What is Malware ?
Malware is a malicious software. This software include the program
that exploit the vulnerabilities in computing system. The purpose of
malicious software is harm you or steal the information from you.
Types of Malicious
Softwares:
There are three characteristics of malwares:
1 Self-replicating malware actively attempts to propagate by creating
new
copies, or instances, of itself. Malware may also be propagated
passively,
by a user copying it accidentally, for example, but this isn't self-
replication.
2 The population growth of malware describes the overall change in
the number
of malware instances due to self-replication. Malware that doesn't
selfreplicate
will always have a zero population growth, but malware with a
zero population growth may self-replicate.
3 Parasitic malware requires some other executable code in order to
exist.
"Executable" in this context should be taken very broadly to include
anything
that can be executed, such as boot block code on a disk, binary code
Trojan Horse :
Self-replicating: no
Population growth: zero
Parasitic: yes
The most famous malicious software is Trojan
Horse.
There was no love lost between the Greeks and the Trojans. The
Greeks had
besieged the Trojans, holed up in the city of Troy, for ten years. They
finally
took the city by using a clever ploy: the Greeks built an enormous
wooden horse,
concealing soldiers inside, and tricked the Trojans into bringing the
horse into
Troy. When night fell, the soldiers exited the horse and much
unpleasantness
ensued.
In computing, a Trojan horse is a program which purports to do some
benign
task, but secretly performs some additional malicious task. A classic
example is
a password-grabbing login program which prints authentic-looking
"username"
and "password" prompts, and waits for a user to type in the
information. When
this happens, the password grabber stashes the information away for
its creator,
then prints out an "invalid password" message before running the real
login
program. The unsuspecting user thinks they made a typing mistake
and reenters
the information, none the wiser.
Logic Bomb:Self-replicating: no
Population growth: zero
Parasitic: possibly
The oldest type of malicious software. This
program is embedded with some other program. When certain
condition meets, the logic bomb will destroy your pc.
It also crash at particular date which is fixed by attacer. It will be
included in legitimate or authorized person like this:
legitimate code
if date is Friday the 13th:
crash_computerO
legitimate code
Eg:
if some antivirus trying to delete or clean the logic bomb. The logic
bomb will destroy the pc.
Back Door or Trap Door :
Self-replicating: noPopulation growth: zero
Parasitic: possibly
A back door is any mechanism which bypasses
a normal security check. Programmers
sometimes create back doors for legitimate reasons, such as skipping
a time-consuming authentication process when debugging a network
server.
As with logic bombs, back doors can be placed into legitimate code or
be
standalone programs.
username = read_username()
password = read_password()
if tisername i s "133t h4ck0r":
return ALLOW^LOGIN
if username and password are valid:
return ALLOW_LOGIN
e l s e:
return DENY^LOGIN
One special kind of back door is a RAT, which stands for Remote
Administration
Tool or Remote Access Trojan, depending on who's asked. These
programs
allow a computer to be monitored and controlled remotely;
Virus:
Self-replicating: yes
Population growth: positive Parasitic: yes
A virus is malware that, when executed, tries to replicate itself into other executable
code; when it succeeds, the code is said to be infected. The infected
code, when run, can infect new code in turn. This self-replication into
existing
executable code is the key defining characteristic of a virus.
Types of Virus
1.Parasitic virus:
Traditional and common virus. This will be attached with EXE files
and search for other EXE file to infect them.
2. Memory Resident Virus:
Present in your system memory as a system program. From here
onwards it will infects all program that executes.
3. Boot Sector Virus:
Infects the boot record and spread when the system is booted from
the disk containing the virus.
4. Stealth Virus:
This virus hides itself from detection of antivirus scanning.
Worm:
Self-replicating: yes
Population growth: positive Parasitic: no
A worm shares several characteristics with a
virus.
The most important characteristic
is that worms are self-replicating too, but self-replication of a worm is distinct in two ways. First, worms are standalone, and do not rely on other
executable code. Second, worms spread from machine to machine across networks.
Rabbit:
Self-replicating: yes
Population growth: zero
Parasitic: no
Rabbit is the term used to describe malware that multiplies rapidly.
Rabbits
may also be called bacteria, for largely the same reason.
There are actually two kinds of rabbit.The first is a program which tries
to consume all of some system resource, like disk space. A "fork
bomb," a
program which creates new processes in an infinite loop, is a classic
example
of this kind of rabbit. These tend to leave painfully obvious trails
pointing to
the perpetrator, and are not of particular interest.
The second kind of rabbit, which the characteristics above describe, is
a
special case of a worm. This kind of rabbit is a standalone program
which
replicates itself across a network from machine to machine, but deletes
the
original copy of itself after replication. In other words, there is only
one copy
of a given rabbit on a network; it just hops from one computer to
another.
Rabbits are rarely seen in practice.
Spyware:
Spyware is software which collects informationfrom a computer and transmits
it to someone else.
The exact information spyware gathers may
vary, but can include anything
which potentially has value:
1 Usernames and passwords. These might be harvested from files on
the
machine, or by recording what the user types using a key logger. A
keylogger
differs from a Trojan horse in that a keylogger passively captures
keystrokes
only; no active deception is involved.
2 Email addresses, which would have value to a spammer.
3 Bank account and credit card numbers.
4 Software license keys, to facilitate software pirating.
Definitions
Adware:
Self-replicating: no
Population growth: zero
Parasitic: no
Adware has similarities to spyware in that both
are gathering information about
the user and their habits. Adware is more
marketing-focused, and may pop up
advertisements or redirect a user's web browser to certain web sites in
the hopes
of making a sale. Some adware will attempt to target the advertisement
to fit
the context of what the user is doing. For example, a search for
"Calgary" may
result in an unsolicited pop-up advertisement for "books about
Calgary."
Adware may also gather and transmit information about users which
can be
used for marketing purposes. As with spyware, adware does not self-
replicate.
Zombies:
Computers that have been compromised can be used by an attacker fora
variety of tasks, unbeknownst to the legitimate owner; computers used
in this
way are called zombies. The most common tasks for zombies are
sending spam
and participating in coordinated, large-scale denial-of-service attacks.
Signs that your system is Infected by Malware:
Slow down, malfunction, or display repeated error messages
Won't shut down or restart
Serve up a lot of pop-up ads, or display them when you're not
surfing the web
Display web pages or programs you didn't intend to use, or send
emails you didn't write.
.jpg)
.jpg)
