions such as stealing and deleting sensitive data, encrypting data, altering and hijacking system core function and monitoring or tracking the user’s activity.
Different Types of malware
while there are many different variations of malware, you are most likely to encounter the following malware types:
| Type | What it does | Real world example |
| Virus | Malicious code that runs on a computer without user’s knowledge and infects the computer when executed | Nimda |
| Worm | Malicious program like a virus, but is able to replicate to itself without user interaction | Stuxnet |
| Trojan | Malicious program that is disguised as piece of harmless or desirable software. | Emotet |
| Ransomware | Malicious program that restricts user’s access to computer data until ransom is received | Wanna cry |
| Spyware | Malware that secretly gathers information about the user without their knowledge | Dark hotel |
| Rootkit | Malware designed to gain admin level control over a system without detection | PDCOMP |
| Adware | Shows advertisement based upon its spying on you | Fireball |
| Bot/Botnet | Collection of compromised computers under the control of hacker | Echobot |
| Social Engineering | Manipulates a user into revealing confidential information | Phishing |
Virus
Virus is a Malicious program that runs on a computer without user’s knowledge and infects the computer when executed. Virus requires a user action to reproduce and spread itself. Virus are embedded into a documents(Doc, PDF, CSV and Executable files ) and executed when the document is opened by user.
Worms
Malicious program like a virus, but is able to replicate to itself without user interaction. Worms self-replicate and spread into computer network without user consent or action. Worms target vulnerabilities in operating systems to install themselves into computer networks. Once its place in our network it can launch DDOS attack, conduct ransomware attack and steals sensitive data.
Trojan
Trojan is malicious software that is disguised itself as a piece of harmless or desirable software. Remote Access Trojon(RAT) can take control of victim’s computer for malicious purpose. Trojans may hide in applications, games or even software patches, or they may be embedded in attachments(Doc,PDF,CSV) included in phishing emails.
Ransomware
Ransomware is malicious program/code that restricts user’s access to computer data until ransom is paid. Ransomware uses a vulnerability in your application to gain access and encrypt your data. For decryption it asked ransom payment but there is no guarantee that payment will result in the necessary decryption.
Spyware
Spyware is also a malware that secretly gathers information about the user without their knowledge/consent. Sometimes it collects information can include user’s passwords, pins, payment information and unstructured messages. Spyware captures keystrokes made by the victim and takes screenshots without user knowledge and that are sent to the attacker.
Rootkit
Malware designed to gain admin level control over a system without detection called rootkit. Rootkits can be injected into applications, kernels, hypervisors, or firmware. They modifies the core system files and can be invisible to the OS(Operating Systems) and antivirus. Some Rootkits are activated before booting the operating system and difficult to detect.Rootkits spread via phishing mails, malicious attachments and malicious downloads.
Adware
Adware shows advertisement based upon its spying on you. Although adware is similar to spyware, it does not install any software on a user’s computer, nor does it capture keystrokes. All the e-commerce website uses adware to promate their products.
Botnet
Bot/Botnet is a collection of compromised computers under the control of master-node or hacker. This compromised computer network is used to launch broad remotely controlled flood of attacks such as DDoS attack and make computer server’s resources unavailable.
Social Engineering
Manipulates a user into revealing confidential information that are detrimental to that user or the security of our systems. Social Engineering is done through many ways such as through email called phishing, through phone call called vishing and through SMS called smishing.
Symptoms of Infection
Your computer might have been infected if it begins to act strangely
- Hard drives, files, or applications are not accessible anymore
- Strange noises occur
- Unusual error messages
- Display looks strange
- Jumbled printouts
- Double file extensions are being displayed, such as textfile.txt.exe
- New files and folders have been created or files and folders are missing/corrupted
- System Restore will not function
How to Remove Malware from System
- Identify symptoms of a malware infection
- Quarantine the infected systems
- Disable System Restore (if using a Windows machine)
- Remediate the infected system
- Schedule automatic updates and scans
- Enable System Restore and create a new restore point
- Provide end user security awareness training
- If a boot sector virus is suspected, reboot the computer from an external device and scan it
Really enjoyed this blog post, is there any way I can receive an email sent to me when you publish a fresh update?