[Guide] - Malware Explanation & Information - Printable Version +- Support Forums (https://www.supportforums.net) +-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87) +--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56) +---- Forum: Computer Security, Firewalls, and Antivirus (https://www.supportforums.net/forumdisplay.php?fid=10) +---- Thread: [Guide] - Malware Explanation & Information (/showthread.php?tid=6019) Pages:
1
2
|
[Guide] - Malware Explanation & Information - --([-S7N-])-- - 04-11-2010 Malware Explanation A brief explanation on malware and types of malware Part of the credits go to Microsoft and Kaspersky Introduction This guide provides a concise explanation of the diverse assortment of malicious software or malware that exists today. This guide defines an assortment of known malware types and techniques, and also provides information about malware propagation and the risks it poses to organizations of any size.
Because of the nature of this ever-evolving topic, this guide is not designed to capture and explain all malware elements and possible variations. However, it does provide a significant first step in trying to understand the nature of the various elements that comprise malware. The guidance also discusses and defines other things that are not malware, such as spyware (programs that conduct certain activities on a computer without obtaining appropriate consent from the user), spam (unsolicited e-mail), and adware (advertising that is integrated into software). What Is Malware? This guide uses the term malware (an abbreviation of the phrase “malicious software”) as a collective noun to refer to viruses, worms, and Trojan horses that intentionally perform malicious tasks on a computer system. So what exactly is a computer virus or a worm? How are these different from Trojan horses? And will anti-virus applications only work against worms and Trojan horses or just viruses?
All these questions stem from the confusing and often misrepresented world of malicious code. The significant number and variety of existing malicious code makes it difficult to provide a perfect definition of each malware category. For general anti-virus discussions, the following simple definitions of malware categories apply:
Trojan Horses A Trojan horse is not considered a computer virus or worm because it does not propagate itself. However, a virus or worm may be used to copy a Trojan horse on to a target system as part of the attack payload, a process referred to as dropping. The typical intent of a Trojan horse is to disrupt the user’s work or the normal operations of the system. For example, the Trojan horse may provide a backdoor into the system for a hacker to steal data or change configuration settings. There are two other terms that are often used when referring to Trojan horses or Trojan-type activities that are identified and explained as follows:
Worms If the malicious code replicates it is not a Trojan horse, so the next question to address in order to more clearly define the malware is: “Can the code replicate without the need for a carrier?” That is, can it replicate without the need to infect an executable file? If the answer to this question is “Yes,” the code is considered to be some form of worm.
Most worms attempt to copy themselves onto a host computer and then use the computer’s communication channels to replicate. For example, the Sasser worm relies on a service vulnerability to initially infect a system, and then uses the infected system’s network connection to attempt to replicate. If you have installed the latest security updates (to stop the infection), or enabled the firewalls in your environment to block the network ports the worm uses (to stop the replication), the attack will fail. In the case of Windows XP, once Service Pack 2 has been applied both the infection and replication methods are blocked. This is because the service vulnerability has been removed and the Windows firewall is enabled by default. Additionally, if the Automatic Updates option is set to Automatic (recommended) any future issues will be addressed as the updates become available. Viruses If the malicious code adds a copy of itself to a file, document, or boot sector of a disk drive in order to replicate it is considered a virus. This copy may be a direct copy of the original virus or it may be a modified version of the original. As mentioned earlier, a virus will often contain a payload that it may drop on a local computer, such as a Trojan horse, which will then perform one or more malicious acts, such as deleting user data. However, a virus that only replicates and has no payload is still a malware problem because the virus itself may corrupt data, take up system resources, and consume network bandwidth as it replicates.
Defense Mechanisms Used By Malware Many malware examples use some kind of defense mechanism to help reduce the likelihood of detection and removal. The following list provides examples of some of these techniques that have been used:
Conclusion Hope this shed some light on people learning about malware. I give credits to an e-book by Microsoft for a lot of information that is found in this guide. I also give credits to VirusList.com RE: [Guide] - Malware Explanation & Information - Harvey - 04-11-2010 Welcome, S7N. I smell you're looking for the Support Feather too! Regardless, it's awesome to have you here. Also, check out the HJT section - I believe Omniscient's going to be looking for trainees shortly. Thanks, Malware Boss RE: [Guide] - Malware Explanation & Information - Poppins - 04-12-2010 Great post both here and on HackForums. This deserves sticky. In before the flood of positive comments . -Poppins (04-12-2010, 11:15 AM)Eagle Wrote: hi ya guys im here also and looking for a feather like you two Remember that the support feather is given not for quantity (Must have 100) but quality. I highly doubt you would get it by spamming your way to 100 . -Poppins RE: [Guide] - Malware Explanation & Information - Unspoken - 04-12-2010 Great post really deserves a Sticky -Unspoken RE: [Guide] - Malware Explanation & Information - --([-S7N-])-- - 04-13-2010 Thank you for your kind words guys. Really appreciate it. RE: [Guide] - Malware Explanation & Information - .D0T' - 04-19-2010 Hey --([-S7N-])--, This is a very well detailed guide. I would also recommend this as a sticky. Good job. RE: [Guide] - Malware Explanation & Information - Streeeam - 04-24-2010 Clean, detailed guide. Excellent work. RE: [Guide] - Malware Explanation & Information - .:xX[ThunderStorm]Xx:. - 04-24-2010 OMG! it's one of the best guides. Thanks a lot dude. RE: [Guide] - Malware Explanation & Information - --([-S7N-])-- - 04-25-2010 (04-24-2010, 08:11 AM)Markus Wrote: Clean, detailed guide. Excellent work. (04-24-2010, 08:17 AM).:xX[ThunderStormXx:. Wrote: OMG! it's one of the best guides. Glad you guys liked it! RE: [Guide] - Malware Explanation & Information - Eagle - 04-30-2010 (04-12-2010, 11:21 AM)Poppins™ Wrote: Great post both here and oni know im making good reply's quality ones. btw sn7 this is your guide from HF and its really useful to have this here. |