RAT: Remote Access Trojans
This type of malware allows attackers to take over computers
and remotely control them. They allow attackers to execute commands on the victims’ systems and distribute the RAT
to other computers with the goal of building a botnet.
A backdoor malware
has a similar objective as a RAT but uses a different approach. The attackers use so-called “backdoors” which are mostly deliberately placed in programs or operating systems
. However, they may also be installed in secret.
A special characteristic of backdoors is the fact that they can be used to bypass the existing defense mechanisms. For example, they are very attractive for cybercriminals to create botnets.
Botnets and Zombies
are large accumulations of infected computers
that the attacker builds up over time. Each affected computer is called a zombie. The attacker can send commands to all computers at the same time to trigger activities such as DDoS attacks or to mine bitcoins with the help of individual zombie computers.
It is especially treacherous that owners of the affected computers do not notice that they are part of a botnet until they are already carrying out the externally controlled activities.
This is malware that collects information from the victim’s computer
. These can be Credential Stealers which extract the login data from user accounts such as email mailboxes, Amazon or Google accounts., On the other hand Keyloggers record everything that users speak or write and often take screenshots. Bitcoin Stealers search for Bitoin Wallets and rob the cryptocurrency.
Downloader / Dropper
Downloaders or droppers are small programs
that serve only one purpose – to reload more malware from the Internet
. At first victims are not able to recognize which contents are being downloaded because only an URL is visible. The great advantage for an attacker with this method is being able to constantly provide new malware for download and distribute up-to-date and difficult-to-detect malware.
Rootkits are the most dangerous type of malware, even though is not even necessarily malware. Rather, a rootkit hides malicious code from discovery
. In this form of attack, the attacker penetrates deeply into the computer system, gains root privileges and thus gains general access rights. The cybercriminals then change the system so that the user no longer recognizes when processes and activities are started. It’s very hard to locate attacks based on rootkit obfuscation.
Naturally, there are other categories and definitions of malware
that are not listed here. It should be noted that the malware which is circulating nowadays is mostly a mixture of several types. For example, there are trojan horses that also include a backdoor.
Often, the different attack types
can be put together dynamically according to a modular principle. Therefore, the malware found today can no longer be clearly assigned to one of the categories mentioned above.
In our next post, you will learn about the main players in terms of malware and cyber-attacks