Malware

Dennis Faas's picture

Malware (a portmanteau of "malicious software") is any software program developed for the purpose of causing harm to a computer system, similar to a virus or Trojan horse.

Malware can be classified based on how it is executed, how it spreads, and/or what it does. The classification is not perfect, however, in the sense that the groups often overlap and the difference is not always obvious, giving rise to frequent flame wars.

Overuse of the term 'Virus'

Because viruses were historically the first to appear, the term "virus" is often applied, especially in the popular media, to all sorts of malware. Modern anti-viral software strengthen this broader sense of the term as their operation is never limited to viruses.

Classes of Malicious Software: Viruses and Worms

Both viruses and worms are able to self-replicate; they can spread (possibly modified) copies of themselves. Not every program that copies itself is a virus or worm; for instance, backup software may copy itself to other media as part of a system backup.

Difference Between Virus and Worm

To be classified as a virus or worm, at least some of these copies have to be able to replicate themselves too, such that the virus or worm can propagate itself. The difference between a virus and a worm is that a worm operates more or less independently of other files, whereas a virus depends on hosts to spread itself.

Virus

When computer viruses first originated, common targets were executable files that are part of application programs and the boot sectors of floppy disks. Most recently, however, viruses are embedded as Email attachments, which prey on curious users unknowingly opening the viral attachment.

Viruses can spread across computers when the software or document they've attached themselves to is transferred from one computer to the other.

Worms

Computer worms are similar to viruses but are stand-alone software and thus do not require host files (or other types of host code) to spread themselves. They do modify their host operating system, however, at least to the extent that they are started as part of the boot process. To spread, worms either exploit some vulnerability of the target system (I.E.: the operating system) or use some kind of social engineering to trick users into executing them.

Trojan

A trojan horse program is a harmful piece of software that is disguised as legitimate software. Trojan horses cannot replicate themselves, in contrast to viruses or worms. A trojan horse can be deliberately attached to otherwise useful software by a programmer, or it can be spread by tricking users into believing that it is useful.

To complicate matters, some trojan horses can spread or activate other malware, such as viruses. These programs are called 'droppers'. A common aftermath is the Trojan attracting a large amount of adware/spyware, causing lots of popups and web browser instability.

Backdoor

A backdoor is a piece of software that allows access to the computer system bypassing the normal authentication procedures. Based on how they work and spread, there are two groups of backdoors.

The first group works much like a Trojan, i.e., they are manually inserted into another piece of software, executed via their host software and spread by their host software being installed.

The second group works more like a worm in that they get executed as part of the boot process and are usually spread by worms carrying them as their payload. The term Ratware has arisen to describe backdoor malware that turns computers into zombies for sending spam.

Spyware

Spyware is a piece of software that collects and sends information (such as browsing patterns in the more benign cases or credit card numbers in more malicious cases) about users or, more precisely, the results of their computer activity, typically without explicit notification. They usually work and spread like Trojan horses. The category of spyware is sometimes taken to include adware of the less-forthcoming sort.

Exploit

An exploit is a piece of software that attacks a particular security vulnerability. Exploits are not necessarily malicious in intent -- they are often devised by security researchers as a way of demonstrating that a vulnerability exists. However, they are a common component of malicious programs such as network worms.

Rootkit

A rootkit is software inserted onto a computer system after an attacker has gained control of the system. Rootkits often include functions to hide the traces of the attack, as by deleting log entries or cloaking the attacker's processes. Rootkits may also include backdoors, allowing the attacker to easily regain access later; or exploit software to attack other systems.

Because they often hook into the operating system at the kernel level to hide their presence rootkits can be very hard to detect. The consensus of computer security experts is that if your system has been compromised by a rootkit you should wipe your hard drives and reinstall the operating system since you can never know if you have successfully removed all traces of the rootkit.

Key Logger

A keylogger is software that copies a computer user's keystrokes to a file, which it may send to a hacker at a later time. Often the keylogger will only "awaken" when a computer user connects to a secure website, such as a bank. It then logs the keystrokes, which may include account numbers, PIN's and passwords, before they are encrypted by the secure website.

Dialers

A dialer is a program that either replaces the phone number in a modem's dial-up connection with a long-distance number, often out of the country, in order to run up phone charges on pay-per-dial numbers, or dials out at night to send keylogger or other information to a hacker.

URL injection (Browser Malware)

This software modifies the browser's behavior with respect to some or all domains. It modifies the url submitted to the server to profit from a given affiliate scheme by the content provider of the given domain. This is often transparent to the user. The author profits at the expense of the user -- often surreptitiously.

Defective Software

Malware should not be confused with defective software, that is, software which is intended for a legitimate purpose but has errors or bugs.

This document is licensed under the GNU Free Documentation License (GFDL), which means that you can copy and modify it as long as the entire work (including additions) remains under this license.

Rate this article: 
Average: 4 (1 vote)