Malware short for malicious software.
It consists of programming (code, scripts, active content, and other software) that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses,worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or program. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U.S. states, including California and West Virginia.
Preliminary results from Symantec published in 2008 suggested that “the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.”According to F-Secure, “As much malware [was] produced in 2007 as in the previous 20 years altogether.”Malware’s most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.
The prevalence of malware as a vehicle for organized Internet crime, along with the general inability of traditional anti-malware protection platforms (products) to protect against the continuous stream of unique and newly produced malware, has seen the adoption of a new mindset for businesses operating on the Internet: the acknowledgment that some sizable percentage of Internet customers will always be infected for some reason or another, and that they need to continue doing business with infected customers. The result is a greater emphasis on back-office systems designed to spot fraudulent activities associated with advanced malware operating on customers’ computers.
A 2011 study from the University of California, Berkeley, and the Madrid Institute for Advanced Studies published in Software Development Technologies, “Measuring Pay-per-Install: The Commoditization of Malware Distribution,” examined how entrepreneurial hackers are helping enable the proliferation of malware by offering access for a price (from $7 to $180 per thousand infections) and make up an informal underground Pay-Per-Install (PPI) industry. The study’s authors identified more than 57 malware “families,” including spam bots, fake antivirus programs, information-stealing trojans, denial-of-service bots and adware. To avoid detection by anti-virus software, malware distributed by PPI services is on average repacked every 11 days, with one observed family of malware repacking up to twice a day. Although most common families of malware targeted both Europe and the United States, there were some families with a single-country focus and some families with no geographic bias. In terms of cost per thousand infections, the United States and Great Britain were at the high end ($100 to $180), other European countries at $20 to $160, and the rest of the world below $10, the study found.
Microsoft reported in May 2011 that every one in 14 downloads from the Internet may now contain malware code, according to the Wall Street Journal. Social media, and Facebook in particular, is seeing a rise in new tactics for spreading harm to computers.
Malware is not the same as defective software, that is, software that has a legitimate purpose but contains harmful bugs. Sometimes, malware is disguised as genuine software, and may come from an official site. Therefore, some security programs, such as McAfee may call malware “potentially unwanted programs” or “PUP”. Though a computer virus is malware that can reproduce itself, the term is often used erroneously to refer to the entire category.
Infectious malware: viruses and worms
Main articles: Computer virus and Computer worm
The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any other particular behavior. The term computer virus is used for a program that has infected some executable software and, when run, causes the virus to spread to other executables. Viruses may also contain a payload that performs other actions, often malicious. On the other hand, a worm is a program that actively transmits itself over a network to infect other computers. It too may carry a payload.
These definitions lead to the observation that a virus requires user intervention to spread, whereas a worm spreads itself automatically. Using this distinction, infections transmitted by email orMicrosoft Word documents, which rely on the recipient opening a file or email to infect the system, would be classified as viruses rather than worms.
Some writers in the trade and popular press misunderstand this distinction and use the terms interchangeably.
Capsule history of viruses and worms
Before Internet access became widespread, viruses spread on personal computers by infecting the executable boot sectors of floppy disks. By inserting a copy of itself into the machine codeinstructions in these executables, a virus causes itself to be run whenever a program is run or the disk is booted. Early computer viruses were written for the Apple II and Macintosh, but they became more widespread with the dominance of the IBM PC and MS-DOS system. Executable-infecting viruses are dependent on users exchanging software or boot-able floppies, so they spread rapidly in computer hobbyist circles.
The first worms, network-borne infectious programs, originated not on personal computers, but on multitasking Unix systems. The first well-known worm was the Internet Worm of 1988, which infectedSunOS and VAX BSD systems. Unlike a virus, this worm did not insert itself into other programs. Instead, it exploited security holes (vulnerabilities) in network server programs and started itself running as a separate process. This same behaviour is used by today’s worms as well.
With the rise of the Microsoft Windows platform in the 1990s, and the flexible macros of its applications, it became possible to write infectious code in the macro language of Microsoft Word and similar programs. These macro viruses infect documents and templates rather than applications (executables), but rely on the fact that macros in a Word document are a form of executable code.
Today, worms are most commonly written for the Windows OS, although a few like Mare-D and the Lion worm are also written for Linux and Unix systems. Worms today work in the same basic way as 1988’s Internet Worm: they scan the network and leverage vulnerable computers to replicate. Because they need no human intervention, worms can spread with incredible speed. The SQL Slammer infected thousands of computers in a few minutes.
Concealment: Trojan horses, rootkits, and backdoors
Grayware (or Greynet) is a general term sometimes used as a classification for applications that behave in a manner that is annoying or undesirable, and yet less serious or troublesome than malware.
Grayware encompasses spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs apart from viruses that are designed to harm the performance of computers on one’s network. The term has been in use since at least as early as September 2004.
Grayware refers to applications or files that are not classified as viruses or trojan horse programs, but can still negatively affect the performance of the computers on a network and introduce significant security risks to an organization. Often grayware performs a variety of undesired actions such as irritating users with pop-up windows, tracking user habits and unnecessarily exposing computer vulnerabilities to attack.
Spyware is software that installs components on a computer for the purpose of recording Web surfing habits (primarily for marketing purposes). Spyware sends this information to its author or to other interested parties when the computer is online. Spyware often downloads with items identified as ‘free downloads’ and does not notify the user of its existence or ask for permission to install the components.
The information spyware components gather can include user keystrokes, which means that private information such as login names, passwords, and credit card numbers are vulnerable to theft.
Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla Firefox. While not categorized as malware, many users consider adware invasive. Adware programs often create unwanted effects on a system, such as annoying popup ads and the general degradation in either network connection or system performance.
Adware programs are typically installed as separate programs that are bundled with certain free software. Many users inadvertently agree to installing adware by accepting the End User License Agreement (EULA) on the free software.
Adware are also often installed in tandem with spyware programs. Both programs feed off each other’s functionalities: spyware programs profile users’ Internet behavior, while adware programs display targeted ads that correspond to the gathered user profile.