There is a class of programs that were originally written for the purpose of destroying data on someone else's computer, stealing someone else's information, unauthorized use of someone else's resources, etc., or acquired such properties due to some reason. Such programs carry a malicious load and are therefore called malicious.
A malware is a program that does harm to the computer on which it runs or other computers on the network.
2.1 Viruses
Term "computer virus"appeared later - officially its author is an employee of Lehigh University (USA) F. Cohen in 1984 at the seventh conference on information security. The main feature of a computer virus is its ability to replicate itself.
Computer virus Is a program capable of creating its own duplicates (not necessarily the same as the original) and embedding them into computer networks and / or files, computer system areas and other executable objects. At the same time, duplicates retain the ability for further distribution.
Conventionally, the life cycle of any computer virus can be divided into five stages:
Penetration on someone else's computer
Activation
Search for objects to be infected
Preparing copies
Embedding copies
The virus can penetrate both mobile media and network connections - in fact, all channels through which a file can be copied. However, unlike worms, viruses do not use network resources - infection with a virus is possible only if the user has activated it in some way. For example, he copied or received an infected file by mail and launched it himself or simply opened it.
After penetration, the activation of the virus follows. This can happen in several ways and according to the method chosen, viruses are divided into several types. The classification of viruses is presented in Table 1:
Table 1 - Kinds computer viruses
|
Name |
Description |
|
|
Boot viruses |
infect boot sectors of hard drives and mobile media. |
|
|
File viruses |
Classic file viruses |
they are injected into executable files in various ways (inject their own malicious code or completely overwrite them), create duplicate files, their copies in various directories hard disk or use the peculiarities of the organization of the file system |
|
Macroviruses |
which are written in the internal language, the so-called macros of any application. The vast majority of macro viruses use Microsoft Word text editor macros |
|
|
Script viruses |
scripts for a specific command shell - for example, bat files for DOS or VBS and JS - scripts for Windows Scripting Host (WSH) |
|
An additional difference between viruses and other malicious programs is their rigid attachment to the operating system or software shell for which each particular virus was written. This means that the virus is for Microsoft Windows will not work and infect files on a computer with another operating system installed, such as Unix. Likewise, a macro virus for Microsoft Word 2003 will most likely not work in Microsoft Excel 97.
When preparing their virus copies for masking from antiviruses, they can use such technologies as:
Encryption - in this case, the virus consists of two parts: the virus itself and the encryptor.
Metamorphism- when using this method, virus copies are created by replacing some commands with similar ones, rearranging parts of the code, inserting additional commands between them, usually doing nothing.
Accordingly, depending on the methods used, viruses can be divided into encrypted, metamorphic and polymorphic, using a combination of two types of camouflage.
The main goals of any computer virus are to spread to other computer resources and perform special actions upon certain events or user actions (for example, on the 26th of every even month or when the computer is restarted). Special actions are often harmful.
Bots
Acronym for a word Robot (robot). Bots are programs designed to automate tasks.
Botnets
A botnet is a group of computers infected with bot programs, managed from a single Control Center.
Hoaxes
A hoax is deliberate misinformation sent across e-mail, and disseminated by an unsuspecting true target or an uninformed public. Hoaxes are usually intended to provoke users to take actions that are in fact unreasonable. Malicious hoaxes can, for example, provoke a user to delete important operating system files by declaring these files to be dangerous viruses.
In many cases, hoaxes refer to reputable institutions and companies to grab the attention of readers. For example, they use phrases like Microsoft warns that ... or CNN agency reports... These messages often warn of harmful or even catastrophic consequences. These alerts have a common feature - they urge users to send these messages to everyone they know, which increases the life cycle of the hoax. 99.9% of messages of this kind are unreliable.
Hoaxes cannot spread by themselves, the only way not to fall for their bait is to verify the accuracy of the information received before performing any actions for which it calls.
Fraud
In a broad sense, fraud is the deception of computer users for the purpose of financial enrichment or outright theft. One of the most common types of scams is rogue faxes or emails from Nigeria or other West African countries. They look like perfectly reasonable business proposals but require upfront payments from the recipient. Such offers are fraudulent and any payments transferred by the victims of these scams are immediately stolen. Another common form of fraud includes phishing attacks via email and websites. Their purpose is to gain access to confidential data such as bank account numbers, PIN codes, etc. To achieve this goal, the user is sent email on behalf of a person posing as a trustee or business partner (financial institution, insurance company).
The email message appears to be genuine and contains graphic elements and content that may have been received from the source that the message sender claims to be. The user is asked to enter personal information such as bank account numbers or usernames and passwords. Such data, if provided, may be intercepted and used for other purposes.
It should be noted that banks, insurance companies, and other legitimate companies never ask for usernames and passwords in unsolicited email messages.
Potentially unsafe applications
Dangerous applications
Dangerous applications are legal programs that, although installed personally by the user, can compromise the security of your computer. Examples include commercial keyboard or screen capture interceptors, remote access tools, password cracking, and security testing programs.
Malicious software
Term Malware (malware) is an abbreviated version of a generic term MALicious SoftWAREmeaning malicious software... Viruses, Trojans, worms, and bots belong to certain categories of malware.
Additional functions such as data capture, file deletion, disk overwrite, overwrite BIOSetc., which may be included in viruses, worms or Trojans.
Phishing
The term comes from the word fishing (fishing). Phishing attacks are fraudulent emails disguised as various forms of social and social activity, the purpose of which is to fraudulently obtain confidential personal information, such as credit cards or passwords.
Rootkits
Rootkit - a set of tools designed to secretly control a computer.
Spyware
Spyware uses the Internet to collect confidential information about a user without his knowledge. Some spyware collect information about the applications installed on your computer and about the websites you visit. Other programs of this kind are created with much more dangerous intentions - they collect financial or personal data of users for their use for mercenary and fraudulent purposes.
Trojans
Trojans are malicious programs that, unlike viruses and worms, cannot copy themselves and infect files. They are usually found in the form of executable files ( .EXE, .COM) and do not contain anything other than the "Trojan" code itself. Therefore, the only way to deal with them is to remove them. Trojans are endowed with various functions, from intercepting keyboard input (registering and transmitting each keystroke) to deleting files (or formatting the disk). Some of them ( backdoor - programs) are designed for a special purpose - they install the so-called "back door" ( Backdoor).
Viruses
A virus is a program that gets activated by copying itself into executable objects. Viruses can enter your computer from other infected computers, through storage media (floppy disks, CDs, etc.) or over a network (local or Internet). Listed below are the different types of viruses and their descriptions.
- File viruses Viruses that infect files attack executable programs, in particular, all files with extensions EXEand COM.
- Script viruses Script viruses are a type of file virus. They are written in various scripting languages \u200b\u200b( VBS, JavaScript, BAT, PHP etc.). These viruses either infect other scripts (for example, command and service windows files or Linux), or are part of multi-component viruses. Script viruses can infect files of other formats that allow script execution, for example Html.
- Boot viruses They attack the boot sectors (floppy or hard disk) and install their own routines that are loaded when the computer starts up.
- Macroviruses
Another way to classify viruses is by their mode of action. While direct-acting viruses perform their function immediately after activating an infected object, resident viruses remain and function in the computer's memory.
Worms are independent programs that propagate copies of themselves over a network. Unlike viruses (which require an infected file to spread, in which these viruses self-copy), worms actively spread by sending their copies through local area network and the Internet, e-mail communication or through operating system vulnerabilities.
At the same time, they may contain additional filling - malware (for example, they can install backdoor - programs, which is discussed below), although not only worms have this feature. Worms can cause great harm, they often "clog" communication channels through DoS attacks (Denial of Service - denial of service). Through the Internet, worms can spread around the world in a matter of minutes.
Backdoor - programs
Backdoor programs (Backdoor) are client-server applications that open to developers of such programs remote access to your computer. Unlike regular (legal) programs with similar functions, backdoor - programs establish access without the consent of the owner of the client computer.
Title for h1: Known viruses and their classification
Malicious program - any software designed to obtain unauthorized access to the computing resources of the computer itself or to information stored on the computer, for the purpose of unauthorized use of computer resources or causing harm to the information owner (or computer owner) by copying, distorting, deleting or substituting information.
Malicious software is divided into three main classes: computer viruses, network worms, and Trojans. Let's consider each of them in more detail.
Computer viruses
This class of malware is the most widespread among the rest.
A computer virus is a type of computer program, a distinctive feature of which is the ability to reproduce (self-replication). In addition, viruses can damage or completely destroy all files and data under the control of the user on whose behalf the infected program was launched, as well as damage or even destroy the operating system with all files in general.
Usually, the user himself is to blame for the penetration of a virus onto the user's personal computer, who does not check antivirus program information that gets to the computer, as a result of which, in fact, the infection occurs. There are quite a few ways to "infect" a computer with a classic virus (external storage media, Internet resources, files spreading over the network)
Viruses are divided into groups according to two main characteristics: according to their habitat, according to the method of infection.
According to their habitat, viruses are divided into:
- · File (embedded in executable files)
- · Boot (injected into the boot sector of the disk or into the sector containing the boot loader of the hard drive)
- · Network (distributed over a computer network)
- · Combined (for example, file-boot viruses that infect both files and the boot sector of the disk. These viruses have an original way of penetration and a complicated algorithm of work)
By the method of infection, they are divided into:
Network worms
The next big class of malware is called "Network worms"
A network worm is a malicious program code that spreads copies of itself over local and / or global networks for the purpose of infiltrating a computer, launching a copy of itself on this computer and further spreading. To spread, worms use e-mail, irc networks, lan, data exchange networks between mobile devices and others. Most worms spread in files (attachments to messages, links to files). But there are also worms that spread in the form of network packets. Such varieties penetrate directly into the computer's memory and immediately begin to act resident. Several ways are used to penetrate the victim computer: independent (packet worms), user (social engineering), as well as various flaws in the security systems of the operating system and applications. Some worms possess the properties of other types of malicious software (most often Trojans).
Classes of network worms:
Email-Worms... It is a malicious system that resides in a file attached to an email. Authors of the mail worm in any way encourage the execution of the attached file with the virus. It is disguised as a new game, update, or popular program. Activating activity on your computer, the mail worm first sends its own copy by e-mail, using your address book, and then damages your computer.
- · Worms using instant messengers (IM-Worm)... The action of this "worm" almost completely repeats the distribution method used by mail worms, only the carrier is not an email, but a message implemented in instant messaging programs
- · File-sharing worms (P2P-Worm)... To inject itself into a P2P network, a worm just needs to copy itself to a file sharing directory, which is usually located on the local machine. The P2P network takes over the rest of the work to distribute it - when searching for files on the network, it will inform remote users about this file and provide a service for downloading it from an infected computer.
There are more sophisticated worms of this type that mimic the network protocol of a particular file-sharing system and respond positively to search queries. At the same time, the worm offers its copy for download.
Using the first method, the worm searches the network for machines with writeable resources and copies. At the same time, he can randomly find computers and try to open access to resources. To penetrate by the second method, the worm looks for computers with installed software that have critical vulnerabilities. Thus, the worm sends a specially crafted packet (request), and a part of the "worm" penetrates the computer, then downloads the full body file and launches it for execution.
Trojans
Trojans or Trojan horse programs are written with the aim of harming the target computer by performing unauthorized actions by the user: stealing data, damaging or deleting confidential data, disrupting the PC's performance or using its resources for unseemly purposes.
Some Trojans are capable of independently overcoming the security systems of a computer system in order to penetrate it. However, in most cases, they enter the PC along with another virus. Trojans can be viewed as additional malware. It is not uncommon for users to download Trojans themselves from the Internet.
The cycle of activity of Trojans can be determined by the following stages:
- - penetration into the system.
- - activation.
- - performing malicious actions.
Trojans differ in the actions they perform on the infected PC.
- · Trojan-PSW... Purpose - Stealing passwords. This type of Trojans can be used to search for system files that store various confidential information (for example, passwords), "steal" registration information for various software.
- · Trojan-Downloader... Purpose - Delivery of other malicious programs. Activates programs downloaded from the Internet (launch for execution, registration for startup)
- · Trojan-Dropper... Installation of other malicious files on the disk, their launch and execution
- · Trojan-proxy... They provide anonymous access from the victim's PC to various Internet resources. Used to send spam.
- · Trojan-Spy... They are spyware. They carry out electronic spying on the user of the infected PC: the input information, screenshots, the list of active applications, user actions are saved in a file and periodically sent to the attacker.
- · Trojan (Other Trojans). Carry out other actions that fall under the definition of Trojans, for example, destruction or modification of data, disruption of the PC's performance.
- · Backdoor. They are remote administration utilities. They can be used to detect and transfer confidential information to an attacker, destroy data, etc.
- · ArcBomb ("Bombs" in the archives). Cause abnormal behavior of archivers when trying to unpack data
- RootKit. Purpose - Hiding the presence in the operating system. The program code hides the presence of certain objects in the system: processes, files, registry data, etc.
Of these, the most widespread spyware programs are - Trojan-Spy andRootKit (rootkits). Let's consider them in more detail.
Rootkits. In the Windows system, RootKit is considered to be a program that is unauthorizedly introduced into the system, intercepts calls to system functions (API), and modifies system libraries. Interception of low-level APIs allows such a program to mask its presence in the system, protecting it from detection by the user and anti-virus software.
All rootkit technologies can be conventionally divided into two categories:
- Rootkits working in user-mode
- Rootkits running in kernel mode (kernel-mode)
Sometimes rootkits come in email attachments disguising themselves as documents of different formats (for example, PDF). In fact, such a "ghost document" is an executable file. By trying to open, the user activates the rootkit.
The second path of distribution is sites subjected to hacker manipulation. The user opens a web page - and the rootkit gets into his computer. This becomes possible due to the security flaws in the browsers. computer file program
Rootkits are not only able to be planted by intruders. There is a notorious case when Sony built a kind of rootkit into its licensed audio CDs. Rootkits are essentially the majority of copy protection software (and bypass copy protection — for example, CD and DVD drive emulators). They differ from "illegal" ones only in that they are not placed secretly from the user.
Spyware. Such programs can perform a wide range of tasks, for example:
- · Collect information about Internet usage habits and most frequently visited sites (tracking program);
- · Remember keystrokes on the keyboard (keyloggers) and record screenshots (screen scraper) and then send information to the creator;
- · Used for unauthorized analysis of the state of security systems - port and vulnerability scanners and password crackers;
- · Change the parameters of the operating system - rootkits, control interceptors, etc. - the result of which is a decrease in the speed of the Internet connection or loss of the connection as such, opening other home pages or removing certain programs;
- · Redirect browser activity, which entails blind visits to websites with the risk of viruses.
Remote control and management programs can be used for remote technical support or access to their own resources located on a remote computer.
Passive tracking technologies can be useful for personalizing the web pages that a user visits.
These programs are not viruses in themselves, but for one reason or another they are included in the anti-virus databases. As a rule, these are small programs that have a small area of \u200b\u200binfluence and are ineffective as viruses.
- · Adware is a generic name for software that is forced to serve ads.
- · Bad-Joke - mean jokes. Programs that scare the user with unexpected and non-standard opening or use graphics. It can also be programs that give false messages about formatting a disk or stopping a program, etc.
- · Sniffer - a program designed to intercept and then analyze network traffic.
- · SpamTool - a program designed to send spam (as a rule, the program turns a computer into a spam mailing machine).
- · IM-Flooder - a program that allows you to send a large number of various messages to a specified number of an IM-messenger.
- · VirTool - utilities designed to facilitate writing computer viruses and to study them for hacking purposes.
- · DoS (Denial of service) - a malicious program designed to carry out a Denial of Service attack on a remote server.
- · FileCryptor, PolyCryptor - hacker utilities used to encrypt other malicious programs in order to hide their contents from anti-virus scanning.
Malware is software designed to harm your computer and / or its owner. Obtaining and installing such programs is called computer infection. To avoid infection, you need to know the types of malware and methods of protection against them. I will tell you about this in the article.
What for do they create malware? There are many options. Here are the most common ones:
Just for fun
- self-affirmation in the face of peers
- theft of personal information (passwords, credit card codes, etc.)
- extortion of money
- spreading spam through zombie computers that combine into a botnet
- revenge
Malware classification
The most popular types of malware are:
- computer virus
- Trojan horse
- network worm
- rootkit
Computer virus
- a kind of malicious programs, the purpose of which is to carry out actions that harm the owner of the PC, without his knowledge. A distinctive feature of viruses is the ability to reproduce. You can catch a virus via the Internet or from removable media: flash drives, floppy disks, disks. Viruses are usually embedded in the body of programs or replace programs.
Trojan horse
(you can also hear such names as Trojan, Trojan, Tryansky Horse) - a malicious program that penetrates the victim's computer under the guise of harmless (for example, a codec, system update, screensaver, driver, etc.). Unlike a virus, Trojans do not have their own way of spreading. You can get them by e-mail, from removable media, from the Internet site.
Network worm
Is an independent malicious program that penetrates the victim's computer using vulnerabilities in the operating system software.
Rootkit
- a program designed to hide traces of malicious actions of an intruder in the system. Not always malicious. For example, rootkits are licensed disc protection systems used by publishers. Also, an example of a rootkit that does not harm the user can be programs for emulating virtual drives: Daemon Tools, Alcohol 120%.
Computer infection symptoms:
Blocking access to websites of antivirus developers
- the appearance of new applications in autostart
- launching new processes previously unknown
- arbitrary opening of windows, images, videos, sounds
- spontaneous shutdown or restart of the computer
- reduced computer performance
- unexpected opening of the drive tray
- disappearance or change of files and folders
- decrease in download speed from the Internet
- active work of hard drives in the absence of tasks set by the user. It is determined by the blinking of a light on the system unit.
How protect yourself from malware? There are several ways:
Install good antivirus (Kaspersky, NOD32, Dr. Web, Avast, AntiVir and others)
- install Firewall to protect against network attacks
- install recommended updates from Microsoft
- do not open files received from unreliable sources
Thus, knowing the main types of malicious software, methods of protection against them and symptoms of infection, you will maximally protect your data.
P.S. the article is relevant only for windows usersbecause Mac OS and Linux users lack the luxury of viruses. There are several reasons for this:
- write viruses on these operating systems extremely difficult
- there are very few vulnerabilities in the OS data, and if there are any, they are fixed in a timely manner
- all actions to modify the system files of Unix-like OS require confirmation from the user
Nevertheless, the owners of these OS can catch a virus, but it will not be able to start and harm a computer running the same Ubuntu or Leopard.
In this article, we answered the following questions:
- What is malware?
- How can you avoid computer infection?
- Why create malware?
- What is a computer virus?
- What is a Trojan horse?
- What is a network worm?
- What is a rootkit?
- What is a botnet?
- How do you know if your computer is infected with a virus?
- What are the symptoms of a malware infection on a computer?
- How to protect yourself from malicious software?
- Why are there no viruses on Mac (Leopard)?
- Why are there no viruses on Linux?
Your questions:
No questions yet. You can ask your question in the comments.
This article was written specifically for
