Malware

• Perhaps the most sophisticated types of threats to computer systems are presented by programs that exploit vulnerabilities in computing systems. Such threats are referred to as malicious software, or malware.
• Malicious software can be divided into two categories: those that need a host program, and those that are independent. The former, referred to as parasitic, are essentially fragments of programs that cannot exist independently of some actual application program, utility, or system program. Viruses, logic bombs, and backdoors are examples. Independent malware is a self-contained program that can be scheduled and run by the operating system. Worms and bot programs are examples.

• Malicious software can be classified into two types: Replicating and Non- Replicating
• Non- Replicating are programs or fragments of programs that are activated by a trigger. Examples are logic bombs, backdoors, and bot programs. Replicating consist of either a program fragment or an independent program that, when executed, may produce one or more copies of itself to be

computer virus

• A computer virus is a piece of software that can “infect” other programs by modifying them; the modification includes injecting the original program with a routine to make copies of the virus program, which can then go on to infect other programs.
• Like its biological counterpart, a computer virus carries in its instructional code the recipe for making perfect copies of itself. The typical virus becomes embedded in a program on a computer.
• Then, whenever the infected computer comes into contact with an uninfected piece of software, a fresh copy of the virus passes into the new program. Thus, the infection can be spread from computer to computer by unsuspecting users who either swap disks or send programs to one another over a network. In a network environment, the ability to access applications and system services on other computers provides a perfect culture for the spread of a virus.
• A virus can do anything that other programs do.The difference is that a virus attaches itself to another program and executes secretly when the host program is run. Once a virus is executing, it can perform any function, such as erasing files and programs that is allowed by the privileges of the current user.

Backdoor�

• A backdoor, also known as a trapdoor, is a secret entry point into a program that allows someone who is aware of the backdoor to gain access without going through the usual security access procedures. Programmers have used backdoors legitimately for many years to debug and test programs; such a backdoor is called a maintenance hook.
• This usually is done when the programmer is developing an application that has an authentication procedure, or a long setup, requiring the user to enter many different values to run the application. To debug the program, the developer may wish to gain special privileges or to avoid all the necessary setup and authentication. The programmer may also want to ensure that there is a method of activating the program should something be wrong with the authentication procedure that is being built into the application. The backdoor is code that recognizes some special sequence of input or is triggered by being run from a certain user ID or by an unlikely sequence of events. Backdoors become threats when unscrupulous programmers use them to gain unauthorized access.

Logic Bomb�

• One of the oldest types of program threat, predating viruses and worms, is the bomb.
• The logic bomb is code embedded in some legitimate program that is set to “explode” when certain conditions are met.
• Examples of conditions that can be used as triggers for a logic bomb are the presence or absence of certain files, a particular day of the week or date, or a particular user running the application.
• Once triggered, a bomb may alter or delete data or entire files, cause a machine halt, or do some other damage.

Trojan horse

• A Trojan horse is a useful, or apparently useful, program or command procedure containing hidden code that, when invoked, performs some unwanted or harmful function. Trojan horse programs can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly.
• For example, to gain access to the files of another user on a shared system, a user could create a Trojan horse program that, when executed, changes the invoking user’s file permissions so that the files are readable by any user. The author could then induce users to run the program by placing it in a common directory and naming it such that it appears to be a useful utility program or application.
• Trojan horses fit into one of three models:

• Continuing to perform the function of the original program and additionally performing a separate malicious activity

• Continuing to perform the function of the original program but modifying the function to perform malicious activity (e.g., a Trojan horse version of a login program that collects passwords) or to disguise other malicious activity (e.g., a Trojan horse version of a process listing program that does not display certain processes that are malicious)

• Performing a malicious function that completely replaces the function of the original program

Mobile Code�

• Mobile code refers to programs (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics .
• The term also applies to situations involving a large homogeneous collection of platforms (e.g., Microsoft Windows).
• Mobile code is transmitted from a remote system to a local system and then executed on the local system without the user’s explicit instruction.
• Mobile code often acts as a mechanism for a virus, worm, or Trojan horse to be transmitted to the user’s workstation. In other cases, mobile code takes advantage of vulnerabilities to perform its own exploits, such as unauthorized data access or root compromise.
• Popular vehicles for mobile code include Java applets, ActiveX, JavaScript, and VBScript.
• The most common ways of using mobile code for malicious operations on local system are cross-site scripting, interactive and dynamic Web sites, e-mail attachments, and downloads from untrusted sites or of untrusted software.

Spyware/Adware�

• Spyware secretly records information about a user and forwards it to third parties. The information gathered may cover files accessed on the computer, a user’s online activities or even user’s keystrokes.
• Adware as the name interprets displays advertising banners while a program is running. Adware can also work like spyware, it is deployed to gather confidential information. Basically, to spy on and gather information from a victim’s computer.

Rootkit�

• A rootkit is a malicious software that alters the regular functionality of an OS on a computer in a stealthy manner. The altering helps the hacker to take full control of the system and the hacker acts as the system administrator on the victim’s system. Almost all the rootkits are designed to hide their existence.

​

Keyloggers

• Keyloggers, also called system monitors, are used to see nearly everything a user does on their computer. This includes emails, opened web-pages, programs and keystrokes.

​