Sie sind auf Seite 1von 7

1.

Provide a current classification of malware, giving examples of each type, and estimate the damage that can be caused by each type of malware.
Malware definition (http://dl.acm.org/citation.cfm?id=1862301)
Malware is a pervasive problem in distributed computer and network systems. Identification of malware variants provides great benefit in early detection. Control flow has been proposed as a characteristic that can be identified across variants, resulting in flowgraph based malware classification. Static analysis is widely used for the classification but can be ineffective if malware undergoes a code packing transformation to hide its real content. This paper proposes a novel algorithm for constructing a control flow graph signature using the decompilation technique of structuring. Similarity between structured graphs can be quickly determined using string edit distances. To reverse the code packing transformation, a fast application level emulator is proposed. To demonstrate the effectiveness of the automated unpacking and flowgraph based classification, we implement a complete system and evaluate it using synthetic and real malware. The evaluation shows our system is highly effective in terms of accuracy in revealing all the hidden code, execution time for unpacking, and accuracy in classification.

( http://www.spyware-removal-info.com/malware.html ) Malware, "malicious software", is software developed for the purpose of doing harm. Malware can be classified based on how they get executed, how they spread, and/or what they do. The classification is not perfect, however, in the sense that the groups often overlap and the difference is often not obvious. Classes of malicious software Viruses The first type of malware to evolve was the computer virus. Viruses work and spread (within the infected system) by attaching themselves to other pieces of software (or in the case of macro viruses, to documents), such that during the execution of the program the viral code is executed. Viruses spread across computers when the software or document they attached themselves to is transferred from one computer to the other. Computer worms are similar to viruses but are stand-alone software and thus do not require other pieces of software to attach themselves to. They do modify their host operating system, however, at least to the extent that they are started as part of the boot process. Worms spread, either by exploiting some vulnerability of the target system, or by using some kind of social engineering to trick users into executing them.

Trojan horses are similar to viruses in that they get executed by being part of an otherwise useful piece of software. However, Trojan horses are attached to the host software manually, they cannot infect other pieces of software the way viruses can, nor can they replicate themselves. To spread, Trojan horses rely on the useful features of the host software, which trick users to install them. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. A Backdoor is a piece of software that allows access to the computer system, bypassing the normal authentication procedures. Based on how they work and spread there are two groups of backdoors. The first group works much like a Trojan, i.e., they are manually inserted into another piece of software, executed via their host software and spread by their host software being installed. The second group works more like a worm in that they get executed as part of the boot process and are usually spread by worms carrying them as their payload. Spyware is a piece of software that collects and sends information (such as browsing patterns in the more benign case or credit card numbers in more serious ones) on users. They usually work and spread like Trojan horses. The category of spyware is sometimes taken to include adware of the less-forthcoming sort. An Exploit is a piece of software that attacks a particular security vulnerability. Exploits are not necessarily malicious in intent they are often devised by security researchers as a way of demonstrating that a vulnerability exists. However, they are a common component of malicious programs such as network worms. A Rootkit is software inserted onto a computer system after an attacker has gained control of the system. Rootkits often include functions to hide the traces of the attack, as by deleting log entries or cloaking the attacker's processes. Rootkits may also include backdoors, allowing the attacker to easily regain access later; or exploit software to attack other systems. Phoney or Hoax Viruses There are many instances where hoax virus warning messages have been sent which suggest that the recipient may have a particular virus, together with helpful instructions about how to confirm and eliminate the virus. These messages almost invariably tell you to look for a particular file and if it is present, delete it. In most cases the file which they mention is a Windows system file which if deleted, will cause serious running problems. If in doubt, run an internet search on Google for the filename, and you will almost cetainly find information about it, and any recent scam. Prevention --> Spam Blockers How to stop Malware As with all unwanted internet files and applications, there are three essential actions to be considered: 1. Malware Scanning to detect whether any file has secreted itself on your drives or in your

registry 2. Malware Removal. This involves software that can identify and remove the malware 3. Malware Prevention. It is essential that you block any further invasion once you have removed any existing malware files.

( http://www.microsoft.com/security/resources/malware-whatis.aspx) Malware is short for "malicious software." Malware is any kind of unwanted software that is installed without your adequate consent. Viruses, worms, and Trojan horses are examples of malicious software that are often grouped together and referred to as malware.

How to help protect your computer from malware


There are several free ways to help protect your computer against malware:

Make sure automatic updating is turned on to get all the latest security updates. Keep your firewall turned on. Don't open spam email messages or click links on suspicious websites. Download Microsoft Security Essentials, which is free, or another reputable antivirus and anti-malware program (see the warning below). Scan your computer with the Microsoft Safety Scanner.

Warning: Cybercriminals sometimes try to trick you into downloading rogue (fake) security software that claims to protect you against malware. This rogue security software might ask you to pay for a fake product, install malware on your computer, or steal your personal information.

( http://www.securelist.com/en/threats/detect?chapter=76 )

Damage caused by malware


The damage caused by a virus which infected a home computer or a corporate network can be different from insignificant increase in outgoing traffic (if a computer is infected by a Trojan sending out spam) to the complete network breakdown or the loss of critical data. The scale of the damage depends on the targets of the virus and sometimes the results of its activity are imperceptible for the users of a compromised machine.

Operability of computers and computer networks

The catastrophic failure or dramatic slowdown of an individual computer or network can be premeditated or accidental. A virus or a Trojan may delete critical system elements, thus disabling the OS, overload the network with a DDoS attack, or otherwise negatively affect the systems operability. Fatal problems are often caused by a bug in the virus code or principle of operation. Bugs can be found in any software product, including viruses. In addition, its most unlikely that viruses are thoroughly tested before they are launched, a practice that is mirrored by some commercial products too. Sometimes malware is incompatible with the software and hardware of the system upon which it is run, resulting in server failure or drastic increases in spam traffic, thereby paralyzing a companys network. From time to time more disastrous events occur. For example, in 1988 in the USA, the Morris Worm caused an epidemic in Arpanet, ancestor of the modern-day Internet. Over 6000 machines, or about 10% of all the computers on the network, were infected. A bug in the virus code caused it to replicate and distribute itself across the network, resulting in complete system paralysis. In January 2003 the Slammer worm caused a geographically-rotating Internet blackout across the USA, South Korea, Australia and New Zealand. As a result of the uncontrolled prevalence of the worm, network traffic increased by 25%, leading to serious problems with banking operations for the Bank of America. Lovesan (Blaster, MSBlast), Mydoom, Sasser and other network worm epidemics also caused terrific damage to airlines which had to cancel the flights, and to banks which had to temporarily cease their operations.

Hardware failure
A virus seldom causes hardware failure as modern computers are relatively well protected from software faults. However in 1999 the CIH virus, also known as Chernobyl, disrupted the operation of any infected system by deleting the data in the Flash BIOS, making it impossible to even boot the computer. Home users had to visit a service center to get the Flash BIOS rewritten in order to restore the machine to working condition. On many laptops the Flash BIOS was soldered directly to the motherboard, along with the drive, the video card and other hardware. This meant that in most cases the cost of the repair exceeded the cost of a new laptop, resulting in damaged computers being simply thrown away. Several hundred thousand computers fell victim to the CIH bomb. Sometimes a Trojan can open and close the CD/DVD tray. Though modern hardware is pretty reliable these days, this could theoretically cause drive failure on computers that are continuously on.

Data loss or data theft


The damage caused by a successful attack that erases a users data can be measured in terms of the value of the erased information to the user. If the attack targeted a home computer used for entertainment, the damage is probably minimal. The theft of important information can result in

the loss of many years work, a valued photo archive or some other type of coveted correspondence. The oft-neglected way to prevent data loss is by taking regular backups. If data is stolen as the result of a targeted attack on a specific individual, the damage can be tremendous, particularly if the data belonged to a company or even the state client databases, financial and technical documentation or even banking details can end up in the wrong hands the possibilities are endlessly. We live in the information age and its loss or leakage can sometimes have disastrous consequences.

Even if there is no visible damage


Many Trojans and viruses do not advertise their presence in the system. Viruses can surreptitiously infiltrate the system, and both the files and the system will remain operable. Trojans can hide themselves in the system and secretly do their Trojan thing and on the face of it everything seems fine, however it is only a front. A virus on a corporate network can be considered a force majeure and the damage caused by it as being equal to the losses associated with the network downtime necessary for disinfection. A Trojans presence is also a highly undesirable thing, even if it does not constitute any threat to the network. The Trojan may only be a zombie server sending out spam, but it consumes network and Internet resources and the compromised computers can distribute a great deal of spam which is likely to be directed towards the companys own corporate mail server. Unfortunately, a considerable number of home users do not realize the problem and do not protect their computers. Our survey from December 2005 showed that 13% of the Russians that took part had no antivirus program installed on their machines. Most of these users were completely unaware that their computers could become a base for spam distribution and attacks on other network elements. Lets leave it to their conscience.

( http://www.securelist.com/en/blog/154402251/New_malware_classification_system ) Naming of malicious programs Each malicious program is given a name which has several parts. Any program which is given a name containing the term VirWare, TrojWare, MalWare, RiskWare, AdWare or PornWare will be a malicious program. The name of each malicious program can be broken down in the following way: Verdict: verdict clarification Verdict clarification includes the following categories: Behaviour[-Sub-behaviour].OS.Name[-Modification:] Verdict: this is an umbrella description which covers the main characteristics of a virus sample: VirWare, TrojWare, MalWare, RiskWare, AdWare, PornWare, SPAM, or Attack. Behaviour: this defines the malicious program's payload. Backdoor, Virus etc. are all examples of Behaviour. A less threatening behaviour will be subsumed by the most threatening behaviour. For example, if a program has a backdoor function, but also infects files, the behaviour will be classified as Virus. If in addition to these behaviours, the malicious program spreads via network connections, the behaviour will be classified as Worm. Sub-behaviour: this category is only used if the malicious program has a sub-behavior. It defines the main behaviour further. For instance, a malicious program classified as Trojan-Spy has the sub-behaviour Spy and so on. The sub-behaviour term is separated from the behavior term by a dash. In the case of worms, the sub-behaviour term will be a prefix to the main behaviour term: P2PWorm, Net-Worm etc. OS gives the operating system in which the malicious program functions eg. Win32, BAT, IRC etc. Name: the name which the Virus Lab has given to the malicious program. Modification: shows the different versions of a malicious program grouped under one name. An example of a name under the new classification system would be TrojanDropper.Win32.Agent.a - a Trojan which drops another malicious program, operates in Win32. The Virus Lab has named this program Agent, and this particular program is modification a, the first in a series.

Names of malicious programs always include the Behaviour, OS, Name and Modification terms.

Spyware
Spyware is a sneaky program that tracks and reports your computing activity without consent. While it isn't designed to inflict damage, spyware can terribly affect the performance of your computer over time. Spyware usually comes bundled with free software and automatically installs itself with the program you intended to use. Signs of spyware include sudden modifications to your web browser, redirects of your search attempts and the frequent displaying of pop-ups. In this instance, spyware can also be termed as adware which is essentially addsupported software that has the ability to track your activity.

Rootkits
A rookit could be a single program or collection of programs designed to take complete control of a system. This type of malware is employed by hackers and gives them all the abilities of a system administrator from a remote location. Rootkits are very sophisticated as they make hackers very difficult to find. They are often used to infect other computers and enslave them as zombies, forcing them to attack other machines, distribute spam or steal passwords. When attempting to track a rootkit's creator, the search usually ends with the first zombie while the hacker goes undetected.

Staying Safe
As you can see, malware is abundant and will attempt to attack your from every direction. However, there are several security solutions and system updates that will help to keep you protected. Combine these tools with safe computing and you have a much better chance of keeping the malicious software away.

Das könnte Ihnen auch gefallen