MALWARE TYPES - PART 3

Rootkits: Are programmed to provide continuous privileged access to a system. This malware remains hidden to avoid detection from an antivirus program. The rootkit will give access to a remote attacker to control items such as system processes. The controller of the rootkit has the ability to change system configuration, spy on users' actions.

The detection of such an infection is extremely difficult. The best way to remove a rootkit when detected is to wipe the system and reinstall the operating system and applications.

Ransomware: There are two different definitions of the types of ransomware. The first one starts out as scareware. The user clicks on something, a pop-up or web page appears mimicking an antivirus scan. The scan finds infections immediately (even though they don't exist), the number of infections it finds can be anywhere from the teens to the thousands of infections. You click on the button to clean the infections, and you get the notice that this is the Free version, you will need to purchase the Paid version. You pay for the new "Fake Antivirus" and miraculously it removes all the infections that were not there to start.

The second type takes on the name Crypto-malware: This version encrypts all your documents and photos. They give you anywhere from an hour to 7 days to pay them a fee to retrieve a decryption key, otherwise, your information remains encrypted or will be deleted. Most of these end up doubling the fee right after the deadline passes. Most of them require payment through Money Pak or Bitcoin.

Remote Access Trojan (RAT): This gives an attacker total control over the system. This gives the attacker access to any information on the system, the ability to spy on the victim or control the system.

RATs are very difficult to detect as they operate like remote management tools, and use common ports. They are typically delivered through a Trojan, via a phishing attack. The best way to protect against this is to have email opened in plain text rather than HTML.