Tuesday, June 29, 2010

Malware and its Classification

Malware

Malicious Software (Malware) is a software designed to damage or do other unwanted actions on a computer system. The term 'Mal' refers to Bad and hence its a bad software. Previously Malwares were just pranks, but these days they are completely "Profit Oriented".

The types of malwares can be broadly classified into, 
  1. Infectious malware (viruses and worms)
  2. Concealment malware (Trojan horses, backdoors, and rootkits)
  3. Profit Oriented malware (adware & spyware and botnets)
  4. Exploits
VIRUS
Virus is a program designed to spread its code to all system files. Virus may have payload which performs malicious activities.

Examples : 
  • Virus.Win32.Sality
  • Virus.Win32.Virut
WORM
Worm is a self-propagating malicious code which transmits itself over a network to infect other computers. Unlike virus worms do not infect a file or program, but rather stand on their own. Worm too may have payload which performs malicious activities. Worm can be again classified into :
  • Email Worms - It spreads via E-Mail messages. It can be a link or an attachment in an E-Mail Message
  • Instant Messaging Worms - It spreads via Instant Messagin messages.
  • Internet Worms - It will scan all the network resources of the local machine to attack and gain full access through internet.
  • IRC Worms - It spreads via chat channels.
  • Networks Worms - It copies itself to all shared folders in the network.
Examples : 
  • Net-Worm.Win32.Allaple
  • Worm.Win32.AutoRun
  • IM-Worm.Win32.Sumom
TROJAN HORSE
This is the most dangerous malware. By the name, It hides its malicious code inside a software which appears as an useful or harmless software like the astute Greeks in their attack on Troy. Trojan horses can be again classified into :

  •  Trojan Clicker - It silently runs in the background and connects to a predetermined website to increase the vote counter.
  • Trojan Downloader - It connects a remote server in order to download additional malware onto a users computer without their knowledge.
  • Trojan Dropper - It drops malicious file and run it on the compromised computer.
  • Trojan IM - It relies on instant messenger client application to do Malicious activity.
  • Trojan Notifier - It is capable to notify remote client with the details of its installation on the current system.
  • Trojan Proxy - It sets the local computer as a proxy server, allowing others to connect to the computer.
  • Trojan PSW - It Steals passwords, login details and other information.
  • Trojan Spy - It attempts to monitor keyboard stroke activities made by users of the affected system in hopes to gain essential personal information.
  • Trojan Dialer - It used to dial a high-cost international phone number using a modem without the users permission or knowledge.
Examples : 
  • Trojan-Clicker.Win32.Stixo
  • Trojan-Dropper.Win32.Drooptroop
  • Trojan-Downloader.Win32.Mufanom
Backdoor
Backdoor by name is a method of opening backdoors for unauthorised attackers to get complete access of the system.This method bypasses usual authentication for remote access to victim PC.

Examples : 
  • Backdoor.Win32.IRCBot
  • Backdoor.Win32.Rbot
  • Backdoor.Win32.Hupigon
Rootkits
It is the hardest of all malwares to detect and remove. It camouflage itself in a system's core processes so as to go undetected. Rootkits are basically meant to help hackers. It hides resources such as processes, files, registry keys, and open ports that are being used by the malicious purpose.

Examples :
  • Rootkit.Win32.TDSS
  • Rootkit.win32.bubnix
Adware & Spyware
Its a software which automatically displays, plays or download Advertisements to the computer where it is installed. Spyware are also type of adwares which collects bits of information without their knowledge. Spyware such as keyloggers are also used by corporates in order to secretly monitor other users.

Examples :
  • AdWare.Win32.Mirar
  • Adware.Win32.Ardamax
Botnets
Botnets are becoming a major tool for cybercrimeDOS attack. Botnets, or “Bot Networks,” are made up of vast numbers of compromised computers (Zombies) that have been infected with malicious code, and can be remotely-controlled through commands sent via the Internet. Then the spammer purchases this service of the botnet and provide spam messages to Zombies. In some cases botnets are used for DDOS attack.

Examples :
  • Conficker
  • Kraken
Exploits
Exploit is a piece of software or commands that take advantage of a bug or vulnerability to perform malicious activity. These exploits are due to Buffer Overflows.

Buffer Overflows - If a programmer wants to put ten bytes of data into a buffer that had only been allocated eight bytes of space, that type of action is allowed, even though it will most likely cause the program to crash. This is known as a buffer overrun or buffer overflow.

Examples :

  • Exploit.Win32.MS04-028
  • Exploit.Win32.Pidief


    Posted by
    Labels: , , , , , , , , , , , , ,

    No comments:

    Post a Comment

    Wanna Say Something!!!!

    Subscribe to: Post Comments (Atom)