Three main areas of malware:
- Ads / Spyware / Marketing
- Remote Access / Keyloggers
- Remote Attacks / DDoS
Indicator of Compromise
Artifacts observed that indicate a computer intrusion (e.g. unusual outbound network traffic, DNS anomalies, anomalies in privileged user account activity, etc.)
Virus
Malware that requires user interaction to install and replicate.
Ex: Stuxnet
Crypto-malware / Ransomware
Malware that scare/scam users into taking some type of action.
Ex: WannaCry
Worms
Self replicating program that usually self-contained and can execute and spread without user interaction.
Trojans
Seemingly friendly software that contains hidden malicious software.
Ex: Sub7, Back Orifice, etc.
Rootkits
Malicious code that install itself at the OS or Kernel level to avoid detection. Hard to get rid of because they load before the OS loads and they can disable anti-virus and anti-malware.
Keyloggers
Malicious application that once installed captures all keystrokes such as credentials, chats, emails, etc.
Adware
Malware that is installed on an infected machine to deliver ads.
Spyware
Malware that captures user activity (i.e. keystrokes, web browsing activity, etc.) and reports back.
Botnets
Malware that connects to one or more command & control (C&C) servers to control thousands of bots for massive DDoS attacks.
Logic Bomb
Piece of malicious code that triggers after a period of time based on some date or specific activity.
Backdoors
Software that installs for the purpose of opening ports and installing additional software. They can phone home, steal creds, install keylogger, etc.