Malware Types: Viruses, Worms, Trojans, and
Ransomware
What is Malware?
Malware is a portmanteau of "malicious software." It's an umbrella term
encompassing any software intentionally designed to cause damage to a
computer, server, client, or computer network. The damage can range from
annoying pop-up ads to stealing sensitive data, encrypting files, or
completely disabling a system.
Key Concepts:
Payload: The malicious actions the malware performs after it has
infected a system. This can include data theft, system corruption,
encryption, or opening a backdoor.
Infection Vector: The method by which malware spreads and gains
access to a target system. This can include email attachments,
infected websites, malicious downloads, USB drives, or vulnerabilities
in software.
Persistence: Techniques malware uses to ensure it remains active on
the system even after a reboot or other attempts to remove it.
Detection: Methods and technologies used to identify malware, such
as signature-based detection, heuristic analysis, and behavioral
monitoring.
Mitigation: Actions taken to prevent or minimize the impact of
malware, including installing antivirus software, patching
vulnerabilities, and practicing safe browsing habits.
1. Viruses:
Definition: A virus is a type of malware that requires a host
program to infect and replicate. It attaches itself to executable files
(like .exe, .com, or .doc files) and spreads when the infected host file is
executed. Think of it like a biological virus that needs a cell to
replicate.
How it Works:
1. A user unknowingly executes an infected file (e.g., opens an
infected attachment).
2. The virus code is activated and executes.
3. The virus replicates by attaching itself to other executable files
on the system or network.
4. The virus may then perform its malicious payload (damage).
Key Characteristics:
, o Requires a Host: Needs to attach to a file to spread.
o Replication: Replicates itself to other files.
o User Action Required: Typically requires a user to execute the
infected file.
Examples:
o CIH (Chernobyl): Overwrote parts of the hard drive and BIOS.
o Melissa: Mass-mailed itself via Microsoft Word macros.
Keywords: Executable, Host File, Replication, Infection, Payload, Macro
Virus
2. Worms:
Definition: A worm is a self-replicating type of malware that doesn't
need a host file to spread. It can independently propagate and spread
from one system to another over a network by exploiting
vulnerabilities. Think of it as an autonomous agent that can travel
independently.
How it Works:
1. A worm enters a system, often by exploiting a network
vulnerability.
2. The worm replicates itself and searches for other vulnerable
systems on the network.
3. It uses those vulnerabilities to infect other systems, creating
copies of itself.
4. The worm then performs its malicious payload.
Key Characteristics:
o Self-Replicating: Can copy itself without a host file.
o Independent: Doesn't require user interaction to spread after
initial infection.
o Network-Based: Often spreads through networks by exploiting
vulnerabilities.
Examples:
o WannaCry: Encrypted files and demanded ransom, spread
through a Windows SMB vulnerability. (Though WannaCry
includes elements of both worms and ransomware).
o SQL Slammer: Crippled internet traffic by rapidly spreading and
overwhelming networks.
o Morris Worm: One of the first significant internet worms,
caused widespread disruption.
Keywords: Self-Replicating, Network Vulnerability, Exploit, Propagation,
Payload, Autonomous
Ransomware
What is Malware?
Malware is a portmanteau of "malicious software." It's an umbrella term
encompassing any software intentionally designed to cause damage to a
computer, server, client, or computer network. The damage can range from
annoying pop-up ads to stealing sensitive data, encrypting files, or
completely disabling a system.
Key Concepts:
Payload: The malicious actions the malware performs after it has
infected a system. This can include data theft, system corruption,
encryption, or opening a backdoor.
Infection Vector: The method by which malware spreads and gains
access to a target system. This can include email attachments,
infected websites, malicious downloads, USB drives, or vulnerabilities
in software.
Persistence: Techniques malware uses to ensure it remains active on
the system even after a reboot or other attempts to remove it.
Detection: Methods and technologies used to identify malware, such
as signature-based detection, heuristic analysis, and behavioral
monitoring.
Mitigation: Actions taken to prevent or minimize the impact of
malware, including installing antivirus software, patching
vulnerabilities, and practicing safe browsing habits.
1. Viruses:
Definition: A virus is a type of malware that requires a host
program to infect and replicate. It attaches itself to executable files
(like .exe, .com, or .doc files) and spreads when the infected host file is
executed. Think of it like a biological virus that needs a cell to
replicate.
How it Works:
1. A user unknowingly executes an infected file (e.g., opens an
infected attachment).
2. The virus code is activated and executes.
3. The virus replicates by attaching itself to other executable files
on the system or network.
4. The virus may then perform its malicious payload (damage).
Key Characteristics:
, o Requires a Host: Needs to attach to a file to spread.
o Replication: Replicates itself to other files.
o User Action Required: Typically requires a user to execute the
infected file.
Examples:
o CIH (Chernobyl): Overwrote parts of the hard drive and BIOS.
o Melissa: Mass-mailed itself via Microsoft Word macros.
Keywords: Executable, Host File, Replication, Infection, Payload, Macro
Virus
2. Worms:
Definition: A worm is a self-replicating type of malware that doesn't
need a host file to spread. It can independently propagate and spread
from one system to another over a network by exploiting
vulnerabilities. Think of it as an autonomous agent that can travel
independently.
How it Works:
1. A worm enters a system, often by exploiting a network
vulnerability.
2. The worm replicates itself and searches for other vulnerable
systems on the network.
3. It uses those vulnerabilities to infect other systems, creating
copies of itself.
4. The worm then performs its malicious payload.
Key Characteristics:
o Self-Replicating: Can copy itself without a host file.
o Independent: Doesn't require user interaction to spread after
initial infection.
o Network-Based: Often spreads through networks by exploiting
vulnerabilities.
Examples:
o WannaCry: Encrypted files and demanded ransom, spread
through a Windows SMB vulnerability. (Though WannaCry
includes elements of both worms and ransomware).
o SQL Slammer: Crippled internet traffic by rapidly spreading and
overwhelming networks.
o Morris Worm: One of the first significant internet worms,
caused widespread disruption.
Keywords: Self-Replicating, Network Vulnerability, Exploit, Propagation,
Payload, Autonomous
