NoteVerse

malware

Comprehensive study notes, diagrams, and exam preparation for malware.

Malware

Definition

Malware, short for "malicious software," refers to any program or file specifically designed to infiltrate, damage, or gain unauthorized access to a computer system, network, or server without the user's consent. It is the umbrella term for a variety of cyber threats including viruses, worms, trojans, ransomware, and spyware.

Main Content

1. Types of Malware

  • Viruses: Programs that attach themselves to legitimate files and replicate by spreading to other programs when executed.
  • Worms: Standalone software that replicates itself to spread to other computers, often consuming bandwidth and overloading networks.

2. Evasion and Persistence

  • Rootkits: Tools designed to hide the presence of other malicious software, allowing attackers to maintain permanent access to a system.
  • Polymorphism: A technique where malware constantly changes its own code or signature to evade detection by signature-based antivirus software.

3. Payload Delivery Methods

  • Phishing: Tricking users into clicking malicious links or downloading attachments via deceptive emails.
  • Drive-by Downloads: Malware that installs itself automatically when a user visits a compromised website without requiring any interaction.

Working / Process

1. Infection and Infiltration

  • The malware enters the system, often exploiting a vulnerability in the operating system or browser software.
  • The attacker utilizes social engineering, such as masquerading as a legitimate software update, to trick the user into granting permission.

2. Execution and Installation

  • Once the file is triggered, it executes in the background, often hiding its processes from the Task Manager to remain undetected.
  • It copies its files to system directories to ensure it starts automatically whenever the computer boots up.

3. Command and Control (C2)

  • The malware establishes a connection with the attacker’s remote server to receive instructions or exfiltrate stolen data.
[User Device] <--- (Internet) ---> [C2 Server]
      |                                |
  Malware executes              Sends commands
  and beacons out               to the malware

Visual representation of how malware communicates with an attacker's Command and Control server.

Advantages / Applications

  • Cyber Warfare: Used by state-sponsored actors to sabotage the critical infrastructure of rival nations.
  • Financial Gain: Employed by cybercriminals to encrypt data for ransom (Ransomware) or steal banking credentials for direct theft.
  • Surveillance: Used by entities to gather intelligence by monitoring keystrokes, screen activity, and sensitive files.

Summary

Malware is a broad classification of malicious code engineered to disrupt, destroy, or covertly access computer systems. It poses significant risks to personal privacy, corporate data, and national security through mechanisms like self-replication, data encryption, and remote surveillance.

  • Key Terms: Ransomware, Trojan, Phishing, Rootkit, Exfiltration, Signature-based detection.
← Prev: worms
Next: Trojans →