Not every malware threat makes the news
It isn’t often that an outbreak like WannaCry hits the tech world, and when it does there’s plenty of attention devoted to killing it.
High profile malware doesn’t typically last that long because of the amount of attention it receives, but for every malware flavor that dies due to overexposure, countless slip by undetected.
You’ve probably heard of some, if not all, of the malware on this list. Most of it has been around for a while, staying alive through various incarnations thanks to the efforts of hackers. After all, why reinvent the wheel when you can just make tweak code that already works?
RoughTed isn’t malware that gets installed on your system directly–it’s malvertising that operates from a variety of domains with the ultimate goal of getting you to click on a link that executes malicious code.
Malvertising targets everyone–mobile users, Windows, and macOS are all subject to damage from false ads. RoughTed domains have been seen installing exploit kits, malware, ransomware, and other dangerous code.
At its peak in early to mid 2017 RoughTed affected over 28% of organizations across the globe
Hummingbad is a form of Android malware that installs a rootkit followed by fake apps. It also generates fraudulent ad revenue to the tune of over $300,000 a month at its peak.
In 2016 Hummingbad managed to infect more than 10 million Android devices. While its infection rate has slowed since then it’s still an active attacker, often being found in fake apps on Google Play and third-party installers.
3. Globe Imposter
Globe Imposter is a new ransomware on the scene and is making its way around as most other ransomware does: phishing. It mimics a ransomware called Globe, but all that matters is that the same things result from opening a contaminated email attachment: encrypted files and a demand for Bitcoins.
Globe Imposter made a pretty big splash in August 2017, so most anti-malware software protects against it now. It’s still a threat, though, so keep training users not to open suspicious-looking emails.
This Trojan-style malware gets onto a Windows system and makes sure it’s hard to get it out. It installs backdoors, downloads and runs other malicious apps, and registers itself as a hidden system service so it’s nearly impossible to shut down.
HackerDefender has the potential to become an open door to any network–a terrifying proposition.
If you’ve ever been concerned about Android malware that essentially integrates itself with a device, and all the apps on it, then you were concerned about Triada.
This particularly dangerous Trojan starts off simple: It gets onto a device via an infected app and starts sending data to its command and control server. Then the fun begins.
Triada infects a device’s Zygote Process, the part of Android that controls the launching, running, and stopping of apps. Once there Triada is essentially part of every app on the infected device.
It also opens the door for the installation of other malware, and it operates from a device’s RAM, making it really difficult to detect.
Locky is one of the most well-known ransomware families. It has transformed a lot since it first appeared in 2016 and continues to be one of the most prevalent ransomware threats.
Locky propagates via Microsoft Word documents infected with bad macros. Upon opening the infected .doc, a user will just see junk and be prompted to enable macros if the document looks incorrect. Once enabled it’s too late to stop it.
Conficker is a self-replicating worm that can do real damage to infected networks. Conficker itself never delivered a deadly payload, but the worm can open ports, install applications, and gain access to an infected machine to widen its capabilities.
The worst part about Conficker is that Microsoft patched the vulnerability it used to spread (MS08-067) shortly before Conficker appeared in 2008. But in 2017 it’s still alive and kicking, as is MS08-067: Conficker continues to be a commonly exploited vulnerability nearly 10 years later.
Sality is considered one of the harder forms of malware to fight because it does a lot of things in one package. It’s a keylogger, a worm, and a Trojan, and it can even communicate over P2P networks to send data back and forth.
Bottom line, Sality is dangerous and has been since it first appeared in 2003.
Hailing from China, Fireball has infected some 250 million machines since mid-2017. It’s a browser hijacker that generates fake ad click revenue, but that’s just for starters: It can quickly morph into a full-powered malware threat.
Fireball’s controllers can send malware to infected machines and execute code, making it capable of turning into almost anything.
20% of corporate networks worldwide are believed to be infected by Fireball.
Pushdo: If you’ve received spam email there’s a good chance it came from a Pushdo-infected machine at some point.
Pushdo is a spam-generating botnet that peaked at being able to send 7.7 billion spam messages a day. Every time security researchers think they’ve killed it, it pops back up with new command and control servers and variants ready to bombard you with junk mail.