TYPES OF MALWARES

Malware is short for malicious software, meaning software that can

be used to compromise computer functions, steal data, bypass
access controls, or otherwise cause harm to the host computer.
Malware is a broad term that refers to a variety of malicious
programs.
Trojan Horses
 A Trojan horse, commonly known as a “Trojan,” is a type of
malware that disguises itself as a normal file or program to trick
users into downloading and installing malware. A Trojan can give a
malicious party remote access to an infected computer.
Worms
 that copies and multiplies itself by using computer networks and
security flaws.
 Worms typically cause harm to their host networks by consuming
bandwidth and overloading web servers.
Boot Sector Virus
 Infects the boot or MBR of diskettes and hard drives through the sharing of
infected disks and pirated software applications
 Once your hard drive is infected all diskettes that you use in your computer
will be infected
E-mail Viruses
 use e-mail messages to spread which allow it to automatically
forward itself to thousands of people
 Macro viruses :
 A macro virus is a virus that is written in a macro language: a programming
language which is embedded inside a software application (e.g., word
processors and spreadsheet applications). Some applications, such
as Microsoft Office, Excel, PowerPoint allow macro programs to be embedded
in documents such that the macros are run automatically when the
document is opened, and this provides a distinct mechanism by which
malicious computer instructions can spread. This is one reason it can be
dangerous to open unexpected attachments in e-mails. Many antivirus
programs can detect macro viruses, however the macro virus' behavior can
still be difficult to detect.
A macro virus can be spread through e-mail
attachments, removable media, networks and the Internet,
and is notoriously difficult to detect.
A common way for a macro virus to infect a computer is by
replacing normal macros with a virus. The macro virus
replaces regular commands with the same name and runs
when the command is selected. These malicious macros may
start automatically when a document is opened or closed,
without the user's knowledge.
Stealth Virus
In computer security, a stealth virus is a computer virus that uses
various mechanisms to avoid detection by antivirus software.
Generally, stealth describes any approach to doing something while
avoiding notice.
 Typically, when an antivirus program runs, a stealth virus hides itself in
memory, and uses various tricks to also hide changes it has made to any
files or boot records.
 The virus may maintain a copy of the original, uninfected
data and monitor system activity. When the program
attempts to access data that's been altered, the virus
redirects it to a storage area maintaining the original,
uninfected data. A good antivirus program should be able to
find a stealth virus by looking for evidence in memory as well
as in areas that viruses usually attack.
ADWARE:

Adware (short for advertising-supported software) is a type

of malware that automatically delivers
advertisements. Common examples of adware include pop-up
ads on websites and advertisements that are displayed by
software. Often times software and applications offer “free”
versions that come bundled with adware. Most adware is
sponsored or authored by advertisers and serves as a
revenue generating tool.
SPYWARE

Spyware is a type of malware that functions by spying on user

activity without their knowledge.
These spying capabilities can include activity
monitoring, collecting keystrokes, data harvesting (account
information, logins, financial data), and more. Spyware often
has additional capabilities as well, ranging from modifying
security settings of software or browsers to interfering with
network connections. Spyware spreads by exploiting software
vulnerabilities, bundling itself with legitimate software, or in
Trojans.
SIGNS YOUR COMPUTER IS INFECTED

Functions slower than normal

Responds slowly and freezes
often
Restarts itself often
See uncommon error
messages, distorted menus,
and dialog boxes
Notice applications fail to
work correctly
Fail to print correctly
PREVENTION

Upload and use antivirus

software
Be aware of the e-mails and
attachments you open
Check for updates on
antivirus software regularly
Make sure antivirus software
is installed correctly
VIRUS DETECTION AND CONTROL SYSTEM:

HOW ANTIVIRUS WORKS ?

It must identify known and previously unseen malicious files with the goal of
blocking them before they can cause damage. Though tools differ in the
implementation of malware-detection mechanisms, they tend to incorporate
the same virus detection techniques.
Virus detection techniques can be classified as follows:
Signature-based IDS refers to the detection of attacks by looking for specific
patterns, such as byte sequences in network traffic, or known malicious
instruction sequences used by malware.
When an anti-malware solution provider identifies an object as malicious, its
signature is added to a database of known malware. These repositories may
contain hundreds of millions of signatures that identify malicious objects. This
method of identifying malicious objects has been the primary technique used
by malware products and remains the base approach used by the latest
firewalls, email and network gateways.
It could also be a cryptographic hash of the file or its sections. This method of detecting
malware has been an essential aspect of antivirus tools since their inception; it remains a part
of many tools to date, though its importance is diminishing.

A major limitation of signature-based detection is that, by itself, this method is unable to flag
malicious files for which signatures have not yet been developed.

Heuristics-based detection s opposed to signature-based scanning, which looks to

match signatures found in files with that of a database of known malware, heuristic scanning
uses rules and/or algorithms to look for commands which may indicate malicious intent. By
using this method, some heuristic scanning methods are able to detect malware without
needing a signature. This is why most antivirus programs use both signature and heuristic-
based methods in combination, in order to catch any malware that may try to evade detection.
Benefits of Heuristic Scanning
Heuristic scanning is usually much faster than sandboxing because it does not execute the file
and then wait to record its behavior, with the exception of some emulation-based techniques .
Does not give away details on how malware is flagged (unlike sandboxing), so malware
authors will not be aware of what they need to change in order to evade detection.
limitations of Heuristic Scanning
When scanning a sample, the information found is generally limited to the threat name.
Because the engines are looking for specific pieces of code which indicate a malicious action,
it can lead to two possible limitations:
 If the vendor has not built detection for a particular action, then the malware will evade
detection.
Some of the older methods of heuristic-based scanning have a higher propensity for
reporting false positives because they are looking for a wide range of actions that
could indicate a potentially malicious file. However, newer methods of heuristic scanning such
as generic detection produce false positives less frequently. Generic detection works
by looking for features or behaviors that are commonly seen for known threats.
Sandbox detection - Sandboxes consist of some sort of purpose-built
environment, usually virtualized (in some cases physical), where the
potentially malicious files are executed and their behavior is recorded. The
recorded behavior is then analyzed automatically through a weights system
in the sandbox and/or manually by a malware analyst. The goal of this
analysis is to determine whether the file is malicious and if it is, what
exactly the file does.
Benefits of Sandboxing
Because sandboxing actually opens the file being analyzed, it is able to see
in detail exactly what that file will do in that particular environment.
Instead of a binary yes/no and threat name, most sandboxes offer
reporting with details on the behavior recorded. In addition to providing
more information on how to classify the file, this method can be
particularly useful in an incident response environment in order to
identify exactly what the intention of the file was, in order to understand
what the effects are.