Satyajit Dash. From Puri.

1. MALWARE
Malware also known as malicious (or malevolent) software, is software used or created by attackers to
disrupt computer operation, gather sensitive information, or gain access to private computer systems. It
can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term
used to refer to a variety of forms of hostile or intrusive software.
Malware includes computer viruses, worms, Trojan horses, spyware, adware, rootkits , Backdoors and
other malicious programs.
Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and
the World Wide Web.
On March 29, 2010, Symantec Corporation named Shaoxing, China, as the world's malware capital.
The term computer virus is used for a program that has infected
some executable software and, when run, causes the virus to spread to other executables.
Viruses can be divided into two types based on their behavior when they are executed.

2. 1. Nonresident viruses can be thought of as consisting of a finder module and a replication module. The
finder module is responsible for finding new files to infect. For each new executable file the finder module
encounters, it calls the replication module to infect that file.
2. Resident viruses contain a replication module that is similar to the one that is employed by nonresident
viruses. The virus loads the replication module into memory when it is executed and ensures that this
module is executed each time the operating system is called to perform a certain operation. For example
the replication module can be called each time the operating system executes a file. In this case the virus
infects every suitable program that is executed on the computer.
Examples:
The Cascade virus was a resident computer virus written in assembler,that was widespread in the 1980s
and early 1990s. It infected COM files and had the effect of making text on the screen fall down and forms
a heap in the bottom of the screen. It was notable for using an encryption algorithm to avoid being
detected.
Worms are software programs capable of reproducing itself that can spread from one computer to the
next over a network. Worms spread itself automatically and worms can take advantage of automatic file
sending and receiving features found on many computers.
Examples:
, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft
Windows operating system that was first detected in November 2008.
2. The Welchia worm, also known as the "Nachia worm," is a computer worm that exploits vulnerability
in the Microsoft Remote procedure call (RPC) service similar to the Blaster worm. However, unlike
Blaster, it tries to download and install security patches from Microsoft, so it is classified as a helpful
worm.

3. Concealment: [Trojan horses, Rootkits, and Backdoors]
A Trojan horse is any program that invites the user to run it, concealing harmful or
malicious code. The code may take effect immediately and can lead to many undesirable
effects, such as deleting the user's files or installing additional harmful software.
!
" ! #
$ $
Rootkit softwares are used to hide the fact that a computer system has been compromised,
for example by modifying system commands to conceal changes made to the system. Rootkits
can prevent a malicious process from being visible in the system's list of processes, or keep its
files from being read. Some Rootkit programs contain routines to defend against removal, not
merely to hide them, but to resist attempts to remove them. Rootkits can change how the
operating system functions and in some cases can tamper with the anti-virus program and
render it ineffective. Rootkits are also difficult to remove, in some cases requiring a complete re-
installation of the operating system.
A backdoor is a method of bypassing normal authentication procedures. Once a system has
been compromised, one or more backdoors may be installed in order to allow easier access in
the future. Crackers typically use backdoors to secure remote access to a computer, while
attempting to remain hidden from casual inspection. To install backdoors crackers may use
Trojan horses, worms, or other methods.
Grayware: [Crimeware, Adwire, Spyware]
Grayware (or Greyware) is a general term that refers to applications or files that are not directly
classified as malware (like worms or Trojan horses), but can still negatively affect the
performance of computers and involve significant security risks. Another term is PUP which
stands for Potentially Unwanted Program.
Crimeware is designed to perpetrate identity theft in order to access a computer user's online
accounts at financial services companies and online retailers for the purpose of taking funds
from those accounts or completing unauthorized transactions.Criminals use a variety of
techniques to steal confidential data through crimeware, including through the following
methods:

4. • Crimeware can surreptitiously install keystroke loggers to collect sensitive data—login
and password information for online bank accounts, for example—and report them back
to the thief.
• A Crimeware program can also redirect a user's web browser to a counterfeit website
controlled by the thief even when the user types the website's proper domain name in
the address bar.
• Crimeware threats can steal passwords cached on a user's system.
• Crimeware can wait for the user to log into their account at a financial institution, and
then drain the account without the user's knowledge.
• Crimeware can enable remote access into applications, allowing criminals to break into
networks for malicious purposes.
Adware is a type of malware designed to display advertisements in the user’s software. They
can be designed to be harmless or harmful; the adware gathers information on what the user
searches in the World Wide Web .With this gathered information it displays ads corresponding
to information collected.
Spyware is a software that self-installs on a computer, enabling information to be gathered
covertly about a person's Internet use, passwords, etc. Spyware can changes your computer
configuration and can cause your computer to slow down or crash. These programs can change
your web browser's home page or search page, or add additional components to your browser
you don't need or want. They also make it very difficult for you to change your settings back to
the way you had them.
Major infrastructures attacked:
% & ' ( )*+* % &
, " % - "
! " ' % & . /
.
0 #
#
0 !%
1
&
&

5. 0
0
0
0
"
2 0 0
.
0
3 &
4 0 5 $ &$
4 5
6& , " 0 ,
% 6 4 " 78 " 95 0 "
, % 2 4 " : 5 " ' 4
" 785
. 4 0 5
There are several methods which antivirus software can use to identify malware:
Signature based detection is the most common method. To identify viruses and other
malware, antivirus software compares the contents of a file to a dictionary of virus signatures.
Because viruses can embed themselves in existing files, the entire file is searched, not just as a
whole, but also in pieces.
Heuristic analysis is used to identify new malware or variants of known malware. Many viruses
start as a single infection and through either mutation or refinements by other attackers, can
grow into dozens of slightly different strains, called variants. Heuristic analysis and detection
refers to the detection and removal of multiple threats using a single virus definition.