This article defines malware and associated terms and describes in detail the common types of malware. It discusses strategies for avoiding malware, including anti-virus software. It also gives sociological and economic background information about malware and Internet crime.
Computer MalwareMalware is a general term applied to software which by design can damage computer systems, compromise data, inconvenience users, and/or be used to carry out criminal activities (crimeware).
Symptoms of malware infection
Before the Internet became popular, floppy and hard disk drive boot sectors were the most common method of virus distribution. Infected email attachments and websites have made distribution more efficient and malware has become a vastly more widespread problem.
Worms are stand-alone malware programs which spread from one computer to another across networks, including the Internet.
Worms can be designed for many purposes but their main effect is often to crash infected networks simply by exhausting network resources to spread themselves.
In November 1988 the first computer worm, (the work of a university student and dubbed "the Great worm") exploited security gaps in the Unix operating system to infect more than 6,000 computers on the Internet.
In January, 2003, the "Slammer" worm infected over 75,000 Internet servers in just ten minutes and caused massive slowdowns and outages.
Named for the Trojan Horse in Greek mythology, trojan horses are extremely dangerous programs which have been disguised to appear harmless.
Frequently conveyed by email attachment, trojan horses open an Internet connection between the infected system and remote systems running "command and control" modules.
A control system operator can perform actions on the infected system just as if they were present. Information and intelligence can be gathered from the infected system and it can be joined to a "bot-net", or network of robots. Bot-nets are used for illegal activities such as sending SPAM and carrying out Denial of Service attacks, in which targeted Internet servers are removed from service by becoming so overloaded with traffic that they crash. A bot-net can also be used to store and distribute illegal materials such as pornography, stolen credit card numbers, or malware tools.
Blended threats combine two or more conventional types of malware. By design, blended threats:
An example of a blended threat would be a worm which delivers a payload containing a virus and a trojan horse.
Malware DistributionCommon methods for the propagation of malware:
Microsoft and other software publishers assist malware authors by failing to eliminate vulnerabilities in their software.
According to Anti-Virus publisher Symantec, an average of seven new software security flaws are discovered each day - more than 2,600 new vulnerabilities a year.
Persistent (24/7) DSL and cable Internet connections make users more vulnerable to malware by providing a greater window of opportunity for hackers to discover and exploit software vulnerabilities.
Detection Avoidance by Malware
Malware authors use various methods to avoid identification
of their wares by A-V software.
Malware: Detection, Prevention, and Mitigation
The job of anti-virus software is to detect the presence of computer malware and remove or disable it before it causes problems.
To provide the best protection, A-V programs should include three different components:
Scanners detect the presence of malware in primary and secondary memory by scanning for malware "fingerprints".
Malware fingerprints are small snippets of code which uniquely identify each specific malware. These fingerprints are stored in .DAT file databases which must be updated frequently to provide protection against new threats.
Scanners are configured to scan at system boot-up or at pre-determined times of the day. Options include timing, frequency, and scope of scans.
Scanners cannot offer continuous protection because a system can become infected immediately after a scan has completed and go undetected until the next scan.
Continuous protection is provided by a shield. Once loaded, a shield remains active and continuously monitors RAM (secondary memory) for the presence of malware code and prevents it from taking harmful actions against the system.
Firewalls add a third layer of protection by continuously monitoring computer processes for suspicious activity and also inspecting all incoming and outgoing network traffic for the presence of malware.
Strategies for Prevention and Mitigation
Protect your data
Sociology of Malware
In his seminal 1994 sociological description of virus authors, David J. Stang postulated that creators of computer viruses tended to be individuals with time on their hands and access to personal computers, notably white males, often high school or college students. Their motivations included anger against the system, the desire for fame, honoring a hero, spreading a socio-political message, the challenge, and to impress others, usually girlfriends.
While Stang's analysis was likely accurate at the time, such "recreational" motivations have largely been replaced by economic, political, and militaristic ones, and today's malware authors are more likely to be professional criminals or in the employ of corporations or governments.
Portrait of Internet Crime
Internet Crime 2006
Economics of Identity Theft
Number of Malwares
Leyden, John. "One in 10 web pages laced with malware - Google". The Register. 11 May 2007. 11 May 2007 <http://www.theregister.co.uk/2007/05/11/google_malware_map/>.
Leyden, John. "Hardy perennials dominate virus chart". 1 June 2007. 1 June 2007 <http://www.theregister.co.uk/2007/06/01/may_virus_chart/>.
"Number of Viruses". Computer Knowledge. 1 Feb 2006. 16 Apr 2008 <http://www.cknow.com/vtutor/NumberofViruses.html>.
"SoBig-F is Dead".The Register. 10 Sep 2003. 11 Sep 2003 <http://www.theregister.co.uk/2003/09/10/sobigf_is_dead/ >.
Stang, David J. Chapter 20, "Battling Viruses with DOS 6.22". Inside MS-DOS 6.22. By Minasi, Mark, et al. Indianapolis: New Riders Publishing, 1994. 1071-1171.
"Wake up your computer". New York Times. 12 January 2004. A-22.
Bruce Miller, 2011, 2014