Malicious Software

Malicious Software:

Malicious software is the programs that generate threats to the computer system and stored data. They could be in the form of viruses, worms, Trojan horses, spyware, and malware.

Viruses:

Virus stands for Vital Information Resources Under Seize is a harmful program, that, on entering a computer, starts creating copies of itself. It then attacks by corrupting the executable files and folders saved on the computer. Similar to a biological virus, a computer virus cannot travel on its own; it needs to be attached to some other program or executable file to move from one computer to another. In short, a computer virus is a malicious program that enters your computer, replicates itself (creates copies of itself), and damages the computer by corrupting files and folders. Different types of viruses are:

• Boot Sector Virus- This type of virus infects the master boot record of the system by either moving it to another sector or replacing it with infected ones.
• File Infecting Virus- This type of virus infects the executable files or files containing executable code such as .exe, .com, .dll, .sys, etc.
• Polymorphic Virus- This type of virus changes its code when as it propagates from one file to another. Therefore, each copy that it generates appears different from others. This makes the polymorphic virus difficult to be detected by the Antivirus software.
• Stealth Virus- This type of virus attempted to conceal its presence from the user and/or Antivirus software by using various techniques.
• Multipartite Virus- This type of virus infects both boot sector and executable files and uses multiple mechanisms to spread itself. It is the worst virus of all because it can combine some or all of the stealth techniques along with polymorphism to prevent detection.

The usual symptoms of a virus attack are as follows:

• The computer begins to run slowly.
• Unusual messages and graphics appear on the computer screen for inexplicable reasons.
• Music not associated with any of the open programs begins to play.
• Some programs or data files on the computer either become corrupt or are difficult to locate.
• Unknown files or sub-directories are created.
• The size/dates of executable files change on their own.
• The volume label of your hard disk changes mysteriously.
• Hardware devices begin to exhibit unusual behavior.

Worms:

Worms are self-repeating and do not require a computer program to attach themselves. Worms continually look for vulnerabilities and report back to the author of the worm when weaknesses are discovered. Both worms and viruses tend to fill computer memory with useless data thereby preventing you from using memory space for legal applications of programs. In addition, they can destroy or modify data and programs to produce erroneous results as well as halt the operation of a computer system or network. The worms replication mechanism can access the system by using any of the three methods given below:

• It employs password cracking, in which it attempts to log into systems using different passwords such as words from an online dictionary.
• It exploits a trap door mechanism in mail programs, which permits it to send commands to a remote system’s command interpreter.
• It exploits a bug in a network information program, which permits it to access a remote system’s command interpreter.

Some common examples of computer worms are as follows:

• MS-Blaster.
• Sasser Worm.
• Sobig Worm.
• SQL Slammer Worm.
• Blaster Worm.
• Mydoom Worm.
• Melissa Worm.

Trojan Horses:

Trojan Horses are unauthorized programs placed inside a legitimate application. An attacker uses a Trojan to illegitimately get access to a computer and view secret information, such as passwords, and harm the computer. Trojans are generally downloaded with some other programs or applications. The application runs normally after it is installed, but the user is unaware that the Trojan Horse has already begun its work in the background and is silently damaging or deleting data from his/her computer. A Trojan is a complete program on its own and does not need any host program to attach itself to. An example of a Trojan Horse would be a Diwali executable application, which, when executed, displays the figure of Goddess Laxmi and a caption saying “Happy Diwali”. However, in the background, the malicious code could be deleting files or performing other harmful actions on your computer.

Rootkit:

A rootkit is a collection of tools that are used to obtain administrator-level access to a computer or a network of computers. A rootkit could be installed on your computer by a cybercriminal exploiting a vulnerability or security hole in a legitimate application on your PC and may contain spyware that monitors and records keystrokes.

Spyware and Malware:

Spyware is the small programs that install themselves on computers to gather data secretly about the computer user without his/her consent and report the collected data to interested users or parties. The information gathered by the spyware may include e-mail addresses and passwords, net surfing activities, credit card information, etc. The spyware often gets automatically installed on your computer when you download a program from the Internet or click any option from the pop-up window in the browser.

Malware is short for “malicious software.” Malware is used to mean a “variety of forms of hostile, intrusive, or annoying software or program code.” Malware could be computer viruses, worms, Trojan horses, dishonest spyware, and malicious rootkits—all of which are defined above. Malware is a program that has been designed to adversely affect the computer without the user’s knowledge.

Ransomware:

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. It is often designed to spread across a network and target database and file servers, and can thus quickly paralyze an entire organization. Ransomware can get downloaded when the users visit any malicious or unsecured websites or download software from doubtful repositories. Some ransomware is sent as email attachments in spam mails. It can also reach our system when we click on a malicious advertisement on the Internet.