Ask a group of people to define malware, and you’re likely to get a range of different answers. The term has become a catch-all description for a broad collection of different cyber threats that keep IT managers awake at night.
Categories falling under the malware banner include viruses and worms, adware, bots, Trojans and root kits. Each category is different but all can cause disruption and loss if not detected and quickly removed.
Of the malware types in the wild, the top five are:
1. Remote Access Trojans (RATs)
RATS comprise malicious code that usually arrives hidden in an email attachment or as part of a downloaded file such as a game. Once the file is open, the RAT installs itself on the victim’s computer where it can sit unnoticed until being remotely trigged.
RATs provide attackers with a back door that gives them administrative control over the target computer. This can then be used to steal data files, access other computers on the network or cause disruption to business processes.
One of the first examples, dubbed Beast, first appeared in the early 2000s. It was able to kill running anti-virus software and install a key logger that could monitor for password and credit card details. Sometimes it would even take a photo using the target computer’s web cam and send it back to the attacker.
2. Botnets
Some liken botnets to a computerised ‘zombie army’ as they comprise a group of computers that have been infected by a backdoor Trojan. Botnets have similar features to a RAT, however their key difference is that they are a group of computers being controlled at the same time.
Botnets have been described as a Swiss Army knife for attackers. Linked to a command-and-control channel, they can be instructed to forward transmissions including spam or viruses to other computers in the internet. They can also be used to initiate distributed denial of service (DDoS) attacks similar to the one suspected to have disrupted the Australian census.
Some attackers even rent their botnets out to other criminals who want to distribute their own malware or cause problems for legitimate websites or services.
3. Browser-based malware
This type of malware targets a user’s web browser and involves the installation of a Trojan capable of modifying web transactions as they occur in real time. The benefit for malware of being in a browser is that it enables it to avoid certain types of security protection such as packet sniffing.
Some examples of the malware generate fake pop-up windows when they know a user is visiting a banking web site. The windows request credit card details and passwords which are then sent back to the attacker.
Security experts estimate that there have been around 50 million hosts infected by browser-based malware and estimated financial losses have topped $1 billion.
4. Point-of-sale (POS) Malware