Adversaries target different device categories in different ways. Servers provide services like DNS, DHCP, and FTP to other machines and are high-value targets. Personal computers handle individual work tasks. Handheld devices like smartphones run on battery and have limited security controls. Embedded computers inside appliances and IoT devices often cannot run security software at all. Malware exploits these devices through unpatched software, weak authentication, and missing BIOS or UEFI passwords that allow boot-level access. Risk level depends on how critical the device or its data is.
- Virus: Malware that requires a user to execute or open a file to activate and spread.
- Worm: Malware that spreads automatically between computers without any user interaction.
- Trojan: Malware hidden inside software that appears legitimate; a RAT variant gives the adversary remote control.
- Ransomware: Encrypts a device's files and demands payment for the decryption key.
- BIOS/UEFI: Firmware that initializes hardware at boot; no password on BIOS or UEFI lets an adversary boot into recovery mode and bypass OS-level controls.
Can you classify a described malware behavior as a virus, worm, trojan, ransomware, spyware, rootkit, keylogger, or logic bomb, and rate the associated risk as high, moderate, or low based on the device type and data involved?
| Malware Type | Requires User Action? | Primary Effect |
|---|
| Virus | Yes | Corrupts or destroys files on activation |
| Worm | No | Self-propagates across a network |
| Trojan / RAT | Yes (opens file) | Hides in software; RAT gives remote access |
| Ransomware | No (after delivery) | Encrypts files and demands payment |
| Rootkit | No | Hides deep in OS to maintain persistent access |