Bots Back Doors Malware, Trojans, Spyware, Virus security threats

Bots Back Doors Malware, Trojans, Spyware, Virus security threats -What is a malware ? A large number of computer users know computer virus only but virus isalso a malware..All these are in fact a type of software  and called with different names like Viruses, worms, Trojans, spyware, backdoors and bots(or a common name for them all is “The Malware”) depending upon their actions. Specialists have put them in different categories. These are specifically designed to damage, disrupt, in general inflict some other bad or illegitimate action on data, hosts, or networks or steal some kind of information like identities or passwords. These are technically known as Malcode(Malicious code)Different types of malware have varying ways of infecting systems and methods of propagatingthemselves. They can infect systems by being bundled with other programs or attached as macrosto files. Some are installed by exploiting a known vulnerability in an operating system (OS), network device, or other software, finding a hole in the browser. Some times they only requires the users to simply visit a website to infect their computers but majority of these are installed by some action from the user, like clicking an attachment to an e-mail or come bundled  while downloading a file from the Internet.
Viruses, worms, Trojans, bots, back doors, spyware, and adware are some of the more commonly
known types of malware and . damage from malware varies from  minor irritation browser popup ,
to stealing confidential information or some times money too, destroying data, and compromising
and/or entirely disabling systems and networks

Hardware of systems and network equipment, cannot be damaged by the malware but data and
software residing on the equipment can be effectively damaged. Please do not get confused with  the defective software, which is intended for legitimate purposes but has errors or bugs.

Classification of Malcode


Viruses and worms are the most common types of malware. These programs may self-replicate and
can spread copies(Even auto modified Copies) of themselves. A malcode must have the capacity to
auto propagate to be classified as a virus,  worm, malware, bot or a Trojan. A  worm operates independently of other files, but a virus depends on a host program to spread itself. Main
classifications of malcode are given below –

What are Trojans


Trojans are a type of malcode, named after the atory of the wooden horse. Almost all of  you have read the story and if not read it here if you are interested. Trojan is a  very harmful malcode. It looks legitimate and users are tricked into loading and executing it on their computers. It can execute unlimited attacks on the host, after it is activated, it can irritate the user by popping up windows,  changing desktops, damaging the host by deleting files, stealing data, Identity passwords etc., spreading and activating other malcode.  Trojans are notorious to create backdoors giving malicious users  an access to the system, though Trojans do not reproduce by infecting other files they do not self-replicate.
Image Curtsey-http://www.nostarch.com

Trojans are considered to be the most harmful malcode.

What are Worms


Worms are similar to viruses. They replicate functional copies of themselves and are capable of
causing the same type of damage. Where viruses  require a host file to spread and worms are
standalone software and need not a host program or human help to propagate. Worms are spread,
either exploiting a vulnerability on the target or using some kind of social engineering to trick users. A worm always enters a computer system through a vulnerability in the system taking  advantage of transport features of a file or information on the system, allowing it to travel unaided.

What are Viruses


 A  malware that propagates himself by  inserting itself into and becoming part of another program and spreads from computer to computer leaving infections as it travels. Severity of viruses may range  from  mildly annoying effects to damaging data or software and even denial of service (DoS) conditions. Viruses are  mostly attached to an a  ..exe(executable) file. Virus  existing on a system may  not be active or  spread until a user runs the host file containing malicious software. When the host code is executed, the viral code executes simultaneously. Sometimes the infected program keep functioning but some viruses overwrite other programs which destroys the program totally. Viruses spread  computer to computer when the software they are attached to is transferred through network, a disk, file sharing, or infected e-mail attachments.

What is Spyware


Spyware is a general term used to describe software that performs certain behaviors, generally
without obtaining your consent such as, advertising, collecting personal information, changing the
configuration of your computer. The key in all cases is whether or not you understand what the
software will do and have agreed to install the software on your computer. Because almost these
softwares are installed with other software you agreed for. A common trick is to covertly install
the software during the installation of other software you want such as a music or video file
sharing program.

Spyware is often associated with adware i.e a software designed to display advertisements that also
tracks personal or sensitive information. That does not mean all software that provides ads or tracks your online activities is bad. For example, you might sign up for a free music service, but you may pay for the service by agreeing to receive targeted ads. If you understand the terms and agree to them, you may have decided that it is a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.

Knowing what spyware does can be a very difficult process because most spyware is designed to be
difficult to remove. Other kinds of spyware make changes to your computer that can be annoying and
can cause your computer slow down or crash.

What are Back Doors


The scope of the term back door is vast. You can understand from the fact that it is used by the
security agencies of many countries to spy their rivals. No effective prevention is available yet. It is a means of access to a computer program bypassing its security mechanisms. Attackers use back doors to detect or install themselves, as part of an exploit. Some worm are designed to take advantage of a back door created by their earlier attack. A worm Nimda enters through a back door made by another worm Code Red. A back door is always a security risk, because crackers are always looking for any vulnerability to exploit. Understand from these examples –

(i)    A back door named time bomb could programmed by an using HDL language which automatically triggers backdoors after a pre fixed time(Like  30 Minutes after switching on) after the power-on of a device. The computer could be forced to crash or operate maliciously after a fixed time. It’s clear that this type of attack are always very dangerous. Designing a kill switch function is also
possible and this  could be totally undetectable by any validation methods.

(ii)    Backdoor triggers based on specific input data known as cheat codes, could be programmed by
an attacker. A cheat code is secret data used by the attacker to identify themselves to the hardware
backdoor logic, then initiate a malicious operation mode. As opposed to time bombs, this kind of
backdoor needs a second attack.

What are Bots


The name Bot is derived from the word Robot.and can be used good and malicious both purposes. It
automate tasks and provide information or services as a human being. Instant messaging(IM), web crawling, web interfaces and Internet relay chat(IRC) are typical use of bots to gather information. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server of an entire network of compromised devices, or botnet. Broad-based, flood-type, remote-controlled,  attacks can be launched against their targets by an attacker. with a botnet. In additition to the self propagating worms ability of bots include, passwords gathering, log keystrokes, stealing financial information, capturing and analyzing packets, spam relaying, launching  Denial of Service(DoS) attacks, and opening back doors on an infected host. Bots are more versatile in their infection having all the capabilities of worms. Bots infect networks in a way that escapes immediate notice and rarely reveal their presence with high scanning rates, which damage network infrastructure

Definitions


Exploit

It is a command, a methodology or a piece of software, that attacks a particular security vulnerability
and are  a common component of malware.

Back Door

It is a way of accessing a system, bypassing the normal authentication mechanisms placed in a software by its programmer.

Safety Measures Against Bots, Backdoors, Virus, Trojans etc. Malcode


1.    Keep your Operating system(OS) always updated with most recent patches and fixes provided by
your OS designer(Like Microsoft for Windows)
2.    Have a good quality antivirus software installed on your system and keep the  viruses, worms,
Trojans, and bots definitions up to date.
3.    Make sure that your antivirus program scans all e-mails and files before they are downloaded.
4.    Install a fire wall.
5.    Never ignore or add exceptions to a site while you receive a warning while visiting it.
6.    Music or video file sharing program may infect your system.

Disclaimer - This document does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. You will use the information at your own risk. I reserves the right to change, modify or update this document at any time.


Reactions:

0 comments:

Post a Comment