2.4 Summarize types of malware and tools/methods for detection, removal, and prevention.
📘CompTIA A+ Core 2 (220-1202)
What is Malware?
Malware (malicious software) is any program or code designed to:
- Harm a computer system
- Steal data
- Spy on users
- Disrupt normal system operations
- Gain unauthorized access
Malware can affect:
- Windows operating systems
- User accounts
- Network security
- Company data and credentials
For the exam, you must identify different malware types, understand how they work, and know their risks.
1. Trojan
What it is
A Trojan is malware that pretends to be legitimate software but performs malicious actions once installed.
Key characteristics
- Does not replicate itself
- Relies on user action to install
- Often disguised as:
- Free software
- Cracked applications
- Fake updates
What it does
- Creates backdoors
- Steals usernames and passwords
- Downloads additional malware
- Gives attackers remote access
Exam points
- Trojans look safe but are dangerous
- They require user interaction
- Often used to deliver other malware
2. Rootkit
What it is
A rootkit is malware designed to hide itself and other malware from the operating system and security tools.
Key characteristics
- Runs at a very low system level
- Extremely hard to detect
- Can modify system processes
What it does
- Hides malicious files
- Allows attackers to maintain long-term access
- Bypasses antivirus detection
Exam points
- Rootkits focus on stealth
- Often require system reinstallation to remove
- Can exist in firmware, bootloader, or OS kernel
3. Virus
What it is
A virus is malware that attaches itself to legitimate files and spreads when those files run.
Key characteristics
- Requires a host file
- Requires user action to spread
- Can replicate
What it does
- Corrupts or deletes files
- Slows down systems
- Causes system crashes
Exam points
- Viruses need execution
- Different from worms (worms self-spread)
- Often spread through infected files or removable media
4. Spyware
What it is
Spyware secretly monitors user activity and collects information without permission.
Key characteristics
- Runs silently in the background
- Focuses on data collection
What it does
- Tracks browsing habits
- Collects login credentials
- Captures system information
Exam points
- Spyware focuses on surveillance
- Often bundled with free software
- Can cause privacy and compliance issues
5. Ransomware
What it is
Ransomware encrypts files or locks systems and demands payment to restore access.
Key characteristics
- Data becomes inaccessible
- Uses strong encryption
- Payment usually requested in cryptocurrency
What it does
- Encrypts user and system files
- Displays ransom messages
- Disrupts business operations
Exam points
- Backups are the best protection
- Paying ransom does not guarantee recovery
- Can spread through email attachments and exploits
6. Keylogger
What it is
A keylogger records every keystroke typed on a keyboard.
Key characteristics
- Can be software or hardware-based
- Runs invisibly
What it does
- Captures:
- Passwords
- Emails
- Credit card numbers
- Sends data to attackers
Exam points
- Commonly used to steal credentials
- Often part of larger malware packages
- Hard to detect without security tools
7. Boot Sector Virus
What it is
A boot sector virus infects the boot process of a computer.
Key characteristics
- Loads before the operating system
- Activates during system startup
What it does
- Controls system startup
- Can prevent OS from loading
- Spreads through bootable media
Exam points
- Affects MBR or EFI
- Very dangerous because it runs first
- Often requires advanced removal methods
8. Cryptominer (Cryptojacking)
What it is
A cryptominer uses a system’s resources to mine cryptocurrency without permission.
Key characteristics
- Runs silently
- Consumes CPU/GPU power
What it does
- Slows down systems
- Increases power usage
- Overheats hardware
Exam points
- Focuses on resource abuse
- Can run in browsers or as background services
- Often detected by performance issues
9. Stalkerware
What it is
Stalkerware is spyware used to monitor another person’s device activity.
Key characteristics
- Often installed with physical access
- Runs secretly
What it does
- Tracks location
- Monitors messages and calls
- Collects activity logs
Exam points
- Serious privacy and ethical concern
- Considered a form of spyware
- Increasingly recognized by security vendors
10. Fileless Malware
What it is
Fileless malware runs only in system memory (RAM) and does not install files on the disk.
Key characteristics
- Uses legitimate system tools (PowerShell, WMI)
- Leaves little or no footprint
What it does
- Executes malicious commands in memory
- Evades traditional antivirus
- Maintains persistence through registry or scripts
Exam points
- Very hard to detect
- Relies on built-in OS tools
- Requires advanced monitoring solutions
Quick Exam Comparison Table
| Malware Type | Main Purpose |
|---|---|
| Trojan | Disguised malicious software |
| Rootkit | Hide malware |
| Virus | Infect files |
| Spyware | Monitor activity |
| Ransomware | Encrypt data |
| Keylogger | Capture keystrokes |
| Boot sector virus | Infect startup process |
| Cryptominer | Use system resources |
| Stalkerware | Monitor user behavior |
| Fileless | Evade detection |
Key Exam Tips (Very Important)
- Know what each malware type does
- Understand how it spreads
- Identify key differences (e.g., virus vs Trojan)
- Focus on security impact and detection difficulty
- Expect scenario-based questions
