Malware, or malicious software, is a program or file that designed to disturb computer process and operation or gain entrée to the computer system, without the user’s knowledge or permission. Malware has become a common term used to explain all hostile or intrusive software computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. These malicious software programs can do a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer action without their permission. Cybercriminals target user’s end devices through the installation of malware.
A virus is an executable code which is attached to another executable file. The majority of viruses required end-user initiation and can start at a particular time or date. The viruses generally spread in one of three ways
- Removable media
- Downloads off the Internet
- Email attachments
The detection of the virus is not too easy. The viruses can be harmless and just show a picture or they can be destructive, such as those that change or delete data. To avoid detection, a virus changes themselves into other shapes. A simple process of opening a file can trigger a virus. The USB drive is the major source of spreading a virus. A boot sector, or file system virus, infected USB drives and can reach to the system’s hard disk. Executing a specific program can activate a program virus. Once the virus program is active, it will generally infect other computer programs or other computers on the network.
Worms are also a malicious code just like the virus. The worms replicate by separately exploiting vulnerabilities in networks. It generally slows down the networks. The worms run independently. The worm only required the participation of user for initial infection, then it is work independently.
Once a worm affects a host, it is spread themselves very quickly over the network. Worms share the same patterns. They all have an activating vulnerability, a way to spread themselves, and they all contain a payload.
Worms are responsible for some of the most devastating attacks on the Internet. For example, in 2001, the Code Red worm infected 658 servers. Within 19 hours, the worm infected over 300,000 servers.
A Trojan horse is another malware program that carries out malicious operations under the appearance of a preferred operation, for example, playing an online game. This malicious code exploits user privileges that run on the system. A Trojan horse binds itself to non-executable files such as image files, audio files, video files, and games.
A logic bomb is a malicious software that uses a trigger to activate the malicious code in the operating system. There are different types of triggers, such as, dates, times, other programs running, or the deletion of a user account. The logic bomb remains inactive until a trigger event occurs. Once the logic bomb activated, it performs a different function like corrupting, altering data, reformatting a hard drive, and deleting important files. Specialists recently discovered logic bombs that destroy the hardware mechanism in a computer including the cooling fans, CPU, memory, hard drives and power supplies.
Ransomware restricts access to the users own computer and files. It is a type of malware that displays a message and demand payment to remove the restriction from computer and files. It usually encrypts data in the computer with a key unknown to the user. The user must pay a money to the criminals to remove the restriction. Some versions of ransomware use system vulnerabilities to lock down the system. The email contains a malicious attachment and pop-up advertisement is the most common type of ransomware infection. Some ransomware propagates as a Trojan horse. Once the victim pays, the criminal sends a program that decrypts the data and files or sends an unlock code.
Backdoors and Rootkits
A backdoor is a method of accessing a computer without going through the normal access way such as by entering a name and password. It bypasses the normal authentication used to access a system. The Netbus and Back Orifice are the examples of backdoor programs, which allow remote access to unauthorized system users. The backdoor grants future access to cybercriminals even if the association fixes the original vulnerability used to attack the system. Generally, criminals have authorized users innocently run a Trojan horse program on their machine to install the backdoor.
The rootkit is used to mask programs files to help hackers avoid detection. A rootkit is used to open a backdoor, allowing hackers into a system without authentication remotely. Usually, rootkits use software vulnerabilities to perform privilege escalation and modify system files. The rootkits modify system forensics and monitoring tools, making them very hard to detect. Generally, a user should wipe and reinstall the operating system of the infected computer with the rootkit. An example of a virus that installs a backdoor is the Mydoom. Its create junk mail and send it from infected computers.
Defending Against Malware and Malicious Software
There are few steps to defend you against all forms of malware:
- Antivirus Program –Most antivirus catch many forms of malware. Though, criminals develop and set up new threats on a daily basis. Thus, the key to the successful solution is to keep antivirus signatures updated.
- Up-to-Date Software –Many types of malware get their goal through the exploitation of vulnerabilities in the operating system and applications software. Earlier the operating system vulnerabilities were the main source of problems but, now application-level vulnerabilities create the greatest risk. The operating system vendors behave are more responsive to patching and up-to-date the system but, Unfortunately, the most application vendors are not serious about the application vulnerabilities.