Although the names of the command and control servers and the methods they use vary, the purposes of malicious software are within certain categories. In this way, you can inform the other person about what the malware is doing by simply telling the category of the malware.
For example, if you say that the software you are examining is a keylogger, everyone will know that this is a software that records and plays the keys pressed on the keyboard. You may provide this important initial information about the malware to your upper management to give the idea about it and the attacker’s target then follow up with the detailed analysis report.
As we mentioned, malicious software are divided into types according to their functions/purposes/characters. After analyzing the malware, you will match it with one of the following types. Therefore, you should know what these types are.
- Backdoor: Leaving a backdoor on the device where the malware is installed, it allows the attacker to access the system through this backdoor. For example, by opening a network port connected to the shell, it enables the attacker to connect to the system through this port.
- Adware: It often comes with downloaded software, causing unwanted advertisements to be displayed on the device. While not all adware is harmful, some change the default search engine.
- Ransomware: It is a type of malware that has been on the world agenda for the last few years. It demands ransom from people by encrypting and exfiltrating all files on the device.
- Virus: It is one of the first types of malware seen in the wild. So we see that in daily life, it is often called a virus instead of the term malware. Viruses have a self-replicate feature. It provides persistence by infecting other files on the device.
- Worm: Since this type of malware spreads from infected devices to other devices, it is named worm. WannaCry, a worm malware exploiting MS17-010 vulnerability, caused panic around the world.
- Rootkit: It is a type of malware that disguises itself by providing access to a high level of authority on the device.
- RAT (Remote Access Trojan): It is a type of malware that provides full control over the device to the threat actor.
- Banking malware: A type of malware that targets banking applications and causes money to be stolen from the victim.
- Keylogger: A type of malware that logs pushed keys and sends this information to attacker.
A malware may contain more than one feature, so a malware can belong to more than one type.
