Definitions of Malwares

Definitions of Malwares

In our daily work, (hardware upgrades, virus removal, reinstallations, all things technology) we come across lots of malware/virus removal jobs and are asked by our client base what specifically did the damage and how could they avoid it. In order to simplify things we decided to give a list of malwares/viruses and how they infect machines typically. The motivations of hackers is difficult to answer. Some people do it for money while others do it just to prove how smart they are. To make things simpler and to provide a resource for customers who want to know, I have compiled a list of different types of malwares and viruses as defined by the Virus Removal people I trust. This list was made possible with the assistance of Kaspersky Labs Malware Tree and other sources. While it is true that most viruses/malwares target Windows machines, there have still been crimekits developed for the Mac operating system. As the numbers of Mac users grows,

This list is ranked with different types and begins with the least harmful and works its way over to the most damaging.

Exploit Malwares– Exploits are given the name because they do just that; they exploit weaknesses in software that all computer users have running on their machines. They can be difficult to identify because they are taking advantage of software that is ubiquitous (either a framework for the web, or programs we use every day). Exploits target: Java, HTML/Javascript, and documents (Word and PDFs). Here are the common Exploit malware types:

• Constructor Exploit – The Constructor exploit is a program that once installed on your computer plays advertising, popups or random noises on your machine. It uses up resources and overall slows down the computer. We have seen the KNCTR many times.
• DoS Exploit – The DoS exploit is a malware program that informs the user that they cannot connect to the internet even if Windows is telling them that they have a solid internet connection.
• Spoofer Exploit – The Spoofer Exploit pretends to be an antivirus program that tells the user that they have multiple threats that can be removed only if they spend a certain amount of money.
• Flooder Exploit – The purpose of the flooder exploit is to send mass lures of reinfection to the contacts of an infected user. The below list of flooders specifies the delivery system of the exploit.
  • Email-Flooder Exploit – Email Flooder Exploit targets contacts in email programs.
  • SMS-Flooder Exploit – SMS Flooder Exploit targets contacts in an Android phone.
  • IM-Flooder Exploit – IM Flooder Exploit targets instant messaging services like Yahoo Messaging, or Google Chat contacts.
• Hoax Exploit – The Hoax Exploit takes advantage of popular culture. For example, many times Michael Jackson has passed away. On the web, people find a site looking for scandalous details and end up in the dubious position of getting infected. Gossip has never been good for anyone.
• VirTool Exploit – There is a reason why updates are important. The Virtool exploit takes advantage of people not doing regular maintenance on their computers. If you have an outdated version of Flash Player or Java, this exploit notifies you and then your attempt at updating causes the infection.
• HackTool Exploit – The hacktool exploit attacks programs that use databases. Examples of programs that use databases are Quickbooks, Access, Content Management programs like WordPress, Joomla, Drupal, etc. This exploit uses SQL injection to hack the database and extract passwords and other sensitive information.
• Drop Exploit – The drop exploit is used to drop rogue antivirus programs onto infected computers. The user is told that they have false viruses and must purchase full versions of the software to remove infection.

Rootkits – Rootkits are tools originally designed for UNIX/Linux operating systems. Those operating system refer to administrative level access of a user as the root and hence the name. What makes a rootkit dangerous is its intent and difficulty to discover. Rootkits by design access a computer at the administrative level and then obscure themselves from detection. Oddly, hackers are not the only people responsible for creating rootkits. In 2005, Sony installed copy protection on its CDs. This copy protection wasn’t noticeable until a purchaser installed the CD on their computer using ITunes, Windows Media Player, etc. Loading the files on your computer installed a rootkit that limited what you could do with the music once it was on your machine.

Viruses – Viruses are what everyone has known and loves. It is a specific piece of code created to damage or steal intellectual data. They come in many forms but have similar purposes. There have been hundreds of variations but viruses tend to come in these types:

• Trojans – Trojans might represent that largest proportion of viruses out there on the web. I was once asked, “Why are people still making computer viruses? “I answered them by using the toilet seat or public phone analogy. A lot of these viruses were made years ago and don’t always have someone at the switch. Often times, a hacker will monitor a virus for a short period of time and then move on to better grounds. It is better in hacker parlance to get in and out quickly to avoid detection. They are called Trojans because they pose as something else in order to gain access to your computer and information. It is possible for someone’s computer to get infected with a Trojan that has characteristics of all the below mentioned types.
  • Trojan Downloader – Typically is the delivery program that an exploit uses to take advantage of that exploit. Often times, the infected person gets an email (exploit) or downloads an image or free program on the web and then installs malware onto their computer.
  • Trojan Dropper: In virus parlance, the dropper is the action of dropping viruses onto the computer. The dropper itself is a program that hides itself in the infected system and delivers viruses to the computer. They are hard to detect because they do not target specific vulnerabilities of known programs (like other viruses do). Instead, they hide and deliver slews of viruses in their payload to an infected machine. It is very possible to removed lots of viruses without actually removing the dropper itself. Soon enough, the computer is reinfected with hundreds of viruses again.
  • Trojan PSV – Like other Trojans, PSV infects your computer and can offer false antivirus programs as well as interfere with the ability of installed antivirus programs to work correctly.
  • Trojan Spy – Trojan Spyware has the ability to stealthily monitor what a user is doing. They can also turn on webcams and microphones to record/monitor everything a user is doing.
  • Trojan DDoS – DDos is a Denial of Service Attack. Spending time on hackforums, I have noticed that people target other websites. Maybe that website is a rival or doing something a group does not approve. There are lists of sites that people want DDos’d. I once had an employee who donned himself an ethical hacker who introduced me to this site. Once he no longer worked for me, I noticed hundreds of visits to the PC Handyman site in a 10 minute period. The Trojan infects the user’s system in the same manner of all Trojans and makes your machine a pawn in a massive DDoS strike. Once there is a critical mass of infected machines they all attack the targeted site in hopes that the overwhelming numbers of visitors in a short amount of time will crash the system.
  • Trojan Ransom – Trojan Ransoms usually occur when people participate in downloading porn pictures or download free pornography. Sometimes, it doesn’t require downloading the porn but attaching this Trojan to an exploit that asks you to update a Flash Player for example, and then you get infected with the Ransom Trojan. This Trojan shuts down your task manager, antivirus programs, and then puts up an image threatening to turn you in if you do not use MoneyPak or any other prepaid card services to make this little problem go away.
  • Trojan GameThief – The Game Thief happens when people download pirated games on their computers, the most common path of infection is based on people who play World of Warcraft. Since it is one of the biggest pay to play games in the world, capturing user account Warcraft data is a common currency in the hacker world. I have discovered hacked Warcraft accounts on hacker sites for sale and people are still mining virtual gold, weapons, and items to sell on EBay. They end up with Trojans that cause constant instability like the above mentioned viruses.
  • Trojan Rat – The Trojan Rat is a program that sits on your system and allows the hacker to monitor and control your machine. Hackers do this to either take data from a person (like banking and credit card information) or to cause additional mayhem using your machine to do it. Hackers can even turn your machine back on with a Wake on LAN command if you are hardwired to the network.
  • Trojan Banker – The Trojan Banker does exactly what its name dictates and targets your browser to capture username and password data for your banking purposes. A lot of times, Phishing sites do some of this work. They may look like your bank website but make sure that the domain truly belongs to your financial institution.
  • Trojan Mailfinder – Similar to the Banking Trojan, Mailfinder is looking for sensitive information. These tools can also do screenshots when certain activity takes place all helping the hacker gather email addresses, and sensitive information either in your inbox or based on web activity.
  • Trojan SMS – SMS Trojans are those that target users with text messaging. Since the iPhone, for the moment, is immune to this kind of attack, the victims of these attacks are Android operating system users. The intent of the Trojan is the same as that of the computer hide in the system and target sensitive information.  It is vital that Android users install antivirus software.
  • Trojan Clicker – Trojan Clicker also called Facekiller is a Trojan that takes over people’s Facebook Accounts to increase the likes of that particular page. It is a JavaScript code that hides in your browser and forces you to like the page.
  • Trojan Proxy – Trojan Proxy changes proxy settings in people’s browsers. Proxy settings are codes that tell your machine which servers to use when searching the web. Microsoft has servers and so does Google. Our Internet Service Providers (ISPs) also have their own proxy servers. Once you have been Proxy infected, your browser will share anything you type into the browser with the hackers.
  • Trojan Notifier – Notifier is typically a Trojan written in Delphi (a Pascal based programming language) that encrypts itself and infects computers to gather emails from a user’s Outlook or mail client and then sends that information to the hacker.
  • Trojan ArcBomb – The ArcBomb is a veritable hodge podge of all the above Trojans all at once to a system.

Backdoor Viruses – This term refers to all viruses that share the qualities of being able to give a hacker remote access to a machine for the same ends as above.

• Worms – Worms are self-replicating standalone programs. They are unlike viruses in that they do not require a program to do their damage. Viruses typically target vulnerabilities in Java, HTML, Word, Email Clients, etc. Worms only need a vulnerability in security software and can infect a machine and replicate themselves sending themselves out to the world with one of the below pathways/
  • IM – Worm – Targets Instant Messaging as the path to infect other machines. Yahoo Instant Messaging, Google Chat, etc. are pathways to get infected with a worm.
  • IRC-Worm – IRC worms use old technology that hackers and programmers still use. IRC Chat is a program that does the same things instant messaging does.
  • P2P Worm – Peer to Peer worms infect people by attaching themselves to communication that occurs through group sharing sites like BitTorrent. They are nasty because they can come through with anything someone downloads from those sites. That is why I do not use those programs at all and also find many clients with worms on their computers that we must remove.
  • Email Worm – The Email Worm uses the pathways of email clients to spread their infection to other users. Typically the worm waits and attaches itself to emails that the infected client sends.
  • Net Worm – Like the others, the net worm replicates and delivers itself over a network. All it takes is to have 1 infected computer on a network with thousands of machines to have an infestation in no time. When I worked IT at CSU, the net worms were living on the network. Whenever we installed new versions of Windows on a machine, we had to do updates and install antivirus protection before ever connecting the machine to the network. Otherwise, the machine would immediately be infected.

 

New Post has been published on http://clevelandheightscomputerrepair.com/2014/10/definitions-of-malwares/