際際滷

際際滷Share a Scribd company logo

Malwares

Papun Papun
Papun Papun

Malware refers to malicious software such as viruses, worms, trojans, spyware, and rootkits that are designed to disrupt computer operations, gather sensitive information, or gain unauthorized access to private computer systems. Common forms of malware transmission are through email attachments and websites. Malware detection methods used by antivirus software include signature-based detection by comparing files to known malware signatures as well as heuristic analysis to identify new or variant malware.

1 of 5
Downloaded 27 times
MALWARE Malware also known as malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software. Malware includes computer viruses, worms, Trojan horses, spyware, adware, rootkits , Backdoors and other malicious programs. Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web. On March 29, 2010, Symantec Corporation named Shaoxing, China, as the world's malware capital. The term computer virus is used for a program that has infected some executable software and, when run, causes the virus to spread to other executables. Viruses can be divided into two types based on their behavior when they are executed.
1. Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file. 2. Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. The virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example the replication module can be called each time the operating system executes a file. In this case the virus infects every suitable program that is executed on the computer. Examples: The Cascade virus was a resident computer virus written in assembler,that was widespread in the 1980s and early 1990s. It infected COM files and had the effect of making text on the screen fall down and forms a heap in the bottom of the screen. It was notable for using an encryption algorithm to avoid being detected. Worms are software programs capable of reproducing itself that can spread from one computer to the next over a network. Worms spread itself automatically and worms can take advantage of automatic file sending and receiving features found on many computers. Examples: , also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. 2. The Welchia worm, also known as the "Nachia worm," is a computer worm that exploits vulnerability in the Microsoft Remote procedure call (RPC) service similar to the Blaster worm. However, unlike Blaster, it tries to download and install security patches from Microsoft, so it is classified as a helpful worm.
Concealment: [Trojan horses, Rootkits, and Backdoors] A Trojan horse is any program that invites the user to run it, concealing harmful or malicious code. The code may take effect immediately and can lead to many undesirable effects, such as deleting the user's files or installing additional harmful software. ! " ! # $ $ Rootkit softwares are used to hide the fact that a computer system has been compromised, for example by modifying system commands to conceal changes made to the system. Rootkits can prevent a malicious process from being visible in the system's list of processes, or keep its files from being read. Some Rootkit programs contain routines to defend against removal, not merely to hide them, but to resist attempts to remove them. Rootkits can change how the operating system functions and in some cases can tamper with the anti-virus program and render it ineffective. Rootkits are also difficult to remove, in some cases requiring a complete re- installation of the operating system. A backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised, one or more backdoors may be installed in order to allow easier access in the future. Crackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors crackers may use Trojan horses, worms, or other methods. Grayware: [Crimeware, Adwire, Spyware] Grayware (or Greyware) is a general term that refers to applications or files that are not directly classified as malware (like worms or Trojan horses), but can still negatively affect the performance of computers and involve significant security risks. Another term is PUP which stands for Potentially Unwanted Program. Crimeware is designed to perpetrate identity theft in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions.Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods:
Crimeware can surreptitiously install keystroke loggers to collect sensitive datalogin and password information for online bank accounts, for exampleand report them back to the thief. A Crimeware program can also redirect a user's web browser to a counterfeit website controlled by the thief even when the user types the website's proper domain name in the address bar. Crimeware threats can steal passwords cached on a user's system. Crimeware can wait for the user to log into their account at a financial institution, and then drain the account without the user's knowledge. Crimeware can enable remote access into applications, allowing criminals to break into networks for malicious purposes. Adware is a type of malware designed to display advertisements in the users software. They can be designed to be harmless or harmful; the adware gathers information on what the user searches in the World Wide Web .With this gathered information it displays ads corresponding to information collected. Spyware is a software that self-installs on a computer, enabling information to be gathered covertly about a person's Internet use, passwords, etc. Spyware can changes your computer configuration and can cause your computer to slow down or crash. These programs can change your web browser's home page or search page, or add additional components to your browser you don't need or want. They also make it very difficult for you to change your settings back to the way you had them. Major infrastructures attacked: % & ' ( )*+* % & , " % - " ! " ' % & . / . 0 # # 0 !% 1 & &
0 0 0 0 " 2 0 0 . 0 3 & 4 0 5 $ &$ 4 5 6& , " 0 , % 6 4 " 78 " 95 0 " , % 2 4 " : 5 " ' 4 " 785 . 4 0 5 There are several methods which antivirus software can use to identify malware: Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces. Heuristic analysis is used to identify new malware or variants of known malware. Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants. Heuristic analysis and detection refers to the detection and removal of multiple threats using a single virus definition.

More Related Content

Malwares

  • 1. MALWARE Malware also known as malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software. Malware includes computer viruses, worms, Trojan horses, spyware, adware, rootkits , Backdoors and other malicious programs. Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web. On March 29, 2010, Symantec Corporation named Shaoxing, China, as the world's malware capital. The term computer virus is used for a program that has infected some executable software and, when run, causes the virus to spread to other executables. Viruses can be divided into two types based on their behavior when they are executed.
  • 2. 1. Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file. 2. Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. The virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example the replication module can be called each time the operating system executes a file. In this case the virus infects every suitable program that is executed on the computer. Examples: The Cascade virus was a resident computer virus written in assembler,that was widespread in the 1980s and early 1990s. It infected COM files and had the effect of making text on the screen fall down and forms a heap in the bottom of the screen. It was notable for using an encryption algorithm to avoid being detected. Worms are software programs capable of reproducing itself that can spread from one computer to the next over a network. Worms spread itself automatically and worms can take advantage of automatic file sending and receiving features found on many computers. Examples: , also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. 2. The Welchia worm, also known as the "Nachia worm," is a computer worm that exploits vulnerability in the Microsoft Remote procedure call (RPC) service similar to the Blaster worm. However, unlike Blaster, it tries to download and install security patches from Microsoft, so it is classified as a helpful worm.
  • 3. Concealment: [Trojan horses, Rootkits, and Backdoors] A Trojan horse is any program that invites the user to run it, concealing harmful or malicious code. The code may take effect immediately and can lead to many undesirable effects, such as deleting the user's files or installing additional harmful software. ! " ! # $ $ Rootkit softwares are used to hide the fact that a computer system has been compromised, for example by modifying system commands to conceal changes made to the system. Rootkits can prevent a malicious process from being visible in the system's list of processes, or keep its files from being read. Some Rootkit programs contain routines to defend against removal, not merely to hide them, but to resist attempts to remove them. Rootkits can change how the operating system functions and in some cases can tamper with the anti-virus program and render it ineffective. Rootkits are also difficult to remove, in some cases requiring a complete re- installation of the operating system. A backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised, one or more backdoors may be installed in order to allow easier access in the future. Crackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors crackers may use Trojan horses, worms, or other methods. Grayware: [Crimeware, Adwire, Spyware] Grayware (or Greyware) is a general term that refers to applications or files that are not directly classified as malware (like worms or Trojan horses), but can still negatively affect the performance of computers and involve significant security risks. Another term is PUP which stands for Potentially Unwanted Program. Crimeware is designed to perpetrate identity theft in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions.Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods:
  • 4. Crimeware can surreptitiously install keystroke loggers to collect sensitive datalogin and password information for online bank accounts, for exampleand report them back to the thief. A Crimeware program can also redirect a user's web browser to a counterfeit website controlled by the thief even when the user types the website's proper domain name in the address bar. Crimeware threats can steal passwords cached on a user's system. Crimeware can wait for the user to log into their account at a financial institution, and then drain the account without the user's knowledge. Crimeware can enable remote access into applications, allowing criminals to break into networks for malicious purposes. Adware is a type of malware designed to display advertisements in the users software. They can be designed to be harmless or harmful; the adware gathers information on what the user searches in the World Wide Web .With this gathered information it displays ads corresponding to information collected. Spyware is a software that self-installs on a computer, enabling information to be gathered covertly about a person's Internet use, passwords, etc. Spyware can changes your computer configuration and can cause your computer to slow down or crash. These programs can change your web browser's home page or search page, or add additional components to your browser you don't need or want. They also make it very difficult for you to change your settings back to the way you had them. Major infrastructures attacked: % & ' ( )*+* % & , " % - " ! " ' % & . / . 0 # # 0 !% 1 & &
  • 5. 0 0 0 0 " 2 0 0 . 0 3 & 4 0 5 $ &$ 4 5 6& , " 0 , % 6 4 " 78 " 95 0 " , % 2 4 " : 5 " ' 4 " 785 . 4 0 5 There are several methods which antivirus software can use to identify malware: Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces. Heuristic analysis is used to identify new malware or variants of known malware. Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants. Heuristic analysis and detection refers to the detection and removal of multiple threats using a single virus definition.