1. MALWAREMalware also known as malicious (or malevolent) software, is software used or created by attackers todisrupt computer operation, gather sensitive information, or gain access to private computer systems. Itcan appear in the form of code, scripts, active content, and other software. Malware is a general termused to refer to a variety of forms of hostile or intrusive software.Malware includes computer viruses, worms, Trojan horses, spyware, adware, rootkits , Backdoors andother malicious programs. Malwares most common pathway from criminals to users is through the Internet: primarily by e-mail andthe World Wide Web.On March 29, 2010, Symantec Corporation named Shaoxing, China, as the worlds malware capital. The term computer virus is used for a program that has infectedsome executable software and, when run, causes the virus to spread to other executables.Viruses can be divided into two types based on their behavior when they are executed.
2. 1. Nonresident viruses can be thought of as consisting of a finder module and a replication module. Thefinder module is responsible for finding new files to infect. For each new executable file the finder moduleencounters, it calls the replication module to infect that file.2. Resident viruses contain a replication module that is similar to the one that is employed by nonresidentviruses. The virus loads the replication module into memory when it is executed and ensures that thismodule is executed each time the operating system is called to perform a certain operation. For examplethe replication module can be called each time the operating system executes a file. In this case the virusinfects every suitable program that is executed on the computer.Examples:The Cascade virus was a resident computer virus written in assembler,that was widespread in the 1980sand early 1990s. It infected COM files and had the effect of making text on the screen fall down and formsa heap in the bottom of the screen. It was notable for using an encryption algorithm to avoid beingdetected.Worms are software programs capable of reproducing itself that can spread from one computer to thenext over a network. Worms spread itself automatically and worms can take advantage of automatic filesending and receiving features found on many computers.Examples: , also known as Downup, Downadup and Kido, is a computer worm targeting the MicrosoftWindows operating system that was first detected in November 2008.2. The Welchia worm, also known as the "Nachia worm," is a computer worm that exploits vulnerabilityin the Microsoft Remote procedure call (RPC) service similar to the Blaster worm. However, unlikeBlaster, it tries to download and install security patches from Microsoft, so it is classified as a helpfulworm.
3. Concealment: [Trojan horses, Rootkits, and Backdoors]A Trojan horse is any program that invites the user to run it, concealing harmful ormalicious code. The code may take effect immediately and can lead to many undesirableeffects, such as deleting the users files or installing additional harmful software. !" ! # $ $Rootkit softwares are used to hide the fact that a computer system has been compromised,for example by modifying system commands to conceal changes made to the system. Rootkitscan prevent a malicious process from being visible in the systems list of processes, or keep itsfiles from being read. Some Rootkit programs contain routines to defend against removal, notmerely to hide them, but to resist attempts to remove them. Rootkits can change how theoperating system functions and in some cases can tamper with the anti-virus program andrender it ineffective. Rootkits are also difficult to remove, in some cases requiring a complete re-installation of the operating system.A backdoor is a method of bypassing normal authentication procedures. Once a system hasbeen compromised, one or more backdoors may be installed in order to allow easier access inthe future. Crackers typically use backdoors to secure remote access to a computer, whileattempting to remain hidden from casual inspection. To install backdoors crackers may useTrojan horses, worms, or other methods.Grayware: [Crimeware, Adwire, Spyware]Grayware (or Greyware) is a general term that refers to applications or files that are not directlyclassified as malware (like worms or Trojan horses), but can still negatively affect theperformance of computers and involve significant security risks. Another term is PUP whichstands for Potentially Unwanted Program.Crimeware is designed to perpetrate identity theft in order to access a computer users onlineaccounts at financial services companies and online retailers for the purpose of taking fundsfrom those accounts or completing unauthorized transactions.Criminals use a variety oftechniques to steal confidential data through crimeware, including through the followingmethods:
4. • Crimeware can surreptitiously install keystroke loggers to collect sensitive data—login and password information for online bank accounts, for example—and report them back to the thief. • A Crimeware program can also redirect a users web browser to a counterfeit website controlled by the thief even when the user types the websites proper domain name in the address bar. • Crimeware threats can steal passwords cached on a users system. • Crimeware can wait for the user to log into their account at a financial institution, and then drain the account without the users knowledge. • Crimeware can enable remote access into applications, allowing criminals to break into networks for malicious purposes.Adware is a type of malware designed to display advertisements in the user’s software. Theycan be designed to be harmless or harmful; the adware gathers information on what the usersearches in the World Wide Web .With this gathered information it displays ads correspondingto information collected.Spyware is a software that self-installs on a computer, enabling information to be gatheredcovertly about a persons Internet use, passwords, etc. Spyware can changes your computerconfiguration and can cause your computer to slow down or crash. These programs can changeyour web browsers home page or search page, or add additional components to your browseryou dont need or want. They also make it very difficult for you to change your settings back tothe way you had them.Major infrastructures attacked: % & ( )*+* % & , " % - " ! " % & . / . 0 # # 0 !% 1 & &
5. 0 0 0 0 "2 0 0 . 03 & 4 0 5 $ &$4 56& , " 0 ,% 6 4 " 78 " 95 0 ", % 2 4 " : 5 " 4 " 785 . 4 0 5There are several methods which antivirus software can use to identify malware:Signature based detection is the most common method. To identify viruses and othermalware, antivirus software compares the contents of a file to a dictionary of virus signatures.Because viruses can embed themselves in existing files, the entire file is searched, not just as awhole, but also in pieces.Heuristic analysis is used to identify new malware or variants of known malware. Many virusesstart as a single infection and through either mutation or refinements by other attackers, cangrow into dozens of slightly different strains, called variants. Heuristic analysis and detectionrefers to the detection and removal of multiple threats using a single virus definition.