Friday, February 13, 2009

Malware, spyware, viruses, worms

Malware is made from the words “Malicious” and “Software” and refers to any piece of code that has a malicious effect on a computer. It normally carries out its malicious task without informing the user of the computer. Note that, Malware does not refer to buggy, legitimate software.

Virus programs are a type of malware. Viruses are programs that infect a “host” like a file, or another executable program. The virus “spreads”, whenever the “host” is run, by infecting other files. Viruses can be very malicious like those that can erase the contents of a hard drive. They can be less malicious like displaying an obscene message on the screen.

A Worm is different from a virus in that it does not need a “host” to attach to. Worms reside in the “RAM” and infect other computers through computer networks. They do not spread by infecting other files. A worm can carry a payload. A worm does not need user intervention to run (or spread) unlike a virus which does. Worms scan the network for computers with vulnerable network services and copy themselves to the vulnerable computers. The process is automatic and thats how they can spread at lightning speed.

A “Trojan” is a program that does not infect or spread! It is actually a malicious piece of code, contained in a seemingly benign and useful code (read screen savers, games etc.) . A Trojan when run, can provide its author - access to the infected computer. Other types of Trojan, look for information like passwords, credit card numbers, online banking data, personal information etc and send these back to the author.

A Trojan actually invites the user to run itself. The concealed malicious payload is executed in the process.Most commonly , it install more harmful programs in the computer to serve the author’s interests. Thus Trojans are used as “droppers”, by which worms are injected into user’s computer networks.

Malware written for profit include - Spyware, Botnets, Keyloggers etc.

Earlier malware used to be written more for “vandalism” and “prank” value - today the creators look at making money out of the control they have on infected systems.

Spyware is distributed as a Trojan - a desirable and useful software on the outside containing the malicious spyware code inside.

Malware programs need to stay in the infected computer for long periods so that they give a better chance for their authors to profit from them. In order to do this they need to conceal their presence in the infected computer. Most Malware programs have code in them such that they cannot be easily detected. They do this by modifying the Operating System using specific commands. (The set of such commands are called “rootkits”). By running rootkits, they do not show up in the list of system processes. Thats how they escape detection by ordinary means.

But they can be detected by programs written to detect such concealment. On being detected they can be deleted by these programs. Spyware programs have defenses to repel such deletion attempts. They run multiple system processes such that if one of them is killed by an anti-spyware program, the other surviving processes quickly generate a copy of the killed process. Thus to clean a infected system of spyware, not only should the various spyware processes be identified - they have to be killed simultaneously.

Some Spyware programs can alter browser behaviour by redirecting search engine results.

Botnets are used by creators of some malware - to coordinate between the hundreds and thousands of infected computers. The malware in the infected systems login to the botnet. Thus through the botnet the creator of malware can update the code and make them more resistant and more capable.

Some malware programs can install a key logger which logs the key strokes made by the user when entering passwords or credit card information or CD leys. These are then transmitted to the creator of the malware.

1 comment:

Anonymous said...

Plain,simple and to-the-point explanation of the words such as malware, virus etc. These are the words which one hears often but does not know the difference between them. Thank you.

Mohammad Ali