Malware Topics

• national conference of state legislatures
• harmful bugs
• crimeware
• profit motive
• technet security
• defective software
• trojan horse
• jcots
• malicious program
• legitimate purpose
• term computer
• computer virus
• rootkit
• concealment
• unix system
• computer professionals
• unwanted software
• computer viruses
• contaminant

Related Images

Source

del.icio.us Tags

• malware
• wikipedia
• t214
• security
• block
• 3.2,
• 1,
• casestudy2
• 2
• malware,
• 1
• t214,
• study
• section
• case
• furthereducation
• windows
• utility
• software
• internet
• appscan
• security_policy
• reference
• ou
• artlogiciel
• t214-2009
• nets
• openuni

Malware, Malware

The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. http://www.microsoft.com/technet/security/alerts/info/malware.mspx The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.

Malware includes computer viruses, worms, trojan horse, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states, including California and West Virginia. National Conference of State Legislatures Virus/Contaminant/Destructive Transmission Statutes by State jcots.state.va.us/2005%20Content/pdf/Computer%20Contamination%20Bill.pdf Penalty for Computer Contamination Malware is not the same as defective software, that is, software which has a legitimate purpose but contains harmful bugs.

Concealment can also help get the malware installed in the first place. When a malicious program is disguised as something innocuous or desirable, users may be tempted to install it without knowing what it does. This is the technique of the Trojan horse or trojan.

The same is true when a human attacker breaks into a computer directly. Techniques known as rootkits allow this concealment, by modifying the host operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process from being visible in the system's list of processes, or keep its files from being read. Originally, a rootkit was a set of tools installed by a human attacker on a Unix system where the attacker had gained administrator (root) access. Today, the term is used more generally for concealment routines in a malicious program.

More recently, the greater share of malware programs have been written with a financial or profit motive in mind. This can be taken as the malware authors' choice to monetize their control over infected systems: to turn that control into a source of revenue.

They differ in that their creators present themselves openly as businesses, for instance by selling advertising space on the pop-ups created by the malware. Most such programs present the user with an end-user license agreement which purportedly protects the creator from prosecution under computer contaminant laws. However, spyware EULAs have not yet been upheld in court.

Some malware programs install a key logger , which intercepts the user's keystrokes when entering a password, credit card number, or other information that may exploited. This is then transmitted to the malware creator automatically, enabling credit card fraud and other theft. Similarly, malware may copy the CD key or password for online games, allowing the creator to steal accounts or virtual items.

A typical example is the buffer overrun, in which an interface designed to store data in a small area of memory allows the caller to supply more data than will fit. This extra data then overwrites the interface's own structure. In this way malware can force the system to execute malicious code, by replacing legitimate code with its own payload.

Because many malware components are installed as a result of browser exploits or user error, using security software (some of which are anti-malware, though many are not) to "sandbox" browsers (essentially babysit the user and their browser) can also be effective in helping to restrict any damage done.

Adleman's proof is perhaps the deepest result in malware computability theory to date and it relies on Cantor's diagonal argument as well as the halting problem. Ironically, it was later shown by Young and Yung that Adleman's work in cryptography is ideal in constructing a virus that is highly resistant to reverse-engineering by presenting the notion of a cryptovirus. A. Young, M. Yung, "Cryptovirology: Extortion-Based Security Threats and Countermeasures," IEEE Symposium on Security & Privacy, pages 129-141, 1996.

In theory the victim must negotiate with the virus writer to get the IV+SK back in order to decrypt the ciphertext (assuming there are no backups). Analysis of the virus reveals the public key, not the IV and SK needed for decryption, or the private key needed to recover the IV and SK. This result was the first to show that computational complexity theory can be used to devise malware that is robust against reverse-engineering.

Source: Wikipedia > Malware