Security Terms

Malware

Malware is a generic term for “malicious software”1 2.

Malware can target any type of computer system, e.g.,

  • PCs and servers
  • mobile devices
  • process control systems

There are lots of types of malware.

How You Can Get Infected

In addition to e-mail and unreliable download sources, well-known programs can also cause problems. Many file-sharing applications can install spyware on your system to report information back to another source or provide other methods of accessing or obtaining information from your system. Avoid running programs you don’t need to prevent unwanted access to your computer.

An increasingly common problem with program installers that can be downloaded from the internet is the practice of “bundling” other software into the installation. This practice sometimes leaves users with browser add-ons like extra search bars, but are occasionally used to install malignant programs as well. When installing new software, it is important to read each prompt the installer puts on the screen to make sure that software is not being installed inadvertently.

Malware that Spreads

  • Virus — Malicious code that is spread through infected programs or files (e.g., Excel macros or PDF files)
  • Worm — Directly uses a network service to spread itself.  Typically exploits a vulnerability in a target to execute code that then exploits more systems
  • Trojan Horse — malicious software embedded in what appears to be a useful program

Viruses are spread in a variety of ways, such as:

  • e-mail attachments (such as Klez, Badtrans, MyParty)
  • instant messaging links and attachments (such as Aplore)
  • compromised web servers (such as Nimda)
  • pirated Software (Trojan are often embedded in illegal ‘warez’)
  • Usenet news groups
  • Internet Relay Chat channels
  • floppy disks (in the past, nowadays, if a physical device is used it’s more likely to be a USB)
  • file downloads (many backdoor Trojans are embedded with other files)

All viruses are different. Some remain dormant and benign until a certain day, when they are programmed to activate; others begin to attack the machine as soon as it has been infected.

Malware that Hides

  • Rootkit — malicious software that provides privileged access while hiding its presence. Obtains “root” privileges, and often embeds itself in kernel code
  • Bots and Botnets — A computer that is infected with malware that accepts remote commands from the attacker is called a “bot”. A large collection of these systems is called a “botnet”
  • Backdoor is a way to access a device bypassing normal entry points and access control. It allows ongoing stealthy remote access to a machine, often by enabling a network service. A backdoor program contacted via a backdoor may be used for malware installation and updates. These may come from program flaws or be intentionally built in by the developer.

Ransomware/Spyware

  • Ransomware is malware designed to extort the user in exchange for access to something of value. Often in the form of “Pay or I’ll post your private data to the Internet.” Sometimes also referred to as “Scareware”. A common form is a fake anti-virus program that claims you have many viruses and must pay for the full version to get rid of them. 
  • Spyware: Focused specifically on gathering information about you. Think: data mining.

On the Internet, spyware is programming that is put in someone’s computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can infect a computer as a software virus or as the result of installing a new program. Data collecting programs that are installed with the user’s knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared.

Spyware and adware can cause many recognizable problems on infected computers, such as slow computer function, jumpy internet, and altered home pages in the web browser. While spyware and adware can affect any OS, Windows users are the hardest hit. This is due to the fact that Windows is the most widely used OS across the world.

It is not uncommon to see internet ads claiming that your computer is infected with spyware or viruses and asking you to click for a “free scan.” These ads are bait for the unwary user, and once clicked on, the ad will lead to a download that will infect the user’s computer with spyware or some other malignant software, all while telling the user that it is removing threats from the computer. It is important to avoid such ads.

Keyloggers

  • Software that records and send user keystrokes to an attacker, or
  • Hardware of some small, inexpensive memory device plugged in between a keyboard cable and a computer

Could be used to get your password!

Drive-By Downloads

Simply visiting a web page can result in malware being silently downloaded and run on the user device. I.e., a site visit may result in software installation without the user knowing!

Zero-Day Exploits

A zero-day exploit (zero-day) is an attack taking advantage of a software vulnerability that is unknown to the developers. The day a vulnerability becomes known is the first day, and the attack precedes that — that’s why it’s called zero-day!

Students interested in learning more about cyberwarfare, and zero-day exploits in particular, should read this book:

Perlroth, N. (2021). This is how they tell me the world ends: The cyberweapons arms race. Bloomsbury Publishing USA.

(The link takes you to the library website)

1 Much of this information comes from CSC 474 – Network Security.

2 Van Oorschot, P. C. (2020). Computer security and the internet: tools and jewels from malware to Bitcoin. Springer.