Sign In
Register
Help
This topic is locked
Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. Malware is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, Trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software.
Malware is not the same as defective software, that is, software which has a legitimate purpose but contains harmful errors.
Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the web sites.
Computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of .exe file) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging, and file sharing systems to spread.
Computer worm is a self-replicating computer program. It uses a network to send copies of itself to other computers on the network and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or devour files on an infected computer.
Many worms that have been created are only designed to spread, and don't attempt to alter the systems they pass through. However, as the Morris worm and Mydoom showed, the network traffic and other unintended effects can often cause major disruption. A "payload" is code designed to do more than spread the worm - it might delete files on a host system, encrypt files in a cryptoviral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" computer under control of the worm author. Networks of such machines are often referred to as botnets and arevery commonly used by spam senders for sending junk email or to cloak their website's address. Spammers are therefore thought to be a source of funding for the creation of such worms, and the worm writers have been caught selling lists of IP addresses of infected machines. Others try to blackmail companies with threatened denial of service attacks.
Trojan horse , or trojan for short, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, allows unauthorized access to the user's computer system. The term comes from the Trojan horse story in Greek mythology. Trojan horses are not self-replicating which distinguishes them from viruses and worms. Additionally, they require interaction with a hacker to fulfil their purpose. The hacker need not be the individual responsible for distributing the Trojan horse. It is possible for hackers to scan computers on a network using a port scanner in the hope of finding one with a Trojan horse installed
Trojan horses are designed to allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system it is possible for a hacker to access it remotely and perform operations. The types of operations that a hacker can perform are limited by user privileges on the target computer system and the design of the Trojan horse itself.
Operations which could be performed by a hacker on a target computer system include:
- Deletion of files
- Modification of files
- Uploading of files
- Downloading of files
- Installation of software (including other malware)
- Data Theft (e.g. passwords, security codes, credit card information)
- Use of the machine as part of a Botnet (e.g. to perform Distributed Denial-of-service attacks)
- Keystroke logging
- Viewing the user's screen
Rootkit is a software system that consists of a program or combination of several programs designed to hide or obscure the fact that a system has been compromised. Contrary to what its name may imply, a rootkit does not grant a user administrator privilege, as it requires prior access to execute and tamper with system files and processes. An attacker may use a rootkit to replace vital system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the rootkit. Access to the hardware, e.g., the reset switch, is rarely required, as a rootkit is intended to seize control of the operating system. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms such as ant-virus or anti-spyware scan. Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. Rootkits may also install a "back door" in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, which, in turn, allows an attacker to access the system, regardless of changes to the actual accounts on the system.
Rootkits may have originated as regular applications, intended to take control of a failing or unresponsive system, but in recent years have been largely malware to help intruders gain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Linux, Mac OS, and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules, depending on the internal details of an operating system's mechanisms.
Spyware is computer software that is installed surreptitiously on a personal computer to collect information about a user, their computer or browsing habits without the user's informed consent.
While the term spyware suggests software that secretly monitors the user's behaviour, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.
In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.
Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware.
Advertising functions are integrated into or bundled with the software, which is often designed to note what Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there. Adware is usually seen by the developer as a way to recover development costs, and in some cases it may allow the software to be provided to the user free of charge or at a reduced price. The income derived from presenting advertisements to the user may allow or motivate the developer to continue to develop, maintain and upgrade the software product. Conversely, the advertisements may be seen by the user as interruptions or annoyances or as distractions from the task at hand.
Some adware is also shareware, and so the word may be used as term of distinction to differentiate between types of shareware software. What differentiates adware from other shareware is that it is primarily advertising-supported. Users may also be given the option to pay for a "registered" or "licensed" copy to do away with the advertisements.
Adware can also download and install unwanted programs.
Crimeware is a class of malware designed specifically to automate financial or political crime. The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group to distinguish it from other kinds of malevolent programs
Crimeware (as distinct from spyware, adware, and malware) is designed (through social engineering or technical stealth) to perpetrate identity theft in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often has the intent to export confidential or sensitive information from a network for financial exploitation. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer confidential information.
MultiQuote