In the following article I will be going to explain different malware types and the function of these malwares. When you are scanning your machine for different types of malwares, then you should have knowledge about these malwares and know malware names. Whenever you are performing malware analysis the DLL files and other functions inform you about the intentions and behavior. While in the dynamic analysis we need to observe, detect and understand the behavior of the malwares. File path locations, reg keys, IP address indicates their existence. We will be looking at different malware samples like Trojan horse malware, adware, spyware, backdoors and many more. Trojan horse can execute itself and keep sending user data to the attacker machine without the user knowledge. Adware shows you different pop-ups on the user screen that a user cannot close. There is an application that tells you which functions are used in malwares. Now let’s look at different kinds of malwares.
Backdoor
A backdoor is a maliciously coded piece that an attacker uses to connect and take control of the target machine. Backdoors are generated by Trojan software and infect the user machine without his knowledge. Many antivirus softwares are available that can detect the existence of Trojan viruses These types of malwares requires no authentication to log in the user machine in some situations. Backdoors can connect to the attacker in different ways like most of the Trojan uses port 80 and HTTP protocol to connect to the infected machine.
Backdoor Type: Reverse Shell
The attacker is connected to the user machine by means of a shell that provides an attacker with different tools to perform functions on the infected machine. The reverse shell is created by Trojan and works like a backdoor on the target machine. When the reverse shell is activated the attacker gets a connection established with the target machine and can perform different function like executing different commands on the infected machine. In many ways reverse shell can be established like by using windows cmd.exe packages or by netcat. When a user clicks the infected cmd.exe file the reverse shell is established without the knowledge of the user. It doesn’t show any windows pop up to the user.
Backdoor Type: RAT-Remote Administration Tool
The RAT also called Remote Access Trojan is a type of Trojan that allows an attacker to take full control of the victim’s machine. It provides a graphical user interface to the attacker with different functions to perform on the user machine like you can see in real time what the victim is doing or you can download or upload data to the victim machine. There are several methods that could be used to spread Trojans over the internet.
Botnet
A Botnet is a network of private computers that are remotely controlled by a command and a control server. Botnet infected hosts are controlled by the attacker as a group and receive the same instructions from the server that is controlled by the attacker. Botnets are commonly used to perform DOS attacks, to send spam or to spread malware.
Browser Hijacker
A browser hijacker is a malicious code that gets embedded in your browser settings whenever you download free softwares or browser toolbars. It can change your browsers proxy settings or it may change your browser's homepage to redirect you to a malicious page that is being controlled by the attacker. These Hijackers can download malicious softwares on your system or any malware that can infect your system.
Downloader Malware
Downloader Malware is a malicious piece of code that can download virus infected softwares on your system. Attackers use downloader malware to infect the user machine. Downloader malware downloads Trojans and can infect user machines. The attacker then can control the user’s machine with few commands.
Keyloggers
Keyloggers are malicious softwares that records your keystrokes and send them to the attacker. Anything you type on the keyboard is being recorded by the keylogger that is then sent to the attacker. This may include your information like passwords, usernames, keyphrases and the other data that is important to you. An attacker can use this data to steal all of your other information. The attacker gets your bank account details or other personal details that he uses to sell on the deep web.
Launcher Malware
A launcher malware is a malicious piece of code that is used to execute other malwares on your system. These malwares could be used to launch Trojans,adware,spyware, and many other malwares. The attackers use these malwares to avoid malicious code detection..
Ransomware
Ransomware is a very dangerous malware that can encrypt the user files and user will not be able to access any of his files until he sends money to the malware creator. In simple words, it’s a type of malware that encrypts your files and ask for money to again grant access to the user for accessing files.
They encrypt user files and ask the user to send money through bitcoin to get the decryption key to gain access to his files. When the ransomware is executed it shows the user some payment methods to send money and et the decryption key to gain access to his files again. To avoid being infected by ransomware try not to download softwares from unauthorized or cracking sites. These sites may contain ransomware and can cost you thousands of dollars to free from ransomware.
Bootkit
Bootkit is a very dangerous malware and is impossible for the user to detect it. The bootkit is malicious code that is hidden in the boot sector that infects the Master Boot Record. This bootkit can bypass the drive encryption easily. It runs when the user boots the system. It runs before the operating system.
Scareware
As the name suggests scareware is a malicious code that scares the victim to perform the function that the attacker is asking for like to buy something that the user doesn’t want to buy but scareware forces the user to buy it. Scareware may blackmail the user by stealing his personal data from his system. Scareware is often included with antivirus softwares they pretend to be virus scanners but in fact they are themselves a virus.Scareware are easy to detect and remove. Scareware softwares are like ransomware softwares that force the user to send money to get access.
Virus
A virus is a malicious code that is embedded with other applications softwares or even in the boot sector.
A virus could be programmed In several ways like recording keystrokes, stealing information, bank account details, personal details and others that is important to you.
Keywords:
ad malware,adware,all malware types,best malware,computer malware,characteristics of viruses,trojan horse malware, computer worm,malware definition,trojan horse definition computer,what is a trojan horse virus,malwarebytes
