Malware quick overview


by - posted

This article gives you an overview and a basic understanding of malware. Malware is sometimes also called virus. MALWARE means MALicious SoftWARE.
Malware is any software (code, script, etc) created with the purpose of causing damage to computers and/or networks. This concerns mainly the security and privacy.

malwareVirus

A virus is a program which has infected an application and which causes that application to spread the virus to other applications. A virus requires user intervention to spread, that means you have to start the infected application. Viruses can increase their chances of spreading to other computers by infecting applications on a Internet connected computer. Viruses may corrupt files on a target system, decreasing functional performance or consuming networking throughput.

Macro virus

A macro language is integrated in programs like word processors and spreadsheets to perform common actions like open a file, save a file, etc. A macro virus is written in a macro language. Macro viruses are most commonly embedded in documents or spreadsheets, they may come from files attached to emails. A macro virus is activated if a document or spreadsheet is opened.
Macro viruses can do the following :

  • they cause abnormalities in documents or spreadsheets, such as missing or inserted data
  • they access email accounts and send out copies of infected files to all of a user’s contacts
  • they erase or compromise stored data

Macro viruses are platform independent; they can infect Windows and Mac computers using the same code. Any program that uses macros can operate as a host !

Stealth virus

This is a virus that actively hides itself from anti virus software. The stealth virus either masks the size of the file that it hides or temporarily removes itself from the infected file. It places a copy of itself in another location on the hard disk, replacing the infected file with an uninfected one.

Hybrid virus

A hybrid virus is a combination of a boot sector and program virus. It infects a program file and when the infected program is active, it will infect the boot record. This will initiate the virus each time the computer is turned on.

Virus/worm hybrid

The hybrid combines the characteristics of both types of malware. Typically featuring the virus’ ability to alter program code with the worm’s ability to reside in random access memory and to propagate without any action on the part of the user.

Worm

A worm is a standalone program which actively replicates itself on the hard disk or over a network (LAN, Internet, P2P, e-mail…). Worms spread by exploiting vulnerabilities in operating systems and networks. You can get a worm by mail attachments, from file sharing networks and in clicking links on infected Websites.
A possible payload for worms is to install a backdoor, which is an entry point for other malware coming from the Internet.

IM worm

An IM worm is a self-replicating malicious code that spreads in instant messaging networks.

IRC worm

An IRC worm is a self-replicating malicious code that spreads in Internet Relay Chat networks.

P2P worm

A P2P worm is a self-replicating malicious code that spreads in Pear to Pear networks.

Trojan horse

Users may download desirable software like screen savers, videos, etc from the Internet. Trojans are bundled with that piece of desirable software. If the user may be tempted to install it, he installs the Trojan at the same time. You can also get Trojans as mail attachment.
The Trojans have the same characteristics like viruses, they are not standalone programs and non self replicating.
Trojans may open a backdoor which is an entry point for other malware coming from the Internet.

Rootkit

To install a rootkit, an attacker must compromise the operating system through a known exploit. Rootkits are activated before your operating system even boots up. Rootkits can’t propagate by themselves.
If a rootkit has root/kernel access rights, it can do anything with your computer. A rootkit has the ability to hide itself as well as programs and data. A rootkit can give remote control to a malicious hacker on the infected computer. A rootkit can load other malicious software from the Internet on the infected computer via a backdoor.

Spyware

Spyware programs do not spread like viruses; they are generally installed by exploiting security holes or are packaged with a user installed software.
Spyware programs are gathering information about computer users or altering web browser behavior for the (financial) benefit of the spyware creator.

Key logger, keystroke logger

Some malware programs install a key logger which intercepts the user’s keystrokes. This can be critical, when entering a password, credit card number or other sensitive information.
The key logger records the user’s keystrokes invisibly and either transmits them to the attacker on an ongoing basis or saves them to a secret file in the user’s computer to be sent at a later time.

Adware

Adware programs are typically installed as separate programs that are bundled with certain free software. Adware programs often create unwanted effects on a system, such as annoying popup ads, and the general degradation in either network or system performance. Adware are also often installed in tandem with spyware programs. Both programs feed off each other’s functionalities : spyware programs profile the user’s behavior, while adware programs display ads that correspond to the gathered user profile.

The same article in French

If you enjoyed this article, you can :

– get post updates by subscribing to our e-mail list

– share on social media :

Leave a comment Cancel reply