Some Defintions of Malware

What is Spyware?

Equal parts security threat, privacy threat, and nuisance, this emerging class of software has risen quickly from obscurity to near ubiquity. Recent research underscores the point: A November 2004 study by analyst firm IDC estimates that 67 percent of consumer PCs are infected with some form of spyware1. The seemingly phantom nature of the problem combined with its increasingly hazardous impact threatens to undermine trust in computing as significantly as better known challenges such as viruses and worms.

The effects of spyware on the individual PC user range from minor annoyances to serious impacts on PC performance, security, and privacy. More often than not, spyware-related issues reported by users come in the form of one or more of these common symptoms:

• Unauthorized pop-up advertisements, even when not browsing the Web

• A change to the browser home page or default search engine without user consent, which often resists attempts to change it back

• A new and unwanted toolbar on the browser, which often resists attempts to remove it

• A sudden and dramatic slowdown in PC performance

• Increased crashing of operating systems, Web browsers, and other common applications

Spyware and other potentially unwanted software refers to a wide range of programs that perform actions such as displaying advertising, tracking Web sites visited, or changing the configuration of a PC. Though these are the most common forms of spyware, attention is often focused on less common but more potentially harmful forms, such as programs that record keystrokes, collect personal information and send it to a third party, or remotely control a PC’s resources. The key in all cases is whether users understand what the software will do and have agreed to install the software on their PCs.

Source: http://www.microsoft.com/athome/security/spyware/strategy.mspx

What is a virus?

In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Thus, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of the virus into a program is termed infection, and the infected file (or executable code that is not part of a file) is called a host. Viruses are one of the several types of malware or malicious software. In common parlance, the term virus is often extended to refer to computer worms and other sorts of malware. This can confuse computer users, since viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware such as worms. This confusion can have serious consequences, because it may lead to a focus on preventing one genre of malware over another, potentially leaving computers vulnerable to future damage. However, a basic rule is that computer viruses cannot directly damage hardware, only software is damaged directly. The software in the hardware however may be damaged.

While viruses can be intentionally destructive (for example, by destroying data), many other viruses are fairly benign or merely annoying. Some viruses have a delayed payload, which is sometimes called a bomb. For example, a virus might display a message on a specific day or wait until it has infected a certain number of hosts. A time bomb occurs during a particular date or time, and a logic bomb occurs when the user of a computer takes an action that triggers the bomb. However, the predominant negative effect of viruses is their uncontrolled self-reproduction, which wastes or overwhelms computer resources.

Source: http://en.wikipedia.org/wiki/Virus_(computing)

What is a Worm?

A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself. They are often designed to exploit the file transmission capabilities found on many computers.

The name ‘worm’ was taken from The Shockwave Rider, a 1970s science fiction novel by John Brunner. Researchers writing an early paper on experiments in distributed computing noted the similarities between their software and the program described by Brunner and adopted the name.

The first implementation of a worm was by two researchers at Xerox PARC in 1978. [1] (http://www.parc.xerox.com/about/history/default.html)

The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris, Jr., who at the time was a graduate student at Cornell University. It was released on November 2, 1988, and quickly infected a great many computers on the Internet at the time. It propagated through a number of bugs in BSD Unix and its derivatives. Morris himself was convicted under the US Computer Crime and Abuse Act and received three years’ probation, community service and a fine in excess of $10,000.

In addition to replication, a worm may be designed to do any number of things, such as delete files on a host system or send documents via email. More recent worms may be multi-headed and carry other executables as a payload. However, even in the absence of such a payload, a worm can wreak havoc just with the network traffic generated by its reproduction. Mydoom, for example, caused a noticeable worldwide Internet slowdown at the peak of its spread.

A common payload is for a worm to install a backdoor in the infected computer, as was done by Sobig and Mydoom. These zombie computers are used by spam senders for sending junk email or to cloak their website’s address.[2] (http://seattletimes.nwsource.com/html/businesstechnology/2001859752_spamdoubles18.html) Spammers are thought to pay for the creation of such worms [3] (http://www.wired.com/news/business/0,1367,60747,00.html) [4] (http://www.channelnewsasia.com/stories/afp_world/view/68810/1/.html), and worm writers have been caught selling lists of IP addresses of infected machines.[5] (http://www.heise.de/english/newsticker/news/44879) Others try to blackmail companies with threatened DDOS attacks.[6] (http://news.bbc.co.uk/1/hi/technology/3513849.stm) The backdoors can also be exploited by other worms, such as Doomjuice, which spreads using the backdoor opened by Mydoom.

Whether worms can be useful is a common theoretical question in computer science and artificial intelligence. The Nachi family of worms, for example, tried to download then install patches from Microsoft’s website to fix various vulnerabilities in the host system (the same vulnerabilities that they exploited). This eventually made the systems affected more secure, but generated considerable network traffic — often more than the worms they were protecting against — rebooted the machine in the course of patching it, and, maybe most importantly, did its work without the explicit consent of the computer’s owner or user. As such, most security experts deprecate worms, whatever their payload.

Source: http://en.wikipedia.org/wiki/Worm_(computing)

What is a Trojan Horse?

A trojan horse computer program has a useful and desired function, or at least it has the appearance of having such. Secretly the program performs other, undesired functions. The useful, or seemingly useful, functions serve as camouflage for these undesired functions. The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind.

In practice, Trojan Horses in the wild do contain spying functions (such as a Packet sniffer) or backdoor functions that allow a computer, unbeknownst to the owner, to be remotely controlled from the network. Because Trojan horses often have these harmful functions, there often arises the misunderstanding that such functions define a Trojan Horse.

The basic difference from computer viruses is: a Trojan horse is technically a normal computer program and does not possess the means to spread itself. Originally Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would not have voluntarily performed. Trojans of recent times also contain functions and strategies that enable their spreading. This moves them closer to the definition of computer viruses, and it becomes difficult to clearly distinguish such mixed programs between Trojan horses and viruses.

Source: http://en.wikipedia.org/wiki/Trojan_horse_(computing)

What is Spam?

Spamming is the use of any electronic communications medium to send unsolicited messages in bulk. In the popular eye, the most common form of spam is that delivered in e-mail as a form of commercial advertising. However, over the short history of electronic media, people have done things comparable to spamming for many purposes other than the commercial, and in many media other than e-mail. In this article and those related, the term spamming is used broadly to refer to all of these behaviors, regardless of medium and commercial intent.

This article provides a general overview of the spamming phenomenon. Separate articles discuss the techniques of spammers on particular media: Internet e-mail, instant messaging, Usenet newsgroups, Web search engines, weblogs, and mobile phone messaging.

Source: http://en.wikipedia.org/wiki/Spam_(electronic)

What is Phising?

The term “phishing” is sometimes said to stand for password harvesting fishing, though this is likely a backronym. The cracker community tends to use creative spellings as a sort of jargon, and coinages such as warez have even escaped into more mainstream usages. The term phreaking, which refers to gaining access to telephone networks, most likely influenced the spelling of the term. Still other theories accredit the term “phishing” to originate from the name “Brien Phish” who was the first to allegedly use psychological techniques to steal credit card numbers in the 1980s. Others believe that “Brien Phish” was not a real person but a fictional character used by scammers to identify each other. Another, more recent theory credits the nature of the attacks, in which one is fishing, metaphorically, for an unsuspecting user’s information.

Today, online criminals put phishing to more directly profitable uses. Popular targets are users of online banking services, and auction sites such as eBay. Phishers usually work by sending out e-mail spam to large numbers of potential victims. These direct the recipient to a Web page which appears to belong to their online bank, for instance, but in fact captures their account information for the phisher’s use.

Typically, a phishing email will appear to come from a trustworthy company and contain a subject and message intended to alarm the recipient into taking action. A common approach is to tell the recipient that their account has been deactivated due to a problem and inform them that they must take action to re-activate their account. The user is provided with a convenient link in the same email that takes the email recipient to a fake webpage appearing to be that of a trustworthy company. Once at that page, the user enters her personal information which is then captured by the fraudster.

Source: http://en.wikipedia.org/wiki/Phising

And If I still don’t understand…

Then TrendMicro has a pretty flash presentation which can be found at http://media.trendmicro.com/product/general/malware.html.

It is a 2.2MB download.