This topic describe malware types. Start learning CCNA 200-301 for free right now!!
Note: Welcome: This topic is part of Module 3 of the Cisco CCNA 3 course, for a better follow up of the course you can go to the CCNA 3 section to guide you through an order.
Table of Contents
Overview of Malware
Now that you know about the tools that hacker use, this topic introduces you to different types of malware that hackers use to gain access to end devices.
End devices are particularly prone to malware attacks. It is important to know about malware because threat actors rely on users to install malware to help exploit the security gaps.
Click Play to view an animation of the three most common types of malware.
Viruses and Trojan Horses
The first and most common type of computer malware is a virus. Viruses require human action to propagate and infect other computers. For example, a virus can infect a computer when a victim opens an email attachment, opens a file on a USB drive, or downloads a file.
The virus hides by attaching itself to computer code, software, or documents on the computer. When opened, the virus executes and infects the computer.
Alter, corrupt, delete files, or erase entire drives.
Cause computer booting issues, and corrupt applications.
Capture and send sensitive information to threat actors.
Access and use email accounts to spread.
Lay dormant until summoned by the threat actor.
Modern viruses are developed for specific intent such as those listed in the table.
Types of Viruses
Boot sector virus
Virus attacks the boot sector, file partition table, or file system.
Virus attacks the device firmware.
Virus uses the MS Office or other applications macro feature maliciously.
Virus inserts itself in another executable program.
Virus attacks the OS interpreter which is used to execute scripts.
Threat actors use Trojan horses to compromise hosts. A Trojan horse is a program that looks useful but also carries malicious code. Trojan horses are often provided with free online programs such as computer games. Unsuspecting users download and install the game, along with the Trojan horse.
There are several types of Trojan horses as described in the table.
Type of Trojan Horse
Trojan horse enables unauthorized remote access.
Trojan horse provides the threat actor with sensitive data, such as passwords.
Trojan horse corrupts or deletes files.
Trojan horse will use the victim’s computer as the source device to launch attacks and perform other illegal activities.
Trojan horse enables unauthorized file transfer services on end devices.
Security software disabler
Trojan horse stops antivirus programs or firewalls from functioning.
Denial of Service (DoS)
Trojan horse slows or halts network activity.
Trojan horse actively attempts to steal confidential information, such as credit card numbers, by recording key strokes entered into a web form.
Viruses and Trojan horses are only two types of malware that threat actors use. There are many other types of malware that have been designed for specific purposes.
Other Types of Malware
The table shows details about many different types of malware.
Adware is usually distributed by downloading online software.
Adware can display unsolicited advertising using pop-up web browser windows, new toolbars, or unexpectedly redirect a webpage to a different website.
Pop-up windows may be difficult to control as new windows can pop-up faster than the user can close them.
Ransomware typically denies a user access to their files by encrypting the files and then displaying a message demanding a ransom for the decryption key.
Users without up-to-date backups must pay the ransom to decrypt their files.
Payment is usually made using wire transfer or crypto currencies such as Bitcoin.
Rootkits are used by threat actors to gain administrator account-level access to a computer.
They are very difficult to detect because they can alter firewall, antivirus protection, system files, and even OS commands to conceal their presence.
They can provide a backdoor to threat actors giving them access to the PC, and allowing them to upload files, and install new software to be used in a DDoS attack.
Special rootkit removal tools must be used to remove them, or a complete OS re-install may be required.
Similar to adware, but used to gather information about the user and send to threat actors without the user’s consent.
Spyware can be a low threat, gathering browsing data, or it can be a high threat capturing personal and financial information.
A worm is a self-replicating program that propagates automatically without user actions by exploiting vulnerabilities in legitimate software.
It uses the network to search for other victims with the same vulnerability.
The intent of a worm is usually to slow or disrupt network operations.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.