Malware, coined from the merger of two words “Malicious Software”, is a computer program that can be used against the intentions of user. It includes bypassing access controls, steal user’s data, monitoring host activities, uploading data to malicious sever and a lot more. It’s not limited to executable “exe” files that you double click to run some application. It has various forms like scripts, docs with macros, HTML files with phishing links etc. It is the victim who pays the ultimate cost of its execution, sometimes in form of money or otherwise some harm to host’s system.
Before I start telling you about Malware and its hundreds of species, let me take you through some statistics first. Below picture shows you the report generated by Kaspersky Lab. It shows the number of malicious packages installed between 3rd quarter of 2015 to 2nd quarter of 2016. Well, that’s what I call a hike. If you calculate the percentage growth in first 6 months of 2016 compared to last 6 months of 2015, it comes around 221%. I am shocked, aren’t you?
If not, then let me tell you that the below statistics shows the malicious codes installed in mobile phones only. And it is collected by just one Anti-virus vendor. Try guessing this count for billions of workstations, networks and servers operating around the world.
Here is the list of top 20 mobile malware programs with the percentage of users hunted by them.
A Question in Mind?
So what are you thinking right now? I believe the first question in most of the minds reading this article is “am I one of the victims too?”
Well, you can be. You can’t tell if somebody has taken root access to your machine after making you run backdoor program. And now he might be using your system as a zombie or a bitcoin generator without letting you know. When was the last time you updated and scanned your system with some Antivirus program?
There is something that I can help you with. I can teach you some basics on malware like types of malware based on their behaviors. I’ll also tell you about how to identify if you system is infected or not. And also I will share some tips to keep you and the world around you safe. If you are interested, I have a good number of posts written already get started with malware analysis.
Malware Types Based on their Behaviors
First of all, there is no harm in knowing already about how your system might behave in effect of malicious program execution. Also, by making some educated guesses based on that might lead you to a safe environment. So, learn them, know them, understand how do they start, how do they run and finally know how to stop them. The categories most malware falls into are as follows:
Botnet, as the name trying to tell you, consists of command and control server which allows attacker to send instructions to all infected systems. Without the owners knowledge, a big network of private computers are infected with malicious software and controlled as a group, most of time to make them work as Zombie. History of Botnet tells about its use mostly in sending spam and denial of service attacks.
Here is the link to one of the variants of this family: Darkshell Botnet
In the world of Malwares and exploits, Backdoor is a mean to provide attacker the access to computer by installing some malicious code. The attacker can usually connect and execute commands on the victim system with little or without any authentication. Sometimes, programmers use a backdoor to access their program in future for troubleshooting or other purposes.
Here is a link to one of the variant of Backdoor: Backdoor/Bitfrose
How would you like if you get to know that someone is continuously monitoring and stealing the copied stuff without letting you know. It probably will scare the hell out of me. This family of malware mainly targets the information from a victim’s computer. It enables the attacker to steal the not openly disclosed information related to user’s computer activities. Keyloggers, Sniffers and password hash grabbers come into this category. The main purpose of this malware is to gain access to your online accounts such as email accounts and online banking credentials.
Here is a link to one of the variant of this family: Zbot Spyware
Downloader does no harm to the system on it’s own. The only malicious activity it does that it downloads other malicious code which performs the malicious activities. These days it’s widespread in form of spam mail attachments which asks you to open them to check the invoice details, shipment billing etc. Usually, the attachment is zip or rar archived which extracts a .jar file. Running that jar file drops another executable file which further downloads malicious code from some malicious site. So, be careful next time you get such mail in your inbox.
Here is an example for you: JS Downloader Locky Ransom
As the name says, this malware is designed to scare you into do something into attackers benefit, may be buy some goodies for him online. In most of the scenarios, a well designed user interface will pop up that will look like an antivirus program. It will tell you something like “Your system is found infected with X number of High risk malwares, to get rid of them Buy Full Version of our Antivirus here”.
It might also trick you download some other potentially dangerous software. While in reality, the downloaded software is nothing more than a fake antivirus protection and does nothing except removing that scareware.
You might use an example to understand it better: Scareware SpySheriff
A set of software tools usually paired with other malware, such as a backdoor that enable an unauthorized user to gain control of a computer system without being detected. It gives the power to user to access victim’s system remotely at administrative level while keeping itself unidentified. Removal of rootkits is not an easy task and sometimes is impossible specially when the rootkit resides in the kernel.
And like always, here is an example for you: Rootkit Chksyn
Worm or virus
These are the malicious programs which after execution copy itself and infect other computer programs by modifying them. There is a small difference between worm and viruses. Viruses require the replication of an infected host file, while worms are standalone software. In contrast, worms do not require any host program or human help in execution and to propagate.
You can get more information on it here: Worm Vikings
Ransomware is nothing new in the malware world. The devastation it has caused in last few years is beyond one’s imagination. This malware, once executed, makes sure the files in the storage drives become unusable. And, then The attacker proposes a considerable amount of money to the victim. The amount must be paid by the victim to get those files accessible again. I have explained it in more detail here:
Here is the detailed analysis link for it: Ransomware Locky
Now so that you already learned enough about Malwares, why to stop now?
Come with us, and take the first step towards the journey to Malware Analysis.
Please comment whatever comes in your mind after reading this post.