Monday, 26 March 2007

Malware

Malware is software designed to infiltrate or damage a computer system, without the owner's consent. The term is a portmanteau of "mal-" (or perhaps "malicious") and "software", and describes the intent of the creator, rather than any particular features. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and adware. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other U.S. states [1].
Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains errors or
bugs.
Purposes
Over the years, people have written malicious software for a number of different purposes.
Many early infectious programs, including the
Internet Worm and a number of MS-DOS viruses, were written as experiments or pranks -- generally intended to be harmless or merely annoying, rather than to cause serious damage. Young programmers, learning about the possibility of viruses and the techniques used to write them, might write one just to prove that they can do it, or to see how far it could spread.
A slightly more hostile intent can be found in programs designed to vandalize or cause data loss. Many DOS viruses were designed to destroy files on a
hard disk, or to corrupt the file system by writing junk data. Network-borne worms such as the Code Red worm or Ramen worm fall into the same category. Designed to vandalize Web pages, these worms may seem like an online equivalent of graffiti tagging, with the author's name or affinity group appearing everywhere the worm goes.
Revenge is sometimes a motive to write malicious software. A programmer or system administrator about to be fired from a job may leave behind backdoors or software "time bombs" that will allow them to damage the former employer's systems or destroy their own earlier work.
However, since the rise of widespread broadband Internet access, a greater portion of malicious software has been focused strictly on a profit motive. For instance, since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for black-market exploitation. Infected "zombie computers" are used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.
Another strictly for-profit category of malware has emerged in
spyware -- programs designed to monitor users' Web browsing, display unsolicited advertisements, and redirect affiliate marketing revenues to the spyware creator. Spyware programs don't spread like viruses; usually they are installed by exploiting browser security holes, or are installed like a Trojan horse when the user installs other software.
Infectious malware: viruses and worms The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any other particular behavior. Originally, the term computer virus was used for a program which infected other executable software, while a worm transmitted itself over a network to infect computers. More recently, the words are often used interchangeably.
Today, some draw the distinction between viruses and worms by saying that a virus requires user intervention to spread, whereas a worm spreads automatically. This means that infections transmitted by email, which rely on the recipient opening an attachment to infect the system. This is classified under viruses.

Trojan horse (computing)
In the context of
computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.
Often the term is shortened to simply trojan, even though this turns the adjective into a noun, reversing the myth (Greeks were gaining malicious access, not Trojans).
There are two common types of Trojan horses. One, is otherwise useful software that has been corrupted by a
cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.
Trojan horse programs cannot operate autonomously, in contrast to some other types of
malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration.





Zombie computer
A zombie computer, abbreviated zombie, is a computer attached to the
Internet that has been compromised by a security cracker, a computer virus, or a trojan horse. Crackers almost always target the Windows operating system because of its vast user base, security problems and perceived lack of technical savvy of its users. Generally, a compromised machine is only one of many in a "botnet", and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the vector tends to be unconscious, these computers are metaphorically compared to a zombie.


Infected zombie computers — predominantly Windows PCs — are now the major delivery method of spam.
Zombies have been used extensively to send
e-mail spam; between 50% and 80% of all spam worldwide is now sent by zombie computers. This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth.
For similar reasons zombies are also used to commit
click fraud against sites displaying pay per click advertising.
Zombies have also conducted
distributed denial of service attacks, such as the attack upon the SPEWS service in 2003.

Spam Prevention Early Warning System
The Spam Prevention Early Warning System (SPEWS) is an anonymous service which maintains a list of
IP address ranges belonging to Internet service providers which host spammers and show little action to prevent their abuse of other network's resources. It is used by numerous Internet sites as a source of information about the senders of unsolicited bulk email, better known as spam.

SPEWS itself publishes a large text file containing its listings, and operates a database where users may query the reasons for a listing. Users of SPEWS can reprocess these data into formats usable by software for
Stopping Spam.

For instance, until recently many mail sites used a
DNSBL based on SPEWS data, operated at spews.relays.osirusoft.com. This DNSBL was shut down on August 27, 2003 after several weeks of denial of service attack. A number of other DNSBLs exist based on the SPEWS data, which remain accessible to the public.

There is a certain degree of controversy regarding SPEWS' anonymity and its methods. SPEWS remains anonymous to avoid harassment and
barratrous lawsuits of the sort which have hampered other anti-spam services such as the MAPS RBL and ORBS. Some regard this anonymity as irresponsible, while others find it sensible. In addition, many ISP clients whose providers are listed on SPEWS take umbrage that their own IP addresses are associated with spamming, and that their mail may be blocked by users of the SPEWS data.
The social issues of who do I allow to send me data remain unresolved for now but one thing that we are all sure of is that it can not continue in its current form, as software writers struggle to come to grips with business relationships to establish what is safe, a yet large problem remands with

No comments: