In part I of the types of computer malware explained, we defined malware as a rogue piece of software that disrupts the normal functioning of a computer with a goal of gaining access to sensitive information that can be used by an attacker for profit.
Attackers can be lurking on systems for months and nothing looks out of the ordinary until the breach reaches its climax either through the exfilration of data and sold on the dark web. Attackers can avoid detection and are very bright. It is basically a cat-and-mouse game with them. When you learn their latest strategies and techniques they will change them to avoid detection.
An organization needs a good layered approach to security so if an attacker breaks through one barrier they do not break through all of them. But, attackers are smart and can bypass all layers if users and organizations are not careful. Software and operating system have lots of vulnerabilities that can be exploited by attackers. It is critical to install patches when they are delivered.
In the second part of this article, we will continue to review the different types of computer malware that exist today. We will review the definition and some examples of malware in the wild. We will investigate logic bombs, spyware, keyloggers, rootkits, and backdoor types of malware in the second part of this article.
A logic bomb is a piece of malicious code that activates when an event occurs such as a date and time or when an employee gets fired from a company. Here are some examples of logic bombs:
- Malicious code that wiped hard drives and master boot records
- Deletion of a employee from a database
- Damage to an organization’s computer network
- Remove important files and folders at a specified date and time
In 2019, David Tinley pleaded guilty to setting a logic bomb at Siemens. The piece of software malfunctioned after a certain amount of time and required that he be hired to fix it. He was caught when he went on vacation and gave the administrator passwords while he was gone.
Spyware is malicious software that has a job to gather personal information about people and organizations that can be used to exploit money.
Fooling an unsuspecting user in installing a plug-in for a browser basically is spyware that captures user information in the background. A lot of times these plug-ins seem harmless when installed but create havoc.
Browser cookies are used by people to track a person’s search history through small text files. Stalkerware is software that tracks and monitors the electronic activity of people in personal intimate relationships. Loverspy is an example of such a program.
Keyloggers are malicious programs that are purposely installed by attackers or unsuspecting users onto computers. Their goal is to capture keystrokes to gain user credentials to be able to log in and wreak havoc on computers and networks.
Remote access Trojan (RAT) – Rootkit
A RAT is a piece of malicious software that controls a system remotely. It is typically installed by an attacker with stolen credentials or through vulnerable software.
In 2005, Sony BMG published CDs that contained a rootkit that was installed along with the music player. It restricted the user’s ability to access the CD.
A backdoor is a malicious software that bypasses authentication and encryption on computer systems. Backdoors are typically used to provide access to systems remotely. If found, attackers can use backdoors to escalate privileges and steal personal information. Here are some examples of backdoors:
- computer worms can be used to install backdoors onto systems
- modifying the object code to insert a backdoor into software
- asymmetric backdoors can only be used by attackers that plant it
- compiler backdoors subverts a compiler to insert malicious code into another program
In March of 2014, backdoors were found in unlicensed copies of WordPress plugins. Backdoors are sometimes put there by developers such in the case of Borland Interbase, ScreenOS firmware from Juniper, and others. The practice is frowned upon today because it adds a known vulnerability to software that does not need to be there.
Review of Attacks, Detection, and Prevention
As you recall from Part I, there are several ways that malware can be installed onto a computer such as:
- Email attachments – unsuspecting users download and install malicious software through a malicious attachment
- Email links / web links – unsuspecting users click on links in email or web sites that download and install malware
- Attackers gain access through users providing credentials through a link to a web site requesting they log in. Once captured the attacker can log into a system and download and install a piece of malware.
- Malicious pictures – pictures can contain malicious code that unsuspecting users use
To prevent infections, a good defense-in-depth strategy which is a layered approach to cybersecurity, good monitoring, and detection tools, anti-virus and anti-malware programs, and others. The biggest threat are unsuspecting users so yearly cybersecurity awareness and periodic updates throughout the year is important. Our organization tests our ability to recognize malicious emails quarterly and provides just-in-time information and training.
In the two-part series on malware, we explored multiple different types of malware that exist in the marketplace today, We explored how these malicious pieces of software get downloaded and installed onto computers by unsuspecting users. We reviewed some techniques to avoid malware and some tools that you can use to help monitor and remove malware from computer systems and networks.
Operating Systems are putting more and more protections in place to try to stop malware before it happens. They will not allow software downloaded unless the user specifically gives pemission to do so. With app stores today, protections are put in place from vendors to scan and verify apps before they are installed on computer systems.
Unfortunately, no security mechanism is a 100% safe from attacks. The goal is to discourage the attackers and they move on to another target.
Thanks for reading and if you have any questions please leave your comments below.
I am DrM, founder of http://techninjamasters.com. I have been working, learning, teaching, coaching, consulting, writing in technology for over 40 years.