In the past, attackers simply installed malware on the target system and let it run automatically without human intervention; today, most attacks are carried out by several attackers who, in order to evade detection, will Utilize many programming or scripting languages to generate malicious code to allow yourself to sneak through security lines. Visible virus prevention is very important. If we want to prevent the virus, we must first understand the virus. After knowing the types of viruses, we can do better on data protection and protect our data from being affected by viruses.
By classifying them according to the differences between different malwares, cybersecurity can be better protected. Therefore, the foreign magazine “CSO” has classified the malware in terms of the degree of impact of the malware on the infected device and the different ultimate goals that the attacker wants to achieve. The following are the specific classification results:
Sort by Impact on Infected Devices
Macro viruses: These types of viruses are probably the most common malware in the world. About 92% of external attacks start with phishing, and macros are central to ensuring that phishing “succeeds.” Macros are keystrokes or mouse actions performed automatically by a program without user interaction – usually referred to as Microsoft Word/Excel macros that automate repetitive tasks on a worksheet or document.
Simple Office document macros are the main initial infection vector, work-related phishing macros are more deceptive, and the macro programming language (such as Microsoft’s Visual Basic) is simple, so attackers can easily write macro viruses.
Polymorphic viruses: Polymorphic viruses are one of the most complex types of viruses. As the name suggests, polymorphic viruses morph, changing how they execute each time they enter a new app or device to run code. While protection against all types of viruses should be treated equally, this type of virus deserves the most attention because it is complex and extremely difficult to investigate and detect.
Resident Viruses: This is a very destructive class of viruses. The virus code that resides in the virus is not stored in the executable file that invokes it, but is instead typically stored in a web-accessible site or storage container. Executables that call resident code are usually written to be non-malicious and designed to avoid detection by antivirus software. The counterpart to a resident virus is a non-resident virus, which is contained in the executable file that invokes it, and is most commonly spread by abusing enterprise services.
Boot Sector Viruses: These viruses are designed to allow threat actors to lurk in unrestricted depth and persistence. The ultimate infection target of this type of virus is the computer’s Master Boot Record (MBR). After being infected, even if the computer is re-imaged, the virus will persist and execute again in the host’s memory as soon as the system starts. Such viruses almost always rely on zero-day exploits to get to the MBR level, or spread via an infected physical medium such as a USB or hard drive.
Hybrid viruses: While some malware developers may specialize in a certain class of viruses, others take an “all of the above” approach, attacking everywhere at once. These types of viruses are often difficult to contain and deal with, and they infect multiple parts of a system, including memory, files, executable code, and even the boot sector. These viruses are common and spread widely and in many ways.
Sort by Attacker’s Purpose
Dropper viruses: This type of malware is designed to drop other malware onto an infected system. The attacked target may be infected with droppers from malicious links, attachments, downloads, etc., which usually disappear from the system after the malware is released. Macro malware belongs to a category of droppers.
Beacon/Payload Virus: A beacon or payload is usually malware implanted by a dropper. They signal back to the attacker the newly implanted access route. In this way, the attacker can access the victim system through the path established by the beacon, and then access the system, the data contained in the system, or other systems on the network.
Packer virus: This type of malware consists of a series of components that can use encryption techniques as a means of evading detection. Some sneaky malware campaigns use a series of packers that nest like nesting dolls. Each packager contains another packaged component until the final payload can be executed.
Commander Viruses: Criminal teams often have leaders, and malicious attacks are no exception. This is the role this type of malware plays in the various malicious components that achieve the ultimate goal of the attack. Mostly named C&C, CNC, or C2, this type of malware operates in the external environment of the attacked system, allowing the attacker to maintain contact with the malware implanted on the target system, as well as other components that conduct activity . By analogy, it is more like the headquarters and nest of the illegal gang in reality.