Sunday, March 20, 2016

Types of Malwares

Adware
The purpose of adware is to display ads.
Some Adware threats bombards the users with so many ads that the users can hardly use their computer.
Some Adware program can also lead to phishing attacks as in tricking users to click to visit malicious websites which could led them to downloading additional malwares.
This can pose a significant risk to other types of attacks.  

APT (Advanced Persistent Threat)
The term APT refers to an elaborate attack like Stuxnet that’s backed by a government or other powerful group.
The breakdown of APT is as follows:
Advanced: Attackers use highly advanced technology to perform the sophisticated attack.
Persistent: The goal of such attacks is to continue the attack until the success is not achieved.
Threat: Refers to the threat to the organization.

AET (Advanced Evasion Threat)
AET is type of network attack that combines several different known evasion methods to create a new technique that's delivered over several layers of the network simultaneously.
The breakdown of AET is as follows:
Advanced: Attackers use highly advanced technology to perform very sophisticated attack. The attack is delivered over several layers of the network making it hard to be detected since the individual evasion techniques may get skipped in the detection however the aggregation of these evasion techniques could cause a significant impact on the CIA of the organization.
Evasion: Blocks of attacks that individually could go undetected by current security products
Threat: Refers to the threat to the organization.
AET is very hard to detect since it require huge level of correlations among different event log sets.
Lots of pioneer security companies are currently focusing on identifying APT and AET attacks by using machine learning, user behavior analytics and other techniques.

Backdoor
A backdoor opens up computer to hacking attacks.
It allows full access to everything on the computer, bypassing the requirement to log in with a Windows password.
A hacker could take the control of the system whenever they wanted using the backdoor.

Bot
On its own, a bot isn’t harmful.
The creator, or “bot herder,” works hard to get as many silent bot infestations as possible installed, then rents out the bot network to others.
DDoS (Distributed Denial of Service) attacks are often managed by sending commands to a bot network that cause all the infected PCs to run an attack script.

Dropper
A dropper doesn’t harm your system itself.
However, it installs other threats, or opens a channel through which the bad guys can push malwares to the system.

Exploit
Relationship between Threat, Exploit, Vulnerability, Target and Countermeasures is as follows:
“THREAT EXPLOITS the VULNERABILITY in the TARGET system and COUNTERMEASURES must be implemented to block such attacks”
vulnerability is a weakness which allows an attacker to reduce a system's information assurance.

Vulnerability is the intersection of three elements:
A system susceptibility or flaw,
Attacker access to the flaw, and
Attacker capability to exploit the flaw

Exploit is the way to use the vulnerability effectively to gain access to the system for performing malicious activity.

Keylogger
keylogger is a form of spyware that captures everything the user types, including passwords and other sensitive information.
Some keyloggers also capture screenshots, log your web browsing history, record anything copied to the clipboard, and more.

Malware
Malware is a blanket term which applies to any software designed to be malicious, including (but not limited to) all of the other types described here.

Ransomware
A ransomware threat encrypts your important documents, disables Windows logon, or otherwise makes your computer unusable until you pay the ransom demanded by its perpetrators.
It’s a bit dodgy for the perpetrators, since they might be tracked through the ransom payment.
Its hard to recover from the Ransomwares since few ransomware would encrypt the entire system which would be hard to decrypt without knowing the key.

RAT (Remote Access Trojan)
Like all Trojans, a RAT masquerades as an innocent and useful program.
Behind the scenes, though, it opens up a backdoor that gives its owner complete access to the affected computer.

Rootkit
Antivirus software can only remove threats that it can detect. Rootkit technology hides a threat’s file and Registry traces so that most programs can’t “see” them.
Some rootkits operates at a system level which goes undetected by anti-malware softwares.

Only specialized anti-malware technology can bring the hidden traces into view.
Rootkit are very few in the market since it require very specialized design.

Scareware
A fake antivirus that pretends to find problems on your system and displays a big, frightening warning – that’s scareware.
Naturally you must pay the registration before it will “fix” the made-up problems.
In most cases there’s no actual malicious code, just a huge scam to con you into paying money for nothing.

Spyware
Spyware simply means malicious software that steals credit card numbers, passwords, and other sensitive personal information.

Trojan
Named after the Trojan Horse of legend, a Trojan is a seemingly benign program that does something nasty in secret.
Trojans are the most common type of malware on the Android platform.
While one is playing a Trojanised Android game, it may be sending your contacts to a server in Russia, or making £10 per minute phone calls.

Virus
A computer virus spreads by injecting its code into other programs or, less commonly, into the boot sector of a disk.
When the infected program is executed, the virus code runs too.
It may simply infect more files, or it may perform a “payload” action like wiping out your hard drive.

Worm
Like a virus, a worm replicates itself within the computer or across the network. 
Unlike a virus, it doesn’t wait for the infected program to get launched.
Network worms can spread around the world with alarming rapidity.

Constructor
A utility to construct a malware

Trackware
Allows a third party to identify the user or their device, usually with a unique identifier.
The most common trackware is tracking cookies.

Potentially unwanted softwares
A program or component that may be considered undesirable or intrusive by a user if used questionable, or may inadvertently introduce privacy or security risks.

If the user is aware of and accepts the potential risk associated with a program classed as PUA, they may elect to install and use the application.

No comments:

Post a Comment