Malicious Software (Malware)

Malicious Software:

Malware is a shortened term for malicious software and refers to any software application that is designed to cause damage to a single computer, server, or computer network. Malicious Softwares are generally intrusive and hostile and are generally used to steal data, damage a computer system, or give unauthorized access to sensitive information. Malicious Software can be present in the form of scripts, code, or even as independent software that gets secretively installed on a computer’s hard drive, mostly without the knowledge of the user. Malicious Software can be divided into several different categories and includes computer viruses, worms, Trojans, and spyware among others. Types of malware include:

• Computer Viruses.
• Computer Worms.
• Trojan Horses.
• Spyware.
• Ransomware.
• Adware.
• Botnet.
• Rootkit.

Computer Viruses:

The term computer virus was coined by Fred Cohen in 1985. Virus stands for Vital Information Resources Under Seize is a program or small code segment that can attach itself to existing programs or files and infect them as well as replicate itself without the user’s knowledge or permission. Computer viruses spread from one computer to another by attaching themselves to executable files or boot records of disks and diskettes. It can also be found in e-mail attachments and other programs that are downloaded from the Internet. It spreads from one computer to another in the following ways:

• Executing an infected file on a computer.
• Using infected external storage devices, such as CDs, floppy disks, and pen drives.
• Opening infected e-mail attachments.
• Downloading infected files and gaming software from Intenet.
• Using a local network to access infected files lying on other computers.
• Surfing suspicious websites on the Internet.

Broadly, there are three types of computer viruses:

• File Infector Viruses- These infect program files.
• Boot Sector Viruses- These infect the boot record on hard disks, floppy disks, and theoretically also on CDs and DVDs.
• Macro Viruses- These infect data files.

Some well-known viruses include CryptoLocker, ILOVEYOU, MyDoom, Sasser and Netsky, Slammer, Stuxnet, etc.

Computer Worms:

A computer worm is an independent program capable of replicating itself in computer memory. In that sense, it is similar to a virus. However, it does not attach itself to other existing programs or files to get executed by users rather it operates on its own. Therefore, computer worms spread faster than computer viruses. Mostly computer worms interrupt services and generate system management problems. Some types of worms can scan passwords and other sensitive information and send the information back to the creator of the worm. Sometimes worms can also install Trojan Horses or other viruses that cause harm to the computer. Some prominent examples of worms include Storm Worm, Sobig, MSBlast, Code Red, Nimda, Morris Worm, etc.

Trojan Horses:

Trojan Horse is a program that appears to be legal and useful but concurrently does something unexpected like destroying existing programs and files. It does not replicate itself in the computer system and hence, it is not a virus. However, it usually opens the way for other malicious software (like viruses) to enter the computer system. In addition, it may also allow unauthorized users to access the information stored on the computer. Trojans are often bundled with legitimate software (eg, downloaded via P2P or file-download sites) but keep the original software intact to avoid suspicion and allow the trojan to spread further. They can be programmed to self-destruct, leaving no evidence other than the damage they have caused.

Spyware:

Spyware is software that is downloaded onto your computer to track your activities without your knowledge. This information is then sent to a remote source. It hides in the background and takes notes on what you do online, including your passwords, credit card numbers, surfing habits, chat programs, ability to monitor keystrokes, scan files on the hard drive, and more.

Ransomware:

Ransomware is also called scareware. It is a type of malicious software that usually encrypt all the files in a target’s computer and threatens to publish the critical data unless a ransom (money) is paid. Once the ransom is paid within a stipulated period, then the system is either unlocked or the system’s contents are deleted or the system is entirely corrupted. Unlike other cyber-attacks, in this form of attack, the user is notified of the attack. It spreads easily when it encounters unpatched or outdated software. Ransomware can get downloaded when the users visit any malicious or unsecured websites or download software from doubtful repositories. Some ransomware is sent as email attachments in spam mail. It can also reach our system when we click on a malicious advertisement on the Internet.

Adware:

Adware is also known as advertising-supported software. This is any software package that automatically shows an advertisement such as a pop-up. They may also be in the user interface of a software package or an installation screen. The main object of adware is to generate revenue for its author. Adware, by itself, is harmless. However, some adware may include spyware such as keyloggers. The main purpose of this malware is to record the keys pressed by a user on the keyboard. A keylogger makes logs of daily keyboard usage and may send it to an external entity as well. In this way, very sensitive and personal information like passwords, emails, private conversations, etc. can be revealed to an external entity without the knowledge of the user.

Botnet:

Botnets are networks of infected computers that are made to work together under the control of an attacker. An individual computer in the group is known as a “zombie“ computer.

Rootkit:

A rootkit is a collection of tools where malicious software allows the attacker to take root control of an operating system. This type of malicious software disguises itself by appearing as authentic operating system software to hide from antivirus/anti-malware software. The rootkit grants the attacker high-level authority with the ability to change system parameters and may remotely execute files.