Classification of malware
Eniko Toth

Classification of malware

The current world war isn’t happening in the physical world. However, cyber attacks have stepped into the foreground, and blackhat hackers can gain millions with their targeted attacks. Their main weapon in this war: malware.

In this article, we’ll diversify the different types of malware so that you can better understand their behaviour.

There are many ways in which malware can be categorized, but now we’d like to introduce Christopher C. Elisan's classifications from his book, Malware, Rootkits & Botnets.

1.Infectors

Infectors have a very important limitation: they can only spread through files and removable media. So, if a computer is infected in the U.S. with an infector malware, it’s unlikely that this infector will compromise another computer in Germany (unless the owner of the first computer gives a pendrive containing the infected files to another person).

Let’s see the different types of infectors:

a)Executable Viruses

As the platform changed, the file format of the computer viruses changed as well. The old DOS viruses didn’t work in Windows, as it had a new file format: the NewEXE (New Executable). But because Windows is based on DOS, there was a chance to get infected by DOS viruses, which corrupted Windows computers because of the different file format (e.g., DIE_HARD 2). Of course, computer viruses quickly emerged into the new file format thereafter.
Windows 95 brought in a new file format, the PE (Portable Executable), and guess what? Computer viruses conformed as well (even against the belief that the PE would be the end of these viruses).
We talked about Windows, but don’t believe that it’s the only OS that can be the victim of executable viruses. Linux can be a target, too!

b)Macro Viruses

Macros are able not only to perform specific tasks, but they are also used in application-specific macro language. Macro language is a helpful tool to automate text formatting and crunch numbers in word processors and spreadsheets. Macro viruses target mostly Microsoft Office (e.g., Word, Excel, Access,  and PowerPoint), and if they are successfully exploited, the opened and newly created files will be infected.
It’s important to note that macro viruses depend on the application-specific macro language, so it means that they are OS independent.
Examples: DMV (Document Macro Virus), Concept, Laroux, JetDB, Attach


c)Script Viruses

Ever since Office 97 released the VBS, virus script writers started to use the VBS (Visual Basic Script). But not only is VBS used by hackers. JavaScript is also a possibility for them; however, it has some limitations. They can only work in a web browser or in a PDF document.

2.Network Worms

In spite of the infectors, network worms can spread quickly thanks to the Internet. This type of malware can replicate itself on different devices. It spreads mainly on used network services: browsing, email, and chat.
Network worms can be diversified into different categories according to the channel on which they are spreading:

-Mass mailers
-File-sharing worms
-Instant Messaging Worms
-IRC Worms
-Local Network Worms
-Internet Worms

3.Trojan Horse

A Trojan is a software that looks legitimate so that users will think it’s a harmless game or tool. But  it actually isn’t. Trojan horses are very dangerous malware which can destroy your files, software, or even the whole OS.

The only solution after an exploitation of a Trojan is a reinstallation or backup.

4.Backdoors

They are able to gain root access to the compromised machine through an undocumented OS and network functions. Backdoors operate in stealth mode in order to avoid being detected.


5.Remote Access Trojans

Remote Access Trojans (RAT) are like an “extended backdoor.”  The attack can gain root access to the compromised system, but there’s something more. RAT has a user interface—the client component—which allows the attacker to run commands, install programs, steal information, and also destroy the machine.
If the attacker can access thousands of such compromised systems and use them to attack others, that’s called a botnet.

6.Information Stealers

This type of malware’s purpose is to steal different kinds of information such as passwords, financial credentials, private information, and anything else. How is this possible? Information stealers can capture your keystrokes (Keyloggers), take screenshots of the desktop (Desktop Recorders), or steal information from the memory (Memory Scrapers).

7.Ransomware

It’s a very spectacular malware. The attacker doesn’t want to hide it from you. Instead, they put ransomware right in front of us. Why do they do that? The answer is really simple: they want to earn money. Ransomware holds data or access to the system as long as you don’t transfer the requested amount of money (or Bitcoin) to them. In most cases, the attacker uses encryption to lock the computer.


The most known ransomware was the WannaCry, which started to spread last year.

8.Mobile Malware

Malware doesn’t only infect PCs/servers. There are different types of malware which operate on mobile devices. Nowadays, the number of these infections is increasing on Android and iOS as well.


How Can Malware Spread?

The ordinary way: downloading it through a user interaction such as an email attachment, an infected software (e.g., game) or a phishing website. But the techniques are improving and there are new trends on the horizon according to Jack Danahy:

"1. More attacks are going “clickless,” bypassing user interaction altogether
2. Attackers are increasingly evading detection by “living off the land”
3. “Plug-and-play” worming components are on the rise”

Stay Protected Against Malware

As you can see, the world of malware is really huge. There are many types of malware and various techniques to compromise your devices. But there’s light at the end of the tunnel! Linux server owners don’t have to worry about getting infected. Our Malware Detection is an effective tool against malware. Some statistics: this year, we detected almost 300,000 infected files! But there's more! The other BitNinja modules are stopping the hackers in the first phases of the attack cycle, so they won’t even have the chance to exploit malware.
We believe that every server owner is responsible for their servers and have to proactively protect them. So, if you aren’t a part of our Ninja Community, don’t wait any more minutes! Join us to watch how BitNinja kicks hackers’ asses.

Share your ideas with us about this article

Previous posts

IT security misbeliefs – third IT security meetup by BitNinja
We like attending meetups because we believe that great ideas are created when we share our experience and knowledge. That’s why we decided to organize regularly an IT security meetup in our town, Debrecen. On 24th August, we held our third meetup and we are so happy that the number of the attendees is increasing. Not only did the cold beer and the delicious pizza attract participants, but so did the interesting topics we were discussing. The most recent topic was: IT security misbeliefs. 1.“If I’m using a strong password, everything is OK.” Most people believe that if they have a...
The Most Famous Vulnerabilities: SQL injection
As a member of the BitNinja Development Team, one of our most important tasks is to develop the protection of BitNinja. When we deal with such a process we can see how an attack works or how a botnet can exploit a vulnerability. It's almost like watching these events behind the scenes. That's why this blog series started—because there are some vulnerabilities we need to talk about. The first patient is SQL injection. My previous blog article which was about the Hackerone also encouraged me to make this blog series. On this platform, there is a lot of public report for SQL injection...