Viruses & Malware

What is malware?
Malicious software. - A software program
designed to cause harm to a computer
without the knowledge of the user.
 Types of malware
 Computer viruses
 Worms
 Trojan horses
 Spyware
 Adware
 Any other type of malicious & unwanted
software.
 What is a computer virus?
A computer program that can infect a
computer and replicate and spread without
the users knowledge.
 Types of viruses
 Resident  Polymorphic
 Direct Action  File Infectors
 Overwrite  Companion
 Boot  Fat
 Macro  Logic Bombs
 Directory
 Resident Virus
A virus that takes up permanent residence in the
RAM memory. It can take over or interupt any
operation executed by the computer system. It
can corrupt files and programs; such as copy,
open, close, rename and more.
Examples: Randex, CMJ, Meve, and MrKlunky.
 Direct Action Virus
A batch file that resides in the root directory of
the hard disk. When executed it will infect files
in the directory that it is in, plus any directed
to, in the batch file AUTOEXEC.BAT file PATH.
 Overwrite Virus
A virus that deletes of overwrites part or
all of the information in a file, making
them partially or totally worthless. To
get rid of the virus, the file has to be
deleted.

Examples of this virus include: Way, Trj.Reboot,

Trivial.88.D.
 Boot Virus
A virus that affects the boot sector of the hard
drive or a floppy drive. The boot sector gives
the computer information on how to boot, if
it is not functioning the computer won't boot.
To avoid a boot virus, don't boot your
computer with an unknown floppy disk in
your floppy drive and make sure it is write
protected.

Examples of boot viruses include: Polyboot.B,

AntiEXE.
 Macro Virus
A virus written in a macro language that infects
the files that were created with it. When the file
is opened the macro virus runs automatically.
This may arrive on your computer by email
attachment.

Examples of macro viruses: Relax, Melissa.A,

Bablas, O97M/Y2K.
 Directory Virus
 Directory viruses will replace an existing
executable and move the real file somewhere
else, so when you run it you are unknowingly
running the virus program instead of the
original. It then becomes impossible to find
the original file.
 Polymorphic Virus
Viruses that encode or encrypt
themselves so that each new version is
different. This enables them to
replicate and very hard for virus
scanners to track down.
 File Infectors
The majority of viruses are file infectors.
This virus is activated by running an
executable file like .exe or .com
extension files. Once run, the virus
does its damage according to the
program in the executable file.
 Companion Virus
once the system is infected they
accompany the files that already exist.
They can lay in wait or take action
immediately.

Some examples include: Stator, Asimov.1539,

and Terrax.1069
 Fat Virus
this virus will only infect a computer
running a file allocation table (FAT) file
system. This virus will prevent access
to parts of the hard drive preventing
files to be accessed Newer windows
computers use NTFS and don't need to
worry about this virus.
 Logic Bomb
 Not technically a virus because it does not
replicate. It is program designed to destroy
data, or perform a function, that is set to go
off under specific conditions.
 What is a worm?
A worm typically infects networked
computers. It replicates but may not
corrupt files. It uses a network to send
copies of itself to other nodes without
user intervention. It will at the very
least slow the computers and network
down.
 What is a trojan?
Trojan – refers to the story of the Trojan
horse. This is malware that is hidden inside
of a benign looking function but actually
performs a malicious function. This
malware may allow unauthorized access to
the computer, give them access to the files
and control the computer.
 Type of Trojans
 Remote Access
 Data Destruction
 Downloader/dropper
 Server Trojan(Proxy, FTP , IRC, Email,
HTTP/HTTPS, etc.)
 Disable security software
 Denial-of-service attack (DoS)
 What is spyware?
Spyware is computer software that is
secretly installed on your computer to
monitor your internet usage and
behavior.
 Spyware continued
Spyware – spyware can do more than
monitor the user's behavior. It can
collect personal information, such as,
surfing habits and sites visited. Spyware
can also install software and redirirect
web browser activity. Spyware can slow
connection speeds and set different
home pages
 List of fake anti-spyware
 AntiVirus 360  Spydawn
 Antivirus 2008  Spylocked
 Antivirus 2009  Spysheriff
AntiVirus Gold SpyShredder


ContraVirus
Spyware Quake


 Errorsafe
SpywareStrike
MacSweeper


UltimateCleaner
PAL Spyware Remover



 Pest Trap  WinAntiVirus Pro 2006

 PSGuard  WinFixer
 Spy Wiper  WorldAntiSpy
 What is adware?
Adware – a software package that plays
automatically and will display
advertisements on the computer after
installing some other software.
 Known adware programs
 123 Messenger  Daemon Tools
 180SearchAssistant  Direct Revenue
 888bar  DivX
Adssite Toolbar
DollarRevenue


AOL Instant Messenger



Ebates MoneyMaker


 Antivirus 200 Family 

 Bearshare  ErrorSafe
 Bonzi Buddy  Ezula
 BlockChecker  FlashGet
 Burn4Free  Gamespy Arcade
 ClipGenie  Gator
 Comet Cursor  Kazaa
 Adware programs continued
 Messenger Plus! Live  Viewpoint Media Player
 MessengerSkinner  VirusProtectPro
 Micro Antivirus  WeatherBug
 Mirar Toolbar  WhenU
 Oemji Toolbar R  WinAce
 RealPlayer  WinFixer
 Smiley Central  Winzix
 TagASaurus  Wolfenstein enemy
 TopMoxie territory
 Tribal Fusion  Zango
 Videothang  Zango Toolbar
 Viewpoint Media Player  Zwinky
 VirusProtectPro