Viruses, Worms, and Spyware
Computer virus is a type of malicious software that can make copies of itself and interfere into the code of other programs, system memory, boot sectors, as well as distribute their copies on a variety of communication channels, with the aim of disrupting software and hardware, deleting files, bringing useless data allocation structures, blocking the user experience or the destruction of computer hardware systems (Rittinghouse, Ransome 88).
Viruses can be divided into several types based on the principal of its functioning:
Trojans - received such name in honor of the "Trojan horse", because they have a similar principle. This type of virus is replicating its modules withing modules of programs that are being used, in order to create files with similar names and parameters, as well as replace the registry entries, changing the reference of program modules with their own, causing virus modules. Such actions result in the destruction of user data, spam being sent, and tracking user activity. Usually, they cannot multiply on their own. It is quite difficult to identify them, since simple system scan will show no results (Wack, Carnahan 2-1).
Stealth viruses – are the most difficult to detect, since they have their own masking algorithms that prevent them from being detected. They mask themselves by spoofing malware during scanning, and they are temporary breeding of functional modules of work in the case they are being scanned, and they conceal their processes in the memory, etc.
Self-encrypting viruses – viruses, whose malicious code is stored and distributed in an encrypted form. It allows them to be invisible for most scanners.
Mutating viruses - viruses without a permanent signature. Such a virus is constantly changing its chain code in the process of functioning and reproduction. Thus, it becomes invulnerable for a simple virus scanning. To locate them, it is necessary to use a heuristic analysis.
The code of a worm virus activates once it is in the system and performs its malicious actions. But it received such name due to the ability to "crawl" from one computer to another - to send copies through various information channels without the user's permission.
Worm viruses can be differentiated by the way of their spreading:
IM-Worms are distributed via IM (instant messaging), such as ICQ, MSN Messenger, AOL Instant Messenger, Yahoo Pager or Skype. Usually such worms send messages to user's contact list. These messages include a link to a file with its copy on the website. When a user downloads and opens the file, the worm gets activated (Rittinghouse, Ransome 97).
IRC-Worms are distributed through retransmitted Internet chat rooms (Internet Relay Chats) - service systems, where you can communicate via the Internet with other people in real time. This worm publishes a file in chat with its copy or a link to a file. When a user downloads and opens the file, the worm gets activated.
Net-Worm are distributed via computer networks. Unlike other types of worms, network worm spreads without user interaction. It searches for computers in the local network that are using programs with vulnerabilities. It sends a specially crafted network packet (exploit) which contains the worm code or its part.
P2P-Worms are distributed through file-sharing peer to peer networks. To infiltrate the file-sharing network, the worm copies itself to the file sharing directory, usually located on the user's computer. File-sharing network displays information about this file, and the user can "find" the infected file in the network, like any other, download it and open it.
Spyware is a type of software that collects and transfers to anyone the information about the user without his agreement. Such information may include user's personal data, the configuration of the computer and its operating system, performance statistics on the Internet.
Hijacker is a program that runs on the user's computer pursuing the goals of its developers. A lot of anti-virus systems consider Hijacker as a kind of Trojan virus. The aim of Hijacker class programs is to reconfigure your browser settings, e-mail or other applications without your permission or awareness.
Backdoor is an utility of a hidden remote control and administration. The primary purpose of Backdoor is a concealed control of your computer. Usually, Backdoor allows to copy files from the affected computer, and vice versa, to transfer files and programs to the infected computer. In addition, usually Backdoor gives a remote access to the registry, also allows to perform system operations (restart your PC, create a new network resources, modify passwords, etc.).
Adware (synonyms AdvWare, Ad-Ware, etc.) - is an application designed to download to the user's PC promotional information for further demonstration of this information to the user.
As it was mentioned previously, malware software represents a serious threat for networks. Over the time, the level of threat will increase, as well as the number of viruses, designed to operate within the network. Therefore, there will be more work for network administrators, and ordinary users. So we have to clearly understand the impending danger and be fully aware of the types of malware software and the ways how to detect them.
Works cited
Rittinghouse, John W., and James F. Ransome. IM, Instant Messaging, Security. Amsterdam: Elsevier Digital, 2005. Print.
Wack, John P., and Lisa J. Carnahan. Computer Viruses and Related Threats a Management Guide. Gaithersburg, MD: U.S. Dept. of Commerce, National Institute of Standards and Technology, 1989. Print.
