Monday, January 10, 2011

Malicious Software - Definitions

Personally I do not assign a lot of importance to differentiate the many kinds of malicious software I encounter almost every day. I take the general approach “It is malicious and we don’t want it on your computer; remove it.”

But sometimes customers ask if it was a virus or a worm and I find it hard to explain the difference in terms accessible to a lay person.

I my web travels I found Squidoo and on Squidoo I found some hopefully useful definitions; I felt I had to mostly copy the definitions and use them as boilerplate for my own text because the same site recommends commercial anti virus and security software that I tell my customers NOT to use.

Rogue Security Software
Currently this class of malware is an outright epidemic. Rogue software is a form of malware that manipulates and scares people into buying a so called “full version” of fake applications, mostly supposed virus removal software. Rogue software displays bogus scan reports and alerts to trick the user into paying good money to the crook who got the rogue program on your computer. In the process of paying you give your credit card information directly to the crook as well! These rogue programs can take over the whole computer system to prevent their removal and in most cases block other applications including legitimate anti-malware programs from running. Some rogue programs are relatively easy to remove but some use stealth techniques that make removal very difficult and time consuming. 

Browser Hijacking
Hijacking is a form of malicious software behavior. Browser and network settings on the user's computer are changed; user activity is redirected to web sites of choice of the Hijack’s creator. Usually you will be redirected to start pages and search pages for paid advertising and/or web pages that attempt to install other malicious software.

A Rootkit is the sum of software and techniques that allow itself and some other, mostly malicious piece of software to be hidden from detection with regular means of the operating system. The hidden malicious components of rootkits often are Key Loggers or Trojans that allow backdoor access to the computer. Rootkits are among the most difficult to remove pieces of malware. Some rootkits are so well hidden and protected from ANY access that re-building the operating system from scratch is the only viable solution.

Key Loggers
Key Loggers are programs created to monitor user keystrokes; the information is logged and reported to the person or organization who installed the key Logger. They may be used by organizations to monitor employees activities. Key Loggers are also used as spyware to steal confidential information and commit identity theft. The logging of keystrokes takes place long before “classic” security measures like encryption can be employed.

Computer Viruses
A computer virus is infectious and sometimes destructive software that can replicate itself and go on to infect other computers. A computer virus is usually executable software. Computer viruses can be contacted through downloads and various modes of email and instant messaging attachments. The virus then attaches itself to existing programs on the target computer. The main aim is to corrupt the computer system. 

Similar to a computer virus, worms are infectious and self-replicating; they replicate on computer networks and via email. The worm utilizes a computer network or email to send replicas of itself to connected computes on that network or to email addresses. 

Trojan horse
A Trojan horse program (or Trojan for short) is a form of computer malware that gets installed on a computer system through deceptive means. Trojans often are presented to the user as a form of free software or an add-on. However, once installed, the Trojan gives it’s creator access to the computer; then the hacker can carry out their mostly criminal operations using the infected computer without any knowledge of the computer’s user.

Spyware is a form of malware that collects and sends information about computer usage and other confidential and personal data to it’s creator. It generally gets installed secretively through deception such as free online scanning, a browser add-on or plugin, dubious websites and/or infected images or PDF files. Even search results have been “poisoned” and abused to install spyware.

Adware is short for Advertisement-supported software. These programs are designed to display advertisements on a computer system. Most adware programs are secretly collecting information on what you do and look at on the Internet so they can show you “relevant” ads; therefore they can also be classified as spyware. 

Please stay tuned as I intend to publish an updated article on how to avoid the all too common obstacles and dangers posed by malicious software.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

No comments: