Being aware of the malware that could threaten your IT systems is crucial to staying secure. It makes you more likely to spot and recognise threats, effectively bringing down your risk profile. This article explains some of the most common forms of malware and explains their functions and capabilities. Learning this allows you to understand the risk involved and how to avoid malicious encounters.
Remote Access Trojans allow an attacker to monitor and remotely control a victim’s device. Whilst each RAT varies in functionality, this often includes a real-time view of the victim’s screen, access to their webcam, their keystrokes, all their files, browser history and the ability to find saved passwords.
A compromised device is mostly at the mercy of the attacker, there is not much the attacker is unable to do once you run their payload. The payload will likely be in an executable file, but this can be bound to other files such as an inconspicuous word document or PDF file.
A notable RAT is DarkComet, which gained popularity in 2012 but is now outdated. Other notable names are Quasar RAT, NjRAT and NanoCore RAT. Most RATs are purchasable for the hacker through a one-time payment, although some, like Quasar RAT, are open-source and therefore freely available.
Simply put, credential stealers (also known as infostealers) harvest sensitive information from your device. Typically, they target your login details for your email addresses, bank accounts, cryptocurrency wallets, or social media. Attackers are typically financially motivated and may sell your accounts (or “logs”) to other malicious actors after harvesting them. A common infostealer that is relatively new is RedLine Stealer, which operates on a malware-as-a-service model, meaning threat actors pay a subscription fee to use it.
Cryptojacking is when malware secretly steals the computing power of a victim’s PC to mine cryptocurrency. This lines the malicious actor’s pockets with cryptocurrency at the expense of the victim’s hardware.
Often, this malware will spread through email campaigns, but one variant “WannaMine” stands out as it spreads differently, it utilises the EternalBlue exploit – the same exploit that caused chaos in the WannaCry ransomware hacks of 2017. WannaMine mines Monero, a privacy coin that I almost untraceable.
Adware displays unwanted ads and popups on your computer– usually within a web browser. These are often referred to as just “popups”.
Often adware can be found buried within legitimate, free software and is a means of aggressive financial gain for the distributor.
Although irritating and annoying, adware is generally otherwise harmless (but you should still remove it).
Whilst it is not actual malware itself, a botnet is formed because of malware infections. Botnet = “robot” + “network”. It is a network of hijacked devices infected by malware. Essentially a horde of zombie computers performing malicious tasks at the hand of one malicious actor that has control over all of them. By infecting many devices and creating a large botnet, an attacker gains power through numbers. These infected devices can then be used for Distributed Denial of Service () attacks, spam emails, and spreading malware.
Keyloggers record the keystrokes that the victim inputs into their computer. Anything that you type will be recorded and sent to the malicious actor, potentially compromising your passwords, your emails, or other confidential data.
A rootkit gives the malicious actor administrator privileges to the victim’s computer. “Root” refers to administrator or superuser. Infected devices are now fully compromised and susceptible to any attack from the hacker through command and control. Command and control is used to remotely manage compromised systems through a command line. This can lead to additional malware being installed such as keyloggers or ransomware, that can be concealed by the rootkit. Antimalware and anti-virus software may also be deactivated by the attacker through rootkit.
A computer virus works similarly to a real virus. It attaches itself to a program or file, then spreads to other files within the system, slightly modifying them by adding malicious code. It cannot self-spread to other computers – it requires a host and user action to spread from one computer to another. Infected users spread the virus by unknowingly sending infected files to their associates and friends. Once their recipients open an infected file, their device is infected, and the process repeats itself.
A worm is a type of malware that self-replicates and spreads from computer to computer on its own. Often, they exploit network vulnerabilities to move from one system to another, moving through the network – rather than relying solely on the host sharing infected files. It creates copies of itself, rather than modifying existing files like a virus.
MyDoom, an email worm, was one of the most significant and notable cases of worms circulating. The way it spread was by searching a host computer for email addresses, then sending new versions of itself as an email attachment to each email contact. It first emerged in 2004 and caused widespread global disruption, affecting millions of computers. Through this worm, a botnet was formed, which was then to be used for DDOS attacks.
Malicious software that encrypts either all your files or your sensitive ones, then demands a ransom for their decryption. Ransomware attacks have made headlines recently due to high profile attacks, such as those on the NHS.
Ransomware often runs on an affiliate model, meaning attackers are given access to the software and often a dashboard, in turn for the developers to take a cut.
Notable ransomware strains are WannaCry and CryptoLocker, which caused massive disruption and damage.
Monitoring and logging: some forms of malware monitor and log your actions or give the hacker free reign to access your device. They may be able to view your keystrokes, or even spy through your web camera.
Impersonation and identity theft: malicious actors can steal your sensitive information and use it to pretend to be you – resulting in them accessing your email accounts, social media, or even bank accounts.
Risk of spreading to contacts: some malware attempts to spread to contacts found on your device, putting their privacy and security at risk as well as yours. Other malware utilises network vulnerabilities, threatening the security of any device that is connected to the same network as you.
Direct financial theft: some malware specifically targets financial information, enabling the hacker to steal money directly from your accounts.
Ransomware: this type of malware demands a ransom or face losing your files – this can be extremely costly.
Knowing that your personal data has been compromised and that you are vulnerable to further attacks can cause significant emotional distress and anxiety.
Some forms of malware monitor and log your actions and keystrokes or give the hacker free reign to access your device. Scarily, your webcam is also a target. Malware opens you up to blackmail, theft, and many other possibilities that could foster strong emotional stress.
There is strong potential for malware to cause you significant financial and emotional distress. The risks are essentially limitless, and so you must take every precaution that you can to avoid infection.
Older versions of operating systems (OS) may contain a greater number of exploitable vulnerabilities. This may allow an attacker to install malware on your device and bypass your security measures.
An example of such a vulnerability is the EternalBlue vulnerability. This vulnerability was present in the operating systems Windows XP and Windows 7. Microsoft was made aware of it eventually, and they rolled out a security update in March 2017 patching the issue. Unfortunately, many people did not update their operating systems. Two months later, in May 2017, this led to a catastrophic, international ransomware attack: WannaCry.
WannaCry utilised the EternalBlue vulnerability to spread through networks, infecting 230,000 computers globally. It was a perfect example of the importance of updating your OS regularly. Had these computers installed the patch, they would not have experienced this stress and inconvenience.
Avoiding untrusted sources includes untrusted websites, emails, texts, or any other means of acquiring files where the provider cannot be verified. Although never completely fool-proof, accessing files from a reputable source is always your best bet to avoid malware.
Remember, even seemingly innocent files can have malware bound to them – not every bit of malware is in an obvious executable file. This includes PDF files and word documents, so be careful when opening email attachments before verifying that you trust the sender.
If malware does make its way onto one of your devices, you need a layer of protection in place to detect it. Endpoint monitoring tools exist to monitor device behaviour, activity, files and processes in real-time.
This allows for quick remediation and prevents malware spreading throughout your network, throughout your files, or to your contacts.
There are many endpoint monitoring tools available, and it is strongly recommended that every business obtains consultancy regarding how they can benefit from this essential software.
Similarly to keeping your operating system updated, keeping all installed software updated and patched is absolutely essential.
Vulnerabilities in software can act as holes in your security – they may be open doors that attackers can exploit to install malware on your device. The worrying thing about this is that you will never suspect any malware is on your device, as you have not installed anything new that has raised your suspicions.
Ensuring all software across a network is fully patched can be a tedious task. Continuous monitoring is our suggested solution to this problem – software that scans all endpoints on your network for vulnerabilities. This is a lifesaver and one of the most cost-effective methods of increasing your cyber security and bringing your risk profile down.
Traditional anti-malware software will catch the low hanging fruit. The way traditional anti-malware works is by applying signatures to recognised strains of malware, then comparing the files that you download with these signatures. If they match, it deems that software malicious.
Sophisticated, targeted malware attacks may bypass traditional anti-malware as these strains can be unique and difficult to identify. This typically occurs because it is new malware and has not been previously identified, and so does not have a signature. Luckily, advanced anti-malware solutions exist that are specifically designed for these types of threats.
