beeezo

Know Your Enemy! Malicious Software - an overview

Jul 7th 2010 at 1:51 PM

As much as it is talked about and as many warnings that we always get, many people still do not understand the various types of threats that they have when using their computer. I believe that knowledge defeats fear and the more you know, the better you can protect your precious computer. I make a good amount of money providing computer repair and network services. 70 percent of my non-commercial clients call to have their computers restored after viruses have taken over! This is just an overview, but it will give you basic details about the threats to your computer hopefully help you understand and be more careful!

Malware can be roughly broken down into types according to the malware's method of operation.

There are three characteristics associated with these malware types.

1. Self-replicating malware actively attempts to propagate by creating new copies, or instances, of itself. Malware may also be propagated passively, by a user copying it accidentally, for example, but this isn't self-replication.

2. The population growth of malware describes the overall change in the number of malware instances due to self-replication. Malware that doesn't self-replicate will always have a zero population growth, but malware with a zero population growth may self-replicate.

3. Parasitic malware requires some other executable code in order to exist. "Executable" in this context should be taken very broadly to include anything that can be executed, such as boot block code on a disk, binary code in applications, and interpreted code. It also includes source code, like application scripting languages, and code that may require compilation before being executed.

---------------------------------

Malicious software, or Malware, include computer viruses, worms, trojans, rootkits, spyware, dishonest adware, crimeware, botnets, keystroke loggers, dialers and other undesirable software. If you surf the internet, chances are, you have been exposed to malicious software. Some of the more obvious signs of your computer being infected are excessive pop-ups, files and applications slow to open, internet connection slower than usual, your internet browser is redirected to an unknown website, and the loss of your internet connection

Adware is any software that causes advertising to be shown while the program is running. The people that write these programs include code to deliver ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen and sometimes through text links or in integrated search results. Adware is marketing-focused, and may even redirect a user's web browser to certain web sites in the hopes of making a sale. Some adware will attempt to target the advertisement to fit the context of what the user is doing. Adware may or may not track personal information. It may also gather information anonymously or in aggregate only.

Trojans are programs that enables an attacker to get nearly complete control over an infected PC. Trojan Horses (also known as trojans) differs from viruses and worms in that they don't replicate themselves, relying on a separate mechanism for distribution. Their primary feature is that they masquerade as a legitimate program or offer something desirable (such as a link for something free or interesting), but harbor a malevolent purpose. Trojans are a frequently used tool by malicious hackers. These types of programs are often found attached to peer-to-peer downloaded files. The authors of the programs often hide them in executable software, in compressed files such as RAR and ZIP files. When a Trojan executes, the program performs a specific set of actions. This usually works toward the goal of allowing the trojan to survive on a system and open up a backdoor.

Viruses are malevolent software that spreads itself automatically by infesting other files on your PC.

A computer virus has three parts:

Infection mechanism- How a virus spreads, by modifying other code to contain a (possibly altered) copy of the virus. The exact means through which a virus spreads is referred to as its infection vector. This doesn't have to be unique - a virus that infects in multiple ways is called multipartite.

Trigger- The means of deciding whether to deliver the payload or not.

Payload- What the virus does, besides spread. The payload may involve damage, either intentional or accidental. Accidental damage may result from bugs in the virus, encountering an unknown type of system, or perhaps unanticipated multiple viral infections.

 

------------------------------

Viruses are software which attaches itself to other software. A boot virus inserts its code into the boot record or master boot record of a disk. When the machine boots from that disk, the virus code is executed. A file virus inserts its code into an executable file, so that when that file is executed, the virus is executed as well. A macro virus attaches itself to documents like Word or Excel.

Worms are virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. Propagating by infecting other code is the domain of a virus; actively searching for vulnerable machines across a network makes a worm. Worms can affect large computer networks and spreads very quickly because of the program's delivery method. Worms are classified by the primary method they use for transport. A worm using instant messaging (IM) to spread is called an IM worm, and a worm using email is an email worm. For example, many email worms arrive as an email attachment, which the user is tricked into running. When run, the worm harvests email addresses off the machine and mails itself to those addresses. Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.

Data Miners are software that has the primary function of gathering data about an end-user. Data miners monitor, analyze, and collect specific information found in a database or volume of data from various sources. Data gathered maybe personal or in aggregate only and is usually done for marketing purposes. Data miners may be used maliciously. Some have been employed to steal personal information like logon credentials and credit card numbers.

Dialers are programs that can secretly change your dialup connection setting so that instead of calling your local internet provider, your PC calls are routed to an expensive 0900 or international phone number. Dialer enabled viruses are picked up just like other viruses with a lure of free software or downloads. Dialers are still in use for malicious and non-malicious purposes, but malicious use has relatively, subsided because many people are moving to broadband internet connections as opposed to dial up connections.

2 comments
Please to comment
Jan 29th 2012 at 8:03 AM by blackfolder1
I just had to buy a new computer a few weeks ago due to someone or something hacking into it. It started having problems for a few weeks and then one day just crashed. Would not even turn on. Of course, I had let my virus protection run out- not very smart-! Won't do that again!
   
Sep 29th 2010 at 12:15 PM by TimRR
great info, well done,,
   

sign in

Username
Password
Remember Me


New to IM faceplate? join free!

Lost Password? click here