Malware
From Computing and Software Wiki
(10 intermediate revisions not shown) | |||
Line 1: | Line 1: | ||
- | '''Malicious software (malware)''' encompasses a broad range of software typically designed to ''covertly operate'' and ''deceive users'' to hide its actual intended purpose. It can be used as a catch-all phrase for software that has been programmed for malicious purposes intentionally <sup>[5]</sup>, software such as viruses, [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms worms], spyware, and [http://www.cas.mcmaster.ca/wiki/index.php/Botnets botnets]. Its purpose can vary, but typically it is used to gather information, generate profit, cause harm or data loss <sup>[5]</sup>, or it could have no real purpose at all. | + | '''Malicious software (malware)''' encompasses a broad range of software<sup>[4]</sup> typically designed to ''covertly operate'' and ''deceive users'' to hide its actual intended purpose. It can be used as a catch-all phrase for software that has been programmed for malicious purposes intentionally <sup>[5]</sup>, software such as viruses, [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms worms], spyware, and [http://www.cas.mcmaster.ca/wiki/index.php/Botnets botnets]. Its purpose can vary, but typically it is used to gather information, generate profit, cause harm or data loss <sup>[5]</sup>, or it could have no real purpose at all. |
[[Image:malware.jpg|frame|Partial source code from a malware example.]] | [[Image:malware.jpg|frame|Partial source code from a malware example.]] | ||
==History== | ==History== | ||
- | Before computers were accessible to the general public, malware was not an overwhelming threat. As computers became more common throughout the 1970s, 1980s, and 1990s malware saw an equal amount of growth. Malware spread through early networks, such as [http://www.cas.mcmaster.ca/wiki/index.php/ARPANET ARPANET] <sup>[1]</sup>, and it continued to the days of the early internet. It was not limited only by networks, diskettes and other shared media helped in its distribution. After the internet became prevalent, malware could spread easily to a large number of computers. New kinds of malware emerged taking full advantage of the internet. With access to a vast amount of computers money making malware, such as adware, became successful, only adding more motivation for malware authors to create new and different malware. As of late, security companies are suggesting the number of legitimate software created equals, or is surpassed by software created for malicious purposes. <sup>[2]</sup> | + | Before computers were accessible to the general public, malware was not an overwhelming threat. As computers became more common throughout the 1970s, 1980s, and 1990s malware saw an equal amount of growth. Malware spread through early networks, such as [http://www.cas.mcmaster.ca/wiki/index.php/ARPANET ARPANET] <sup>[1]</sup>, and it continued to the days of the early internet. It was not limited only by networks, diskettes and other shared media helped in its distribution. After the internet became prevalent, malware could spread easily to a large number of computers. New kinds of malware emerged taking full advantage of the internet. With access to a vast amount of computers money making malware, such as adware, became successful, only adding more motivation for malware authors to create new and different malware. As of late, security companies are suggesting the number of legitimate software created equals, or is surpassed by, software created for malicious purposes. <sup>[2]</sup> |
==Purpose== | ==Purpose== | ||
Line 14: | Line 14: | ||
=====Obtaining financial returns===== | =====Obtaining financial returns===== | ||
Malware can be used to generate illicit revenues, usually by hijacking ad revenues or using previously mentioned sensitive information to the benefit of the malware user. | Malware can be used to generate illicit revenues, usually by hijacking ad revenues or using previously mentioned sensitive information to the benefit of the malware user. | ||
- | * Ad revenue, generated by malware forcing users to view ads | + | * Ad revenue, generated by malware forcing users to view ads <sup>[7]</sup> |
=====Cause harm or data loss===== | =====Cause harm or data loss===== | ||
- | The most common use of all, malware can be used to cause damage to a computer system in one way or another. | + | The most common use of all <sup>[4]</sup>, malware can be used to cause damage to a computer system in one way or another. |
* [http://www.cas.mcmaster.ca/wiki/index.php/Denial_Of_Service_Attacks DDoS attacks] | * [http://www.cas.mcmaster.ca/wiki/index.php/Denial_Of_Service_Attacks DDoS attacks] | ||
* Data corruption | * Data corruption | ||
Line 28: | Line 28: | ||
=====Infectious===== | =====Infectious===== | ||
- | Infectious malware gets its name from its method of propagation. Similar to biological viruses, infectious malware spreads itself by self-replicating on some medium, whether it be a computer network or computer system. The following examples are typical types of infectious malware: | + | Infectious malware gets its name from its method of propagation. Similar to biological viruses, infectious malware spreads itself by self-replicating on some medium <sup>[4][7]</sup>, whether it be a computer network or computer system. The following examples are typical types of infectious malware: |
* [http://en.wikipedia.org/wiki/Computer_virus Viruses] | * [http://en.wikipedia.org/wiki/Computer_virus Viruses] | ||
* [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms Worms] | * [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms Worms] | ||
+ | * [http://www.cas.mcmaster.ca/wiki/index.php/Botnets Botnets] | ||
The [http://en.wikipedia.org/wiki/Melissa_(computer_worm) melissa virus] falls under this category. The software propagated itself using a vulnerability in Microsoft Word documents, where macros within the word document would execute commands. With this vulnerability the virus was able to mass email itself once the file was opened on an unsuspecting users computer. | The [http://en.wikipedia.org/wiki/Melissa_(computer_worm) melissa virus] falls under this category. The software propagated itself using a vulnerability in Microsoft Word documents, where macros within the word document would execute commands. With this vulnerability the virus was able to mass email itself once the file was opened on an unsuspecting users computer. | ||
=====Hidden===== | =====Hidden===== | ||
- | Hidden malware's key feature is its ability to hide itself within a computer system | + | Hidden malware's key feature is its ability to hide itself within a computer system without the consent of the user. The software could disguise itself as other software, or use the operating system to hide its program. Once hidden the software can execute any commands, or allow access to the computer system, completely invisible to the user. Some examples: |
* [http://en.wikipedia.org/wiki/Trojan_horse_(computing) Trojan horses] | * [http://en.wikipedia.org/wiki/Trojan_horse_(computing) Trojan horses] | ||
* [http://www.cas.mcmaster.ca/wiki/index.php/Rootkits Rootkits] | * [http://www.cas.mcmaster.ca/wiki/index.php/Rootkits Rootkits] | ||
Line 42: | Line 43: | ||
=====Deceptive===== | =====Deceptive===== | ||
- | The most bothersome, deceptive malware preys on users who may not be as tech-savvy as others. Users may inadvertently install the software, not realizing that they are installing, or are | + | The most bothersome, deceptive malware preys on users who may not be as tech-savvy as others. Users may inadvertently install the software, not realizing that they are installing, or are misled into thinking the software serves some useful purpose. Similarly, somewhat legitimate software could require users to install malware before they are allowed to install the desired software. <sup>[5]</sup> Some examples: |
- | * Adware | + | * [http://en.wikipedia.org/wiki/Adware Adware] |
- | * Spyware | + | * [http://en.wikipedia.org/wiki/Spyware Spyware] |
- | [http://en.wikipedia.org/wiki/CoolWebSearch CoolWebSearch] deceives the user, pretending to be useful software. After it is installed, CoolWebSearch takes over services usually served by other applications. It can also be used to show ads, either through pop ups or ad injections. | + | [http://en.wikipedia.org/wiki/CoolWebSearch CoolWebSearch] deceives the user, pretending to be useful software. After it is installed, CoolWebSearch takes over services usually served by other applications. It can also be used to show ads, either through pop ups or ad injections. <sup>[6]</sup> |
==Prevention== | ==Prevention== | ||
+ | When dealing with anything involving computers, users should always exercise their common sense. Sometimes this may not be enough, and other software to detect malware is necessary. To prevent the spread of malware we must use: | ||
+ | * [http://www.cas.mcmaster.ca/wiki/index.php/Sandbox Sandboxing techniques], to make browsing the internet safer | ||
+ | * [http://en.wikipedia.org/wiki/Antivirus Antivirus software], to detect and remove already infected computers or computers prone to attack | ||
+ | * [http://en.wikipedia.org/wiki/Open_source Open source software], less "popular" software is less prone to attack since it is presumably used less, plus open source allows anyone to correct any flaws that allow malware to spread <sup>[5]</sup> | ||
+ | * [http://en.wikipedia.org/wiki/Common_sense Common sense], to not fall for obvious tricks | ||
+ | |||
+ | Combating the ever-growing list of malware is incredibly difficult, not only in detection but the distribution of fixes too. As the use of computers evolve with time so will malware, thus prevention will become even more important than it is now. New techniques will emerge to help with the fight, but ultimately malware will always be prevalent unless the way computers are used changes drastically. | ||
==References== | ==References== | ||
*1. History of viruses [http://www.viruslist.com/en/viruses/encyclopedia?chapter=153280684 http://www.viruslist.com] | *1. History of viruses [http://www.viruslist.com/en/viruses/encyclopedia?chapter=153280684 http://www.viruslist.com] | ||
- | *2. Malware on [http://en.wikipedia.org/wiki/Malware Wikipedia] | + | *2. Malware on [http://en.wikipedia.org/wiki/Malware Wikipedia.org] |
*3. Types of malware [http://www.pandasecurity.com/homeusers/security-info/types-malware/ Panda Security] | *3. Types of malware [http://www.pandasecurity.com/homeusers/security-info/types-malware/ Panda Security] | ||
+ | *4. Malware on [http://www.tietoturvaopas.fi/en/index/uhatjaniidentorjunta/haittaohjelmat.html Safe on the internet] | ||
*5. Lecture by Mark Ryan of the University of Birmingham, 2009 [http://www.cs.bham.ac.uk/~gzw/teaching/NS09/Lectures/NS09-Malware-Slides.pdf pdf] | *5. Lecture by Mark Ryan of the University of Birmingham, 2009 [http://www.cs.bham.ac.uk/~gzw/teaching/NS09/Lectures/NS09-Malware-Slides.pdf pdf] | ||
- | * | + | *6. Information on [http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183_gci1075399,00.html CoolWebSearch] |
- | + | *7. McAfee paper on malware [http://www.mcafee.com/us/local_content/white_papers/partners/ds_wp_telconote.pdf pdf] | |
- | + | ||
- | *McAfee paper on malware [http://www.mcafee.com/us/local_content/white_papers/partners/ds_wp_telconote.pdf pdf] | + | |
==See also== | ==See also== | ||
- | * | + | * [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms Worms] |
- | * | + | * [http://en.wikipedia.org/wiki/Computer_virus Viruses] |
- | * | + | * [http://en.wikipedia.org/wiki/Trojan_horse_(computing) Trojan horses] |
- | * | + | * [http://en.wikipedia.org/wiki/Adware Adware] |
- | * | + | * [http://en.wikipedia.org/wiki/Spyware Spyware] |
- | * | + | * [http://www.cas.mcmaster.ca/wiki/index.php/Botnets Botnets] |
==External links== | ==External links== | ||
*[http://en.wikipedia.org/wiki/Malware Malware on Wikipedia] | *[http://en.wikipedia.org/wiki/Malware Malware on Wikipedia] | ||
+ | --[[User:Girardp|Girardp]] 23:14, 12 April 2009 (EDT) |
Current revision as of 03:14, 13 April 2009
Malicious software (malware) encompasses a broad range of software[4] typically designed to covertly operate and deceive users to hide its actual intended purpose. It can be used as a catch-all phrase for software that has been programmed for malicious purposes intentionally [5], software such as viruses, worms, spyware, and botnets. Its purpose can vary, but typically it is used to gather information, generate profit, cause harm or data loss [5], or it could have no real purpose at all.
Contents |
History
Before computers were accessible to the general public, malware was not an overwhelming threat. As computers became more common throughout the 1970s, 1980s, and 1990s malware saw an equal amount of growth. Malware spread through early networks, such as ARPANET [1], and it continued to the days of the early internet. It was not limited only by networks, diskettes and other shared media helped in its distribution. After the internet became prevalent, malware could spread easily to a large number of computers. New kinds of malware emerged taking full advantage of the internet. With access to a vast amount of computers money making malware, such as adware, became successful, only adding more motivation for malware authors to create new and different malware. As of late, security companies are suggesting the number of legitimate software created equals, or is surpassed by, software created for malicious purposes. [2]
Purpose
There are numerous reasons why malware is written, but it usually involves one illicit purpose or another. The following are some generic purposes where most malware falls under.
Obtaining sensitive information
Malware can be used to gather sensitive information. With the recent expansion of mobile computing, malware authors are targeting portable computers, such as smart phones, because of the amount of sensitive information contained within them. [3]
- Spam, generated by browsing habits [5]
Obtaining financial returns
Malware can be used to generate illicit revenues, usually by hijacking ad revenues or using previously mentioned sensitive information to the benefit of the malware user.
- Ad revenue, generated by malware forcing users to view ads [7]
Cause harm or data loss
The most common use of all [4], malware can be used to cause damage to a computer system in one way or another.
- DDoS attacks
- Data corruption
No real purpose
Sometimes malware authors create software that has no intended purpose what so ever, other than self satisfaction.
Types with examples
Malware is rarely one type or another, typically it is composed from a combination of several distinct types. The following outlines some of the basic types of malware:
Infectious
Infectious malware gets its name from its method of propagation. Similar to biological viruses, infectious malware spreads itself by self-replicating on some medium [4][7], whether it be a computer network or computer system. The following examples are typical types of infectious malware:
The melissa virus falls under this category. The software propagated itself using a vulnerability in Microsoft Word documents, where macros within the word document would execute commands. With this vulnerability the virus was able to mass email itself once the file was opened on an unsuspecting users computer.
Hidden
Hidden malware's key feature is its ability to hide itself within a computer system without the consent of the user. The software could disguise itself as other software, or use the operating system to hide its program. Once hidden the software can execute any commands, or allow access to the computer system, completely invisible to the user. Some examples:
The Sony BMG CD copy protection scandal revolves around a rootkit, designed by Sony, to interfere with the normal operation of CDs using Microsoft Windows. The software installed itself whenever a user put one of these CDs into their computer. This problem was then compounded once malware authors took advantage, and used this vulnerability for their own purposes.
Deceptive
The most bothersome, deceptive malware preys on users who may not be as tech-savvy as others. Users may inadvertently install the software, not realizing that they are installing, or are misled into thinking the software serves some useful purpose. Similarly, somewhat legitimate software could require users to install malware before they are allowed to install the desired software. [5] Some examples:
CoolWebSearch deceives the user, pretending to be useful software. After it is installed, CoolWebSearch takes over services usually served by other applications. It can also be used to show ads, either through pop ups or ad injections. [6]
Prevention
When dealing with anything involving computers, users should always exercise their common sense. Sometimes this may not be enough, and other software to detect malware is necessary. To prevent the spread of malware we must use:
- Sandboxing techniques, to make browsing the internet safer
- Antivirus software, to detect and remove already infected computers or computers prone to attack
- Open source software, less "popular" software is less prone to attack since it is presumably used less, plus open source allows anyone to correct any flaws that allow malware to spread [5]
- Common sense, to not fall for obvious tricks
Combating the ever-growing list of malware is incredibly difficult, not only in detection but the distribution of fixes too. As the use of computers evolve with time so will malware, thus prevention will become even more important than it is now. New techniques will emerge to help with the fight, but ultimately malware will always be prevalent unless the way computers are used changes drastically.
References
- 1. History of viruses http://www.viruslist.com
- 2. Malware on Wikipedia.org
- 3. Types of malware Panda Security
- 4. Malware on Safe on the internet
- 5. Lecture by Mark Ryan of the University of Birmingham, 2009 pdf
- 6. Information on CoolWebSearch
- 7. McAfee paper on malware pdf
See also
External links
--Girardp 23:14, 12 April 2009 (EDT)