Malware Payloads

Backdoors

Malware will often attempt to view if there is an open port on a computer or possible an exposed application that it can use to allow for a remote access trojan (RAT).

Historically Backdoors were used with the Internet Relay Chat (IRC) protocol but that has sense been a less effective method because of detection. Now RAT programs will attempt to use a more direct approach with Hyper Text Transfer Protocol (HTTP) or Domain Name Server (DNS) traffic.

Spyware and Keyloggers

Spyware acts as a program or script running to track information on a target machine using varoius different methods to gather intellegence about a system such as Web Browser data like cookies, storage, startup applications, and commonly run processes.

Keyloggers will attempt to steal any credentials or confidential information that was originally intended to be private. Key loggers can be installed in a number of ways, from USB devices plugged into a computer, mouse or keyboard, to more sophisticated approaches like Trojans.

Rootkit

Rootkit is a play on Linux/Unit systems where applications that were originally installed required root/sudo access to install an application. Much like the Linux/Unix procedure RootKit is the same process. Malware can attempt to install itself onto Windows and gain elevated privileges so that it does not have to end up appearing in the Services.msc of the Operating System and have a more difficult time being detected.