Malware Features And Types Pdf

  • and pdf
  • Friday, January 22, 2021 7:21:54 AM
  • 0 comment
malware features and types pdf

File Name: malware features and types .zip
Size: 2590Kb
Published: 22.01.2021

Computer viruses share many similarities with real-life viruses, which is how they got their name. But while the flu season usually starts in late fall and ends in February, the computer virus season is in full swing all year round. To protect your body from viruses, you only need to get vaccinated once a year, ahead of the flu season.

What is Malware? 8 Common types of malware attacks explained

Malware is shorthand for malicious software. It is software developed by cyber attackers with the intention of gaining access or causing damage to a computer or network, often while the victim remains oblivious to the fact there's been a compromise.

A common alternative description of malware is 'computer virus' -- although there are big differences between these types of malicious programs. The origin of the first computer virus is hotly debated. For some, the first instance of a computer virus -- software that moves from host to host without the input from an active user -- was Creeper, which first appeared in the early s, 10 years before the actual term 'computer virus' was coined by American computer scientist Professor Leonard M.

For the most part, when it found a new machine, it removed itself from the previous computer, meaning it wasn't capable of spreading to multiple computers at once. While Creeper wasn't created for malicious purposes or performing any activity beyond causing mild annoyance, it was arguably the first example of software operating in this way.

Shortly afterward, a new form of software was created to operate in a similar way -- but with the aim of removing Creeper. It was called Reaper. Alternatively, some believe the title of the first computer virus should go to one called Brain , because unlike Creeper, it could self-replicate itself without the need to remove itself from a previous system first -- something many forms of malicious code now do.

The Morris Worm holds the notorious distinction of the first computer worm to gain mainstream media attention -- because, within hours of being connected to the early internet, it had infected thousands of computers. Like Brain and Creeper before it, the Morris worm isn't classed as malware, because it is another example of an experiment gone wrong.

SEE: My stolen credit card details were used 4, miles away. The software was designed to try to find out the size of the burgeoning internet with a series of scans in , but mistakes in the code led to it running unintended denial of service operations -- sometimes multiple times on the same machine, rendering some computers so slow they became useless.

As a result of the Morris Worm, the internet was briefly segmented for several days in order to prevent further spread and clean up networks. While Creeper, Brain and Morris are early examples of viruses, they were never malware in the truest sense. Malware and the malicious code behind it is designed specifically to cause damage and problems on computer systems, while those described above found themselves causing issues by accident -- although the results were still damaging. With the birth of the web and the ability to connect to computers around the globe, the early 90s saw internet businesses take off as people looked to provide goods and services using this new technology.

However, as with any other form of new technology, there were those who looked to abuse it for the purposes of making money -- or in many cases, just to cause trouble. In addition to being able to spread via discs -- both floppy and CD-Rom varieties -- the increased proliferation of personal email allowed attackers to spread malware and viruses via email attachments, which has been especially potent against those without any sort of malware protection.

Various forms of malicious software caused trouble for the computer users of the s, performing actions ranging from deleting data and corrupting hard drives, to just annoying victims by playing sounds or putting ridiculous messages on their machines.

Many can now be viewed -- in safe mode with the actual malware removed -- at the Malware Museum on the Internet Archive. Some of the attacks may have looked simple, but it was these that laid the foundations for malware as we know it today -- and all the damage it has caused around the world. Casino Disk Destroyer - a form of malware in the 90s - made victims play a game of chance before it destroyed content on the disk. Like legitimate software, malware has evolved over the years and comes equipped with different functions depending on the goals of the developer.

Malware authors will sometimes combine the features of different forms of malware to make an attack more potent -- such as using ransomware as a distraction to destroy evidence of a trojan attack. At its core, a computer virus is a form of software or code that is able to copy itself onto computers. The name has become associated with additionally performing malicious tasks, such as corrupting or destroying data.

While malicious software has evolved to become far more diverse than just computer viruses, there are still some forms of traditional viruses -- like the year-old Conficker worm -- that can still cause problems for older systems.

Malware, on the other hand, is designed to provide the attackers with many more malicious tools. One of the most common forms of malware -- the Trojan horse -- is a form of malicious software that often disguises itself as a legitimate tool that tricks the user into installing it so it can carry out its malicious goals.

Its name, of course, comes from the tale of ancient Troy, with the Greeks hidden inside a giant wooden horse, which they claimed was a gift to the city of Troy. Once the horse was inside the city walls, a small team of Greeks emerged from inside the giant wooden horse and took the city. Just as the Greeks used a Trojan Horse to trick Troy into letting troops into the city, Trojan malware disguises itself in order to infiltrate a system.

Trojan malware operates in much the same way, in that it sneaks into your system -- often disguised as a legitimate tool like an update or a Flash download -- then, once inside your system, it begins its attacks.

Once installed in the system, depending on its capabilities a Trojan can then potentially access and capture everything -- logins and passwords , keystrokes, screenshots, system information, banking details , and more -- and secretly send it all to the attackers. Sometimes a Trojan can even allow attackers to modify data or turn off anti-malware protection. The power of Trojan horses makes it a useful tool for everyone from solo hackers, to criminal gangs to state-sponsored operations engaging in full-scale espionage.

Spyware is software that monitors the actions carried out on a PC and other devices. That might include web browsing history, apps used, or messages sent.

Spyware might arrive as a trojan malware or may be downloaded onto devices in other ways. For example, someone downloading a toolbar for their web browser may find it comes packed with spyware for the purposes of monitoring their internet activity and computer use, or malicious adverts can secretly drop the code onto a computer via a drive-by download.

However, there are various instances of such tools being used by employers to spy on the activity of employees and people using spyware to spy on their spouses. While some forms of malware rely on being subtle and remaining hidden for as long as possible, that isn't the case for ransomware. Often delivered via a malicious attachment or link in a phishing email, ransomware encrypts the infected system, locking the user out until they pay a ransom -- delivered in bitcoin or other cryptocurrency , in order to get their data back.

SEE: Ransomware: An executive guide to one of the biggest menaces on the web. Wiper malware has one simple goal: to completely destroy or erase all data from the targeted computer or network.

The wiping could take place after the attackers have secretly removed target data from the network for themselves, or it could could be launched with the pure intention of sabotaging the target.

One of the first major forms of wiper malware was Shamoon , which targeted Saudi energy companies with the aim of stealing data then wiping it from the infected machine.

More recent instances of wiper attacks include StoneDrill and Mamba , the latter of which doesn't just delete files, but renders the hard driver unusable. One of the most high profile wipers of recent times was Petya ransomware. The malware was initially thought to be ransomware. However, researchers found that not only was there no way for victims to retrieve their data via paying the ransom, but also that the goal of Petya was to irrecoverably destroy data.

A worm is a form of malware that is designed to spread itself from system to system without actions by the users of those systems. Worms often exploit vulnerabilities in operating systems or software, but are also capable of distributing themselves via email attachments in cases where the worm can gain access to the contact book on an infected machine.

It might seem like a basic concept, but worms are some of the most successful and long-lived forms of malware out there. The year-old SQL slammer worm is still causing issues by powering DDoS attacks , while the year-old Conficker worm still ranks among the most common cyber infections.

Last year's Wannacry ransomware outbreak infected over , computers around the world -- something it did thanks to the success of worm capabilities which helped it quickly spread through infected networks and onto unpatched systems. The ultimate goal of many cybercriminals is to make money -- and for some, adware is just the way to do it. Adware does exactly what it says on the tin -- it's designed to maliciously push adverts onto the user, often in such a way that the only way to get rid of them is to click through to the advert.

For the cybercriminals, each click brings about additional revenue. In most cases, the malicious adverts aren't there to steal data from the victim or cause damage to the device, just sufficiently annoying to push the user into repeatedly clicking on pop-up windows. However, in the case of mobile devices , this can easily lead to extreme battery drain or render the device unusable due to the influx of pop-up windows taking up the whole screen.

A botnet -- short for robot network -- involves cybercriminals using malware to secretly hijack a network of machines in numbers, which can range from a handful to millions of compromised devices.

While it is not malware in itself, these networks are usually built by infecting vulnerable devices. Each of the machines falls under the control of a single attacking operation, which can remotely issue commands to all of the infected machines from a single point.

By issuing commands to all the infected computers in the zombie network, attackers can carry out coordinated large-scale campaigns, including DDoS attacks , which leverage the power of the army of devices to flood a victim with traffic, overwhelming their website or service to such an extent it goes offline. Other common attacks carried out by botnets include spam email attachment campaigns -- which can also be used to recruit more machines into the network -- and attempts to steal financial data, while smaller botnets have also been used in attempts to compromise specific targets.

Botnets are designed to stay quiet to ensure the user is completely oblivious that their machine is under the control of an attacker. As more devices become connected to the internet, more devices are becoming targets for botnets. The infamous Mirai botnet -- which slowed down internet services in late -- was partially powered by Internet of Things devices, which could easily be roped into the network thanks to their inherently poor security and lack of malware removals tools.

The high profile rise of bitcoin has helped push cryptocurrency into the public eye. In many instances, people aren't even buying it, but are dedicating a portion of the computing power of their computer network or website to mine for it. While there are plenty of instances of internet users actively engaging in this activity on their terms -- it's so popular the demand has helped to push up the price of PC gaming graphics cards -- cryptocurrency mining is also being abused by cyber attackers.

There's nothing underhanded or illegal about cryptocurrency mining in itself, but in order to acquire as much currency as possible -- be it bitcoin, Monero, Etherium or something else -- some cybercriminals are using malware to secretly capture PCs and put them to work in a botnet, all without the victim being aware their PC has been compromised.

Typically, a cryptocurrency miner will deliver malicious code to a target machine with the goal of taking advantage of the computer's processing power to run mining operations in the background. The problem for the user of the infected system is that their system can be slowed down to almost a complete stop by the miner using big chunks of its processing power -- which to the victim looks as if it is happening for no reason. The rise of cryptocurrency has led to a rise in criminals using malware to mine it via compromised systems.

PCs and Window servers can be used for cryptocurrency mining, but Internet of Things devices are also popular targets for compromising for the purposes of illicitly acquiring funds. The lack of security and inherently connected nature of many IoT devices makes them attractive targets for cryptocurrency miners -- especially as the device in question is likely to have been installed and perhaps forgotten about. Analysis by Cisco Talos suggests a single system compromised with a cryptocurrency miner could make 0.

In the past, before the pervasive spread of the World Wide Web, malware and viruses would need to be manually, physically, delivered, via floppy disc or CD Rom. In many cases, malware is still delivered by using an external device, although nowadays it is most likely to be delivered by a flash drive or USB stick.

There are instances of USB sticks being left in car parks outside targeted organisations , in the hope that someone picks one up out of curiosity and plugs it into a computer connected to the network. However, more common now is malware that is delivered in a phishing email with payloads distributed as an email attachment.

The quality of the spam email attempts vary widely -- some efforts to deliver malware will involve the attackers using minimal effort, perhaps even sending an email containing nothing but a randomly named attachment.

In this instance, the attackers are hoping to chance on someone naive enough to just go ahead and click on email attachments or links without thinking about it -- and that they don't have any sort of malware protection installed. Everything you need to know to protect yourself from scam emails and more. A slightly more sophisticated form of delivering malware via a phishing email is when attackers send large swathes of messages, claiming a user has won a contest, needs to check their online bank account , missed a delivery, needs to pay taxes , or even is required to attend court -- and various other messages which upon first viewing may draw the target to instantly react.

For example, if the message has an attachment explaining falsely that a user is being summoned to court, the user may click on it due to the shock, opening the email attachment -- or clicking a link -- to get more information.

This activates the malware, with the likes of ransomware and trojans often delivered in this way. If the attackers have a specific target in mind, the phishing email can be specifically tailored to lure in people within one organisation , or even just an individual.

It's this means of delivering malware which is often associated with the most sophisticated malware campaigns. However, there are many other ways for malware to spread that do not require action by the end user -- through networks and through other software vulnerabilities. As traditional malware attacks are being slowed by prevention tactics including the use of robust anti-virus or anti-malware systems, and users are becoming cautious of unexpected emails and strange attachments, attackers are being forced to find other ways to drop their malicious payloads.

One increasingly common means of this is via the use of fileless malware. Rather than relying on a traditional method of compromise like downloading and executing malicious files on a computer -- which can often be detected by anti-virus software solutions -- the attacks are delivered in a different way.

Instead of requiring execution from a dropped file, fileless malware attacks rely on leveraging zero-day exploits or launching scripts from memory , techniques that can be used to infect endpoints without leaving a tell-tale trail behind. This is achieved because the attacks uses a system's own trusted system files and services to obtain access to devices and launch nefarious activity -- all while remaining undetected because anti-virus doesn't register wrongdoing.

What is Antivirus Software?

Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user; for example by violating their privacy or endangering their device's security. This behavior may be present in malware as well as in legitimate software. Websites may also engage in spyware behaviors like web tracking. Hardware devices may also be affected. Because these behaviors are so common, and can have non-harmful uses, providing a precise definition of spyware is a difficult task. The first recorded use of the term spyware occurred on October 16, in a Usenet post that poked fun at Microsoft 's business model. According to a study by AOL and the National Cyber-Security Alliance, 61 percent of surveyed users' computers were infected with form of spyware.

What is Antivirus Software?

Malware a portmanteau for malicious software is any software intentionally designed to cause damage to a computer , server , client , or computer network [1] [2] by contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug. Programs are also considered malware if they secretly act against the interests of the computer user. For example, at one point Sony music Compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.

Skip to search form Skip to main content You are currently offline. Some features of the site may not work correctly. DOI: Bansal and S.

People tend to play fast and loose with security terminology. However, it's important to get your malware classifications straight because knowing how various types of malware spread is vital to containing and removing them. This concise malware bestiary will help you get your malware terms right when you hang out with geeks.

7 Types of malware

There are many different types of malware that are making life difficult for IT security experts and users alike. Although incidents involving malware seemed to be decreasing at the beginning of , it looks like those numbers are coming back up, Emsisoft reports. So, just what is malware in computer terms? So, what is malware in the simplest terms? Malware can hide inside legitimate software applications or files, or its author can disguise it as a seemingly harmless app that users download unknowingly. But what does malware do? Cybercriminals often use malware to:.

Malicious PDF files recently considered one of the most dangerous threats to the system security. The flexible code-bearing vector of the PDF format enables to attacker to carry out malicious code on the computer system for user exploitation. Work fast with our official CLI. Learn more. If nothing happens, download GitHub Desktop and try again. If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again.

Our business is built on helping you leveraging technology for strategic advantage. Contact our team to learn how our powerful, scalable, affordable technology solutions can transform how you do business. Our solutions are backed by dedicated support teams who are committed to your success. Whether you need IT support, software support, or hardware service, we've got you covered so you can get back to business. No devices were immune to these infections—not even mobile devices. What is malware?

Subscribe to RSS

Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up. There are many features in the PDF that can be used in malicious ways without exploiting a vulnerability. One example is given by Didier Stevens here. Basically he embeds an executable and has it launch when opening the file.

Skip to Main Content. A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. Use of this web site signifies your agreement to the terms and conditions.

Malware is intrusive software that is designed to damage and destroy computers and computer systems. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware. Recent malware attacks have exfiltrated data in mass amounts. Typically, businesses focus on preventative tools to stop breaches.

Malware Analysis and Classification: A Survey

0 Comments