SHORT NOTE ON MALWARE AND ITS TYPES **NOTE: ALL INFORMATION ARE REFEREED FROM THE SOURCES AVAILABLE FORM NET

1. MALWARES
BY:SAGILA
3RD YEAR BSc. FORENSIC SCIENCE
ANNAI FATHIMA COLLEGE OF ARTS AND SCIENCE

2. WHAT IS MALWARE ?
 Malware is the collective name for a number of malicious
software variants, including viruses, ransomware and
spyware.
 Malware typically consists of code developed by cyber
attackers, designed to cause extensive damage to data and
systems or to gain unauthorized access to a network.
 Malware is typically delivered in the form of a link or file over
email and requires the user to click on the link or open the file
to execute the malware.

3. TYPES OF MALWARE

4. VIRUS
 Primitive types of malware.
 Possibly the most common type of malware, viruses attach their
malicious code to clean code and wait for an unsuspecting user or an
automated process to execute them.
 They are usually contained within an executable file. They are self-
replicating programs that usually have a malicious intent.
 Instead it copies itself using a human assistance, such as using an
infected floppy disk at another machine.
 Some viruses are harmful and delete information or corrupt the
operating system.

5. TYPES OF VIRUSES
Boot viruses: establish their code in the disk sector. The machine
automatically executes the code of the boot virus when booting. Thus,
when an infected machine boots, the virus loads and runs it. After
completion of booting of viruses they usually load the original boot code
of the machine which they have previously moved to another location in
the disk or take other measures to ensure the machine appears to boot
normally.
File viruses: Get attached to program files (files containing
executable). When the infected program runs, the virus code executes.
Very often the virus code is added in such a way that it executes first,
then the program itself. After the virus code has finished loading and
executing, it will normally load and execute the original program it has
infected, or call the function it intercepted, so as to not arouse the
user’s suspicion.

6.  Companion viruses: Exploit the characteristics of the operating
system to execute it, rather than directly targeting programs or
boot sectors. Under DOS and Windows, when executing the
command „ABC‟, the method is that ABC.COM executes before
ABC.EXE (in the rare cases where both files exist). Thus, a
companion virus could place its code in a COM file with its first
name similar to that of an existing EXE file. When executing the
„ABC‟ command, the virus‟ ABC.COM program runs (usually the
virus would launch ABC.EXE once its function has been
completed so as not to alert the user. This is known as the
execution preference companion method.
Script viruses: became quite a hit with the hackers. The basic
reason for this virus being successful is machines started
operating on Windows. Writers of Script viruses used mass
mailing to target machines installed with Windows 98 and 2000
with Internet Explorer 5.0 and following versions. Program files
like VBS, JS & icons that of safe text files became quite
vulnerable to such attacks.

7. WORMS
Worms are similar to viruses as
they replicate themselves in the
same manner.
 Although self cloning in nature it is
different from a virus as it does
not need to attach itself to a file
or a disk sector.
Just like the picture depcits:
Starting from one infected machine,
they weave their way through the
network, connecting to consecutive
machines in order to continue the
spread of infection. This type of
malware can infect entire networks
of devices very quickly.

8. TROJAN
 In cyber world Trojan horses bare
one of the deadliest and randomly
used malware appearing to be worthy
software but instead it infect
damages & compromises the security
of the system.
A Trojan horse tempts a user into
opening a program as they are
satisfied that it is from a legitimate
source. Free softwares available for
downloading may be Trojans.
Just like the picture depicts: Acting
discretely, it will breach security by
creating backdoors that give other
malware variants easy access.

9. SPYWARE
Spyware is unwanted software that
infiltrates your computing device,
stealing your internet usage data
and sensitive information.
Spyware monitors your internet
activity, tracking your login and
password information, and spying on
your sensitive information.
 It aims to track and sell your
internet usage data, capture your
credit card or bank account
information, or steal your personal
identity.

10. ADWARE
Adware is any software application in
which advertising banners are displayed
while a program is running.
The ads are delivered through pop-up
windows or bars that appear on the
program's user interface.
Without the consent of the target user,
his online habits are sold.
The advertisement companies display
commercial ads, pop ups & even redirect
a user to a website without his
willingness or knowledge. These are
known as sticky software. It stays in the
infected machine without providing the
facility to uninstall it.

11. RANSOMWARE
Ransomware is malicious software that infects
your computer and displays messages
demanding a fee to be paid in order for your
system to work again.
This class of malware is a criminal money
making scheme that can be installed through
deceptive links in an email message, instant
message or website.
 It has the ability to lock a computer screen or
encrypt important, predetermined files with a
password.
Scareware is the simplest type of ransomware.
It uses scare tactics or intimidation to trick
victims into paying up. It can come in the form of
fake antivirus software in which a message
suddenly appears claiming your computer has
various issues and an online payment is
necessary to fix them.

12. CRIMEWARE
Crimeware is doing illegal online activities with the use of various
malware types. More specifically, Crimeware may be a virus, spyware, or
other piece of software that can be used to commit identity theft and
fraud.
Crimeware can take a number of actions, including:
Furtively install keystroke loggers to procure sensitive data, such as login
and password information for online bank accounts, and report them back
to the thief.
Redirect a user’s web browser to a counterfeit website controlled by the
thief.
Enable remote access into applications, allowing criminals to break into
networks for malicious purposes.
Encrypt all data on a computer and require the user to pay to decrypt it
(ransomware).
Sending out an email with an attachment to execute a payload to spread
the malware.

13. ROOTKIT
A rootkit is a collection of computer
software, typically malicious, designed
to enable access to a computer or an
area of its software that is not otherwise
allowed and often masks its existence
or the existence of other software.
A rootkit allows someone to maintain
command and control over a computer
without the computer user/owner
knowing about it. Once a rootkit has
been installed, the controller of the
rootkit has the ability to remotely
execute files and change system
configurations on the host machine.
A rootkit on an infected computer can
also access log files and spy on the
legitimate computer owner’s usage.

14. TYPES OF ROOTKIT
Kernel Rootkits - Hide a backdoor on a computer system by using
modified code to add or replace a portion of the system's existing
kernel code. Usually the new code is added to the kernel via a device
driver or loadable module. Kernel rootkits can be especially
dangerous because they can be difficult to detect without appropriate
software.
Library Rootkits - Hide information about the intruder by
manipulating system calls with patches, hooks, or replacements.
Application Rootkits - Replace or modify regular application
binaries with camouflaged fakes, hooks, patches, or injected code.

15. ANTI-MALWARE
Antivirus software, or anti-virus software also known as anti-malware, is a
computer program used to prevent, detect, and remove malware.
With the spread of other kinds of malware, antivirus software started to
provide security from other computer threats.
Antivirus software can guard users from malicious browser helper objects
(BHOs), browser hijackers, ransomware, worms, keyloggers, backdoors,
rootkits, Trojan horses, malicious LSPs, dialers, fraudtools, adware and
spyware.
Some products also include protection from further computer threats,
such as infected and malicious URLs, spam, scam and phishing attacks,
online identity (privacy), online banking attacks, social engineering
techniques, advanced persistent threat (APT) and botnet DDoS attacks.

16. PREVENATION
Ensure that all security updates and patches are installed.
Avoid suspicious links and emails.
Avoid suspicious websites.
Review software carefully before downloading.
Leverage strong, unique passwords.
Install Anti-virus software.
Turn on your firewall .
Limit application privileges.
Only buy Apps from trusted sources.
Back up data regularly.

17. CONCLUSION
 There are a lot of security measures that can be executed to
protect computers and networks form malware. Most security
measures that are accessible to users are aimed at protecting
computers from malware, adware, spam and various types of
common viruses. Even though there are a lot of companies
providing these services, cyber criminals are always looking
for new ways to get around firewalls and anti virus software
and on some occasions they are effective because there are
numerous hackers and spammers around the globe new ways
of getting around these barriers are regularly being developed
and catching them can be very difficult. However if users take
the suitable steps such as installing firewalls and anti
malware/virus software they will be less likely to fall prey to
cyber criminals.