Malware and its 20 Types Explained. Virus, Trojan, Ransomware, Spyware, Worm, etc.

Types of Malware Explained

Malware is an umbrella term that is used to denote all kinds of malicious software, in fact, the term “Malware” is made up from words “Malicious” and “Software”. A Virus is just one of the many types of malware. An ideal Antimalware (or Antivirus) should be able to protect your computer from all kinds of Malware. Here is a list of 20 types of Malware and a description of what each of them do.

20 Types of Malware

  1. What is an Adware
  2. What is a Backdoor
  3. What is a Bootkit
  4. What is a Bot and a Botnet
  5. What is a CrackTool
  6. What is a DDoSTool
  7. What is an Exploit
  8. What is a HackTool
  9. What is a HijackTool
  10. What is a MiningTool
  11. What is Phishing
  12. What is a RAT
  13. What is a Ransomware
  14. What is a Riskware
  15. What is a Rogueware
  16. What is a Rootkit
  17. What is a Spyware
  18. What is a Trojan Horse
  19. What is a Virus
  20. What is a Worm

What is an Adware

Any software that shows ads is called an Adware or an Ad-supported program. These type and time of displaying the ads depends upon the program. A program may show ads during its installation process in the form of optional programs to install, when it is started in the form of a splash screen, or the entire time that it is running in the form of a sidebar or ad-bar. Some ad-supported program also have a service that runs in the background and displays ads randomly. Most of the times, these adware show the sponsored products, the paid version or upgrades of their free program, or their website and their other premium products.

It is fine as long as it shows ads it is supposed to or expected to show such as the upgrade offers, promotions, news, or other types of reminders. But, it becomes a malicious adware when it starts doing malicious things such as leaking the sensitive user information to hackers, installing additional ad modules, showing ads of phishing or malicious websites, messing with system files, etc. Some of these ad-supported programs are also called Potentially Unwanted Programs (PUP) or Potentially Unwanted Applications (PUA)

What is a Backdoor

A Backdoor is used to gain unauthorized access into a user’s device. Some software manufacturer create backdoors intentionally if they need to get access into their devices for any number of reasons. But these backdoors can act as a serious security flaw or a Vulnerability, and some Hackers can Exploit this Vulnerability, and install malware in the system using this backdoor. A backdoor can bypass any number of security mechanisms supported by that device. For example, a vendor could have a string of letters/alphabets/special characters that act as a master password for its devices, and can bypass any other password set on that device.

What is a Bootkit

A Bootkit is a toolkit of malicious programs used to attack the Master Boot Record of the computer. Such a malware is able to execute and run before the operating system boots. These tools do damage to your computer in a number of ways for example; they can lock your computer, prevent software from installing, or ask the user for ransom in order to be able to boot your computer and access their data. Many antivirus software provide a boot-time scan than is targeted at detecting and removing such malware.

What is a Bot and a Botnet

The term Bot derived from the term Robot is used to denote a program that is used to perform automated tasks. These bots can be good as well as bot. A god bot helps in managing a specific task in the network such as a chat bot that automatically acknowledges your email upon reception. On the other hand, a bad bot connects to its controlling server and notifies about the victim device or send the information from the targeted device.

A bot has self-propagating capabilities, and is able to infect multiple computers on a network. It infects one computer in the network, and then moves to the next one leaving a copy of it in the previously infected computers. This way, it creates a network of compromised computers called a Botnet. A Botnet can be used to perform malicious attacks like DDoS.

What is a CrackTool

A CrackTool is any program that illegally tries to modify the working of a software. Some of the examples of a CrackTool are a Crack, Patch, and Keygen. All of these are used to crack or break the program and its code. It makes the software work in a way that its developed has not intended.

What is a DDoSTool

A DDoSTool is a malicious program that is used by the cybercriminals to perfrom DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks on web sites and web servers.

What is an Exploit

An Exploit is a type of malicious program made to exploit a specific Vulnerability found in a system. Along with Vulnerability, the term Exploit is also related to another term called Zero-day.

Anything Zero-day (or 0-day) means any vulnerability, bug, or error in the software or hardware that is yet to be identified by the vendor of that software or hardware.

Once a hacker finds out about a Vulnerability, he creates Exploits to make use of the detected vulnerabilities to take unauthorised control of the system in order to perform various malicious activities such as deleting, stealing, or copying of the data.

What is a HackTool

The term HackTool is used for denoting all those programs that can be used by the hackers for hacking or gaining unauthorized access to computers and networks. These tools may not be malicious themselves but they can be used for malicious purposes. Some of the examples are a Keylogger, Vulnerability Scanner, Port Scanner, Password Viewer, Password Cracker, Binders, Crypters, Spoofers, Pumpers, Icon Changers, etc.

What is a HijackTool

A HijackTool also known as Browser Hijacker hijacks the Hosts file and the Web Browser settings. The first target of Browser Hijackers is the Hosts file, a file that acts as mini DNS for your computer. A Hosts file contains a list of IP Addresses and their corresponding website names (domain names). Using the Hosts file, they can IP addresses of famous website domain names, and redirect you to wrong websites, which could be full of ads, malware or phishing pages.

The Browser Hijackers can change the Homepage, New Tab Page, and the default Search Engines for all of the Web Browsers installed on the system in order to generate traffic for a particular website, or to lead users to malicious or phishing websites. They are also capable of adding web browser items such as Toolbars, Plug-ins, Add-ons, Extensions, and BHOs.

What is a MiningTool

The MiningTool is the latest type of malware. The purpose of a mining tool is to use the processing power of a victim’s computer to mine cryptocurrency on behalf of its creator, the attacker. This process of infecting a target computer using a MiningTool or a Mining Malware is known as Cryptojacking.

What is Phishing

Phishing is not a program, but a web-based attack. It is an email-based malware attack where the hacker tries to get the confidential information of a user such as his login and password, bank account information, credit card details, etc. by sending him to a fake login page that looks exactly like the real one. The details entered and submitted on this fake login page are not sent to the servers of the real websites but to the server created by the hacker. This way a hackers gets the login details, bank account or credit card information of the victim.

Phishing also leads to downloading malware on the system. A phishing email could promise a big offer or a great deal, and ask the user to download the file attached in the email in order to know more about that offer or the lottery win. Once downloaded and executed, that file downloads the actual malware on the system.

What is a RAT

A RAT (Remote Administration Tool) lets the attacker control a remote system as if he had the physical access to it. It lets the attacker disable the mouse, keyboard, USB ports, etc. of the victim computer. In other words, it makes the attacker the administrator of the target computer, and gives him access to everything. Using these administrative privileges, an attacker can install various types of malware like Spyware on the user computer.

What is a Ransomware

A Ransomware is a malicious software that enters a user’s system without his knowledge and encrypts all of the data stored on the system, and asks for ransom to decrypt it. If the ransom is not paid within the specified amount of time, the files are destroyed. Paying the ransom does not guarantee the decryption of files.

What is a Riskware

The term Riskware is used to define a group to tools that could turn out to be harmful such as a keylogger key finder, password viewer, etc.

The term Riskware is used to define a group to tools that, when exploited by a hacker, can pose a security threat to the host computer. Programs such as Keyloggers, Password Managers, and Internet Relay Chat (IRC) clients fall in this category.

What is a Rogueware

A Rogueware is a malware masquerading as an antimalware. It tries to make its victims believe that his computer is infected with malware by showing fake scans, fake scan results, and fake malware. It then tries to persuade the user to purchase the software to clean his infected computer.

A Rogueware is more annoying than dangerous. It continuously shows various pop-up windows, alert boxes, messages in notification box, etc. It does not stop at just one purchase, the main aim of a Rogueware is leading its victims to a special malicious website, and then stealing their bank account and card details.

What is a Rootkit

A Rootkit is a toolkit of malicious programs that is used to get administrative access to the computer. A rootkit bypasses all kinds of security mechanisms set in place by the software developer for protecting that device.

What is a Spyware

A Spyware works in the background of the target computer, monitors the user, and secretly records the sensitive user data such as keystrokes, passwords, various account details, etc., and sends this information to its creator, the hacker/cyber-criminal, without the knowledge of the user. This information can be used for Identify Theft, Credit Card fraud, theft of various online account login details, etc. Spyware programs are also known as Crimeware.

What is a Trojan Horse

A Trojan Horse is a malicious software masquerading as a useful file. Once, inside the system it can do all types of bad things; it can act as a spyware, it can download additional malicious tools, or it can just corrupt the system directory, and crash the computer.

Trojans don’t self-replicate like worms. They can do various other things like giving backdoor access the hacker which can be used to install programs like Keyloggers and Spyware that can be used to secretly monitor the user and steal his sensitive information.

The files that the user downloads is not usually malicious in nature, and therefore in not detected by most of the antivirus programs. But when the user runs or executes this file on this computer, it connects to the Internet without user knowledge, and downloads the actual malware. The file that downloads the malware is called the Trojan Downloader.

The user does not even need to download a file to get infected with Trojan Downloaders. Such files silently install on the computer upon visiting a malicious website. This process of unintentionally downloading a malicious file on a computer is known as a Drive-By Download.

What is a Virus

A Virus spreads itself by attaching a copy of itself to another program and becoming a part of it. A virus does not have self-propagating capabilities; it needs a host to travel. They may be on a computer but won’t be activated until they are executed through the file they are attached to. When the infected file or the host file is executed, the malicious code is executed as well. The virus spreads when the infected file is transferred from one device to another via any medium like removable storage drives, network, email attachments, etc.

The viruses can do a number of things like corrupting disks or performing DDoS attacks.

What is a Worm

A Worm is similar to a Virus in that it replicates or spreads itself but unlike a Virus, a Worm does not need a host program, and it does not infect other programs. A Worm is a complete malicious program in itself.

Worms mostly affect networks, they can replicate themselves, infect all the computers using that network. They slow down the traffic on the infected networks and cause disturbance in normal working resulting in productivity loss.

Related Posts:

Leave a comment