Introduction and History
Malwarew are programs that intend to do undesirable or destructive actions on a target system without the permission of the system owner. The term Malware is made from two words Malicious and Software. The first malwares were viruses written in the early 1980's with the intention of destroying information stored in computer systems. After that, the first web worms (Internet Worm) was born in 1988 to infect SunOS and VAX BSD systems. This worm, through a network vulnerability in these operating systems, attacked them and after penetration, ran a malicious program on the system. Then, in the first years of 2000's, new techniques were invented to exploit computers through malware, and the main purpose of malware was to exploit computers as zombies. At that time, backdoor software was widely used. Since 2003, spyware has also become popular for new purposes: data theft and espionage. At last, we can name the new known malwares, ransomwares and Advance Persisten Threats (APTs). Following is a list of main malware categories:
Virus: is a program that replicates itself into other files and executable programs. Viruses generally show a series of other destructive actions in addition to reproduction. Viruses need to be executed by a user or a program to infect computers.
Worm: is a program that penetrates a computer through network vulnerabilities. Worms often perform destructive or harmful or profit-seeking actions on the system after penetrating through the network; For example, they infect the system with a virus. The general behavior of worms is as follows: 1) searching for vulnerable computers in a network, 2) attacking and infiltrating the vulnerable computer and executing a program on it, and 3) using the new computer to attack other systems.
Trojan Horse: is a program that appear to be useful and trick the user into executing them, while in addition to the user's expected action, they secretly perform another malicious activity. For example, when a user downloads and installs a free computer game from the Internet, the trojan horse runs and infects the system with a virus.
Backdoor/Trapdoor: after successful intrusion, the intruder installs one or more backdoor programs in the system so that he/she enters the system through covert channels in the future. In fact, the purpose of embedding a backdoor is to create a way to bypass the system's access control mechanism.
Spyware: this category of malware tries to steal information from computer systems. Spyware can be installed by other malware such as Trojan horses or worms, or by a profit-seeking person who installes them directly. Another way to spread spyware is mass incitement or social engineering, such as use of email to encourage the user to install a free and apparently useful program. There is a special group of spyware called Keylogger, which while executing, save everything that the computer user types and then shares this information with the hacker thorough the Internet.
Rootkit: is a special type of malwares manipulating the operating system. The purpose of using rootkits is to hide other malware such as spyware. Rootkits manipulate the core of the operating system and as a result, it is not even possible to recognize the existence of the rootkit itself, and even the names of the rootkit files cannot be searched. Rootkits have been introduced morstly on Linux operatin system.
Adware: is a program for advertisment which displays a message without user request. Pop-ups are an example of this type of malware. The degree of maliciousness or dangerousness of these malwares can vary. For example, if this program is installed on the operating system, it can potentially collect any user information or manipulate other softwares. But ad programs that are set on the browser will have a lower level of damage. In general, information collected by this type of malware is less sensitive and is only used for better understanding user interest.
Ransomware: is a newer version of malware which intrudes to a system and encrypts files with a secret key only known by hacker. The hacker gives this key for decryption if victim pays a determined fee.
Advanced Persistent Threat (APT): is a type of malware which resides silently on a target system for a long time and collects information. It has communication with its Command and Control (C&C) server thorough covert channels for the next steps or even executring destrcutive payloads. The mostly known APT is Stuxnet.