In this article we will look at different types of malware like Virus, Worm, Trojan, Backdoor and Spyware.
Virus
A virus is a program that can infect legitimate programs on a machine by creating a copy of itself (replicate). Virus spreads from one file to another without the knowledge of the user. A virus generally needs manual intervention of the user like running an attachment in the email or running a malicious software downloaded from the Internet for spreading and infecting the machine.
Virus can spread from one machine to another through email attachments or through USB devices or through other portable devices. Virus can perform some typical actions like:
- Displaying a message to the user for carrying out a specific action
- Delete the files on the infected machine
- Scramble the data on a hard disk
- Cause erratic screen behavior
- Halt the system
- Just replicate themselves to propagate further harm
Based on attacks on various elements of the system, virus can be categorized into the following types:
- Boot sector virus: The first sector on a storage disk is called boot sector. The boot sector contains Master Boot Record (MBR) which contains the location of the Operating System (OS). If the virus infects the boot sector with its own code, then the virus is loaded automatically whenever the machine is rebooted. Also, if a machine is infected with boot sector virus, it will infect all the floppy disks and other portable devices which are inserted into that machine. If the infected storage devices are used on other machines, then the boot sector virus infects those machines also.
- Program virus: A program virus (usually with extensions .bin, .com, .exe, etc.) infects similar files on the machine when the user executes that program. The virus replicates itself by infecting other executable programs on the machine.
- Multipartite virus: This is a hybrid of the boot sector virus and program virus. Initially when the user clicks the program that contains virus, it infects the MBR and is loaded every time the machine is rebooted. The virus gradually infects other files on the infected machine making them useless.
- Stealth virus: This virus hides itself from being detected by the antivirus software. Stealth virus tries to change its file size or other techniques and hides in the computer memory from being detected by the antivirus software. The first computer virus, named as Brain, was a stealth virus.
- Polymorphic virus: This virus uses another program called polymorphic generator to change its signature for evading detection from the antivirus software. A polymorphic generator is not a virus by itself and generates random code or information to change the signature of the virus. A polymorphic virus changes its signature while spreading from one machine to another machine thereby making it difficult for its detection.
- Macro virus: Applications like Microsoft Word and Microsoft Excel contain tiny scripts called macros. An attacker can write a malicious macro, embed it in a Microsoft Word document and spread it multiple targets as email attachments. Whenever the target user opens the document with a macro virus, it is executed and spreads to other files on the machine.
- ActiveX and Java virus: Web browsers support third party components or animations through special software called ActiveX or through Java applets. Attackers can write/created malicious ActiveX components or Java applets and make them available on public websites to download and use. When the users download and execute them, the virus infects the target machine.
Worm
A worm is a self replicating malicious program. Unlike a virus, a worm doesn’t need a host program to spread or infect the target machine. A worm travels from one computer to another through network by finding different application vulnerabilities. Worms do not require human intervention for spreading from one machine to another.
Worms cause harm to a computer network by consuming more bandwidth but may not modify any files on the computer. On the other hand, a virus always makes some changes to the files or memory on the infected computer.
Trojan Horse
A trojan horse, frequently called as trojan, is a program which comes attached to a legitimate software which is downloaded by the users. The legitimate program can be a screensaver or a video converter or some other useful software. When the user downloads and installs the legitimate software, the trojan also gets copied/installed into the system without user’s knowledge.
A trojan is as dangerous as a virus. A trojan is often used to download virus, keyloggers, spyware, or other types of malware. The major difference between a virus and a trojan is that a trojan doesn’t replicate like a virus. A trojan can perform some or all of the following malicious actions on the infected system:
- Erase, overwrite, or corrupt data on the computer
- Spread other kinds of malware such as a virus
- Deactivate or interfere with firewall and antivirus software
- Allow remote access to the computer
- Upload and download files without user’s knowledge
- Gather email addresses and use them for spam
- Log keystrokes to gather account credentials etc
- Redirect/load fake or obscene websites
- Slow down, restart, or shutdown the machine
- Reinstall themselves after being disabled
- Disable the task manager
- Disable the control panel
Backdoor
A backdoor is a program installed by the attacker usually to maintain access to the target or victim machine. The backdoor often bypasses security measures like antivirus and firewall; provides remote access to the attacker.
A backdoor is often installed as a part of exploit. In some attack scenarios, a worm might propagate by using the backdoor which is already installed on the machines. The functions of a backdoor are as follows:
- It allows an attacker to create, delete, rename, copy, or edit and file, execute various commands, change system settings, modify registry, execute and terminate applications, install arbitrary software
- It allows attacker to control the hardware of a machine, start and shutdown a computer
- It can act as a spyware
- It can act as a keylogger or take screenshots of the computer
- It can send the gathered data via email or to a remote FTP server
- It can infect files, corrupt the installation of application and the system
- It can act as a bot and attack targeted remote systems
- It can install hidden FTP server which can be used by the remote attacker
- It degrades system performance, network bandwidth and system security
- It hides itself and associated files
Some of examples of backdoor trojans are as follows:
- Back Orifice
- Bifrost
- SAP backdoors
- Onapsis Bizploit
Following are the steps or measures to protect your systems from Trojan horses and backdoors:
- Stay away from suspect websites/weblinks
- Surf on the web cautiously
- Install antivirus or anti-trojan software
Spyware
Spyware is a malware or malicious software installed on the target machine to spy or monitor the target or victim’s activities without their knowledge. Spyware can be spread as email attachments or pop-ups or as trojans. Sometimes spyware might be installed on the employee machines for security or administrative reasons.
Spyware not only monitors the target or victim’s keystrokes, but also logs in all the browsing patterns, applications being opened and closed along with the timestamps. All this information is stored in a file and sent to the remote attacker when requested or at certain intervals. Advanced spyware can also modify the system settings. To safeguard against spyware, install anti-spyware.
Suryateja Pericherla, at present is a Research Scholar (full-time Ph.D.) in the Dept. of Computer Science & Systems Engineering at Andhra University, Visakhapatnam. Previously worked as an Associate Professor in the Dept. of CSE at Vishnu Institute of Technology, India.
He has 11+ years of teaching experience and is an individual researcher whose research interests are Cloud Computing, Internet of Things, Computer Security, Network Security and Blockchain.
He is a member of professional societies like IEEE, ACM, CSI and ISCA. He published several research papers which are indexed by SCIE, WoS, Scopus, Springer and others.
Leave a Reply