Intro to Malicious Code - Malware
- Malware or MALicious softWARE is the general name for programs or programs parts planted by an agent with malicious intent to cause unanticipated or undesired effects.
- Some of these include:
- Provide access to confidential information
- Destroy or alter content
- Provide unauthorized access to the system.
- Provide a platform for future attacks.
- Just harass the user.
- They state that the terminology is sometimes use imprecisely.
- They provide a list of some types of malware, but methods are more important than names.
- Virus:
- Generally capable of replicating itself, but normally embedded in another program.
- Passes malicious code to other programs.
- Two general types
- A transient virus is attached to a program and continues to run as long as that program runs.
- A resident virus locates itself in memory and persists until removed or the system is shut down.
- Worm:
- Spreads through the network.
- Makes copies of itself.
- The use of the network is the primary difference between a worm and a virus.
- Could be used to measure the size, capacity, usage of the internet.
- Example, search engines use a special worm called a bot.
- The look for new web pages, and report back to the search engine.
- However, worms can spread exponentially and shut down servers and even portions of the network.
- Trojan Horse
- This is a program that has been added to another program (not automatically)
- The wrapping program appears to be useful in some manner.
- This program is available for malicious use later.
- On page 170, Table 3-2 provides even more categories of malware.
- They provide several pages, along with a time table of the history of malware
- It goes as far back as the 60s
- But there is no doubt, the expansion of the internet in the 90s truly meant an expansion in malicious code.
- A zero-day exploit or attack is somewhat newer
- This is when someone uses malware to exploit a newly discovered vulnerability on the day it is announced.