Tuesday 21 August 2012

Malwares.......



Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. While it is sometimes software, it can also appear in the form of script or code. Malware is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains.
Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U.S. states, including California and West Virginia.


Malware is not the same as defective software, which is software that has a legitimate purpose but contains harmful bugs that were not noticed before release. Sometimes, malware is disguised as genuine software, and may come from an official company website. An example would be software used for useful purposes that also includes tracking software to gather marketing statistics for advertising.
Therefore, some security programs may find "potentially unwanted programs" or "PUP". Though a computer virus is malware that can reproduce itself, the term is sometimes used erroneously to refer to the entire category.

Classification of malware….
  • Infectious malware: viruses, worms & etc.
  • Concealment: Trojan horses, rootkits, backdoors & etc.
  • Malware for profit: spyware, botnets, keystroke loggers, "Ransom" Malware etc.
Infectious malware: viruses and worms
  • The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any other particular behavior. The term computer virus is used for a program that has infected some executable software and, when run, causes the virus to spread to other executables. Viruses may also contain a payload that performs other actions, often malicious. On the other hand, a worm is a program that actively transmits itself over a network to infect other computers. It too may carry a payload.
  • These definitions lead to the observation that a virus requires user intervention to spread, whereas a worm spreads itself automatically. Using this distinction, infections transmitted by email or Microsoft Word documents, which rely on the recipient opening a file or email to infect the system, would be classified as viruses rather than worms. 
Concealment: Trojan horses, rootkits, and backdoors
—TROJAN HORSES
  • Trojan horse is any program that invites the user to run it, concealing a harmful or malicious payload. The payload may take effect immediately and can lead to many undesirable effects, such as deleting the user's files or installing additional harmful software.
  • One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads from the Internet. When the user installs the software, the spyware is installed as well. Spyware authors who attempt to act in a legal fashion may include an end-user license agreement that states the behavior of the spyware in loose terms, which the users are unlikely to read or understand.
  • Trojans are most commonly used for marketing. Today's advanced trojans are capable of taking complete control of a Web browser and have even been known to add false exceptions to a browser's security settings. They may also modify a computer's Windows Registry.
Rootkits
  • Once a malicious program is installed on a system, it is essential that it stays concealed, to avoid detection and disinfection. The same is true when a human attacker breaks into a computer directly. Techniques known as rootkits allow this concealment, by modifying the host's operating system so that the malware is hidden from the user. Originally, a rootkit was a set of tools installed by a human attacker on a Unix system, allowing the attacker to gain administrator (root) access. Today, the term is used more generally for concealment routines in a malicious program.
  • Some malicious programs contain routines to defend against removal, not merely to hide themselves, but to repel attempts to remove them. An early example of this behavior is recorded in the Jargon File tale of a pair of programs infesting a Xerox CP-V time sharing system:
  • —Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently slain program within a few milliseconds. The only way to kill both ghosts was to kill them simultaneously (very difficult) or to deliberately crash the system.
  • —Similar techniques are used by some modern malware, where the malware starts a number of processes that monitor and restore one another as needed.
Backdoors
  • A backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised, one or more backdoors may be installed in order to allow easier access in the future. Backdoors may also be installed prior to malicious software, to allow attackers entry.
  • —The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. Crackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors crackers may use Trojan horses, worms, or other methods.
Malware for profit: spyware, botnets, keystroke loggers, and "Ransom" Malware

  • Spyware programs are commercially produced for the purpose of gathering information about computer users, showing them pop-up ads, or altering web-browser behavior for the financial benefit of the spyware creator.
  • Another way that financially motivated malware creators can profit from infecting computers is to directly use the infected computers to work for them. The infected computers are used as proxies to send out spam messages. A computer left in this state is often known as a zombie computer. The advantage to spammers of using infected computers is they provide anonymity, protecting the spammer from prosecution. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks. In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets.
  • In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously. Botnets can also be used to push upgraded malware to the infected systems, keeping them resistant to antivirus software or other security measures.
  • It is possible for a malware creator to profit by stealing sensitive information from a victim.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)