Nowadays, more and more sophisticated, more malicious types of malware are emerging. Anyone can know the harms that malware causes, but not everyone knows how they work. This article will point out 10 types of malware that are considered to be the most dangerous ever.
What is malware?
Here are some terms used in the article:
– Malware: A malicious software written specifically to infiltrate and destroy computer systems without the user’s knowledge.
– Malcode: A malicious programming code embedded in the development stage of a software application and usually located in the payload of malware, used to perform destructive activities, stealing information on computers.
– Anti-malware: Includes anti-malware programs that help protect, detect and remove malware. Antivirus, anti-spyware applications and malware detection applications are examples of anti-malware.
1. The infamous computer virus
Computer virus is a malware that can infect but must rely on other means to spread. A virus can actually spread from an infected computer to an uninfected computer by attaching a code to the executable file that is transmitted to each other. For example, a virus might hide in a PDF file attached to an email. Most viruses include the following three components:
– Replicator: When activating the host program, the virus is also activated, and immediately they will spread malcode.
– Concealer: The virus measure used to evade anti-malware.
– Payload: As mentioned, this payload is usually the malcode of a virus, used to disable computer functions and destroy data.
Some recent samples of computer viruses include W32.Sens.A, W32.Sality.AM, and W32.Dizan.F. Most good antivirus software will remove viruses based on their virus data file.
Computer worms are much more sophisticated than viruses. They can replicate themselves without user intervention. Malware is more like a virus than if you use the Internet to spread. The main components of a worm include:
– Penetration tool: Malcode that exploits vulnerabilities on a victim’s computer to gain access.
– Installer: A penetration tool that helps a computer worm bypass its first defensive system. At that time, the installer will receive and transfer the main component of malcode into the victim’s computer.
– Discovery tool: Once infiltrated, the worm uses a way to retrieve other computers on the network, including email addresses, server lists, and DNS queries.
– Scanner: The worm uses a testing tool to identify new target computers in the penetration tool that have vulnerabilities to exploit.
– Payload: Malcode exists on each victim’s computer. These malcodes can be anything from a remote access application to a key logger used to steal a user’s username and password.
Unfortunately, this type of malware is proliferating very quickly. Started with the Morris worm in 1988 and now is the Conficker worm. Most computer worms can be removed with malware scanners.
Backdoors are similar to the remote access programs we often use. They are considered malware if installed without permission, this is exactly what a hacker wants, by the following methods:
– Exploiting the vulnerability on the target computer.
– Traps users from installing backdoors through another program.
Once installed, the backdoor gives hackers full control over the compromised computers. Backdoors, such as SubSeven, NetBus, Deep Throat, Back Orifice and Bionet, have been known for this method.
4. Trojan horse
According to Ed Skoudis and Lenny Zelter, Trojan horse is a program that appears to be useful, safe, but contains many malicious “features”.
Trojan horse malware contains malicious payloads during installation and running of the program, preventing malware from recognizing malcode. Some cloaking techniques include:
– Rename the malware to something similar to the normal file on the system.
– Malicious antivirus software installed on the computer, to prevent it from responding when malware is detected.
– Using different types of code to change the registry of malware faster than security software.
Vundo is a typical Trojan horse. It creates popup advertisements to harass antispyware programs, impair system performance and interfere with web browsing. If you get this trojan, you’ll have to install antivirus software on LiveCD to detect and remove it.
Adware is software that creates popup ads without the user’s permission. Adware is usually installed by a component of free software. In addition to disturbing, adware can significantly reduce computer performance, slow down, and hang.
Spyware is software that attempts to steal information from a computer without the user’s knowledge. Free software often has a lot of spyware, so before installing it should read the user agreement carefully. The most notable case of spyware is related to Sony’s BMG CD copy protection scandal.
Most good anti-spyware programs will quickly find and remove adware / spyware from your computer. You should also regularly delete temporary files, cookies and history from Web browsers to prevent this group of malware.
So far, all known malware types are quite different, making it possible to distinguish each one. However, this type of malware stew is not the same. Its writers have researched how to combine the best features of various types of malware to enhance its capabilities.
A rootkit is a prime example of this type of malware, including the characteristics of a Trojan horse and a Backdoor. When used in combination, hackers can gain control of a remote computer without any suspicion.
Rootkits are completely different types, they often modify the current operating system instead of adding application-level software that other types of malware often do. This is very dangerous because anti-malware programs will be difficult to detect them.
There are many types of rootkits, of which three are considered to be the most dangerous, including: user-mode, kernel mode and rootkits firmware.
User-mode consists of scripts that restrict access to software and hardware resources on a computer. Most code running on the computer will run in user-mode. Because of limited access, user-mode damage is not recoverable.
User-mode rootkits run on computers with admin rights. That means:
– User-mode rootkits can change processes, files, system drives, network ports and even system services.
– The user-mode rootkit maintains the installation itself by copying the required files to the computer’s hard drive and automatically launching whenever the system boots.
Hacker Defender is a typical user-mode rootkit. This type of rootkit and many others were discovered and removed by the famous application of Luckily Mark Russinovich.
The kernel-mode consists of codes that restrict access to all hardware and software resources on the computer. The kernel-mode is often used to store the most reliable operating system functions. Damages in kernel-mode also cannot be recovered.
Since rootkits running in user-mode were discovered and removed, rootkit programmers have changed their minds and developed kernel-mode rootkits. Kernel-mode means that the rootkit is installed at the same level as the system and rootkit detection programs. So rootkits can make the system unreliable.
Instability is a sign of the downfall of a Kenel-mode rootkit, even leading to unexplained crashes or screen crashes. At that point, you should try GMER, one of the few trusted rootkit removal tools, against kernel-mode rootkits like Rustock.
Firmware rootkits are sophisticated installation types of rootkits because the developers of this rootkit have studied the method of storing rootkit malcode in firmware. Any firmware can be changed, from the processor code to the firmware of the expansion slot. That means:
– When turned off, the rootkit writes the current malcode into different firmware.
– When restarting, the rootkit will also perform the reinstallation.
Even if a program detects and removes the rootkit firmware, the next time the computer boots up, the rootkit firmware appears to work again.
6. Malicious mobile code (MMC)
MMC quickly became the most effective way to install malware on computers. They may:
– Occupy remote server.
– Moving in the network.
– Download and install on a local system
Why is MMC toxic? Because its installation does not require user permission and is misleading to users. In addition, it is often a stepping stone to a combined attack similar to the intrusion tool that Trojan horse malware uses. Hackers can then proceed to install more malware.
The best way to combat MMC is to keep the system up to date and all the extras.
7. Blended threat
Malware is said to be a blended threat when it causes major damage and spreads quickly through combined parts of many targeted malware. Blended threats deserve special concern because many security experts consider them to be “experts in their work”. A typical blended threat might:
– Exploit and create many holes.
– Use many different regeneration methods.
– Automatically run code to cancel user intervention.
In addition, blended threat malware can send an HTML form of Trojan horse embedded email with an attached PDF file containing another type of Trojan horse. Some familiar blended threats are Nimda, CodeRed and Bugbear. Removing the blended threat from your computer requires many anti-malware programs, as well as using malware scanners installed directly from the CD.
Robots are automatically executed or bots are quite common in modern Internet. They are often used to automate boring, repetitive tasks, most commonly in online auctions, online checks, chats and gaming.
However, there is another dark side: bots are used for malicious purposes such as spamming, distributing other malware as well as participating in botnet networks: a huge computer network, infected with malware. and used to perform large-scale network attacks.
Antivirus software can protect your computer from these bots, but there are some cases where rootkits are pre-installed, preventing anti-virus software from detecting bots, so regular rootkit scanning is a good precaution. Best.
Ransomware is one of the biggest hackers’ money-making tools. In essence, it encrypts data on a computer, requiring a ransom to unlock the data. Some ransomware “clogs” only lock the computer (allowing easy removal in Safe Mode), while the more dangerous types will encrypt the entire hard drive, blocking user access until an attacker receives money (usually in the form of Bitcoin or via anonymous transfer like Western Union).
Hackers often threaten users that they find illegal or suspicious documents on a hard drive. For further evidence, hackers can use webcams to take photos of victims. This hacker strategy can cause panic, causing victims to pay ransom because of fear and despair.
Ransomware infects a computer in a manner similar to Trojan horse, through downloading files and running them. Another way for ransomware to infect a computer network is through a network or rootkit flaw. In general, an updated antivirus program can detect this type of malware before it can work.
In the future, with the development and intensive penetration of the Internet into life, the number and types of malware will increase. Although application publishers and operating systems often release vulnerabilities, adding tools to prevent malware, but that is not enough. We need to regularly update new software versions, operating systems, exercise careful habits when clicking, downloading files, surfing the net to minimize the risk of malware infection.