Malwares

MALWARE

Malware also known as malicious (or malevolent) software, is software used or created by attackers to

disrupt computer operation, gather sensitive information, or gain access to private computer systems. It

can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term

used to refer to a variety of forms of hostile or intrusive software.

Malware includes computer viruses, worms, Trojan horses, spyware, adware, rootkits ,�Backdoors and

other malicious programs.�

Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and

the World Wide Web.

On March 29, 2010, Symantec Corporation named Shaoxing, China, as the world's malware capital.

��

��

��

�� The term computer virus is used for a program that has infected

some executable software and, when run, causes the virus to spread to other executables.

Viruses can be divided into two types based on their behavior when they are executed.

1. Nonresident viruses can be thought of as consisting of a finder module and a replication module. The

finder module is responsible for finding new files to infect. For each new executable file the finder module

encounters, it calls the replication module to infect that file.

2. Resident viruses contain a replication module that is similar to the one that is employed by nonresident

viruses. The virus loads the replication module into memory when it is executed and ensures that this

module is executed each time the operating system is called to perform a certain operation. For example

the replication module can be called each time the operating system executes a file. In this case the virus

infects every suitable program that is executed on the computer.

Examples:

The Cascade virus was a resident computer virus written in assembler,that was widespread in the 1980s

and early 1990s. It infected COM files and had the effect of making text on the screen fall down and forms

a heap in the bottom of the screen. It was notable for using an encryption algorithm to avoid being

detected.

Worms are software programs capable of reproducing itself that can spread from one computer to the

next over a network.� Worms spread itself automatically and worms can take advantage of automatic file

sending and receiving features found on many computers.

Examples:��

��, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft

Windows operating system that was first detected in November 2008.

2. The Welchia worm, also known as the "Nachia worm," is a computer worm that exploits vulnerability

in the Microsoft Remote procedure call (RPC) service similar to the Blaster worm. However, unlike

Blaster, it tries to download and install security patches from Microsoft, so it is classified as a helpful

worm.

Concealment: [Trojan horses, Rootkits, and Backdoors]

A Trojan horse is any program that invites the user to run it, concealing harmful or

malicious code. The code may take effect immediately and can lead to many undesirable

effects, such as deleting the user's files or installing additional harmful software.

��

�� !��

"��!��#��

��

��

��$��$�

Rootkit softwares are used to hide the fact that a computer system has been compromised,

for example by modifying system commands to conceal changes made to the system. Rootkits

can prevent a malicious process from being visible in the system's list of processes, or keep its

files from being read. Some Rootkit programs contain routines to defend against removal, not

merely to hide them, but to resist attempts to remove them. Rootkits can change how the

operating system functions and in some cases can tamper with the anti-virus program and

render it ineffective. Rootkits are also difficult to remove, in some cases requiring a complete re-

installation of the operating system.

A backdoor is a method of bypassing normal authentication procedures. Once a system has

been compromised, one or more backdoors may be installed in order to allow easier access in

the future. Crackers typically use backdoors to secure remote access to a computer, while

attempting to remain hidden from casual inspection. To install backdoors crackers may use

Trojan horses, worms, or other methods.

Grayware: [Crimeware, Adwire, Spyware]

Grayware (or Greyware) is a general term that refers to applications or files that are not directly

classified as malware (like worms or Trojan horses), but can still negatively affect the

performance of computers and involve significant security risks. Another term is PUP which

stands for Potentially Unwanted Program.

Crimeware is designed to perpetrate identity theft in order to access a computer user's online

accounts at financial services companies and online retailers for the purpose of taking funds

from those accounts or completing unauthorized transactions.Criminals use a variety of

techniques to steal confidential data through crimeware, including through the following

methods:

• Crimeware can surreptitiously install keystroke loggers to collect sensitive data—login

and password information for online bank accounts, for example—and report them back

to the thief.

• A Crimeware program can also redirect a user's web browser to a counterfeit website

controlled by the thief even when the user types the website's proper domain name in

the address bar.

• Crimeware threats can steal passwords cached on a user's system.

• Crimeware can wait for the user to log into their account at a financial institution, and

then drain the account without the user's knowledge.

• Crimeware can enable remote access into applications, allowing criminals to break into

networks for malicious purposes.

Adware is a type of malware designed to display advertisements in the user’s software. They

can be designed to be harmless or harmful; the adware gathers information on what the user

searches in the World Wide Web .With this gathered information it displays ads corresponding

to information collected.

Spyware is a software that self-installs on a computer, enabling information to be gathered

covertly about a person's Internet use, passwords, etc. Spyware can changes your computer

configuration and can cause your computer to slow down or crash. These programs can change

your web browser's home page or search page, or add additional components to your browser

you don't need or want. They also make it very difficult for you to change your settings back to

the way you had them.

Major infrastructures attacked:

�� %��&�� '�� (�� )*+*�� %��&��

��,��"��%��-��"��

��

��

� !�"��'��%��&��.��/��

��.��

��

��0��#��

��#��

��

��0�� !%� ��

��1��

��&��

��&��

��0��

��

��0��

��

��0��

�� 0��

��"��

��

��

2��0�� 0��

��.��

�� 0��

3�� &��

�� 4�� 0�� 5� �� $��&$� ��

4��5��

��

6&�� ,�� "�� 0�� ,��

%�� 6�� 4�� "�� 78�� "�� 95� �� 0�� "��

,�� %�� 2�� 4�� "�� :��5�� "�� '�� 4��

��"��785� ��

��.��4��0��5��

There are several methods which antivirus software can use to identify malware:

Signature based detection is the most common method. To identify viruses and other

malware, antivirus software compares the contents of a file to a dictionary of virus signatures.

Because viruses can embed themselves in existing files, the entire file is searched, not just as a

whole, but also in pieces.

Heuristic analysis is used to identify new malware or variants of known malware. Many viruses

start as a single infection and through either mutation or refinements by other attackers, can

grow into dozens of slightly different strains, called variants. Heuristic analysis and detection

refers to the detection and removal of multiple threats using a single virus definition.

�

�

Malwares

Technology

Transcript of Malwares