Malware

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
 
(14 intermediate revisions not shown)
Line 1: Line 1:
-
'''Malicious software (malware)''' encompasses a broad range of software typically designed to ''covertly operate'' and ''deceive users'' to hide its actual intended purpose. It can be used as a catch-all phrase for software that has been programmed for malicious purposes intentionally <sup>[5]</sup>, software such as viruses, [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms worms], spyware, and [http://www.cas.mcmaster.ca/wiki/index.php/Botnets botnets]. Its purpose can vary, but typically it is used to gather information, generate profit, cause harm or data loss <sup>[5]</sup>, or it could have no real purpose at all.  
+
'''Malicious software (malware)''' encompasses a broad range of software<sup>[4]</sup> typically designed to ''covertly operate'' and ''deceive users'' to hide its actual intended purpose. It can be used as a catch-all phrase for software that has been programmed for malicious purposes intentionally <sup>[5]</sup>, software such as viruses, [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms worms], spyware, and [http://www.cas.mcmaster.ca/wiki/index.php/Botnets botnets]. Its purpose can vary, but typically it is used to gather information, generate profit, cause harm or data loss <sup>[5]</sup>, or it could have no real purpose at all.  
[[Image:malware.jpg|frame|Partial source code from a malware example.]]
[[Image:malware.jpg|frame|Partial source code from a malware example.]]
==History==
==History==
-
Before computers were accessible to the general public, malware was not an overwhelming threat. As computers became more common throughout the 1970s, 1980s, and 1990s malware saw an equal amount of growth. Malware spread through early networks, such as [http://www.cas.mcmaster.ca/wiki/index.php/ARPANET ARPANET] <sup>[1]</sup>, and it continued to the days of the early internet. It was not limited only by networks, diskettes and other shared media helped in its distribution. After the internet became prevalent, malware could spread easily to a large number of computers. New kinds of malware emerged taking full advantage of the internet. With access to a vast amount of computers money making malware, such as adware, became successful, only adding more motivation for malware authors to create new and different malware. As of late, security companies are suggesting the number of legitimate software created now equals, or is surpassed by software created for malicious purposes. <sup>[2]</sup>  
+
Before computers were accessible to the general public, malware was not an overwhelming threat. As computers became more common throughout the 1970s, 1980s, and 1990s malware saw an equal amount of growth. Malware spread through early networks, such as [http://www.cas.mcmaster.ca/wiki/index.php/ARPANET ARPANET] <sup>[1]</sup>, and it continued to the days of the early internet. It was not limited only by networks, diskettes and other shared media helped in its distribution. After the internet became prevalent, malware could spread easily to a large number of computers. New kinds of malware emerged taking full advantage of the internet. With access to a vast amount of computers money making malware, such as adware, became successful, only adding more motivation for malware authors to create new and different malware. As of late, security companies are suggesting the number of legitimate software created equals, or is surpassed by, software created for malicious purposes. <sup>[2]</sup>  
-
 
+
==Purpose==
==Purpose==
Line 11: Line 10:
=====Obtaining sensitive information=====
=====Obtaining sensitive information=====
Malware can be used to gather sensitive information. With the recent expansion of mobile computing, malware authors are targeting portable computers, such as smart phones, because of the amount of sensitive information contained within them. <sup>[3]</sup>
Malware can be used to gather sensitive information. With the recent expansion of mobile computing, malware authors are targeting portable computers, such as smart phones, because of the amount of sensitive information contained within them. <sup>[3]</sup>
 +
* Spam, generated by browsing habits <sup>[5]</sup>
=====Obtaining financial returns=====
=====Obtaining financial returns=====
Malware can be used to generate illicit revenues, usually by hijacking ad revenues or using previously mentioned sensitive information to the benefit of the malware user.  
Malware can be used to generate illicit revenues, usually by hijacking ad revenues or using previously mentioned sensitive information to the benefit of the malware user.  
 +
* Ad revenue, generated by malware forcing users to view ads <sup>[7]</sup>
=====Cause harm or data loss=====
=====Cause harm or data loss=====
-
The most common use of all, malware can be used to cause damage to a computer system in one way or another.   
+
The most common use of all <sup>[4]</sup>, malware can be used to cause damage to a computer system in one way or another.
 +
* [http://www.cas.mcmaster.ca/wiki/index.php/Denial_Of_Service_Attacks DDoS attacks]
 +
* Data corruption    
=====No real purpose=====
=====No real purpose=====
-
Sometimes malware authors create software that has no intended purpose what so ever.
+
Sometimes malware authors create software that has no intended purpose what so ever, other than self satisfaction.
==Types with examples==
==Types with examples==
Line 25: Line 28:
=====Infectious=====
=====Infectious=====
-
Infectious malware gets its name from its method of propagation. Similar to biological viruses, infectious malware spreads itself by self-replicating on some medium, whether it be a computer network or computer system. The following examples are typical types of infectious malware:
+
Infectious malware gets its name from its method of propagation. Similar to biological viruses, infectious malware spreads itself by self-replicating on some medium <sup>[4][7]</sup>, whether it be a computer network or computer system. The following examples are typical types of infectious malware:
    
    
* [http://en.wikipedia.org/wiki/Computer_virus Viruses]
* [http://en.wikipedia.org/wiki/Computer_virus Viruses]
* [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms Worms]
* [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms Worms]
 +
* [http://www.cas.mcmaster.ca/wiki/index.php/Botnets Botnets]
The [http://en.wikipedia.org/wiki/Melissa_(computer_worm) melissa virus] falls under this category. The software propagated itself using a vulnerability in Microsoft Word documents, where macros within the word document would execute commands. With this vulnerability the virus was able to mass email itself once the file was opened on an unsuspecting users computer.
The [http://en.wikipedia.org/wiki/Melissa_(computer_worm) melissa virus] falls under this category. The software propagated itself using a vulnerability in Microsoft Word documents, where macros within the word document would execute commands. With this vulnerability the virus was able to mass email itself once the file was opened on an unsuspecting users computer.
=====Hidden=====
=====Hidden=====
-
Hidden malware's key feature is its ability to hide itself within a computer system, without the consent or notice to the user.  
+
Hidden malware's key feature is its ability to hide itself within a computer system without the consent of the user. The software could disguise itself as other software, or use the operating system to hide its program. Once hidden the software can execute any commands, or allow access to the computer system, completely invisible to the user. Some examples:
* [http://en.wikipedia.org/wiki/Trojan_horse_(computing) Trojan horses]
* [http://en.wikipedia.org/wiki/Trojan_horse_(computing) Trojan horses]
* [http://www.cas.mcmaster.ca/wiki/index.php/Rootkits Rootkits]
* [http://www.cas.mcmaster.ca/wiki/index.php/Rootkits Rootkits]
Line 39: Line 43:
=====Deceptive=====
=====Deceptive=====
-
The most bothersome, deceptive malware preys on users who may not be as tech-savvy as others.
+
The most bothersome, deceptive malware preys on users who may not be as tech-savvy as others. Users may inadvertently install the software, not realizing that they are installing, or are misled into thinking the software serves some useful purpose. Similarly, somewhat legitimate software could require users to install malware before they are allowed to install the desired software. <sup>[5]</sup> Some examples:
-
* Adware
+
* [http://en.wikipedia.org/wiki/Adware Adware]
-
* Spyware
+
* [http://en.wikipedia.org/wiki/Spyware Spyware]
-
[http://en.wikipedia.org/wiki/CoolWebSearch CoolWebSearch] deceives the user, pretending to be useful software. After it is installed, CoolWebSearch takes over services usually served by other applications. It can also be used to show ads, either through pop ups or ad injection.
+
[http://en.wikipedia.org/wiki/CoolWebSearch CoolWebSearch] deceives the user, pretending to be useful software. After it is installed, CoolWebSearch takes over services usually served by other applications. It can also be used to show ads, either through pop ups or ad injections. <sup>[6]</sup>
==Prevention==
==Prevention==
 +
When dealing with anything involving computers, users should always exercise their common sense. Sometimes this may not be enough, and other software to detect malware is necessary. To prevent the spread of malware we must use:
 +
* [http://www.cas.mcmaster.ca/wiki/index.php/Sandbox Sandboxing techniques], to make browsing the internet safer
 +
* [http://en.wikipedia.org/wiki/Antivirus Antivirus software], to detect and remove already infected computers or computers prone to attack
 +
* [http://en.wikipedia.org/wiki/Open_source Open source software], less "popular" software is less prone to attack since it is presumably used less, plus open source allows anyone to correct any flaws that allow malware to spread <sup>[5]</sup>
 +
* [http://en.wikipedia.org/wiki/Common_sense Common sense], to not fall for obvious tricks
 +
Combating the ever-growing list of malware is incredibly difficult, not only in detection but the distribution of fixes too. As the use of computers evolve with time so will malware, thus prevention will become even more important than it is now. New techniques will emerge to help with the fight, but ultimately malware will always be prevalent unless the way computers are used changes drastically.
==References==
==References==
*1. History of viruses [http://www.viruslist.com/en/viruses/encyclopedia?chapter=153280684 http://www.viruslist.com]
*1. History of viruses [http://www.viruslist.com/en/viruses/encyclopedia?chapter=153280684 http://www.viruslist.com]
-
*2. Malware on [http://en.wikipedia.org/wiki/Malware Wikipedia]
+
*2. Malware on [http://en.wikipedia.org/wiki/Malware Wikipedia.org]
*3. Types of malware [http://www.pandasecurity.com/homeusers/security-info/types-malware/ Panda Security]
*3. Types of malware [http://www.pandasecurity.com/homeusers/security-info/types-malware/ Panda Security]
 +
*4. Malware on [http://www.tietoturvaopas.fi/en/index/uhatjaniidentorjunta/haittaohjelmat.html Safe on the internet]
*5. Lecture by Mark Ryan of the University of Birmingham, 2009 [http://www.cs.bham.ac.uk/~gzw/teaching/NS09/Lectures/NS09-Malware-Slides.pdf pdf]
*5. Lecture by Mark Ryan of the University of Birmingham, 2009 [http://www.cs.bham.ac.uk/~gzw/teaching/NS09/Lectures/NS09-Malware-Slides.pdf pdf]
-
*[http://www.tietoturvaopas.fi/en/index/uhatjaniidentorjunta/haittaohjelmat.html Safe on the internet]
+
*6. Information on [http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183_gci1075399,00.html CoolWebSearch]
-
*[http://en.wikipedia.org/wiki/2005_Sony_BMG_CD_copy_protection_scandal Sony DRM wikipedia]
+
*7. McAfee paper on malware [http://www.mcafee.com/us/local_content/white_papers/partners/ds_wp_telconote.pdf pdf]
-
*[http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183_gci1075399,00.html CoolWebSearch Information]
+
 
==See also==
==See also==
-
*McAfee paper on malware [http://www.mcafee.com/us/local_content/white_papers/partners/ds_wp_telconote.pdf pdf]
+
* [http://www.cas.mcmaster.ca/wiki/index.php/Computer_worms Worms]
 +
* [http://en.wikipedia.org/wiki/Computer_virus Viruses]
 +
* [http://en.wikipedia.org/wiki/Trojan_horse_(computing) Trojan horses]
 +
* [http://en.wikipedia.org/wiki/Adware Adware]
 +
* [http://en.wikipedia.org/wiki/Spyware Spyware]
 +
* [http://www.cas.mcmaster.ca/wiki/index.php/Botnets Botnets]
 +
 
==External links==
==External links==
*[http://en.wikipedia.org/wiki/Malware Malware on Wikipedia]
*[http://en.wikipedia.org/wiki/Malware Malware on Wikipedia]
 +
--[[User:Girardp|Girardp]] 23:14, 12 April 2009 (EDT)

Current revision as of 03:14, 13 April 2009

Malicious software (malware) encompasses a broad range of software[4] typically designed to covertly operate and deceive users to hide its actual intended purpose. It can be used as a catch-all phrase for software that has been programmed for malicious purposes intentionally [5], software such as viruses, worms, spyware, and botnets. Its purpose can vary, but typically it is used to gather information, generate profit, cause harm or data loss [5], or it could have no real purpose at all.

Partial source code from a malware example.

Contents

History

Before computers were accessible to the general public, malware was not an overwhelming threat. As computers became more common throughout the 1970s, 1980s, and 1990s malware saw an equal amount of growth. Malware spread through early networks, such as ARPANET [1], and it continued to the days of the early internet. It was not limited only by networks, diskettes and other shared media helped in its distribution. After the internet became prevalent, malware could spread easily to a large number of computers. New kinds of malware emerged taking full advantage of the internet. With access to a vast amount of computers money making malware, such as adware, became successful, only adding more motivation for malware authors to create new and different malware. As of late, security companies are suggesting the number of legitimate software created equals, or is surpassed by, software created for malicious purposes. [2]

Purpose

There are numerous reasons why malware is written, but it usually involves one illicit purpose or another. The following are some generic purposes where most malware falls under.

Obtaining sensitive information

Malware can be used to gather sensitive information. With the recent expansion of mobile computing, malware authors are targeting portable computers, such as smart phones, because of the amount of sensitive information contained within them. [3]

  • Spam, generated by browsing habits [5]
Obtaining financial returns

Malware can be used to generate illicit revenues, usually by hijacking ad revenues or using previously mentioned sensitive information to the benefit of the malware user.

  • Ad revenue, generated by malware forcing users to view ads [7]
Cause harm or data loss

The most common use of all [4], malware can be used to cause damage to a computer system in one way or another.

No real purpose

Sometimes malware authors create software that has no intended purpose what so ever, other than self satisfaction.

Types with examples

Malware is rarely one type or another, typically it is composed from a combination of several distinct types. The following outlines some of the basic types of malware:

Infectious

Infectious malware gets its name from its method of propagation. Similar to biological viruses, infectious malware spreads itself by self-replicating on some medium [4][7], whether it be a computer network or computer system. The following examples are typical types of infectious malware:

The melissa virus falls under this category. The software propagated itself using a vulnerability in Microsoft Word documents, where macros within the word document would execute commands. With this vulnerability the virus was able to mass email itself once the file was opened on an unsuspecting users computer.

Hidden

Hidden malware's key feature is its ability to hide itself within a computer system without the consent of the user. The software could disguise itself as other software, or use the operating system to hide its program. Once hidden the software can execute any commands, or allow access to the computer system, completely invisible to the user. Some examples:

The Sony BMG CD copy protection scandal revolves around a rootkit, designed by Sony, to interfere with the normal operation of CDs using Microsoft Windows. The software installed itself whenever a user put one of these CDs into their computer. This problem was then compounded once malware authors took advantage, and used this vulnerability for their own purposes.

Deceptive

The most bothersome, deceptive malware preys on users who may not be as tech-savvy as others. Users may inadvertently install the software, not realizing that they are installing, or are misled into thinking the software serves some useful purpose. Similarly, somewhat legitimate software could require users to install malware before they are allowed to install the desired software. [5] Some examples:

CoolWebSearch deceives the user, pretending to be useful software. After it is installed, CoolWebSearch takes over services usually served by other applications. It can also be used to show ads, either through pop ups or ad injections. [6]

Prevention

When dealing with anything involving computers, users should always exercise their common sense. Sometimes this may not be enough, and other software to detect malware is necessary. To prevent the spread of malware we must use:

  • Sandboxing techniques, to make browsing the internet safer
  • Antivirus software, to detect and remove already infected computers or computers prone to attack
  • Open source software, less "popular" software is less prone to attack since it is presumably used less, plus open source allows anyone to correct any flaws that allow malware to spread [5]
  • Common sense, to not fall for obvious tricks

Combating the ever-growing list of malware is incredibly difficult, not only in detection but the distribution of fixes too. As the use of computers evolve with time so will malware, thus prevention will become even more important than it is now. New techniques will emerge to help with the fight, but ultimately malware will always be prevalent unless the way computers are used changes drastically.

References

See also

External links

--Girardp 23:14, 12 April 2009 (EDT)

Personal tools