So what is Malware? Short for malicious software, malware is as old as software itself, and programmers have been authoring it for as long as they have been authoring legitimate software. There are many reasons why a programmer might create malware. These reasons vary from simple pranks and experiments to serious organized Internet crime. Malware exists in many forms, most of which you’ve probably already heard of. The most common types of malware are viruses, trojans, worms, spyware and zombies.
This article will cover the inner workings of the most common types of malware, and will also explain why malware is created and the kind of damage that it can inflict on individuals, corporations and governments.
Malware manifests itself in different forms; the most well-known is the virus.
Computer viruses are similar to their biological counterparts because they are capable of self-replication. The prime motivation of a virus is not to cause damage, but to clone itself onto another host so that it can spread further. If a virus causes damage it is more likely to be detected, and for this reason virus authors employ stealth techniques to keep it unnoticed. A good virus has a very small footprint and can remain undetected for a very long time.
Damage is not always a side-effect of infection. Sometimes damage has been purposely built-in by the programmer. Some viruses are time activated; they silently spread for a number of days, months or years and will suddenly activate and do damage on one particular date. Other viruses are event driven. They will activate when something particular happens on a host, or when a command is sent to them via a covert Internet channel.
Worms are very similar to viruses in many ways. The biggest difference between a worm and a virus is that worms are network-aware. A virus finds it very easy to replicate itself amongst files on the same computer, however it has a hard time jumping from one computer to another. A worm overcomes this computer-to-computer hurdle by seeking new hosts on the network and attempting to infect them.
This is an important difference: in the past viruses could take years before moving from one corporation to another, or from one country to another. Worms are capable of going global in a matter of seconds. This makes it very hard for them to be controlled and stopped.
The primary function of spyware is to snoop on a user’s activity and send back the information it gathers to a hacker. Spyware does not have any infection mechanisms. It is usually dropped by trojans (and also by viruses and worms). Once dropped, it installs itself on the victim’s computer and sits there silently to avoid detection.
Once spyware is successfully installed it will begin collecting information. It is very common for spyware to log all the keys that the user types. This type of spyware is called a keylogger and can capture interesting information such as user names, passwords, credit card numbers and email addresses. Keyloggers capture every key stroke, so entire emails, documents and chats can be read by the malicious hacker.
There are more sophisticated forms of spyware that hook themselves to the network interface and siphon off all network data that enters or leaves the infected computer. This allows the hacker to capture entire network sessions giving them access to files, digital certificates, encryption keys and other sensitive information.
If you would like to know more from guys who don’t speak Geek – call MBM