Advanced Threats

Learn how best to defend against today’s newest and most dangerous malware, from script malware and mobile threats to worms, and coinminer.

Worm

A worm is similar to a virus in that they replicate themselves, producing multiple functional copies within one system alone. It can infect a single device, but also spread laterally over the network by exploiting vulnerabilities. A worm can infect an entire company network within minutes, causing great damage.

Phishing

Phishing is a fraudulent attempt to steal sensitive information. It typically targets usernames, passwords, credit card numbers, bank account information or other important data in order to utilize or sell the stolen information. By masquerading as a reputable source with an enticing request, an attacker lures in the victim in order to trick them.

Ransomware

Once ransomware successfully infects a system it begins encrypting files in the background. When complete, the victim is blackmailed to send money in the form of cryptocurrencies or gift cards.

Botnets

When a device is infected with Botnet malware, it listens to a central command and control (CnC) server for commands and potential updates to the malicious code. Depending on the type, size and goal of a botnet, an infected computer can lay dormant without a task for a long period of time until the server gets updated with a new command.

Exploit kits

Exploit kits are known as “full package” because they include multiple automated attacks. This makes them a powerful tool for attackers. They generally target widely used applications like browsers, Adobe Flash, Microsoft Silverlight, Java, VBScript engine, MSOffice and ActiveX, using compromised websites to spread as far as possible.

Malware

Classic malware can have many forms, from the common trojan that hides its malicious intent to the elusive worm that can spread through a whole company network. There are many types of malware, and attack vectors vary a lot. Malicious files are traditionally sent using email spam. However, drive-by downloads and malvertisements have established themselves as dangerous threat sources.

In most cases, the initial malware file often only has one purpose: side-load additional malware onto the breached system. 

Characteristics

Spread
Very common

Damage on infection
Varying

Typical infection source
E-Mail, web-downloads

Famous examples
Emotet, Ryuk

Mobile threats

Android and iOS malware are often underestimated, and the protection of mobile devices rarely appropriate. Especially for Android, a wealth of new threat variants are discovered every day. The majority of malicious apps can be categorized as adware, bringing unwanted advertisement and other unwanted apps or even more malware onto the device. 

More severe threats are found in the wild, such as banker, ransomware or spyware that reads personal data from a phone to silently send it to the attacker. While the total number of threats in circulation is not comparable to the amount of malware that can be encountered on Windows, the Android malware scene has been growing steadily over the last years.

Characteristics

Spread
Common

Damage on Infection
Medium to high

Typical infection source
Third-party app stores, manually installed APKs

Famous examples
Triada, Hiddad

Script malware

Alongside well-known PE (Portable Executable) malware files (typically .exe files), script malware continues to be a favorite for some malware authors. The most common found script malware would be a malicious JavaScript inside a HTML file, typically encountered online. These scripts are often hard to understand, as they are typically heavily obfuscated, making a static analysis difficult. 

This can lead to them being much stealthier than one would expect from a “plain text code”. File-less threats make use of scripting languages to directly loading the malicious code into memory instead of relying on files, bypassing traditional detection methods.

Characteristics

Spread
Common

Damage on infection
Varying

Typical infection source
Web-downloads, infected web pages, malvertisement

Famous examples
Cerber, Kovter

CoinMiners

Cryptocurrencies have reached a point where mining them locally hardly nets any return, so the fact that malware authors try to steal computing power from unsuspecting victims comes as no surprise. The market for CoinMiner malware, or cryptojackers, is big, with many different variants.

Many CoinMiners do not even need to be downloaded or installed on devices. They can lurk in otherwise clean websites, either directly embedded or hidden in malicious advertisements, mining away while the unsuspecting victim stays on the website. While they are one of the least damaging types of malware, an infected device will still degrade considerably faster due to the constant added load.

Characteristics

Spread
Very common

Damage on infection
Medium

Typical infection source
Drive-by, malvertisement

Famous example
Monero, Zcash

Exploits

Exploit is a term used when malware authors leverage security gaps – or vulnerabilities -  in software to execute malicious code. The most exploited vulnerabilities are those that have been found over the years in the Windows OS. However, other applications and operating systems have vulnerabilities that allow for attackers to take a hold of a system, such as Android, Chrome and Firefox, MacOS, Adobe Flash, the Linux kernel as well as database system such as MySQL. 

Even if vulnerabilities are patched, a lot of users fail to install these crucial updates, making their systems susceptible to various attacks. The most famous of them all is EternalBlue, a remote code execution vulnerability that was leaked in April 2017 and has been used in numerous Trojans, Worms and other malware since then.

Characteristics

Spread
Common

Damage on infection
Varying

Typical infection source
E-Mail, web-downloads, network attacks

Famous examples
EternalBlue, Capesand

Avira Social Media

Learn how Avira's threat intelligence services help you give customers proactive protection against modern threats.

 Let's work together to protect your customers.

Contact us