What is Malware And Different Kinds Of Malware?

 Malware and its types:

It is also known as malicious software. It includes a wide range of software that has malicious intent. Malware is not the software that users knowingly purchase or download and install. It is important to realize that there are several different types of malware that are discussed below

Virus:
Virus is the malicious code that attaches itself to the host application. The host application must be executed to run, and the malicious code executes when the host application is executed. When the virus is activated it delivers its payload. Payload might delete files, cause random reboots, join the computer to botnet or enable backdoor.

Worms:
Worm is self-replicating malware that travels throughout a network without the assistance of host application or user interaction. A worm resides in memory and can use different transport protocol to travel over the network. Worms can replicate themselves hundreds of times and spread to all the system in the network.

Logic Bomb:
Logic bomb is the string of code embedded into an application or script that will execute in response to an event. The event might be a specific date or time, or a user action such as when a user launches a specific program.

Backdoors:
Backdoor provides another way of accessing a system, similar to how a backdoor in a house provides another method of entry. Malware often installs backdoors on systems to bypass normal authentication methods.

Trojan:
Trojan also known as Trojan horse, looks like something beneficial, but it’s actually something malicious. Trojan horse can come as pirated software, a useful utility, a game, or something else that users might be noticed to download and try.

RAT:
Remote Access Trojan is a type of malware that allows attackers to take control of systems from remote locations. Once it is installed on a system attackers can then access the infected computer at any time and also can install additional malware.

Ransomware:
It is the specific type of trojan. Attackers encrypt the user’s data or take control of the computer and lock out the user. Then demand that the user pay a ransom to regain access to the data or computer.

Keylogger:
Keyloger attempts to capture a user’s keystrokes. The keystrokes are stored in a file, and are either sent to an attacker automatically, or the attacker may manually retrieve the file.

Spyware:
Spyware is a software installed on user’s systems without their awareness or consent. Its purpose is often to monitor the user’s computer and the user’s activity.

Rootkit:
It is the group of programs that hides the fact that the system has been infected or compromised by malware. Users might suspect something is wrong, but antivirus scans and other checks indicate everything is fine because the rootkit hides its running processes to avoid detection.

Comments

Post a Comment

Popular posts from this blog

Analyzing Spear Phishing Email

Image
Phishing is the technique of fraudulent attempt by the attacker to obtain sensitive and confidential information i.e. Credentials, PII information, credit card, bank details. It can also be targeted attack to focus on the specific organization of individual. The attacker often tailors an email to speak directory to targeted user. There are many types of phishing as follow. I wouldn't explain the types. You can read Here . In this article you'll learn how to analyze the sophisticated phishing email. So, Let's start the case study to explain.  Spearphising :  Spearphising is the technique in which attacker aims at one person and lures him/her into providing confidential data. Attacker compile the email according to the specific user. The email would consist some of the target's email, username, designation.  Case Study: User receive the spearphising email containing the PDF attachment with double extension. Email body contains the unprofessional statement "Kindly m
Read more

Cyber Threat Intel

Image
What is Cyber Threat Intel? Threat intel is the information about the threats. Cyber threat intel is used to better understand, predict and adopt to the behavior of malicious actors. It plays an important role in preventing the zero-day attacks. " Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes " (NIST). Threat Intel life Cycle: Intelligence lifecycle is the process of developing raw information into finished intelligence for policymaker to use in decision making and action. CTI Life Cycle Planning and Direction Planning and direction helps in setting up the goals for the threat intel program. Priorities and requirements are defined in this phase. Collection: Collection means gathering of data to produce the finished intelligence. Data includes logs(Firewall, IPS/IDS, Endpoints), threat feeds and OSINT(reports, social media, public forums). Collection Types of Collectio
Read more

Advance Attacks on Network

  Advance Attacks and Protection: In this section we will discuss some common types of attacks that can be launched against the systems and networks. Spoofing: Spoofing occurs when one person or entity impersonates or masquerades as someone or something else. There are two common types of spoofing attack one is IP spoofing and the other one is MAC spoofing. We can prevent IP spoofing by blocking the packet if it contains the private IP address on public interface. SYN Flood Attack: The SYN Flood attack is a common attack used against servers on the internet. They are very easy for attackers to launch and difficult to stop, and can cause significant problems. It can disrupt the TCP handshake process and can prevent legitimate clients from connecting. In a SYN flood attack, the attacker never completes the handshake by sending the ACK packet. So it consumes the server resources. We can prevent it by setting the threshold for SYN packet. MITM: Man in the Middle attack is a form of active
Read more