Research Assessment #2

Date: 09/19/2019

Subject: Types of malware and how to recognize them

MLA Citation: Grimes, Roger A. “9 Types of Malware and How to Recognize Them.” CSO
Online, CSO, 1 May 2019, www.csoonline.com/article/2615925/security-your-quick-guide-to-
malware-types.html.

Analysis:

My first expression to the title of this article was: “Wow, I never knew so many types of
malware existed!”. Before reading this article, when I thought of the word “malware”, the only
software attack that came up in my mind was a virus or worm. However, after reading this
article, I understood that this was not the case at all. In fact, this reading mentions and elaborates
upon nine different types of malicious software: viruses, worms, trojans, hybrids, ransomware,
fileless malware, adware, malvertising, and spyware.

This article provided a lot of value to me personally since it opened up the idea that one
of the most challenging aspects of being a cybersecurity engineer is to understand all of the
different ways that hackers can operate malware since only then can they adjust the system’s
settings accordingly to defend against cyber attacks. Furthermore, this article made me think
more in-depth about the primarily goal of a Cybersecurity engineer. Until now, I had mainly
perceived a Cybersecurity specialist as someone who defends the company’s network when an
attack occurs, but in reality, their primary role is to prevent these problems from occurring, not
simply reacting to them. This conveys to me that there is a different mindset required for this job
than what I had initially assumed since Cybersecurity engineers have to be proactive, not
reactive. Digging to this depth of analysis to learn this critical factor has motivated me to not
only improve my technical skill set to pursue this career, but also my mental stamina and way of
thinking.

Another aspect of this report that is especially valuable to newcomers of the

Cybersecurity field is that it lists several ways to avoid being attacked by these types of malware
in laman terminology. For instance, to describe what a Trojan attack is, the author provides an
example of how many people swallow bait to the “Clean your PC now” pop-up. This pop-up
usually pretends to be an antivirus software, when in reality, it infects the system with the
malware and manipulates the user’s personal data. This example really cleared up what this
attack does, and at the same time made me more aware of what to do when I encounter such
traps when browsing on the Internet. As a result of this increased knowledge and awareness, I
feel more confident in regards to surfing the Internet and pursuing Information Security since I
now know what kinds of indicators to look out for. It has additionally created a desire in me to
educate my friends and family members to watch out for these common Internet attacks so that
they do not lose any vital information, such as bank account information and website passwords.
To summarize, this article is not only relevant to individuals entering the Cybersecurity field, but
also anyone who just wants to protect their data from being hacked.

Enriching myself with these new types of Cyber attacks has made me want to discover
how common these attacks actually occur by researching more articles. Through this process, I
learned that ransomware is extremely common, and it has hit many prominent companies,
including Norwegian aluminum producer Norsk Hydro. A statistic regarding ransomware that
really surprised me was the fact that Ransomware attacks cost businesses more than 75 billion
dollars per year (Source: Datto). After analyzing this statistic as well as others that emphasize the
large, negative impacts that Cyber attacks have on companies, a few questions came into my
mind - if these attacks are so common, why do companies still struggle so much to defend
against them? Also, are there different versions of the same attack that makes it harder for
Cybersecurity professionals to predict and prevent them?

Lastly, reading this article has provided me with several factors of encouragement. First
off, it makes me excited to know that since there are so many different types of malicious
software that attack companies, the field of Cybersecurity Engineering is well in-demand as there
is an increasing need of people to maintain companies’ information and personal data. Another
factor that motivates me is the idea that I can implement my knowledge to raise cyber awareness
across my communicate to protect them from being susceptible to common forms of malware.
However, one of the major downsides of this career is that I must be flexible to log in as soon as
there is a security threat since the credibility of the organization and the data of thousands of
customers is at high risk. As a result, Cybersecurity professionals must be able to immediately
adjust to new situations and put forth as much effort as possible to defend against the oncoming
Cyber attacks.

*Below is my annotated article

9 types of malware and how to recognize
them The moment I saw this title, I was stunned to see that there are so
many types of malware that I never knew about. I had only known about viruses,
worms, and ransomware before.

Think you know your malware? Here's a refresher to make sure you know
what you're talking about — with basic advice for finding and removing
malware when you've been hit

People tend to play fast and loose with security terminology. However, it's important to
get your malware classifications straight because knowing how various types of
malware spread is vital to containing and removing them.

This concise malware bestiary will help you get your malware terms right when you
hang out with geeks.

1. Viruses
A computer virus is what most of the media and regular end-users call every malware
program reported in the news. Fortunately, most malware programs aren't viruses. A
computer virus modifies other legitimate host files (or pointers to them) in such a way
that when a victim's file is executed, the virus is also executed.

Pure computer viruses are uncommon today, comprising less than 10 percent of all
malware. Wow, that is it? I thought there would be much more. I know that my old
computer had been infected by a virus, so I thought that they were really common in
comparison to other forms.That's a good thing: Viruses are the only type of malware
that "infects" other files. That makes them particularly hard to clean up because the
malware must be executed from the legitimate program. This has always been
nontrivial, and today it's almost impossible. The best antivirus programs struggle with
doing it correctly If they are so hard to clean up, why aren’t viruses used as much by
hackers?and in many (if not most) cases will simply quarantine or delete the infected file
instead.

2. Worms
Worms have been around even longer than computer viruses, all the way back to
mainframe days. Email brought them into fashion in the late 1990s, and for nearly a
decade, computer security pros were besieged by malicious worms that arrived as
message attachments. One person would open a wormed email and the entire
company would be infected in short order. That is really impactful! I also didn’t know
previously that worms preceded viruses since worms are more complex.

The distinctive trait of the worm is that it's self-replicating. Take the notorious Iloveyou
worm: When it went off, it hit nearly every email user in the worldWow, this really
conveys that worms can affect a large portion of the population in a short amount of
time., overloaded phone systems (with fraudulently sent texts), brought down television
networks, and even delayed my daily afternoon paper for half a day. Several other
worms, including SQL Slammer and MS Blaster, ensured the worm's place in computer
security history.

What makes an effective worm so devastating is its ability to spread without end-user
action. Viruses, by contrast, require that an end-user at least kick it off, before it can try
to infect other innocent files and users. Worms exploit other files and programs to do the
dirty work. For example, the SQL Slammer worm used a (patched) vulnerability in
Microsoft SQL to incur buffer overflows on nearly every unpatched SQL server
connected to the internet in about 10 minutes, a speed record that still stands today.
3. Trojans
Computer worms have been replaced by Trojan horse malware programs as the
weapon of choice for hackers. Trojans masquerade as legitimate programs, but they
contain malicious instructions. They've been around forever, even longer than computer
viruses, but have taken hold of current computers more than any other type of malware.
This description of the malware reminds me of the Trojan war that I learned in history!
During the war, the Greeks secretly hid inside of a horse carriage that appeared to be
legitimate, but instead it was used as a war strategy.

A Trojan must be executed by its victim to do its work. Trojans usually arrive via email
or are pushed on users when they visit infected websites. The most popular Trojan type
is the fake antivirus program, which pops up and claims you're infected, then instructs
you to run a program to clean your PC. Users swallow the bait and the Trojan takes
root.

Trojans are hard to defend against for two reasons: They're easy to write (cyber
criminals routinely produce and hawk Trojan-building kits) and spread by tricking end-
users — which a patch, firewall, and other traditional defense cannot stop. Malware
writers pump out Trojans by the millions each month This conveys that Trojans are a
significant threat to companies and their security systems. Antimalware vendors try their
best to fight Trojans, but there are too many signatures to keep up with.

4. Hybrids and exotic forms

Today, most malware is a combination of traditional malicious programs, often including
parts of Trojans and worms and occasionally a virus Is this why people struggle a lot to
defend against cyber attacks?. Usually the malware program appears to the end-user
as a Trojan, but once executed, it attacks other victims over the network like a worm.

Many of today's malware programs are considered rootkits or stealth programs.

Essentially, malware programs attempt to modify the underlying operating system to
take ultimate control and hide from antimalware programs. So as the Cybersecurity
workforce is getting stronger, so are the hackers. It is almost like a competition between
these two groups to see who can outlast the other.To get rid of these types of programs,
you must remove the controlling component from memory, beginning with the
antimalware scan.

Bots are essentially Trojan/worm combinations that attempt to make individual exploited
clients a part of a larger malicious network. Botmasters have one or more "command
and control" servers that bot clients check into to receive their updated instructions.
Botnets range in size from a few thousand compromised computers to huge networks
with hundreds of thousands of systems under the control of a single botnet master.
These botnets are often rented out to other criminals who then use them for their own
nefarious purposes.

5. Ransomware
Malware programs that encrypt your data and hold it as hostage waiting for a
cryptocurrency pay off has been a huge percentage of the malware for the last few
years, and the percentage is still growing. Ransomware has often crippled companies,
hospitals, police departments, and even entire cities.

Most ransomware programs are Trojans, which means they must be spread through
social engineering of some sort. Once executed, most look for and encrypt users’ files
within a few minutes, although a few are now taking a “wait-and-see” approach. By
watching the user for a few hours before setting off the encryption routine, the malware
admin can figure out exactly how much ransom the victim can afford and also be sure to
delete or encrypt other supposedly safe backups. Ransomware sounds like bribery
since the only option that companies have to protect their customers’ data is to pay the
hackers a large sum of money.

Ransomware can be prevented just like every other type of malware program, but once
executed, it can be hard to reverse the damage without a good, validated backup.
According to some studies, about a quarter of the victims pay the ransom, and of those,
about 30 percent still do not get their files unlocked. Either way, unlocking the encrypted
files, if even possible, takes particular tools, decryption keys and more than a bit of luck.
The best advice is to make sure you have a good, offline backup of all critical files.

6. Fileless malware
Fileless malware isn’t really a different category of malware, but more of a description of
how they exploit and persevere. Traditional malware travels and infects new systems
using the file system. Fileless malware, which today comprises over 50 percent of all
malware and growing, is malware that doesn’t directly use files or the file system.
Instead they exploit and spread in memory only or using other “non-file” OS objects
such as registry keys, APIs or scheduled tasks. Based on this, I understand hackers are
adopting new techniques to make it harder for the information security crew of each
company to defend against their attacks. This seems to be one of the most challenging
aspects of being a Cybersecurity Engineer since he/she must constantly learn about the
changing techniques.
Many fileless attacks begin by exploiting an existing legitimate program, becoming a
newly launched “sub-process,” or by using existing legitimate tools built into the OS (like
Microsoft’s PowerShell). The end result is that fileless attacks are harder to detect and
stop. If you aren’t already very familiar with common fileless attack techniques and
programs, you probably should be if you want a career in computer security.

7. Adware
If you're lucky, the only malware program you've come in contact with is adware, which
attempts to expose the compromised end-user to unwanted, potentially malicious
advertising. A common adware program might redirect a user's browser searches to
look-alike web pages that contain other product promotions. Adware is something that
everyone faces when they browse the Internet - there are ads everywhere to promote
content, and some of them may include viruses or some other malware.

8. Malvertising
Not to be confused with adware, malvertising is the use of legitimate ads or ad networks
to covertly deliver malware to unsuspecting users’ computers. For example, a
cybercriminal might pay to place an ad on a legitimate website. When a user clicks on
the ad, code in the ad either redirects them to a malicious website or installs malware
on their computer. In some cases, the malware embedded in an ad might execute
automatically without any action from the user, a technique referred to as a “drive-by
download.”

Cybercriminals have also been known to compromise legitimate ad networks that

deliver ads to many websites. That’s often how popular websites such as the New York
Times, Spotify and the London Stock Exchange have been vectors for malicious ads,
putting their users in jeopardy. This really highlights the fact that people must watch out
carefully for malware, even when they are browsing really basic and common
information, such as the news.

The goal of cybercriminals who use malvertising is to make money, of course.

Malvertising can deliver any type of money-making malware, including ransomware,
cryptomining scripts or banking Trojans.

9. Spyware
Spyware is most often used by people who want to check on the computer activities of
loved ones. Of course, in targeted attacks, criminals can use spyware to log the
keystrokes of victims and gain access to passwords or intellectual property.

Adware and spyware programs are usually the easiest to remove, often because they
aren't nearly as nefarious in their intentions as other types of malware. Find the
malicious executable and prevent it from being executed — you're done.

A much bigger concern than the actual adware or spyware is the mechanism it used to
exploit the computer or user, be it social engineering, unpatched software, or a dozen
other root exploit causes. This reiterates the point that many attacks use a combination
of malicious tactics to exploit a system and its vulnerabilities. In this case, hackers may
include a worm or virus within a source of adware.This is because although a spyware
or adware program’s intentions are not as malicious, as say, a backdoor remote access
trojan, they both use the same methods to break in. The presence of an
adware/spyware program should serve as a warning that the device or user has some
sort of weakness that needs to be corrected, before real badness comes calling.

Finding and removing malware

Today, many malware programs start out as a Trojan or worm, but then dial home to a
botnet and let human attackers into the victim's computer and network. Many advanced
persistent threat (APT) attacks start out this way: They use Trojans to gain the initial
foothold into hundreds or thousands of companies, while the human attacks lurk, in
search of interesting intellectual property. The vast majority of malware exists to steal
money — directly out of a bank account or indirectly by stealing passwords or identities.

If you're lucky, you can find malicious executables using a program like Microsoft's
Autoruns, Microsoft’s Process Explorer, or Silent Runners. If the malware program is
stealthy, you'll have to remove the hiding component from memory first (if possible),
then work on extricating the rest of the program. Often, I'll boot Microsoft Windows into
Safe Mode or through another method, remove the suspected stealth component
(sometimes by just renaming it), and run a good antivirus scanner a few times to clean
up the remainders after the stealth part is removed. Here’s one good tutorial on how to
use Process Explorer to discover and remove malware, and another here. This is a
really helpful portion of the article since it also informs the readers how they can prevent
themselves from being attacked by poor-intentioned hackers.

Unfortunately, finding and removing individual malware program components can be a

fool's errand. It's easy to get it wrong and miss a component. Plus, you don't know
whether the malware program has modified the system in such a way that it will be
impossible to make it completely trustworthy again.

Unless you're well trained in malware removal and forensics, back up the data (if
needed), format the drive, and reinstall the programs and data when you find malware
on a computerThis sentence confirms that this article is also helpful for those who do
not have much of a background in Cybersecurity since they can also follow these tactics
to enhance the security of their personal data.. Patch it well and make sure end-users
know what they did wrong. That way, you get a trustworthy computer platform and move
ahead in the fight without any lingering risks or questions.