Difference between revisions of "Malicious software"

Revision as of 15:53, May 11, 2024

Malicious software (or malware), often generically called a virus, is computer software which deliberately does something harmful or otherwise abusive to a computer or other digital device.^[1] Once downloaded, malware can be passed from one computer to another. Malware is usually downloaded to a computer by hiding inside rogue (and sometimes legitimate) software packages: the Trojan horse (or Trojan).^[2][3]

Means of Infection

The main way that malware infects a computer is through downloads and/or email attachments. However, it can also come through people sharing infected files with each other. More rarely it can also come through vulnerabilities in operating systems or other software such as through backdoors or scripting abilities. Malware may also provide a means for the infection of additional malware.

Symptoms

If an operating system (such as Windows, or Mac OS) gets infected by malware, it could cause the loss of important files; business files, digital music and movies, and pictures could be destroyed by a single infection.^[4] A computer with malware may also operate more slowly since the malware is using up system resources. It may also reduce the available bandwidth on a network, causing internet performance problems for all computers connected to that network. Malware can also use additional storage space.

Infectious Mobile Devices

Android and Apple iOS mobile operating systems are vulnerable to malicious code as well. This can come from PDF files,^[5][6] applications, and a variety of other sources. This malware may affect the infected device, or it could act as an asymptomatic carrier, allowing cybercriminals to access confidential information on in or other devices connected to it, intercept phone conversations or take over other aspects of the infected device.

Mac Malware

While Mac malware is scarcer than Windows malware, over the last ten years threats targeting Mac OS X have been on the rise and have become more sophisticated.^[7] In addition, Macs can pass on files that contain malware to Windows users. For this reason, a layered approach to security is the best defense, including the use of a firewall and Mac antivirus that detects and stops Windows viruses as well as Mac malware.
Since the iOS is shared across all Mac devices, malware targeting this operating system will sometimes lay dormant until it is connected to another device. For example, one kind of malware will infect an iPhone but remain dormant. Once it is connected to a MacBook (through a wired or wireless connection) it infects that. The malware will also infect any other iOS device available, such as an iPod or iPad. After a time, it can gather information from every device the individual owns, essentially stealing their entire online (and quite possibly real) identity. Such malware is sometimes used by hackers to open a back door into these devices so they can manually lock the entire set of devices and copy everything off of them.

Classifications

Implementation

The following terms are often incorrectly used interchangeably, or for malware in general.

• Viruses. Malware which is inserted into a file or program. It requires the program to run, or the file to be opened, in order for the virus to work. For a more detailed description, see Virus
• Worms. Malware which operates independently in the background. For a more detailed description, see Worm
• Trojans. Malware which appears to be legitimate software, but whose purpose is nefarious. The program may even provide a useful service to the user. Examples of trojans include Adware and the Tiktok app. For a more detailed description, see Trojan
• Rootkit. Malware which introduces a vulnerability to a computer through a modification of system software.

It should be noted that some malware implement more than one of the above. For instance, a trojan may further infect files with viruses.

Purposes

Broadly speaking, malware has one or more of the following purposes.

• Making money. The purpose is to earn money the malware maker, or distributor. This can be done through blackmail, by showing advertisements (called Adware), by stealing information such as passwords or credit card numbers (credential stealers), by requiring users to pay to gain access to their own data (called Ransomware), or mining cryptocurrency.
• Damaging data or hardware. The purpose is simply to destroy data (such as deleting files) or hardware (such as Stuxnet).
• Denying service. The purpose is to interfere with access to a service, such as a web site or a public utility. It can target local or national infrastructure, corporations, or average users.
• Profiling. The purpose is to gather information. This can be used to profile the user for various reasons (Spyware), or to help train Artificial intelligence, or to generate statistical data.

Specific examples

• Remote Access Trojan (RAT). A trojan whose purpose is to allow a remote user access to your computer.
• Bot. Independent software that performs a service on behalf of someone else. A collection of computers infected with the same Bot is called a Botnet. A common use of a botnet is a Distributed denial of service attack.
• Spyware
• Adware
• Ransomware
• Backdoors
• Anti-Analysis
• Loader/Downloader
• Scareware (rogue software that claims to serve a legitimate purpose, usually pretending to be security software)

Prevention and Recovery

Most malware can be prevented from infecting a computer by following these guidelines:

• Keep the operating system on computer, phone, tablet, etc. and your software updated
• Run an antivirius program on your computer
• Do not connect computers with outdated/unsupported software to the internet
• Only download/install software from trusted sources
• Remove (uninstall) unused software and do not install software that you do not intend to use
• Only visit web sites that you know and trust
• Do not open email attachments unless you know the sender, and can verify that they intended to send you an attachment
• Regularly back up important files and email messages

If you find, or suspect, that you have malware on your computer, you can do one or more of the following (listed in order of how time-consuming they are):

• Run a security scan with your antivirius software
• Run one, or more, of several anti-malware programs
• Reinstall your operating system and software

It may be impossible to guarantee that your computer, phone, or other devices are never compromised with malware. Even trustworthy sources can become unintentional providers of malware. Sometimes security flaws in software allow attackers to gain access to your computer resources, before the software supplier is aware of the flaw. Exploitation of these flaws before the software manufacturer provides patches are called zero-day exploits (or zero-day hacks). Additionally, legitimate software can be compromised either by direct attack on the publisher, or by a supply chain attack (in which, a third party is attacked, leading to the compromise of software downstream).

References

1. ↑ malware. Dictionary.com. http://dictionary.reference.com/browse/malware, (accessed: July 13, 2011).
2. ↑ Definition: Trojan horse, searchsecurity.techtarget.com, (Accessed July 13, 2011).
3. ↑ Apple Macintoshes Targeted by Porn-Based Computer Virus, FOXNews.com, November 02, 2007.
4. ↑ The Mac Security Blog. Do You Need an Antivirus for Your Mac? Definitely, Yes., blog.intego.com, December 4, 2008.
5. ↑ Amy Gahran. iPhone, iPad users: Watch out for malicious PDF files, CNN, July 11, 2011.
6. ↑ The Mac Security Blog. iOS PDF Vulnerability Creates Security Risks, Allows Easy Jailbreaks, blog.intego.com, July 7, 2011.
7. ↑ 10 Years of Mac Malware: How OS X Threats Have Evolved (Infographic)

See also

• Potentially unwanted program (PUP)
• Botnet