Malwares dissected
So, what is a rootkit anyway? Let's categorize malwares and, to be clear, the jargon surrounding these little critters that compromise machines and data. Hold on to your hats.
Blended threats
The biggest threats that we face, both locally and on our remote servers, are from malware cocktails that embody a malevolent mix to produce devastatingly wide-reaching attacks.
For example, take a worm and cross it with a rootkit and you have the famous W32/Blaster. Blaster took advantage of a Windows deficiency to propagate far and wide and had a mission to execute a Denial of Service attack on the Windows Update service from infected hosts, all at the same time. While the worm itself didn't cause lasting damage to the host machines' data, it slowed them down and bunged up their web connections making it harder to download removal instructions and patches.
Choice blends, otherwise, tend to bundle some miscreant into a Trojan which is a bit like coating arsenic with a sugar substitute and pretending it's candy.
Crimeware
An increasingly threatening trend in cybercrime, crimeware comes in many malicious forms which seek to steal confidential data for the purpose of financial exploitation. Mostly, it's directed at financial, military, and government networks.
Data loggers
As with many malwares, there can be useful equivalents to data loggers and we commonly use them, for instance, to record and repeat tedious exercises such as form filling. Data loggers can also be hardware-based.
In terms of malicious use though, data loggers can be wrapped into all manner of malware and planted onto our machines to record our activities, our data, in fact anything and everything that we or our device does.
You've probably heard of keystroke loggers, or keyloggers, that record your typing and send off the text to some remote place where, then, someone's kind enough to siphon off your hard-earned cash? Well, if that's the big daddy of data loggers, he's got an in-bred family from hell, often scamming together, and they none of them smell any too pretty:
Keyloggers. We covered these spy tools, used for social profiling and data-mining. Damn annoying just to think about and hot damn dangerous in the practical. Maybe you think you're safe because you copy/paste everything?
Clipboard loggers. Well, I warned you. Talk about bad form ...
Form grabbers. Capturing form data entry, including hidden passwords.
Password loggers. They tap into applications so that, for instance, when you provide that super-secure password and it shows up as a row of asterisks like this, ****************, the logger reports back the actual key.
Screen loggers. They take screenshots periodically or, given a mouse click, catch anything from around the cursor to the entire ruddy screen.
Link loggers. If you don't want the world to know that your true passions are knitting and crochet, think twice before navigating those knotty links.
Sound loggers. Recording your conversations via, say, VOIP.
Wireless keyboard sniffers. Working rather like wireless sniffing, the hacker catches the data packets between your keyboard and the PC.
Acoustic keyloggers. Assimilating a sound pattern from the manner in which you type, these note the subtle differences between hitting the various keys, reporting back a transcript. Here, at least, it pays to be a poor typist.
At loggerheads with the loggers
There are more, capturing Instant Messaging, Text Messaging, phone numbers, FTP traffic, controlling your webcam and so on and so forth, and with variants residing not only independently but attaching to programs, to keyboard drivers, embedding into operating system kernels, and even sitting beneath the OS as a kind of virtual system. So there's some fun.
That's probably enough of a hint. Keyloggers can be nigh-on impossible to detect and are a mighty good reason, from day one, to keep a clean and lean, local machine.
Hoax virus
Hoax viruses are just that, hoaxes, and generally take the form of chain-mail. They socially engineer a degree of panic whereby, for example, someone is persuaded to delete important system files or visit a rogue site that may plant malware or extract user data.
Rootkits
These give away the keys by providing, for instance, a back door access on a computer to provide a hacker with full local administrative—or root—control, together with all the associated network privileges. That's as dangerous as it sounds. What's more, they're not as easily detected as other malwares and may be confused for rootkits that are good and wanted.
Spyware
Often bundled in crapware to covertly log our computing habits, spywares are highly intrusive and used for anything from market research to monitoring employees.
Some would argue that an alternative form of spyware is the tracking cookie and, more accurately, that another is the LSO or flash cookie which logs browsing habits and is more difficult to remove than a regular cookie. Many major sites inflict these upon us.
Trojan horses
As already touched on, a Trojan masquerades as something useful but, installed, enables some kind of malware.
Viruses
Often bundled into Trojans that are shared by downloads, e-mail, or media storage, viruses are executed manually to infect a file system. The macro virus, meanwhile, is a virus that hides in macros and is executed in programs such as office software.
Worms
Automatically replicating themselves on a computer, worms spread quickly by penetrating networks with security loopholes.
Zero day
In the underworld of black hat hackerdom, the zero day is the crème de la même.
So what is a zero day? And in that question lies an oxymoron, because by their very nature, nobody knows what a zero day is until one is discovered. (I'm being difficult.)
Zero days are newly found vulnerabilities and the clock ticks loudly until a remedial patch is released. If we're lucky, it is a white hat such as the software vendor who discovers the problem, patching it before hackland is able to attack too many victims.
And really, it's these zero days and the clever manipulation of malware that is at the crux of network security, from our humble devices through to the weaving web itself. With an inkling of the above, we can understand the race against time to keep our systems secure.
Note
So there's a tidy malware 101. Now for the ultimate minefield. Fancy an aspirin?
