Malware

From Computing and Software Wiki

Jump to: navigation, search

Malicious software (malware) encompasses a broad range of software[4] typically designed to covertly operate and deceive users to hide its actual intended purpose. It can be used as a catch-all phrase for software that has been programmed for malicious purposes intentionally [5], software such as viruses, worms, spyware, and botnets. Its purpose can vary, but typically it is used to gather information, generate profit, cause harm or data loss [5], or it could have no real purpose at all.

Partial source code from a malware example.

Contents

History

Before computers were accessible to the general public, malware was not an overwhelming threat. As computers became more common throughout the 1970s, 1980s, and 1990s malware saw an equal amount of growth. Malware spread through early networks, such as ARPANET [1], and it continued to the days of the early internet. It was not limited only by networks, diskettes and other shared media helped in its distribution. After the internet became prevalent, malware could spread easily to a large number of computers. New kinds of malware emerged taking full advantage of the internet. With access to a vast amount of computers money making malware, such as adware, became successful, only adding more motivation for malware authors to create new and different malware. As of late, security companies are suggesting the number of legitimate software created equals, or is surpassed by, software created for malicious purposes. [2]

Purpose

There are numerous reasons why malware is written, but it usually involves one illicit purpose or another. The following are some generic purposes where most malware falls under.

Obtaining sensitive information

Malware can be used to gather sensitive information. With the recent expansion of mobile computing, malware authors are targeting portable computers, such as smart phones, because of the amount of sensitive information contained within them. [3]

  • Spam, generated by browsing habits [5]
Obtaining financial returns

Malware can be used to generate illicit revenues, usually by hijacking ad revenues or using previously mentioned sensitive information to the benefit of the malware user.

  • Ad revenue, generated by malware forcing users to view ads [7]
Cause harm or data loss

The most common use of all [4], malware can be used to cause damage to a computer system in one way or another.

No real purpose

Sometimes malware authors create software that has no intended purpose what so ever, other than self satisfaction.

Types with examples

Malware is rarely one type or another, typically it is composed from a combination of several distinct types. The following outlines some of the basic types of malware:

Infectious

Infectious malware gets its name from its method of propagation. Similar to biological viruses, infectious malware spreads itself by self-replicating on some medium [4][7], whether it be a computer network or computer system. The following examples are typical types of infectious malware:

The melissa virus falls under this category. The software propagated itself using a vulnerability in Microsoft Word documents, where macros within the word document would execute commands. With this vulnerability the virus was able to mass email itself once the file was opened on an unsuspecting users computer.

Hidden

Hidden malware's key feature is its ability to hide itself within a computer system without the consent of the user. The software could disguise itself as other software, or use the operating system to hide its program. Once hidden the software can execute any commands, or allow access to the computer system, completely invisible to the user. Some examples:

The Sony BMG CD copy protection scandal revolves around a rootkit, designed by Sony, to interfere with the normal operation of CDs using Microsoft Windows. The software installed itself whenever a user put one of these CDs into their computer. This problem was then compounded once malware authors took advantage, and used this vulnerability for their own purposes.

Deceptive

The most bothersome, deceptive malware preys on users who may not be as tech-savvy as others. Users may inadvertently install the software, not realizing that they are installing, or are misled into thinking the software serves some useful purpose. Similarly, somewhat legitimate software could require users to install malware before they are allowed to install the desired software. [5] Some examples:

CoolWebSearch deceives the user, pretending to be useful software. After it is installed, CoolWebSearch takes over services usually served by other applications. It can also be used to show ads, either through pop ups or ad injections. [6]

Prevention

When dealing with anything involving computers, users should always exercise their common sense. Sometimes this may not be enough, and other software to detect malware is necessary. To prevent the spread of malware we must use:

  • Sandboxing techniques, to make browsing the internet safer
  • Antivirus software, to detect and remove already infected computers or computers prone to attack
  • Open source software, less "popular" software is less prone to attack since it is presumably used less, plus open source allows anyone to correct any flaws that allow malware to spread [5]
  • Common sense, to not fall for obvious tricks

Combating the ever-growing list of malware is incredibly difficult, not only in detection but the distribution of fixes too. As the use of computers evolve with time so will malware, thus prevention will become even more important than it is now. New techniques will emerge to help with the fight, but ultimately malware will always be prevalent unless the way computers are used changes drastically.

References

See also

External links

--Girardp 23:14, 12 April 2009 (EDT)

Retrieved from "http://wiki.cas.mcmaster.ca/index.php/Malware"
Personal tools