Malware is short for malicious software. A software used or created by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. While it is often software, it can also appear in the form of scripts or code. 'Malware' is a general term used to refer to a variety of hostile, intrusive, or annoying software. Malware is not the same as defective software, which is software that has a legitimate purpose but contains harmful bugs that were not noticed before release. However, some malware is disguised as genuine software, and may come from an official company website.
Have you ever wonder WHY does anyone create a malware?
Many early infectious programs, including the first Internet Worm, were written as experiments or pranks. Today, malware is used primarily to steal sensitive personal, financial, or business information for the benefit of others.
Malware is sometimes used broadly against government or corporate websites to gather guarded information, or to disrupt their operation in general. However, malware is often used against individuals to gain similar personal information such as social security numbers, bank or credit card account information, and so on. Since the rise of widespread broadband Internet access (Cloud), malicious software has been designed increasingly for profit.
Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs. Let’s talk about each of them in detail. Malwares are actually divided under following categories
Infectious malware: viruses and worms
Computer virus is a malware that can reproduce itself; the term is sometimes used incorrectly to refer to the entire category. An example of a computer virus which is not a malware, but is benevolent is Fred Cohen's compression virus. Viruses are sometimes confused with worms and Trojan horses, which are technically different. However, antivirus professionals do not accept the concept of benevolent viruses, as any desired function can be implemented without involving a virus. Any virus will by definition make unauthorized changes to a computer, which is undesirable even if no damage is done or intended.
Computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Concealment Malware: Trojan horses, rootkits, and backdoors
Trojan horse, or Trojan, is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses can make copies of themselves, steal information, or harm their host computer systems. Many trojans rely on drive-by downloads or install via online games or internet driven applications in order to reach target computers.
A Trojan gives a hacker remote access to a targeted computer system. Operations that could be performed by a hacker on a targeted computer system may include:
Rootkit is a stealthy type of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. Rootkit installation can be automated, or an attacker can install it once they've obtained root or Administrator access. Obtaining this access is either a result of direct attack on a system (i.e. exploiting a known vulnerability, password (either by cracking, privilege escalation, or social engineering)).
Once installed it becomes possible to hide the intrusion as well as to maintain privileged access. Like any software they can have a good purpose or a malicious purpose. The key is the root/Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.
Backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised, one or more backdoors may be installed in order to allow easier access in the future. Backdoors may also be installed prior to malicious software, to allow attackers entry.
The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. Crackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors crackers may use Trojan horses, worms, or other methods.
Malware for profit: spyware, botnets, keystroke loggers, and "ransom" malware like Web threats, and Dialer
Spyware is a type of malware installed on computers that collects information about users without their knowledge. While the term spyware suggests software that monitors a user's computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like Internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers.
Some spyware can change computer settings, which can result in slow Internet connection speeds, un-authorized changes in browser settings, or changes to software settings. The presence of spyware is typically hidden from the user and can be difficult to detect.
Botnet is a collection of internet-connected computers whose security defenses have been breached and control ceded to an unknown party. Each such compromised device, known as a "bot", is created when a computer is penetrated by software from a malware distribution; otherwise known as malicious software. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards-based network protocols such as IRC (Internet Relay Chat) and HTTP (Hypertext Transfer Protocol)
Keystroke logging (more often called keylogging or "keyloggers") is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.
Web threat is any threat that uses the internet to facilitate cybercrime. Web threats can be divided into two primary categories, based on delivery method – push and pull. Push-based threats use spam, phishing, or other fraudulent means to lure a user to a malicious (often spoofed) website which then collects information and/or injects malware. Pull-based web threats are often referred to as “drive-by” threats by experts (and more commonly as “drive-by downloads” by journalists and the general public), since they can affect any website visitor.
Web threats pose a broad range of risks, including financial damages, identity theft, loss of confidential information/data, theft of network resources, damaged brand/personal reputation, and erosion of consumer confidence in e-commerce and online banking.
Dialer (American English) or Dialler (British English) is a computer program which creates a connection to the Internet or another computer network over the analog telephone or Integrated Services Digital Network (ISDN) network. Many operating systems already contain such a program for connections through the Point-to-Point Protocol (PPP).
The World Wide Web is a criminal’s preferred pathway for spreading malware. Today's web threats use combinations of malware to create infection chains. About one in ten Web pages may contain malicious code. At Stellar Phoenix our aim is to prevent all kind of data loss whether it is from a hard drive crash or data breach/loss from malware.
Stellar Phoenix Solutions engineers are trained and certified in all leading encryption and forensics technologies and have scores of satisfied customers all over the globe.
Put us to the test today! Don’t be a victim of low prices and false promises. We guarantee our service standards.