Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Understanding Malware Terminology for Beginners


  • Please log in to reply
11 replies to this topic

#1 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:08 AM

Posted 06 November 2015 - 09:45 AM

An article I wrote in June...

 

https://www.emergingthreats.info/v3/article.php?id=7


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 AM

Posted 06 November 2015 - 09:47 AM

Am I really the only one using the Cryptoware term? :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 White Hat Mike

White Hat Mike
  • Topic Starter

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:08 AM

Posted 06 November 2015 - 09:49 AM

Am I really the only one using the Cryptoware term? :P

 

Probably.  :P

 

Ransomware is technically the overarching malware classification.  Crypto-Ransomware is the subclassification that we generally deal with.  We usually don't see as many "FBI warning" ransomware variants anymore, such as the ones that are defeated by simply pressing ALT + TAB.  Lol.


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 AM

Posted 06 November 2015 - 09:56 AM

But Cryptoware is much shorter than "Crypto-Ransomware", and easy to type as well! :P

And yeah I remember these, got a few of them at work. Or you could bring up the Windows Explorer by inserting a USB Flash Drive, use it to access the web and download RKill then execute it to kill the process, then take care of the files :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 06 November 2015 - 10:35 AM

I think the Kaspersky folks call them "crypters". I still call them "crypto ransomware" though, probably because I don't mind typing. :P

Edit to add: The most common viruses these days tend to be file infectors, i.e. Sality. I haven't seen macro viruses in like forever, and Word/Excel macros nowadays are commonly used to download the actual malware instead of being malware themselves.

Edited by Alexstrasza, 06 November 2015 - 10:41 AM.


#6 White Hat Mike

White Hat Mike
  • Topic Starter

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:08 AM

Posted 06 November 2015 - 10:43 AM

I think the Kaspersky folks call them "crypters". I still call them "crypto ransomware" though, probably because I don't mind typing. :P

Edit to add: The most common viruses these days tend to be file infectors, i.e. Sality. I haven't seen macro viruses in like forever, and Word/Excel macros nowadays are commonly used to download the actual malware instead of being malware themselves.

 

Crypters are utilities that allow malware authors to obfuscate their code...  they essentially scramble around the contents of a binary file to evade AV detection, as it changes the hash of the binary.

 

Not sure if you're familiar with the author of the BlackHole EK (who was arrested a while ago), Paunch, but he offered a crypting service in addition to selling BlackHole (crypt.am).


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 AM

Posted 06 November 2015 - 10:47 AM

Crypters are utilities that allow malware authors to obfuscate their code... they essentially scramble around the contents of a binary file to evade AV detection, as it changes the hash of the binary.


I know about them. Every skid is looking for free crypters and free crypts that will make their malware FUD. Sigh.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 White Hat Mike

White Hat Mike
  • Topic Starter

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:08 AM

Posted 06 November 2015 - 10:53 AM

 

Crypters are utilities that allow malware authors to obfuscate their code... they essentially scramble around the contents of a binary file to evade AV detection, as it changes the hash of the binary.


I know about them. Every skid is looking for free crypters and free crypts that will make their malware FUD. Sigh.

 

 

There are many free ones available on the darkweb, but I don't bother to look at them.  There's a new utility that will modify your binary so that when disassembled, all you see are MOV instructions, I think (used it a few weeks - month ago, can't remember exact details).


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 AM

Posted 06 November 2015 - 12:03 PM

There are many free ones available on the darkweb


There are many free ones available on the surface web as well :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 White Hat Mike

White Hat Mike
  • Topic Starter

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:08 AM

Posted 06 November 2015 - 12:04 PM

 

There are many free ones available on the darkweb


There are many free ones available on the surface web as well :P

 

 

I'd rather traffic from my IP address toward sites hosting crypters not get logged...  could just VPN but safer to VPN + TOR.


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 AM

Posted 06 November 2015 - 12:08 PM

+7 proxies? :P

What about the "Grey Hats" and "Botnet" (you have references to it in your other descriptions, but not a definition for it)? :P There's a lot of terms you could add in it :o

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 White Hat Mike

White Hat Mike
  • Topic Starter

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:08 AM

Posted 06 November 2015 - 12:33 PM

+7 proxies? :P

What about the "Grey Hats" and "Botnet" (you have references to it in your other descriptions, but not a definition for it)? :P There's a lot of terms you could add in it :o

 

There are a ton of terms I could add.  I just wanted to keep it simple.  I might re-write this with a more in-depth set of terms...  Including those relating to penetration testing / network assessments (black box, grey box, white box).


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users