Types of Malware - CompTIA Security+
Types of Malware
A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner.
A virus is a security threat to a system that requires interaction from a user.
A virus hoax is a false email message warning the recipient of a virus that is going around.
When comparing a hoax and a virus, hoaxes can create as much damage as a real virus.
• Users are tricked into changing system configuration.
• Technical support resources are consumed by increased user calls.
User training and e-mail spam filters are needed to stop a virus hoax from affecting your company.
More virus types
A multipartite virus is a computer virus that infects multiple targets within the same system.
An armored virus is wrapped in layers of encryption and complex code to make it difficult for researchers to take apart in a lab.
A polymorphic virus is a type of stealth virus that attempts to avoid detection and removal by frequently changing its file and process names.
Ransomware locks your computer or encrypts your data and threatens to delete it unless you pay a ransom to the attacker.
A worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes, and it may do so without any user intervention.
Can autonomously replicate itself across networks.
The difference between a Trojan Horse and a Worm is that the Worm self replicates while the Trojan Horse does not.
Trojan or Trajan Horse
The Trojan horse describes a class of computer threats that appears to perform a desirable function but, in fact, performs undisclosed malicious functions.
Trojans are commonly installed via a thumb drive.
Keygens (Key Generators) are well known for containing Trojans.
A rootkit is malware which consists of a program designed to hide or obscure the fact that a system has been compromised.
A rootkit hides its processes, applications, and files from being detected.
An attacker may use a rootkit to replace vital system executables which may then be used to hide processes and files the attacker has installed along with the presence of the rootkit itself.
A keylogger records every keystroke on a device, trying to pick out patterns that synchronize with certain information.
Often used covertly and remotely using software in order to record sensitive information such as passwords, credit numbers, etc.
Can come packaged with other types of malware, such as trojans.
Adware is software installed that automatically displays and downloads advertising material when a user is online.
Comes in the form of banners, pop-ups, browser search bars, etc.
Typically downloaded secretly and has the potential to continue to install more of itself or other malware as long as the user is online.
Spyware is a type of malware that is installed on computers and that collects information about users without their knowledge.
Typically, spyware is secretly installed on the user's personal computer or on a shared computer.
Spyware can negatively affect confidentiality.
A Remote Access Trojan (RAT) is software that is used by a malicious attacker to remotely control a system without being allowed explicitly by the owner.
Before a remote access trojan can be effective, it needs to be launched on the victim’s computer, this usually requires human interaction.
Normally, this is accomplished through email, like most virus, or through fake downloads masquerading as legitimate software.
Botnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically.
A botnet can be used to perform a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack.
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
A type of malicious attack that is set off by a specific event, date, or time.
Not able to be discovered by an antivirus scan.
Code review and change management processes are the best way to stop logic bombs from showing up in your applications.
A Backdoor attack is one that uses a method of bypassing normal authentication.
Can take the form of any type of virus that has found a way around conventional security.
Many backdoors are installed initially by malware so that other malware has an easier time accessing the user’s computer.