Malware is short for malicious software, meaning software that can
be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer. Malware is a broad term that refers to a variety of malicious programs. Trojan Horses A Trojan horse, commonly known as a “Trojan,” is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. A Trojan can give a malicious party remote access to an infected computer. Worms that copies and multiplies itself by using computer networks and security flaws. Worms typically cause harm to their host networks by consuming bandwidth and overloading web servers. Boot Sector Virus Infects the boot or MBR of diskettes and hard drives through the sharing of infected disks and pirated software applications Once your hard drive is infected all diskettes that you use in your computer will be infected E-mail Viruses use e-mail messages to spread which allow it to automatically forward itself to thousands of people Macro viruses : A macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications). Some applications, such as Microsoft Office, Excel, PowerPoint allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. This is one reason it can be dangerous to open unexpected attachments in e-mails. Many antivirus programs can detect macro viruses, however the macro virus' behavior can still be difficult to detect. A macro virus can be spread through e-mail attachments, removable media, networks and the Internet, and is notoriously difficult to detect. A common way for a macro virus to infect a computer is by replacing normal macros with a virus. The macro virus replaces regular commands with the same name and runs when the command is selected. These malicious macros may start automatically when a document is opened or closed, without the user's knowledge. Stealth Virus In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. Generally, stealth describes any approach to doing something while avoiding notice. Typically, when an antivirus program runs, a stealth virus hides itself in memory, and uses various tricks to also hide changes it has made to any files or boot records. The virus may maintain a copy of the original, uninfected data and monitor system activity. When the program attempts to access data that's been altered, the virus redirects it to a storage area maintaining the original, uninfected data. A good antivirus program should be able to find a stealth virus by looking for evidence in memory as well as in areas that viruses usually attack. ADWARE:
Adware (short for advertising-supported software) is a type
of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often times software and applications offer “free” versions that come bundled with adware. Most adware is sponsored or authored by advertisers and serves as a revenue generating tool. SPYWARE
Spyware is a type of malware that functions by spying on user
activity without their knowledge. These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more. Spyware often has additional capabilities as well, ranging from modifying security settings of software or browsers to interfering with network connections. Spyware spreads by exploiting software vulnerabilities, bundling itself with legitimate software, or in Trojans. SIGNS YOUR COMPUTER IS INFECTED
Functions slower than normal
Responds slowly and freezes often Restarts itself often See uncommon error messages, distorted menus, and dialog boxes Notice applications fail to work correctly Fail to print correctly PREVENTION
Upload and use antivirus
software Be aware of the e-mails and attachments you open Check for updates on antivirus software regularly Make sure antivirus software is installed correctly VIRUS DETECTION AND CONTROL SYSTEM:
HOW ANTIVIRUS WORKS ?
It must identify known and previously unseen malicious files with the goal of blocking them before they can cause damage. Though tools differ in the implementation of malware-detection mechanisms, they tend to incorporate the same virus detection techniques. Virus detection techniques can be classified as follows: Signature-based IDS refers to the detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware. When an anti-malware solution provider identifies an object as malicious, its signature is added to a database of known malware. These repositories may contain hundreds of millions of signatures that identify malicious objects. This method of identifying malicious objects has been the primary technique used by malware products and remains the base approach used by the latest firewalls, email and network gateways. It could also be a cryptographic hash of the file or its sections. This method of detecting malware has been an essential aspect of antivirus tools since their inception; it remains a part of many tools to date, though its importance is diminishing.
A major limitation of signature-based detection is that, by itself, this method is unable to flag malicious files for which signatures have not yet been developed.
Heuristics-based detection s opposed to signature-based scanning, which looks to
match signatures found in files with that of a database of known malware, heuristic scanning uses rules and/or algorithms to look for commands which may indicate malicious intent. By using this method, some heuristic scanning methods are able to detect malware without needing a signature. This is why most antivirus programs use both signature and heuristic- based methods in combination, in order to catch any malware that may try to evade detection. Benefits of Heuristic Scanning Heuristic scanning is usually much faster than sandboxing because it does not execute the file and then wait to record its behavior, with the exception of some emulation-based techniques . Does not give away details on how malware is flagged (unlike sandboxing), so malware authors will not be aware of what they need to change in order to evade detection. limitations of Heuristic Scanning When scanning a sample, the information found is generally limited to the threat name. Because the engines are looking for specific pieces of code which indicate a malicious action, it can lead to two possible limitations: If the vendor has not built detection for a particular action, then the malware will evade detection. Some of the older methods of heuristic-based scanning have a higher propensity for reporting false positives because they are looking for a wide range of actions that could indicate a potentially malicious file. However, newer methods of heuristic scanning such as generic detection produce false positives less frequently. Generic detection works by looking for features or behaviors that are commonly seen for known threats. Sandbox detection - Sandboxes consist of some sort of purpose-built environment, usually virtualized (in some cases physical), where the potentially malicious files are executed and their behavior is recorded. The recorded behavior is then analyzed automatically through a weights system in the sandbox and/or manually by a malware analyst. The goal of this analysis is to determine whether the file is malicious and if it is, what exactly the file does. Benefits of Sandboxing Because sandboxing actually opens the file being analyzed, it is able to see in detail exactly what that file will do in that particular environment. Instead of a binary yes/no and threat name, most sandboxes offer reporting with details on the behavior recorded. In addition to providing more information on how to classify the file, this method can be particularly useful in an incident response environment in order to identify exactly what the intention of the file was, in order to understand what the effects are.