What is Malware?:
Malware is a malicious software. This software include the program that exploit the vulnerabilities in computing system. The purpose of malicious software is harm you or steal the information from you.
Types of Malicious Softwares:
There are three characteristics of malwares:
1 Self-replicating malware actively attempts to propagate by creating new
copies, or instances, of itself. Malware may also be propagated passively,
by a user copying it accidentally, for example, but this isn't self-replication.
2 The population growth of malware describes the overall change in the number
of malware instances due to self-replication. Malware that doesn't selfreplicate
will always have a zero population growth, but malware with a
zero population growth may self-replicate.
3 Parasitic malware requires some other executable code in order to exist.
"Executable" in this context should be taken very broadly to include anything
that can be executed, such as boot block code on a disk, binary code
Trojan Horse:
Self-replicating: no
Population growth: zero
Parasitic: yes
The most famous malicious software is Trojan Horse.
There was no love lost between the Greeks and the Trojans. The Greeks had
besieged the Trojans, holed up in the city of Troy, for ten years. They finally
took the city by using a clever ploy: the Greeks built an enormous wooden horse,
concealing soldiers inside, and tricked the Trojans into bringing the horse into
Troy. When night fell, the soldiers exited the horse and much unpleasantness
ensued.
In computing, a Trojan horse is a program which purports to do some benign
task, but secretly performs some additional malicious task. A classic example is
a password-grabbing login program which prints authentic-looking "username"
and "password" prompts, and waits for a user to type in the information. When
this happens, the password grabber stashes the information away for its creator,
then prints out an "invalid password" message before running the real login
program. The unsuspecting user thinks they made a typing mistake and reenters
the information, none the wiser.
Logic Bomb:
Self-replicating: no
Population growth: zero
Parasitic: possibly
The oldest type of malicious software. This program is embedded with some other program. When certain condition meets, the logic bomb will destroy your pc.
It also crash at particular date which is fixed by attacer. It will be included in legitimate or authorized person like this:
legitimate code
if date is Friday the 13th:
crash_computerO
legitimate code
Eg:
if some antivirus trying to delete or clean the logic bomb. The logic bomb will destroy the pc.
Back Door or Trap Door:
Self-replicating: no
Population growth: zero
Parasitic: possibly
A back door is any mechanism which bypasses a normal security check. Programmers
sometimes create back doors for legitimate reasons, such as skipping
a time-consuming authentication process when debugging a network server.
As with logic bombs, back doors can be placed into legitimate code or be
standalone programs.
username = read_username()One special kind of back door is a RAT, which stands for Remote Administration
password = read_password()
if tisername i s "133t h4ck0r":
return ALLOW^LOGIN
if username and password are valid:
return ALLOW_LOGIN
e l s e:
return DENY^LOGIN
Tool or Remote Access Trojan, depending on who's asked. These programs
allow a computer to be monitored and controlled remotely;
Virus:
Self-replicating: yes
Population growth: positive
Parasitic: yes
A virus is malware that, when executed, tries to replicate itself into other executable
code; when it succeeds, the code is said to be infected. The infected
code, when run, can infect new code in turn. This self-replication into existing
executable code is the key defining characteristic of a virus.
Types of Virus
1.Parasitic virus:
Traditional and common virus. This will be attached with EXE files and search for other EXE file to infect them.
2. Memory Resident Virus:
Present in your system memory as a system program. From here onwards it will infects all program that executes.
3. Boot Sector Virus:
Infects the boot record and spread when the system is booted from the disk containing the virus.
4. Stealth Virus:
This virus hides itself from detection of antivirus scanning.
Worm:
Self-replicating: yes
Population growth: positive
Parasitic: no
A worm shares several characteristics with a virus. The most important characteristic
is that worms are self-replicating too, but self-replication of a worm
is distinct in two ways. First, worms are standalone, and do not rely on other
executable code. Second, worms spread from machine to machine across networks.
Rabbit:
Self-replicating: yes
Population growth: zero
Parasitic: no
Rabbit is the term used to describe malware that multiplies rapidly. Rabbits
may also be called bacteria, for largely the same reason.
There are actually two kinds of rabbit.The first is a program which tries
to consume all of some system resource, like disk space. A "fork bomb," a
program which creates new processes in an infinite loop, is a classic example
of this kind of rabbit. These tend to leave painfully obvious trails pointing to
the perpetrator, and are not of particular interest.
The second kind of rabbit, which the characteristics above describe, is a
special case of a worm. This kind of rabbit is a standalone program which
replicates itself across a network from machine to machine, but deletes the
original copy of itself after replication. In other words, there is only one copy
of a given rabbit on a network; it just hops from one computer to another.
Rabbits are rarely seen in practice.
Spyware:
Spyware is software which collects information from a computer and transmits
it to someone else.
The exact information spyware gathers may vary, but can include anything
which potentially has value:
1 Usernames and passwords. These might be harvested from files on the
machine, or by recording what the user types using a key logger. A keylogger
differs from a Trojan horse in that a keylogger passively captures keystrokes
only; no active deception is involved.
2 Email addresses, which would have value to a spammer.
3 Bank account and credit card numbers.
4 Software license keys, to facilitate software pirating.
Definitions
Adware:
Self-replicating: no
Population growth: zero
Parasitic: no
Adware has similarities to spyware in that both are gathering information about
the user and their habits. Adware is more marketing-focused, and may pop up
advertisements or redirect a user's web browser to certain web sites in the hopes
of making a sale. Some adware will attempt to target the advertisement to fit
the context of what the user is doing. For example, a search for "Calgary" may
result in an unsolicited pop-up advertisement for "books about Calgary."
Adware may also gather and transmit information about users which can be
used for marketing purposes. As with spyware, adware does not self-replicate.
Zombies:
Computers that have been compromised can be used by an attacker for a
variety of tasks, unbeknownst to the legitimate owner; computers used in this
way are called zombies. The most common tasks for zombies are sending spam
and participating in coordinated, large-scale denial-of-service attacks.
0 komentar:
Post a Comment