Malware threats broadly can be classified under following categories:
- Backdoor – A backdoor is a piece of malicious code which allows an attacker to connect to the infected target and take control of the target machine. Backdoors can use a lot of methods to communicate with control server. Also, port 80 is commonly used by malware over the HTTP protocol because this port is open on most machines connected to the internet.
- Bootkit – The bootkit is a rootkit hidden in the boot sector that infects the Master Boot Record. The MBR contains the decryption software to decrypt the drive. A bootloader is a piece of codes which runs before the operating system does.
- Botnet – A botnet is a network of remote controlled private computers with backdoors which are being controlled by a command and control server. All infected hosts in the botnet are controlled as a group and receive the same instructions from the server which is controlled by the attacker. Botnets are often used to send spam, to perform distributed denial-of-service (DDoS) attacks or malware distribution.
- Ransomware – Malware which prevents a user from accessing the computer or files and demanding money in exchange for access is called ransomware. This kind of ransomware is also called a crypto locker, the decryption keys and payment are often controlled by a command and control server.
- RAT – Remote Access Trojan – A Remote Access Trojan (RAT), or sometimes called a Remote Administration Tool or Remote Access Tool, is software which allows an attacker to take control of the infected host by the use of a backdoor. Remote Access Trojans are often included with free software and send as attachment by e-mail.
- Rootkit – A rootkit is malicious software designed to conceal the existence of other malware. The concealed malware is often a backdoor to provide full access to the attacker or information stealing malware. Rootkits on firmware level may require hardware replacement and rootkits on kernel level may require a new installation of the operating system.
- Reverse Shell – A reverse shell is a connection initiated from the infected host to the attacker and provides the attacker with a shell access to the host. After the reverse shell has been set up the attacker is able to execute commands as if they were executed locally. Commonly used methods for reverse shells are Netcat and Windows cmd.exe packaged inside malware.
- Trojan – A Trojan or a Trojan horse as malware is a malicious program functioning as a backdoor. A Trojan in computer tends to appear like a regular application, media or any other file but containing a malicious payload. Trojans are often spread through social engineering. Literally anything is possible when infected with a Trojan which was installed or run with elevated privileges.
- Virus – A virus is a malicious program which replicates itself into other applications, files or even the boot sector. A virus then can do anything it is programmed to like stealing information, log keystrokes or even render a computer useless.
- Worm – A worm is a piece of malware that replicates itself in order to spread and infect other systems. Computer worms use the network, links, P2P networks, e-mail and exploit vulnerabilities to spread them. The difference with a virus is that a virus inserts code into other programs where a worm does not and replicates only itself. Worms can also be designed to only spread without a payload.
By:- Sapan Talwar