This is malware that lies in wait, and is harming. These are often referred to as Trojans. Often times it is triggered by a date. It can also be triggered by the simple launch of a program, or application – where it is embedded. In this case, from any systems’ point-of-view, a trusted user ends up launching the malware and granting its yield: That is, a user that has sanction within a system by virtue of login credentials, a corresponding set of system authorities and access, and consequently permission(s) to do various things with that system.
Recognize that that user can do things to the system, with the system, and through that system – thus the malware has the same enablements. The malware can do things to the system: changing it, disabling parts (or all) of it, modifying the system’s payloads and deliveries (stats, reports, etc.), render certain users’ or entities’ access useless, and on and on.
The malware can do things with the system: Using resources such as processor power, storage and bandwidth to blast information; to rip-off contacts for access to those, in assembling broadcast lists, to further distribute various content, even to further distribute and install malware.
In doing things through a system, malware can hide its true origins, making it appear that it is spawning its nefarious purposes and deliveries from your domain – and actually, it is.
Worse, Remote Access Trojans (RATs) open back doors to your resources, for purpose of remote control. Now, changes and updates are possible for “best” possible use and abuse of hacked resources.
Tomorrow, we’ll discuss another general area, Destructive Malware, and then we’ll delve into symptoms and a few more specifics.