Skip to main content
SpringerLink
Log in

Types of Malware and Malware Distribution Strategies

  • Chapter
  • First Online:
The Global Cyber-Vulnerability Report

Part of the book series: Terrorism, Security, and Computation ((TESECO))

  • 1692 Accesses

Abstract

The goal of this chapter is to provide a brief overview of different types of malware that have been used to carry out cyber-attacks. In most cases, we will provide examples of each category of malware. Moreover, malware tends to be distributed in different ways and propagate in different ways. We will briefly explain how such malware propagates through the network. Finally, we will briefly describe a few specific malware attacks that nations may wish to guard against in the future.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The ability to control an infected host from a remote machine is a featured shared by different types of malware , not just Trojans.

References

  1. Harrell E, Langton L (2014) Victims of Identity Theft 2012, US Bureau of Justice Statistics, http://www.bjs.gov/content/pub/pdf/vit12.pdf, retrieved Dec 3 2014

  2. CIFAS (2014) Is Identity Fraud Serious, https://www.cifas.org.uk/is_identity_fraud_serious, retrieved Dec 3 2014

  3. Kaspersky Labs Virus News (2013) Kaspersky Lab sheds light on “Darkhotels”, where business executives fall prey to an elite spying crew, Nov 14 2013, http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-sheds-light-on-Darkhotels-where-business-executives-fall-prey-to-an-elite-spying-crew, retrieved Dec 3 2014

  4. Kaspersky Labs (2014) Kaspersky Lab & INTERPOL Report: Every Fifth Android User Faces Cyber-Attacks, Oct 6 2014, http://www.kaspersky.com/about/news/virus/2014/Every-Fifth-Android-User-Faces-Cyber-Attacks, retrieved Dec 3 2014

  5. Azaria A, Richardson A, Kraus S, Subrahmanian VS (2014) Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data, accepted for publication in IEEE Transactions on Computational Social Systems, vol 1(2) pp 135-155

    Google Scholar 

  6. Halleck T (2014) FBI Says Cyber Attacks On US Businesses Have Followed Sony Hack, International Business Times, Dec 1 2014, http://www.ibtimes.com/fbi-says-cyber-attacks-us-businesses-have-followed-sony-hack-1731670, retrieved Dec 3 2014

  7. Mandiant Corporation (2013) APT1Exposing One of China’s Cyber Espionage Units, http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf, retrieved Dec 3 2014

  8. Brenner J (2011) America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare. Penguin

    Google Scholar 

  9. Clarke RA, Knake RK (2011) Cyber war. HarperCollins

    Google Scholar 

  10. Nakashima E. (2014) Researchers identify sophisticated Chinese cyberespionage group, Oct 28 2014, http://www.washingtonpost.com/world/national-security/researchers-identify-sophisticated-chinese-cyberespionage-group/2014/10/27/de30bc9a-5e00-11e4-8b9e-2ccdac31a031_story.html, retrieved Dec 3 2014

  11. Zetter K (2014) U.S. Gov Insists It Doesn’t Stockpile Zero-Day Exploits to Hack Enemies, Nov 17 2014, Wired, http://www.wired.com/2014/11/michael-daniel-no-zero-day-stockpile/, retrieved Dec 3 2014

  12. Kaspersky Labs (2013) First ever case of mobile Trojan spreading via ‘alien’ botnets, Sep 5 2013, http://www.kaspersky.com/about/news/virus/2013/first_ever_case_of_mobile_Trojan_spreading_via_alien_botnets, retrieved Dec 3 2014

  13. Unuchek R (2013) The Most Sophisticated Android Trojan, June 6 2013, http://securelist.com/blog/research/35929/the-most-sophisticated-android-trojan/, Retrieved Dec 03 2013

  14. Symantec (2014) Regin: Top-tier espionage tool enables stealthy surveillance, Nov 24, 2014 http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf, retrieved Dec 3 2014

  15. Kaspersky Lab (2014) Regin: a malicious platform capable of spying on GSM networks, Nov 24 2014, http://www.kaspersky.com/about/news/virus/2014/Regin-a-malicious-platform-capable-of-spying-on-GSM-networks, retrieved Dec 03 2014

  16. Weaver N, Paxson V, Staniford S, Cunningham R (2003) A taxonomy of computer worms. In: Proceedings of the 2003 ACM Workshop on Rapid Malcode, WORM’03, pp 11–18, NY, USA

    Google Scholar 

  17. Kushner D (2013) The real story of Stuxnet. IEEE Spectrum, 50(3), 48–53

    Article  Google Scholar 

  18. Langner R (2011) “Stuxnet: Dissecting a cyberwarfare weapon.” IEEE Security & Privacy, vol. 9(3)49–51

    Article  Google Scholar 

  19. Matrosov A, Rodionov E, Harley D, Malcho J (2010) Stuxnet under the microscope. ESET LLC report

    Google Scholar 

  20. Nakashima E, Warrick J (2012) Stuxnet was work of US and Israeli Experts, Officials Say, June 12 2012, Washington Post http://www.washingtonpost.com/world/national-security/stuxnet-was-work-of-us-and-israeli-experts-officials-say/2012/06/01/gJQAlnEy6U_story.html, Retrieved Dec 16 2014

  21. Sung AH, Xu J, Chavez P, Mukkamala S (2004) Static analyzer of vicious executables (save). In: IEEE Computer Security Applications Conference, Dec 2004. 20th Annual, pp 326–334

    Google Scholar 

  22. Shin S, Gu S, Gu G (2010) Conficker and beyond: a large-scale empirical study. In: ACM Proceedings of the 26th Annual Computer Security Applications Conference, pp 151–160

    Google Scholar 

  23. Porras P (2009) Inside risks reflections on Conficker. In: Communications of the ACM, 52(10)23–24

    Google Scholar 

  24. Abu Rajab M, Ballard L, Mavrommatis P, Provos N, Zhao X (2010) The nocebo effect on the web: An analysis of fake anti-virus distribution. In: Proceedings of the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET’10, Berkeley, CA, USA, USENIX Assoc

    Google Scholar 

  25. Stone-Gross B, Abman R, Kemmerer RA, Kruegel C, Steigerwald DG, Vigna G. The underground economy of fake antivirus software. In: Schneier B (ed) Economics of Information Security and Privacy III, Springer, New York, pp 55–79

    Google Scholar 

  26. Provos N, McNamee D, Mavrommatis P, Wang K, Modadugu N (2007) The ghost in the browser: Analysis of web-based malware. In: Proceedings of the 1stWorkshop on Hot Topics in Understanding Botnets (HotBots)

    Google Scholar 

  27. Fox IT (2014) http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/.

  28. Caballero J, Grier C, Kreibich C, Paxson V (2011) Measuring pay-per-install: The commoditization of malware distribution. In: Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, USA

    Google Scholar 

  29. Rossow C, Dietrich C, Bos H (2013) Large-scale analysis of malware downloaders. In Flegel U, Markatos E, Robertson W (eds) Detection of Intrusions and Malware, and Vulnerability Assessment, vol 7591 of Lecture Notes in Computer Science. Springer, Berlin Heidelberg, pp 42–61

    Google Scholar 

  30. Grier C, Ballard L, Caballero J, Chachra N, Dietrich CJ, Levchenko K, Mavrommatis P, McCoy D, Nappa A, Pitsillidis A, Provos N, MZ Rafique, Abu Rajab M, Rossow C, Thomas K, Paxson V, Savage S, Voelker GM (2012) Manufacturing compromise: The emergence of exploit-as-a-service. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, pp 821–832, New York, NY, USA

    Google Scholar 

  31. Namestnikov Y (2009) The economics of botnets. Technical report, Kaspersky Labs, https://www.securelist.com/en/downloads/pdf/ynam_botnets_0907_en.pdf

  32. John JP, Yu F, Xie Y, Krishnamurthy A, Abadi M (2011) deseo: Combating search-result poisoning. In: Proceedings of the 20th USENIX Conference on Security, SEC’11, pp 20–20, Berkeley, CA, USA, USENIX Assoc

    Google Scholar 

  33. Lu L, Perdisci R, Lee W (2011) Surf: Detecting and measuring search poisoning. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, pp 467–476, New York, NY, USA

    Google Scholar 

  34. Franklin J, Paxson V, Perrig A, Savage S (2007) An inquiry into the nature and causes of the wealth of internet miscreants. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp 375–388

    Google Scholar 

  35. Holz T, Engelberth M, Freiling F (2009) Learning more about the underground economy: A case-study of keyloggers and dropzones. In: Backes M and Ning P (eds) Computer Security—ESORICS 2009, vol 5789 of Lecture Notes in Computer Science, Springer Berlin Heidelberg, pp 1–18

    Google Scholar 

  36. McCoy D, Pitsillidis A, Jordan G, Weaver N, Kreibich C, Krebs B, Voelker GM, Savage S, Levchenko K (2012) Pharmaleaks: Understanding the business of online pharmaceutical affiliate programs. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security’12, pp 1–1, Berkeley, CA, USA, USENIX Assoc

    Google Scholar 

  37. Polychronakis M, Mavrommatis P, Provos N (2008) Ghost turns zombie: Exploring the life cycle of web-based malware. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET’08, pp 11:1–11:8, Berkeley, CA, USA, USENIX Assoc

    Google Scholar 

  38. Carlinet L, Me L, Debar H, Gourhant Y (2008) Analysis of computer infection risk factors based on customer network usage. In: Emerging Security Information, Systems and Technologies, SECURWARE Aug 2008. Second International Conference, pp 317–325

    Google Scholar 

  39. Lalonde L’evesque F, Nsiempba J, Fernandez JM, Chiasson S, Somayaji A (2013) A clinical study of risk factors related to malware infections. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13, pp 97–108, New York, NY, USA

    Google Scholar 

  40. Shin S, Lin R, Gu G (2011) Cross-analysis of botnet victims: New insights and implications. In: Sommer R, Balzarotti D, Maier G (eds) Recent Advances in Intrusion Detection, vol 6961 of Lecture Notes in Computer Science, Springer, Berlin Heidelberg, pp 242–261.

    Google Scholar 

  41. Huang DY, Dharmdasani H, Meiklejohn S, Dave V, Grier C, McCoy D, Savage S, Snoeren AC, Weaver N, Levchenko K (2014) Botcoin: Monetizing stolen cycles. In: Proceedings of the 2014 Network and Distributed System Security Symposium, San Diego, CA, USA

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Maryland, College Park, MD, USA

    V. S. Subrahmanian, Michael Ovelgönne & Tudor Dumitras

  2. Department of Computer Science, Virginia Tech, Blacksburg, VA, USA

    B. Aditya Prakash

Authors
  1. V. S. Subrahmanian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Ovelgönne
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tudor Dumitras
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. B. Aditya Prakash
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Subrahmanian, V.S., Ovelgönne, M., Dumitras, T., Prakash, B.A. (2015). Types of Malware and Malware Distribution Strategies. In: The Global Cyber-Vulnerability Report. Terrorism, Security, and Computation. Springer, Cham. https://doi.org/10.1007/978-3-319-25760-0_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25760-0_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25758-7

  • Online ISBN: 978-3-319-25760-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation