Malware

Malware (malicious software) is software that serves a malicious purpose, typically installed without the user’s consent (or knowledge).

Classifying Malware

many types
- not classified in a rigorous way
- definitions can overlap or are blurred

some malware are classified by the vector of attack
- is the method by which the malware executes on a computer and potentially spreads to other network hosts
types:
- viruses and worms
  - spread without any authorization from the user
  - concealed within executable code of another process
  - virus infects files
  - worm infects processes running in memory
- trojan
  - malware concealed within an installer package for software that appears to be legitimate
  - does not seek any type of consent for installation
  - designed to operate secretly
- potentially unwanted programs (PUPs)/potentially unwanted applications (PUAs)
  - software not definitively classed as malicious, but may not be wanted by the user
    - installed alongside a package selected by the user or bundled with a new computer system
  - presence is not automatically malicious
  - may have been installed:
    - without active consent
    - consent from purposefully confusing license agreement
  - sometimes called grayware or bloatware

can be classified based on the payload delivered
- payload is an action performed by the malware other than simply replicating or persisting on a host
- e.g., spyware, rootkit, remote access trojan (RAT) or backdoor, ransomware, adware

Spyware resides on a computer, collecting information about the computer’s activities and reporting back to the spyware’s instigator.

low-observable characteristics (LOC) attack is another useful classification
- is the realization that
  - adversaries can use a variety of coding tricks to effect intrusions
  - their TTPs to evade detection are continually evolving