Malicious software, in short known as malware, is the software used or created to disrupt the computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. Malware is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.
Malicious software
generally travels with data travellers, email, or any mode of transferring the
data from one end to another. Some of them possess the ability to stay hidden
and replicated. Such software is very dangerous as they make their copies. And,
these copies get activated whenever the system is rebooted. Some of the
malicious software spread themselves independently while others do so through
dependence.
Many early infectious
programs, including the first Internet Worm, were written as experiments or
pranks. Today, malware is used primarily to steal sensitive personal,
financial, or business information for the benefit of others. Malware is
sometimes used broadly against the government or corporate websites to gather
the guarded information, or to disrupt their operation in general. However,
malware is often used against individuals to gain personal information such as
social security numbers, bank or credit card numbers, and so on.
POINTS TO
REMEMBER
Malicious software, in
short known as malware, is the software used or created to disrupt computer
operation, gather sensitive information, or gain access to private computer
systems.
Different Types of
Malware
·
Computer
Virus: A computer virus is
malicious software which self-replicates and attaches itself to other
files/programs. Computer viruses spread like biological ones. It is capable of
quiet execution of its worst when the host program/file is activated. Viruses
can be transmitted as attachments to an email note or in a downloaded file or
present on a disk. Computer virus can be thought of as an abbreviation of “Vital Information Resources Under Seize”. All computer viruses are man made- most
commonly-known form of malware and most severely destructive. Viruses copy
themselves to other disks to quickly pass on to other computers. They can do
anything from erasing the data on your computer to hijacking your computer to
attack other damaging systems, send spam, or host and share illegal content.
Viruses may also perform other actions, like creating a backdoor for later use,
damaging files, or even damaging equipment.
The examples of computer virus include:
Memory-Resident Virus, Program File Virus, Boot Sector Virus, Stealth Virus,
Macro Virus, Email Virus etc.
·
Worm: Computer worm is a self-replicating malware
that does not alter files but duplicates itself. The trouble of worms is to
spread and infect as many computers as possible. They do so by creating copies
of themselves on infected computers, which then spread to other computers via
different channels. It is common for worms to be noticed only when their
uncontrolled replication consumes system resources, slowing or halting other
tasks. It uses a network to send copies of itself to other nodes (computers on
the network). It may do so without any user intervention. It does not need to
attach itself to an existing program.
·
Trojan
Horse: Trojan Horse is a
malware that neither replicates or nor copies itself , but causes damage or
compromises the security of the computer. Trojan Horse must be sent by someone
or carried by another program and may arrive in the form of a joke program or
software of some sort. It has the appearance of having a useful and desired
function i.e. it appears legitimate. After gaining the trust, it secretly
performs malicious and illicit activities when executed. Hackers make use of
Trojan horses to steal a user's password information, destroy data or programs
on the hard disk. It is hard to detect. Examples of Trojan Horses include
Remote Access Trojans (RATS), Backdoor Trojans (backdoors), IRC Trojans
(IRCbots), Keylogging Trojans etc.
·
Logic
Bomb: Logic Bomb is a piece
of computer code that executes a malicious task such as clearing a hard drive
or deleting specific files, when it is triggered by a specific event. It is
secretly inserted into the code of a computer's existing software where it remains
passive until that event occurs. The payload of a logic bomb is usually pretty
devastating to the company under attack. It is often a tool used by angry
employees in the IT world. It has a reputation of being associated with
“disgruntled employee syndrome”. A logic bomb doesn't cause much harm
outside of targeting a specific computer or network and IT employees. They are
usually the ones with the access and know-how to implement them. Logic bombs
are not usually programmed to spread to unknown recipients.
The type of action carried out in a logic bomb
does have a non-destructive use as well. It makes restricted, free software
trials possible. After a certain time period, a piece of code embedded in the
software's code causes the free software to disappear or become crippled so the
user needs to pay to continue its use. But since this is a non-malicious,
user-transparent use of the code, it is not typically referred to as a logic
bomb.
·
Zombies: A zombie is a computer connected to a network
that has been compromised by a cracker, a virus or a Trojan. It can be used
remotely for malicious tasks. A cracker (a computer hacker who intends mischief
or harm) secretly infiltrates an unsuspecting victim's computer and uses it to
conduct illegal activities. The user generally remains unaware that his/her
computer has been taken over. He/She can still use it, though it might slow
down considerably. As his/her computer begins to either send out massive
amounts of spam or attack webpages, he becomes the focal point for any
investigation involving his/her computer's suspicious activities. This
technique is useful for criminals as it helps them avoid detection and at the
same time reduce bandwidth costs (as the owners of the zombies will bear the
cost). Zombies are frequently used in denial-of-service attacks (DDoS),
degradation of service attack, for sending spam etc.
·
Phishing: Phishing refers to the sending of emails that
appear to originate from reliable sources but are really intended to trick the
recipient into revealing confidential information. Most phishing attacks begin
when the victim receives an email message in which the sender pretends to be a
bank or another real company organization in order to trick the recipient. The
email contains links to websites prepared by the criminals and with the
appearance of a legitimate website which ask the victim to enter personal data.
Phishing can take advantage of other means of communication as well including
SMS (‘smishing’), VolP (‘vishing’) or instant messaging on social networks.
Cyber criminals also use certain social engineering tricks to alarm recipients,
with warnings and emergency alerts to encourage victims into action. The idea
is to get users to act immediately without stopping to consider potential
risks.
·
Spyware: Spyware is a type of malware installed on
computers that collects your personal information and passes it on to someone
else without your knowledge or consent. The presence of spyware is typically
hidden from the user and can be difficult to detect. They travel on the
internet via emails, software or come with legitimate applications. They are
also called tracking software and once they are installed on the system, it is
hard to stop them and recover the lost data.
Typically, spyware is secretly installed on
the user's personal computer. While the term spyware suggests software that
secretly monitors the user's computing, the functions of spyware extend well
beyond simple monitoring. Spyware programs can collect various types of
personal information, such as Internet surfing habits and sites that have been
visited, but can also interfere with user control of the computer in other
ways, such as installing additional software and redirecting Web browser
activity. Spyware is known to change computer settings, resulting in slow
connection speeds, different home pages, and/or loss of Internet connection or
functionality of other programs. Spyware is also known for installing Trojan
viruses.
·
Adware: Adware (abbreviation for Advertising
Supported Software) is a type of malware that automatically delivers
advertisements. Common examples of adware include pop-up ads on websites and
advertisements that are displayed by software. Adware, by itself, is harmless ;
however, some adware may come with integrated spyware such as keyloggers and
other privacy-invasive software. Oftentimes, software and applications offer
“free” versions that come bundled with adware. Adware can also work like
spyware, it is deployed to gather confidential information; basically, to spy
on and gather information from a victim's computer.
·
Ransomware: Ransomware is a form of malware that essentially holds a
computer system locked up while demanding a ransom. The malware restricts the
user from access to the computer either by encrypting files on the hard drive
or locking down the system and displaying messages that are intended to force
the user to pay the malware creator to remove the restrictions and regain
access to their computer.
·
Rootkit: Originally, within the context of UNIX-type
systems, a rootkit was a group of tools belonging to the operating system
itself, such as netstat, passwd and ps, which were modified by an intruder in
order to gain unlimited access to the target computer, without this intrusion
being detected by the system administrator. A rootkit is a malware that alters
the regular functionality of an operating system on a computer in a stealthy
manner. The altering helps the hacker to take full control of the system and
the hacker acts as the system administrator on the victim’s system.
·
Botnet: A bot is a device that has been infected with
malicious software to do something harmful without the user's knowledge. Botnet
is a network of these infected devices that works together under the control of
an attacker. Botnet can be used to conduct phishing campaigns, send out spam or
used to carry out Distributed Denial of Service (DDoS) attacks.
·
Spam: Spam is any kind of unwanted, unsolicited
digital communication, often an email , that gets sent out in bulk to multiple
recipients who did not ask for them. The problems caused by spam are due to the
combination of the unsolicited and bulk aspects; the quantity of unwanted
messages swamps messaging systems and drowns out the messages that recipients
do want.
The most widely recognized form of spam is
email spam but the term is applied to similar abuses in other media as well
such as instant messaging spam, Usenet newsgroup spam, Web search engine spam,
spam in blogs, wiki spam, online classified ads spam, mobile phone messaging
spam, Internet forum spam, junk fax transmissions, social spam, spam mobile
apps, television advertising and file sharing spam.
Spamming is the act of sending spam to large
numbers of recipients for the purpose of commercial advertising or
non-commercial proselytizing or for any prohibited purpose (especially the
fraudulent purpose of phishing).
POINTS TO REMEMBER
Some common types of malicious software are
computer virus, Worm, Trojan Horse, Logic Bomb, Zombies, Phishing, Spyware,
Adware, Ransomware, Rootkit, Botnet and Spam.
Symptoms of Malware attack
·
Unexpected
Crashes: Crashing your system
or regularly switching to the terrifying blue screen is a major signal/symptom
of something that is utterly wrong. If it is happening in your computer now,
immediately scan your system for infections.
·
Slow
System: When you are not running
any heavy resource applications on your system but it is running slowly anyway,
it may be because your system is infected with a malware.
·
Excessive
Hard Drive Activity: When you see a lot of
hard drive activity even when your computer is idle, this is a symptom of a
potential infection.
·
Strange
Windows: When strange windows
pop up during the booting process, particularly those that warn you of lost
access to various drives on your system, something is wrong.
·
Peculiar
Messages: Troubling dialogue
boxes come up when your system is running and alerts you that various programs
or files will not open; this is also a bad sign.
·
Bad
Program Activity: When your programs go
missing, are corrupted, or start to open themselves without your initiation
and/or when you receive notification that the program is attempting to access
the internet without your command, this is a serious sign that you are the
victim of malware.
·
Random
Network Activity: When your router is
constantly blinking indicating a high level of network activity when you aren't
running any significant programs or accessing high amounts of Internet data,
something might be wrong.
·
Erratic
Email: When you haven't sent
emails but you hear from your contacts that they're getting strange emails from
you, this is a strong indication that your system has been compromised (or your
email password has been stolen).
·
Blacklisting
IP Address: When you receive
notification that your IP address has been blacklisted, consider this as a sign
that your PC is not in good hands i.e. your system has been compromised and is
being used as one tentacle in a far-reaching, spam-sending botnet.
·
Unexpected
Antivirus Disabling: Many malware programs
are designed to disable the antivirus program that would otherwise eradicate
them, so if your antivirus system is suddenly not operating this could be a
sign of a much larger problem.
Assignment
4
1.
Define malicious
software? List out any 10 common malicious software.
No comments:
Post a Comment