Malicious software primer3rd Mar 2011
Malicious software is the catch all name that is given to any software that has been created to cause harm to a computer, or the individual or company, that is using that computer.
It generally includes computer viruses, Trojans, bots, worms, spyware, adware, crimeware, scareware, keyloggers and rootkits.
While suffering from the technology industry’s love for creating ungrammatical and confusing hybrids, the aim of virtually all modern malicious software is to relieve you of information, either about you, your computer or your business.
The information typically sought is passwords, credit card details, identity information, databases or intellectual property.
As malicious software tries to remain hidden it usually carries out its objectives without the victim being aware until it’s too late.
In the case of data theft this has actually meant that in many cases that some companies have been unaware that their data has been compromised until they have been told about it by the authorities.
Often the terms are interchangeable, and a virus can also be a worm, the method by which your computer becomes infected with a cocktail of software that will include a Trojan, a keylogger, spyware and a rootkit.
Confusing? Not really.
A modern computer virus is a program that can enter your computer. It is programmed to spread itself to as many computers as possible. Once it has entered a computer it delivers its payload. This will be an instruction to spread itself and a variety of different pieces of software designed to achieve its creator’s intentions.
Prior to the development of the computer worm by Robert Tappan Morris Junior in 1988, the computer virus was distributed mainly by hand.
Viruses were at that time normally spread by people unwittingly taking computer disks from infected machines and then using them on another machine either to load data or run programs. The early viruses would often contain a ‘rootkit,’ computer code that allowed the software to have privileged access to a machine but hides its presence and activities from the owner of the machine, as we have seen an essential quality of malicious software.
Morris’s worm was an intellectual exercise designed to discover the size of the internet, or as it was then known Janet and the Arpanet.
With the emergence of the internet that we now know in 1996, virus writers copied the worm’s characteristics so that they could spread their creations.
Initially, their aim was to show off the writer’s expertise, but by the turn of the century things had taken a more sinister twist. As the internet had started to be used for commerce, and then banking, the computer virus culture was subverted and a significant section of it became involved in crime.
By 2001, the computer virus writers had stopped showing off and were actively beginning to use worms to spread Trojans, programs that took their name from the Wooden Horse of Troy, that like the Horse are hollowed out and contained a variety of different programs all intended to steal from your machine.
The keyloggers, are set up to monitor your machine and to seek out the sequence of keys that indicate that you are about to enter a password. Thus typing the in the name of one of the UK’s four high street banks might trigger the program recording all of the subsequent strokes in an attempt to catch a user name and password.
Similar programs are tasked with searching through the computer that they have infected and searching for particular files such as the documents that are held as Pdfs, and the design documents that are usually held in Cad/Cam formats.
While yet other programs can work to set up your machine as a distribution point for junk email, or malicious software or even as a collection point for credit card details and information looted from other machines.
All processes that will generally occur completely automatically, and with no human involvement.
Often the final humiliation will be to have your machine turned into a ‘zombie’ – a computer that is remotely controlled as part of a ‘bot-net’, 10s of thousands of computers that are set up to deliver simultaneous requests to an internet website to bring it down with automated requests for information in a technique known as ‘denial of service attack’.
All without your knowing a thing about it.