This is the first in my series of blog posts to share the results of my thesis, which can be found here
Malware is a file or script that is distributed to disrupt the activities of its intended (sometimes unintended) recipients. In the world of malicious software, or malware for short, numerous methods of attack exist, even for the same types of malware. Therefore it’s important to understand the differences between each type of malware and its attack vectors. Having this understanding will allow you to properly identify and counter these malicious programs.
I collected the following data using a large database of malware metadata samples from the Software Engineering Lab at Montana State University. In my next blog post, I will talk about my findings and what they mean for the security posture of various popular bug bounty programs.
The File Extensions
| Ext | File Description | File Category |
|---|---|---|
| (no extension) | Linux-Dev86 executable headerless | executable |
| bmp | Bitmap Image | image |
| chm | Microsoft Composit HTML | link |
| dex | Dalvik dex file version 035 | image |
| dll | PE32 executable (DLL) Intel 80386 for MS Windows | executable |
| doc | Composite Document File V2 Document | document |
| exe | PE32 executable Intel 80386 for MS Windows | executable |
| fpx | Kodak Flashpix | image |
| gif | GIF image data | image |
| gz | gzip compressed data | compressed |
| html | HTML document ISO-8859 text | link |
| jar | Java archive data | compressed |
| java | compiled Java class data | script |
| jpg | JPEG image data | image |
| lnk | Windows shortcut to file or folder | link |
| m2t | MPEG-2 Transport Stream | video |
| mp3 | MPEG-2 Audio Layer III | audio |
| pas | Pascal source ASCII text | script |
| PDF document | Adobe | |
| php | PHP script ASCII text | script |
| pl | perl script executable | script |
| png | PNG image data | image |
| ppt | Microsoft Powerpoint | document |
| py | Python data | script |
| rar | RAR archive data | compressed |
| rb | Ruby script | script |
| rtf | Rich Text Format | document |
| swf | Macromedia Flash data (compressed) | image |
| txt | ASCII text | document |
| xml | XML document text | document |
| zip | Zip archive data | compressed |
The Malware
| Malware | Abbreviation | Description |
|---|---|---|
| Adware | Ad | advertisements with malicious content |
| PUA/PUP | PUA/P | Potential Unwanted Applications, or Potential Unwanted Programs |
| Spyware | Spy | malware that silently monitors user activity |
| Script-Based | Script | a script within a file that performs malicious actions. |
| Trojan Horse | Trojan | digital attack that disguises itself as desirable software |
| Ransomware | Ransom | encrypts a victim’s data |
| Computer Virus | Virus | a program that reproduces itself |
| Computer Worm | Worm | replicate itself using a hot within the same network |
Malicious File Extensions
| Ext | Ad | PUA/P | Spy | Script | Trojan | Ransom | Virus | Worm |
|---|---|---|---|---|---|---|---|---|
| (no ext) | X | |||||||
| bmp | X | |||||||
| chm | X | |||||||
| dex | X | |||||||
| dll | X | X | X | X | ||||
| doc | X | |||||||
| docx | X | |||||||
| exe | X | X | X | X | ||||
| fpx | X | |||||||
| gif | X | |||||||
| gz | X | X | X | |||||
| html | X | X | X | X | ||||
| java | ||||||||
| jpg | X | |||||||
| lnk | X | |||||||
| m2t | X | |||||||
| mp3 | X | X | ||||||
| X | ||||||||
| php | X | X | ||||||
| pl | X | X | ||||||
| png | X | X | ||||||
| ppt | X | X | ||||||
| py | X | X | ||||||
| rar | X | X | X | X | ||||
| rb | X | |||||||
| rtf | X | |||||||
| sh | X | X | X | X | ||||
| swf | X | |||||||
| xml | X | |||||||
| zip | X | X | X | X | X |