Types of Malware and Guidelines for Protection

Before you start

Objectives: learn the specifics about viruses, worms, trojan horse, spyware, adware, grayware, spam and how to protect against malicious software.

Prerequisites: no prerequisites.

Key terms: software, computer, malicious, virus, file, spyware, adware, antivirus, code, grayware, legitimate, email


Types of Malware

Malware is malicious code intended to take control or damage our computer operating system without our knowledge or approval. It can be very difficult to remove and very damaging. Malware can come in several different forms. Malicious code can be implemented by unauthorized users or it can be brought into our environment by unintentional users. Malicious code can be downloaded in a form of a file or a program which can be downloaded form the Internet. This includes EXE files, movies, animations, ActiveX controls, etc. One of the most known form of malicious code is a virus.

A virus is a program that attempts to damage a computer system and replicates itself to other computer systems. Viruses are attached to a host file, for example a .com, .exe, .bat or even a system file such as Windows DLL. When the host file is distributed, the virus is also distributed. A virus replicates or activates when we access or execute infected file. Many viruses are distributed via e-mail using our address book or using file transfer services. Virus can also be attached to the boot sector of a hard drive. So, viruses don’t self replicate in most cases. The objective of a virus is usually to destroy, compromise, or corrupt data. Even a small and simple viruses can make serious damage.

A worm is a self replicating virus that does not require the host file to propagate. Worm can spread across an entire system or network of systems without user assistance. It automatically replicates itself without an activation mechanism. Worms can be used to destroy data, and they can cause the system to crash by using all resources while trying to replicate.

A Trojan horse is malicious program which represents itself as a legitimate or desirable software. Trojan horse hides malicious code inside of the seemingly useful program. Trojan horse cannot replicate itself, and needs user interaction in order to activate. It often contains spying functions (such as a packet sniffer) or backdoor functions that allow a computer to be remotely controlled from the network. It can also be used for data destruction, DoS zombie deposit, virus implantation, etc. A wrapper is a program that is used legitimately, but has a Trojan attached to it that will infiltrate whichever computer runs the wrapper software.

Spyware is software that is installed without the user’s consent or knowledge. It can intercept or take partial control over the user’s interaction with the computer and capture users personal information such as Internet surfing habits and passwords, and sends the information back to its originating source. Cookies are text files that are stored on a computer to save information about our preferences, browser settings, and Web page preferences. Cookies are often used for legitimate purposes on many web sites, but can be read or used for malicious purposes by spyware and other software. Spyware can interfere with a user’s control of the computer such as installing additional software, changing computer settings, and redirecting Web browser activity.

Adware is usually passive but invasive because it presents us with unwanted advertising. It monitors users personal preferences and then sends pop-ups and ads that match those preferences. Adware is typically installed in the background when we visits certain Internet sites. It is usually more annoying than harmful.

Logic bombs are another type of malicious code which lies dormant and unseen until they’re triggered. The trigger can be some date, some application that is launched, or some other activity that we perform on our computer. Logic bombs can be used to steal data and to destroy data.

Grayware is software that serves a useful purpose or legitimate service but also contains potentially harmful features or malicious code. It is often installed with the user’s permission but without the user’s full understanding of the program’s potential effects. Features included with grayware might be identified in the end user license agreement (EULA), or the features could be hidden or undocumented. The main problem with grayware is that the end user cannot easily tell what the application does or what was added with the application. Grayware can be adware, spyware, joke programs, or dialers that redirect a user to a long distance phone number.

Spam is simply unwanted or undesirable email sent to many recipients. It can be benign as e-mails trying to sell products, but can also contain phishing scams or malware as attachments. Another problem with span is that is wastes bandwidth and can fill the inbox, resulting in a denial of service condition where users can no longer receive e-mails.

Protection

Antivirus software is the first line of defense against malicious code. We should keep the antivirus software definition and signature files updated. These files are used to identify viruses and are a vital component of the anti-virus software. Protection against a virus is only provided after a definition file has been released which matches the target virus. For maximum protection we must keep the definition files updated. Most antivirus software will automatically check for updated definition files on regular intervals. Most anti-virus software also include spyware and adware protection. We should scan new files before we run them on our system. We should also periodically scan the entire system. Good antivirus software will automatically scan incoming files before they are saved to the system. Antivirus software can be installed on an email server to block malicious attachments before they reach a users mailbox. We can also block all attachments to prevent any unwanted software, but this can also block needed attachments as well. Email servers can also be protected with spam filters and real time black lists, but here we have to be careful not to make those filters too broad so that they prevent legitimate email from reaching users. Keeping our operating system files updated and patched will provide better protection for us, our users and our network from malware. Patching known security holes on our system through implementing patches, hot fixes and service packs often eliminate holes through which viruses can propagate. We should also educate users how to behave when downloading files from the Internet and accepting attachments in e-mails. Also, end users should not be allowed to install software that is not checked, tested and approved. We can also disallow users to use removable devices.

Remember

Antivirus software is the first line of defense against malicious code. A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A worm is a self replicating virus that does not require a host file to propagate. A Trojan horse is malicious program which represents itself as a legitimate or desirable software. Spyware is software that is installed without the user’s consent or knowledge. Adware is usually passive but invasive because it presents us with unwanted advertising. Grayware is software that serves a useful purpose or legitimate service but also contains potentially harmful features or malicious code. Spam is simply unwanted or undesirable email sent to many recipients.