The document provides a comprehensive overview of malware, including definitions, types (viruses, worms, trojans, etc.), and their behaviors and delivery methods. It emphasizes the importance of understanding these terms for better cybersecurity practices and highlights the potential risks associated with different malware types, such as data theft and system disruption. Additionally, it discusses various malware actions, including spyware, ransomware, adware, and botnets, and the significance of securing devices against these threats.

1. Malware and malicious programs
blog.ahasayen.com /malware-and-malicious-programs/
Ammar Hasayen
Facebook
Google+
Twitter
Pinterest
LinkedIn
Blogger
Tumblr
Print Friendly
In this blog post, we will be talking about malware, malicious programs or code, and viruses. It is become confusing
when to use what word to describe those bad programs that cause damage to our computers and networks. We will
start step at a time, and guide you through couple of examples, to reach a good definition and meaning to such of
those bad programs.
Why should I care in the first place to know those stuff??
Why it is a good practice to know these terms and distinguish between them, someone may ask? Well, if you know
that you get infected by a worm, then you should panic more than if you get hit by a virus, because of the speed of
spread. It is also nice to read in the news about one of those terms and say “OH, I know what this means!”.
Another important thing is that when you purchase an antivirus software, that you check with the supplier what kind
of malware it can detect. Sometimes, those antivirus software will protect you against some, but not all of those bad
guys. So pay attention!
You will hear a lot about vulnerability and Exploit
Funny thing about software: it’s written by humans. Humans are fallible and sometimes they do mistakes.
Sometimes those mistakes create strange behaviors in programs. And sometimes that strange behavior can be used
to create a hole that malware or hackers could use to get into your machine more easily. That hole is otherwise
known as a vulnerability.
The strange behavior that can be used to create a hole for hackers or malware to get through, generally requires
someone to use a particular sequence of actions or text to cause the right (or is that wrong?) conditions. To be
usable by malware (or on a larger scale by hackers), it needs to be put into code form, which is also called exploit
code.
It is all Malware
The word malware is a combination of two words “malicious” and “software”. Malware is the big umbrella term. It
covers viruses, worms, Trojans, and even exploit code. But not vulnerabilities or buggy code, or products whose
business practices you don’t necessarily agree with.
1/6

2. The difference between malware and vulnerabilities is like the difference between something and the absence of
something. Yeah, okay, that’s a bit confusing. What I mean is, malware is something. You can see it, interact with it,
and analyze it. A vulnerability is a weakness in innocent software that a something (like malware or a hacker) can go
through.
Some kinds of malicious code or malware can be considered Denial of Service DoS attacks, because usually they do
nasty stuff to your files or consume your bandwidth, memory or disks pace, and prevent you from using many
resources.
Sometimes you’ll hear the term “rootkit” or “bootkit” used to describe a certain type of malware. Generally, this
refers to methods that the malware uses to hide itself deep inside the inner workings of Windows so as to avoid
detection.
Malware delivery methods
We have identified malware as the umbrella term. This is a big catchall phrase that covers all sorts of software with
nasty intent. Now, we will talk about how malware will reach you through one of its delivery methods.
Virus: Breaks Stuff
[Key thing to remember – They need the first click from the user]
It is a type of malicious code or malware and it is nothing but a piece of code that is designed to render your PC
completely inoperable, while others simply delete or corrupt your files—the general point is that a virus is designed
to cause havoc and break stuff. Often viruses are disguised as games, images, email attachments, website URLs,
shared files or links or files in instant messages.
Spread
Viruses can spread sometimes to other machines, but usually it spread slowly and most of the time, rely on the user
to transfer the infected file. You can have viruses in your computer but they are setting there doing nothing until you
click on the executable they attach themselves to. So it needs a human action and they don’t propagate by
themselves. Infected USB drives are famous way of moving the virus around.
An interesting type of viruses are macros. A macro is a piece of code that can be embedded in a data file. In most
respects, macro viruses are like all other viruses. The main difference is that they are attached to data files (i.e.,
documents) rather than executable programs.
Effect
It infects files and programs and usually destroy files and can also interfere with computer operations by multiplying
itself to fill up disk space or randomly access memory space, secretly infecting your computer.
Worm: Copy Themselves with massive effect
[Key thing to remember – They don’t need the first user click or any action. They can propagate by their own
using your network]
Some consider them sub class of viruses but the key difference is that they don’t need the first user click or any
action. They can propagate by their own.
It is called warm because they can move around by their own. You can think of them as viruses that are self-
2/6

3. contained and go around searching out other machines to infect.
Effect
Due to the copying nature of a worm and its capability to travel across networks, the end result in most cases is that
the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and
individual computers to stop responding.
Examples
Some of the most famous worms include the ILOVEYOU worm, transmitted as an email attachment, which cost
businesses upwards of 5.5 billion dollars in damage. The Code Red worm defaced 359,000 web sites, SQL
Slammer slowed down the entire internet for a brief period of time (75000 infections in the first 10 minutes !), and the
Blaster worm would force your PC to reboot repeatedly.
Spread
Worms are standalone malicious software and do not require a host program or human help to propagate. It also
uses a vulnerability or social engineering to trick the user into spreading them.
Worm rely on network to spread. One example would be for a worm to send a copy of itself to everyone listed in your
e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver’s
address book, and the manifest continues on down the line.
Trojans Horses: Install a Backdoor
In simple words, it is a malicious software that you thought was going to be one thing, but turns out to be something
bad.
Do you remember that story you had to read in high school about the big wooden horse that turned out to be full of
guys with spears? This is the computer equivalent.
3/6

4. Malware actions
We talked about how malicious programs and malware will reach you [Delivery Methods]. In this part, we will talk
about some of the actions that malware will do once you get infected. This is by far the most interesting part.
Spyware: Steals Your Information
It is malicious computer program that does exactly what its name implies -i.e., spies on you. After downloading itself
onto your computer either through an email you opened, website you visited or a program you downloaded, spyware
scans your hard drive for personal information and your internet browsing habits.
Some spyware programs contain keyloggers that will record personal data you enter in to websites, such as your
logon usernames and passwords, email addresses, browsing history, online buying habits, your computer’s
hardware and software configurations, your name, age and sex, as well as sensitive banking and credit information.
Some spyware can interfere with your computer’s system settings, which can result in a slower internet connection.
Since spyware is primarily meant to make money at your expense, it doesn’t usually kill your PC—in fact, many
people have spyware running without even realizing it, but generally those that have one spyware application
installed also have a dozen more. Once you’ve got that many pieces of software spying on you, your PC is going to
become slow.
Some spyware programs will even enhance your system security, and patch your system. They will even detect if
there are other malicious code and malware on your device and stop them. They want you to continue working on
your machine smoothly so that they can continue spying on you. Interesting right?!
Scareware: Holds Your PC for Ransom !!
Sometime it is called Ransomware. Lately a very popular way for Internet criminals to make money. This malicious
code or malware alters your system in such a way that you’re unable to get into it normally. It will then display some
kind of screen that demands some form of payment to have the computer unlocked. Access to your computer is
literally ransomed by the cyber-criminal.
Sometime the user is tricked into downloading what appears to be an antivirus application, which then proceeds to
tell you that your PC is infected with hundreds of viruses, and can only be cleaned if you pay for a full license. Of
4/6

5. course, these scareware applications are nothing more than malware that hold your PC hostage until you pay the
ransom—in most cases, you can’t or even use the PC.
Ransomware can be lock screen type (locks your computer until you pay), or encryption type, which will encrypt
your files with a password until you pay.
The most famous malware of this type is the “FBI MoneyPak”. It will lock your screen saying that you break some
copyright laws or visited unauthorized pages, and you need to pay the FBI money to unlock your PC. Really smart !!
The WannaCry ransomware attack happened in 2017, and it was a worldwide cyberattack by the WannaCry
ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system.
Adware: We will get you some Advertisements
Adware is a malicious software that, once installed on your computer, tracks your internet browsing habits and sends
you popups containing advertisements related to the sites and topics you’ve visited. While this type of software may
sound innocent, and even helpful, it consumes and slows down your computer’s processor and internet connection
speed. Additionally, some adware has keyloggers and spyware built into the program, leading to greater damage to
your computer and possible invasion of your private data.
Botnet
The term Bot is a short of robot. A Bot is nothing than a malware that allows attacker to take control over an
affected machine. Home computers are the biggest candidate for such malware type.
Multiple infected machines with this type of malware are called Botnet or Zombie Army. The cybercriminals that
control these bots are called botherders or botmasters.
Some botnets might have a few hundred or a couple thousand computers, but others have tens and even hundreds
of thousands of zombies at their disposal. Many of these computers are infected without their owners’ knowledge.
A recently discovered attacker has a botnet with 1.5 million infected machines with a rate of 75,000 infected
machines in the first 30 minutes! According to the Symantec Internet Security Threat Report, through the first six
months of 2006, there were 4,696,903 active botnet computers. Attackers may use instant messaging (IM)
applications to spread malware that transforms computers into zombie computers.
Bots sneak onto a person’s computer in many ways. Bots often spread themselves across the Internet by searching
for vulnerable, unprotected computers to infect or an open port. They infect a computer by leaving a Trojan horse
program that can be used for future activation. When an infected computer is on the Internet the bot can then start
up an IRC client and connect to an IRC server created by the botmaster. Their goal is then to stay hidden until they
are instructed to carry out a task.
How they get to you
Attackers find new ways to deliver their programs. Have you ever seen a pop-up ad that included a “No Thanks”
button? Hopefully you didn’t click on it – those buttons are often just decoys. Instead of dismissing the annoying
pop-up ad, they activate a download of malicious software.
Once the victim receives the program, he must activate it. In most cases, the user thinks the program is something
else. It might appear to be a picture file, an MPEG or some other recognizable file format. When the user chooses to
run the program, nothing seems to happen. For some people, this raises alarm bells and they immediately follow up
with a flurry of virus and spyware scanner activity. Unfortunately, some users simply think they received a bad file
5/6

6. and leave it at that.
Meanwhile, the activated program attaches itself to an element of the user’s operating system so that every time the
user turns on his computer, the program becomes active. Attackers don’t always use the same segment of an
operating system’s initializing sequence, which makes detection tricky for the average user.
Types of attacks
Distributed Denial of Service DDoS is the most common one, where the whole zombie army will try to bring a
published service down by sending millions of requests using Ping of Death, or using ICMP through a reflector
Smurf Attack.
Another technique would be something called Teardrop where bots send pieces of an illegitimate packet; the victim
system tries to recombine the pieces into a packet and crashes as a result
Mailbomb on the other side is when bots send a massive amount of e-mail, crashing e-mail servers.
Botmasters nowadays will rent their Zombie army to another people for certain amount of money to send spam
emails and advertisements or even to do DDoS attacks.
Even worse, botmasters may use botnet to perform some phishing attacks or install key logging programs to steal
your credit card information and passwords.
One of the most interesting usage of botnet is to play with internet poll results or performing Click Fraud. Click
Fraud refers to the practice of setting up a botnet to repeatedly click on a link.
Sometimes, crackers will commit Click Fraud by targeting advertisers on their own Web sites. Since Web advertisers
usually pay sites a certain amount of money for the number of clicks an ad gets, the botmaster could stand to earn
quite a few dollars from fraudulent site visits.
It becomes way dangerous when it comes to identity theft or unknowingly participate in an attack on an important
web site
Final thoughts
Malware and malicious programs come in different types, forms and damage types. Knowing what causes them is
like winning half the battle. You should always make sure you are logging to secure patched devices and that you
never download non trusted programs and applications.
6/6