Futaba _ Webs πΈπΈππΈπΈ
The Virus Archetype πΈπΈππΈπΈ
Today we are going to be talking about the many malware types that exist. As many of you know, I LOVE writing malware and various penetration testing tools, as well as reverse engineering them in order to see what techniques I can pluck off from them.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today we are going to be talking about the many malware types that exist. As many of you know, I LOVE writing malware and various penetration testing tools, as well as reverse engineering them in order to see what techniques I can pluck off from them.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π What is Malware? π Polymorphic Virus π Armored Virus π Retrovirus π Phage Virus π Companion Virus π Crypto-Malware π Hybrid Virus π Meramorphic Virus π Cavity Virus π Keylogger π Spyware You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π GitHub π Bash Script
π The Virus Archetype
Premise πΈπΈππΈπΈ
Sadly, because there are so many, I canβt talk about all of them otherwise the article would be 7 pages long, so instead, Iβll talk about a select few.
If you would like to get more into malware development and learn a couple of projects, check out some samples on my GitHub page. Any and all code is well commented and documented, so you should have no trouble understanding what each line does.
What is Malware? πΈπΈππΈπΈ
Malware is any form of program that is designed for malicious reasons to infect and harm a system. It can come in many types and affect the system in various ways.
Polymorphic Virus πΈπΈππΈπΈ
Polymorphic viruses have the ability to mask their own code by means of encryption. This is a form of obfuscation technique that can also be used in order to avoid detection from various security systems, which can also allow the malware to command and control via communication with the bot master SECURELY.
As you know, computer systems, much like a human, are UNABLE to decipher data encryption. It comes up as garble to them. This allows the malware to remain invisible and not trigger any flags set by security systems.
Armored Virus πΈπΈππΈπΈ
Armored malware focuses on defensive measures that make it hard to remove. A good example of this would be boot infector rootkits, that embeds itself in the master boot records of the system, proving to be fatal if you try to remove them.
Retrovirus πΈπΈππΈπΈ
Retroviruses are designed to neutralize any form of antivirus system set in place. They are the anti-virus for anti-virus. If you shut off any form of security system in place you basically CREATE a zero day where EVERYTHING goes undetected.
Phage Virus πΈπΈππΈπΈ
Phage Viruses, also known as βwormβ viruses, are standalone viruses that can operate independent of the person who wrote it. Itβs typically used to infect various networks and run on its own, branching out.
Companion Virus πΈπΈππΈπΈ
This is where Trojan malware comes from. Companion malware is designed to pose as legitimate software on the system, tricking the end user into executing it to compromise their system. It can be stuff like: RAT(Remote Access Trojan), MITB(Man-In-The-Browser), etc. This is a common form of malware that is even used in phishing tactics CONSISTENTLY.
Crypto-Malware πΈπΈππΈπΈ
This is Ransomware. Itβs any form of malware that utilizes data encryption in order to compromise a system by enumerating the disk partitions and applying encryption at rest in order to render end user data infeasible, requiring them to pay a ransom in order to restore their data.
Hybrid Virus πΈπΈππΈπΈ
Hybrid malware, another common form of malware, focuses on combining several characteristic traits from other forms of malware.
This can be deadly, for example, if it were a worm virus that acts on itβs own and can encrypt and protect itself, as well as re-write itβs own code.
Meramorphic Virus πΈπΈππΈπΈ
One of the HARDEST forms of malware to write, but EXTREMELY POWERFUL, this form of malware is able to re-write its own code, allowing it to adapt when needed. Think of this form of malware like βDarwinismβ
Cavity Virus πΈπΈππΈπΈ
This is any form of malware that uses steganography tactics, which is commonly seen in Trojan malware. Steganography is the art of masking other data within other forms of data.
Here is a sample snippet of code, which you can copy and paste into a bash file and test out if you would like
The script can be found here in my bash repo
If you try to unzip this file on it's own while it's encoded, youβll notice that it doesn't work and it is registered as a βTEXT/ASCIIβ file type. If this were a system that does NOT allow zip folders to be uploaded, you can bypass security this way, and smuggle the malware in.
Keylogger πΈπΈππΈπΈ
Keyloggers as the name would suggest, monitor all keys that are typed. This is typically used to POST data back to threat actor servers to steal sensitive information.
Spyware πΈπΈππΈπΈ
Spyware monitors and collects data about various systems without the end-users knowledge/consent. This a form of stealth virus (Looks at Windows)
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
