In the past, attackers could simply install malware on a target system and let it run automatically without human intervention; today, most attacks are run by several attackers who, in order to evade detection, Utilize many programming or scripting languages to generate malicious code to allow yourself to sneak through security lines.

By classifying them according to the differences between different malwares, network security can be better protected. Therefore, the foreign magazine “CSO” has classified malware from two aspects: the degree of impact of malware on infected devices and the different ultimate goals that attackers want to achieve. The following are the specific classification results:

Categorized by impact on infected devices:

Macro viruses: These are probably the most common types of malware in the world. About 92% of external attacks start with phishing, and macros are central to ensuring that phishing “succeeds.” Macros are keystrokes or mouse actions performed automatically by a program without user interaction – usually referred to as Microsoft Word/Excel macros that automate repetitive tasks on a worksheet or document.

Simple Office document macros are the main initial infection vector, work-related phishing macros are more deceptive, and the macro programming language (such as Microsoft’s Visual Basic) is simple, so attackers can easily write macro viruses.

Polymorphic viruses: Polymorphic viruses are one of the most complex types of viruses. As the name suggests, polymorphic viruses morph, changing how they execute each time they enter a new app or device to run code. While protection against all types of viruses should be treated equally, this type of virus deserves the most attention because it is complex and extremely difficult to investigate and detect.

Resident Viruses: This is a very destructive class of viruses. The virus code that resides in the virus is not stored in the executable file that invokes it, but instead is typically stored in a web-accessible site or storage container. Executables that call resident code are usually written to be non-malicious and designed to avoid detection by antivirus software. The counterpart to a resident virus is a non-resident virus, which is contained in the executable file that invokes it, and is most commonly spread by abusing enterprise services.

Boot Sector Viruses: These viruses are designed to allow threat actors to lurk in unrestricted depth and persistence. The ultimate infection target of this type of virus is the computer’s Master Boot Record (MBR). After being infected, even if the computer is re-imaged, the virus will persist and execute again in the host’s memory as soon as the system starts. Such viruses almost always rely on zero-day exploits to get to the MBR level, or spread through physical media such as an infected USB or hard drive.

Hybrid viruses: While some malware developers may specialize in a certain class of viruses, others take an “all of the above” approach, attacking everywhere at once. These types of viruses are often difficult to contain and deal with, and they infect multiple parts of the system, including memory, files, executable code, and even the boot sector. These viruses are common and spread widely and in many ways.

Categorized by attacker’s attack purpose:

Dropper viruses: This type of malware is designed to drop other malware onto an infected system. The attacked target may be infected with droppers from malicious links, attachments, downloads, etc., which usually disappear from the system after the malware is released. Macro malware belongs to a category of droppers.

Beacon/Payload Virus: A beacon or payload is usually malware implanted by a dropper. They signal back to the attacker the newly implanted access route. In this way, the attacker can access the victim system through the path established by the beacon, and then access the system, the data contained in the system, or other systems on the network.

Packer virus: This type of malware consists of a series of components that can use encryption techniques as a means of evading detection. Some sneaky malware campaigns use a series of packers that nest like nesting dolls. Each packager contains another packaged component until the final payload can be executed.

Commander Viruses: Criminal teams often have leaders, and malicious attacks are no exception. This is the role this type of malware plays in the various malicious components that achieve their ultimate goal. Mostly named C&C, CNC, or C2, this type of malware operates in the external environment of the attacked system, allowing the attacker to maintain contact with the malware implanted on the target system, as well as other components that conduct activity . By analogy, it is more like the headquarters and nest of the illegal gang in reality.

How should enterprises ensure data security?

The establishment of two or more sets of IT systems with the same function in remote locations, capable of monitoring the health status and switching functions, is referred to as disaster recovery. When one system fails due to an accident (such as a fire or an earthquake), the entire application system can be switched to another location so that the system functions can continue to function normally. Backup and disaster recovery are two distinct concepts. 

The goal of disaster recovery is to ensure the normal operation of information systems in the event of a disaster and to assist enterprises in achieving the goal of business continuity. Backup is used to address the issue of data loss caused by a disaster. Prior to the introduction of integrated disaster recovery and backup products, disaster recovery and backup systems were separate. The ultimate goal of disaster recovery and backup products is to assist businesses in dealing with human error, software error, virus invasion, hardware failure, natural disasters, and other issues.

Backup data on a regular basis to ensure business continuity. Only in this manner can the system be restored in time and business continuity ensured in the event of disasters or human errors.

How to choose an affordable and robust vm backup solution?

Vinchin Backup & Recovery allows you to recover the entire VM and all its data from any restore point (full backup, incremental backup, or differential backup) without affecting the original backup data. Backups that have been deduplicated or compressed can be recovered. It is an excellent solution for ensuring enterprise business continuity and minimising critical business interruptions caused by disaster or system failure.

You can also quickly validate backup data availability by instantly restoring the target VM to a remote location in a matter of minutes. Ascertain that, in the event of a true disaster, all VMs can be recovered and that the data contained within is not lost or damaged. Vinchin provides solutions such as VMware backup for the world’s most popular virtual environments, XenServer  backup, XCP-ng backup, Hyper-V backup, RHV/oVirt backup, etc.

By Manali