Malcode-Malware, Worms, Spyware, Virus, Trojans, Bots, Backdoors
What is a malware or Malcode-A large number of computer users know computer virus only but virus is a malcode among a large number of malware. All these are in fact a type of software and called with different names like Viruses, worms, Trojans, spyware, backdoors and bots(or a common name for them all is “The Malware”) and depending upon their actions specialists have put them in different categories. These are specifically designed to damage, disrupt, in general inflict some other bad or illegitimate action on data, hosts, or networks or steal some kind of information like identities or passwords. These are technically known as Malcode(Malicious code)
Different types of malware have varying ways of infecting systems and methods of propagating themselves. They can infect systems by being bundled with other programs or attached as macros to files. Some are installed by exploiting a known vulnerability in an operating system (OS), network device, or other software, finding a hole in the browser. Some times they only requires the users to simply visit a website to infect their computers but majority of these are installed by some action from the user, like clicking an attachment to an e-mail or come bundled while downloading a file from the Internet.
Viruses, worms, Trojans, bots, back doors, spyware, and adware are some of the more commonly known types of malware and . damage from malware varies from minor irritation browser popup, to stealing confidential information or some times money too, destroying data, and compromising and/or entirely disabling systems and networks.
Hardware of systems and network equipment, cannot be damaged by the malware but data and software residing on the equipment can be effectively damaged. Please do not get confused with the defective software, which is intended for legitimate purposes but has errors or bugs.
Classes, Types of Malware or Malcode
Viruses and worms are the most common types of malware. These programs may self-replicate and can spread copies(Even auto modified Copies) of themselves. A malcode must have the capacity to auto propagate to be classified as a virus, worm, malware, bot or a Trojan. A worm operates independently of other files, but a virus depends on a host program to spread itself. Main classifications of malcode are given below –
What is a Trojan Malcode
Trojans are another type of malcode, named after the story of the wooden horse. Almost all of you have read the story and if not read it here if you are interested. Trojan is a very harmful malcode. It looks legitimate and users are tricked into loading and executing it on their computerss. It can execute unlimited attacks on the host, after it is activated, it can irritate the user by popping up windows, changing desktops, damaging the host by deleting files, stealing data, Identity passwords etc., spreading and activating other malcode. Trojans are notorious to create backdoors to giving malicious users an access to the system, though Trojans do not reproduce by infecting other files they do not self-replicate.
Trojans are considered to be the most harmful malcode.
What is a Worms Malcode
Worms are similar to viruses. They replicate functional copies of themselves and are capable of causing the same type of damage. Where viruses require a host file to spread and worms are standalone software and need not a host program or human help to propagate. Worms are spread, either exploiting a vulnerability on the target or using some kind of social engineering to trick users. A worm always enters a computer system through a vulnerability in the system taking advantage of transport features of a file or information on the system, allowing it to travel unaided.
What is a Viruses Malcode
A malware that propagates himself by inserting itself into and becoming part of another program and spreads from computer to leaving infections as it travels. Severity of viruses may range from mildly annoying effects to damaging data or software and even denial-of-service (DoS) conditions. Viruses are mostly attached to an a ..exe(executable) file. Virus existing on a system may not be active or spread until a user runs the host file containing malicious software. When the host code is executed, the viral code executes simultaneously. Sometimes the infected program keep functioning but some viruses overwrite other programs which destroys the program totally. Viruses spread computer to computer when the software they are attached to is transferred through network, a disk, file sharing, or infected e-mail attachments.
What is a Spyware Malcode
Spyware is a general term used to describe software that performs certain behaviors, generally without obtaining your consent such as, advertising, collecting personal information, changing the configuration of your computer. The key in all cases is whether or not you understand what the software will do and have agreed to install the software on your computer. Because almost these softwares are installed with othe software you agree for. A common trick is to covertly install the software during the installation of other software you want such as a music or video file sharing program.
Spyware is often associated with adware i.e a software designed to display advertisements that also tracks personal or sensitive information. That does not mean all software that provides ads or tracks your online activities is bad. For example, you might sign up for a free music service, but you may pay for the service by agreeing to receive targeted ads. If you understand the terms and agree to them, you may have decided that it is a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.
Knowing what spyware does can be a very difficult process because most spyware is designed to be difficult to remove. Other kinds of spyware make changes to your computer that can be annoying and can cause your computer slow down or crash.
What is a Backdoor Malcode
The scope of the term back door is vast. You can understand from the fact that it is used by the security agencies of many countries to spy the other country. No effective prevention is available yet. It is a means of access to a computer program bypassing its security mechanisms. Attackers use back doors to detect or install themselves, as part of an exploit. Some wsorm are designed to take advantage of a back door created by their earlier attack. A worm Nimda enters through a back door made by another worm Code Red. A back door is always a security risk, because crackers are always looking for any vulnerability to exploit. Understand from these examples –
(i) A back door named time bomb could programmed by using HDL language which automatically triggers backdoors after a predefined time(Like 30 Minutes after switching on or so) after the power-on of a device. The computer could be forced to crash or operate maliciously after a fixed time. It’s clear that this type of attack are always very dangerous. Designing a kill switch function is also possible and this could be totally undetectable by any validation methods.
(ii) Backdoor triggers based on specific input data known as cheat codes, could be programmed by an attacker. A cheat code is secret data used by the attacker to identify themselves to the hardware backdoor logic, then initiate a malicious operation mode. As opposed to time bombs, this kind of backdoor needs a second attack.
What is a Bot Malcode
The name Bot is derived from the word Robot and can be used good and malicious both purposes. It automate tasks and provide information or services a human being. Instant messaging(IM), web crawling, web interfaces and Internet relay chat(IRC) are typical use of bots to gather information. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server of an entire network of compromised devices, or botnet. Broad-based, flood-type, remote-controlled, attacks can be launched against their targets by an attacker. with a botnet. In additition to the self propagating worms ability of bots include, passwords gathering, log keystrokes, stealing financial information, capturing and analyzing packets, spam relaying, launching Denial of Service(DoS) attacks, and opening back doors on an infected host. Bots are more versatile in their infection having all the capabilities of worms. Bots infect networks in a way that escapes immediate notice and rarely reveal their presence with high scanning rates, which damage network infrastructure
Definitions
Exploit
It is a command, a methodology or a piece of software, that attacks a particular security vulnerability and are a common component of malware.
Back Door
It is a way of accessing a system, bypassing the normal authentication mechanisms placed in a software by its programmer.
Safety Measures against Malcode
1. Keep your Operating system(OS) always updated with most recent patches and fixes provided by your OS designer(Like Microsoft for Windows)
2. Have a good quality antivirus software installed on your system and keep the viruses, worms, Trojans, and bots definitions up to date.
3. Make sure that your antivirus program scans all e-mails and files before they are downloaded.
4. Install a fire wall.
5. Never ignore or add exceptions to a site while you receive a warning while visiting a site.
6. Music or video file sharing program may infect your system.
No comments:
Post a Comment