FACTOID # 17: Though Rhode Island is the smallest state in total area, it has the longest official name: The State of Rhode Island and Providence Plantations.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
 
WHAT'S NEW
RELATED ARTICLES
People who viewed "Malware" also viewed:
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Malware
A screenshot of a malicious website attempting to install spyware via an ActiveX Control in Internet Explorer 6

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. The term is a portmanteau of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Image File history File links Screenshot of spyware. ... Image File history File links Screenshot of spyware. ... -1... ActiveX is a component object model (COM) developed by Microsoft for Windows platforms. ... Internet Explorer, abbreviated IE or MSIE, is a proprietary web browser made by Microsoft and currently available as part of Microsoft Windows. ... Informed consent is a legal condition whereby a person can be said to have given consent based upon an appreciation and understanding of the facts and implications of an action. ... A portmanteau (IPA: ) is a word or morpheme that fuses two or more words or word parts to give a combined or loaded meaning. ... Malice is a legal term referring to a partys intention to do injury to another party. ... Software redirects here. ...


Many normal computer users are however still unfamiliar with the term, and most never use it. Instead, "computer virus" is incorrectly used in common parlance and even in the media to describe all kinds of malware, though not all malware are viruses. A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ...


Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other American states.[1] In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see below). ... A computer worm is a self-replicating computer program. ... In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. ... A rootkit is a general description of a set of programs which work to subvert control of an operating system from its legitimate operators. ... -1... This article is about advertising-supported software. ... For other uses, see Law (disambiguation). ... This article is about the U.S. state. ... Official language(s) none (de facto English) Demonym West Virginian Capital Charleston Largest city Charleston Largest metro area Charleston metro area Area  Ranked 41st in the US  - Total 24,230 sq mi (62,755 km²)  - Width 130 miles (210 km)  - Length 240 miles (385 km)  - % water 0. ...


Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains harmful bugs. A software bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from behaving as intended (e. ...


Of all computer code released today the majority may be malicious. Preliminary results from Symantec sensors published in 2008 suggested that "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications."[2] According to F-Secure, "As much malware [was] produced in 2007 as in the previous 20 years altogether."[3] Malware's most common pathway from criminals to users is through the Internet, by email and the World Wide Web.[4] Symantec Corporation NASDAQ: SYMC, founded in 1982, is an international corporation which sells computer software, particularly in the realms of security and information management. ... The user interface for F-Secure Anti Virus 2006. ... The World Wide Web and WWW redirect here. ...

Contents

Purposes

Many early infectious programs, including the first Internet Worm and a number of MS-DOS viruses, were written as experiments or pranks generally intended to be harmless or merely annoying rather than to cause serious damage to computers. Young programmers learning about viruses and the techniques used to write them only to prove that they could or to see how far it could spread. As late as 1999, widespread viruses such as the Melissa virus appear to have been written chiefly as pranks. A computer worm is a self-replicating computer program, similar to a computer virus. ... Microsofts disk operating system, MS-DOS, was Microsofts implementation of DOS, which was the first popular operating system for the IBM PC, and until recently, was widely used on the PC compatible platform. ... A programmer or software developer is someone who programs computers, that is, one who writes computer software. ... The Melissa Worm, also known as Mailissa, Simpsons, Kwyjibo, or Kwejeebo, is a computer worm that also functions as a macro virus. ...


A slightly more hostile intent can be found in programs designed to vandalize or cause data loss. Many DOS viruses, and the Windows ExploreZip worm, were designed to destroy files on a hard disk, or to corrupt the filesystem by writing junk data. Network-borne worms such as the 2001 Code Red worm or the Ramen worm fall into the same category. Designed to vandalize web pages, these worms may seem like the online equivalent to graffiti tagging, with the author's alias or affinity group appearing everywhere the worm goes. Windows redirects here. ... ExploreZip, also known as I-Worm. ... Typical hard drives of the mid-1990s. ... The Code Red worm was a computer worm released via the Internet on July 13, 2001 affecting computers running Microsofts Internet Information Server (IIS) web server. ... For other uses, see Graffiti (disambiguation). ...


However, since the rise of widespread broadband Internet access, more malicious software has been designed for a profit motive. For instance, since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for black-market exploitation.[citation needed] Infected "zombie computers" are used to send email spam, to host contraband data such as child pornography[5], or to engage in distributed denial-of-service attacks as a form of extortion. Broadband in telecommunications is a term that refers to a signaling method that includes or handles a relatively wide range of frequencies, which may be divided into channels or frequency bins. ... This article is about computers that have been compromised by malware. ... A typical spam advertisement Spam by e-mail is one type of spamming that involves sending identical or nearly identical messages to thousands (or millions) of recipients. ... Child pornography refers to pornographic material depicting children being sexually abused. ... A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ... Extortion is a criminal offense, which occurs when a person either obtains money, property or services from another through coercion or intimidation or threatens one with physical harm unless they are paid money or property. ...


Another strictly for-profit category of malware has emerged in spyware -- programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator. Spyware programs do not spread like viruses; they are generally installed by exploiting security holes or are packaged with user-installed software, such as peer-to-peer applications.-1... Illustration of the concept of affiliate marketing Affiliate marketing is a web-based marketing practice in which a business rewards one or more affiliates for each visitor or customer brought about by the affiliates marketing efforts. ...


Infectious malware: viruses and worms

Main articles: Computer virus and Computer worm

The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any other particular behavior. The term computer virus is used for a program which has infected some executable software and which causes that software, when run, to spread the virus to other executable software. Viruses may also contain a payload which performs other actions, often malicious. A worm, on the other hand, is a program which actively transmits itself over a network to infect other computers. It too may carry a payload. A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ... A computer worm is a self-replicating computer program. ... A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ... A computer worm is a self-replicating computer program. ...


These definitions lead to the observation that a virus requires user intervention to spread, whereas a worm spreads automatically. Using this distinction, infections transmitted by email or Microsoft Word documents, which rely on the recipient opening a file or email to infect the system, would be classified as viruses rather than worms. E-mail, or email, is short for electronic mail and is a method of composing, sending, and receiving messages over electronic communication systems. ... Microsoft Word is Microsofts flagship word processing software. ...


Some writers in the trade and popular press appear to misunderstand this distinction, and use the terms interchangeably.


Capsule history of viruses and worms

Before Internet access became widespread, viruses spread on personal computers by infecting programs or the executable boot sectors of floppy disks. By inserting a copy of itself into the machine code instructions in these executables, a virus causes itself to be run whenever the program is run or the disk is booted. Early computer viruses were written for the Apple II and Macintosh, but they became more widespread with the dominance of the IBM PC and MS-DOS system. Executable-infecting viruses are dependent on users exchanging software or boot floppies, so they spread heavily in computer hobbyist circles. A boot sector is a sector of a hard disc, floppy disc, or similar data storage device that contains code for bootstrapping programs (usually, but not necessarily, operating systems) stored in other parts of the disc. ... Machine code or machine language is a system of instructions and data directly executed by a computers central processing unit. ... The Apple II was one of the most popular personal computers of the 1980s. ... The first Macintosh computer, introduced in 1984, upgraded to a 512K Fat Mac. The Macintosh or Mac, is a line of personal computers designed, developed, manufactured, and marketed by Apple Computer. ... IBM PC (IBM 5150) with keyboard and green screen monochrome monitor (IBM 5151), running MS-DOS 5. ... Microsofts disk operating system, MS-DOS, was Microsofts implementation of DOS, which was the first popular operating system for the IBM PC, and until recently, was widely used on the PC compatible platform. ...


The first worms, network-borne infectious programs, originated not on personal computers, but on multitasking Unix systems. The first well-known worm was the Internet Worm of 1988, which infected SunOS and VAX BSD systems. Unlike a virus, this worm did not insert itself into other programs. Instead, it exploited security holes in network server programs and started itself running as a separate process. This same behavior is used by today's worms as well. Filiation of Unix and Unix-like systems Unix (officially trademarked as UNIX®, sometimes also written as or ® with small caps) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy. ... A computer worm is a self-replicating computer program, similar to a computer virus. ... SunOS was the version of the UNIX operating system developed by Sun Microsystems for their workstations and server systems until the early 1990s. ... VAX is a 32-bit computing architecture that supports an orthogonal instruction set (machine language) and virtual addressing (i. ... BSD redirects here; for other uses see BSD (disambiguation). ...


With the rise of the Microsoft Windows platform in the 1990s, and the flexible macro systems of its applications, it became possible to write infectious code in the macro language of Microsoft Word and similar programs. These macro viruses infect documents and templates rather than applications, but rely on the fact that macros in a Word document are a form of executable code. Windows redirects here. ... For other uses, see Macro (disambiguation) A macro in computer science is a rule or pattern that specifies how a certain input sequence (often a sequence of characters) should be mapped to an output sequence (also often a sequence of characters) according to a defined procedure. ... Microsoft Word is a word processing application from Microsoft. ... In computing terminology, a macro virus is a virus that is written in a macro language. ...


Today, worms are most commonly written for the Windows OS, although a small number are also written for Linux and Unix systems. Worms today work in the same basic way as 1988's Internet Worm: they scan the network for computers with vulnerable network services, break in to those computers, and copy themselves over. Worm outbreaks have become a cyclical plague for both home users and businesses, eclipsed recently in terms of damage by spyware.[citation needed] This article is about operating systems that use the Linux kernel. ... Filiation of Unix and Unix-like systems Unix (officially trademarked as UNIX®, sometimes also written as or ® with small caps) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy. ... -1...


Concealment: Trojan horses, rootkits, and backdoors

For a malicious program to accomplish its goals, it must be able to do so without being shut down, or deleted by the user or administrator of the computer it's running on. Concealment can also help get the malware installed in the first place. When a malicious program is disguised as something innocuous or desirable, users may be tempted to install it without knowing what it does. This is the technique of the Trojan horse or trojan. In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. ... A rootkit is a general description of a set of programs which work to subvert control of an operating system from its legitimate operators. ... A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection. ... In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. ...


Broadly speaking, a Trojan horse is any program that invites the user to run it, but conceals a harmful or malicious payload. The payload may take effect immediately and can lead to many undesirable effects, such as deleting all the user's files, or more commonly it may install further harmful software into the user's system to serve the creator's longer-term goals. Trojan horses known as droppers are used to start off a worm outbreak, by injecting the worm into users' local networks. A dropper is a program(malware component) that has been designed to install some sort of malware (virus, backdoor, etc) to a target system. ...


One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads from the Internet. When the user installs the software, the spyware is installed alongside. Spyware authors who attempt to act in a legal fashion may include an end-user license agreement which states the behavior of the spyware in loose terms, and which the users are unlikely to read or understand. A software license is a type of proprietary or gratiuitious license as well as a memorandum of contract between a producer and a user of computer software — sometimes called an End User License Agreement (EULA) — that specifies the perimeters of the permission granted by the owner to the user. ...


Once a malicious program is installed on a system, it is often useful to the creator if it stays concealed. The same is true when a human attacker breaks into a computer directly. Techniques known as rootkits allow this concealment, by modifying the host operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process from being visible in the system's list of processes, or keep its files from being read. Originally, a rootkit was a set of tools installed by a human attacker on a Unix system where the attacker had gained administrator (root) access. Today, the term is used more generally for concealment routines in a malicious program. A rootkit is a general description of a set of programs which work to subvert control of an operating system from its legitimate operators. ... In computing, a process is an instance of a computer program that is being executed. ...


Some malicious programs contain routines to defend against removal: not merely to hide themselves, but to repel attempts to remove them. An early example of this behavior is recorded in the Jargon File tale of a pair of programs infesting a Xerox CP-V timesharing system: The Jargon File is a glossary of hacker slang. ...

Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently slain program within a few milliseconds. The only way to kill both ghosts was to kill them simultaneously (very difficult) or to deliberately crash the system. [1]

Similar techniques are used by some modern malware, wherein the malware starts a number of processes which monitor one another and restart any process which is killed off by the operator.


A backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised (by one of the above methods, or in some other way), one or more backdoors may be installed, in order to allow the attacker access in the future. The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. Crackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors crackers may use Trojan horses, worms, or other methods. A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection. ... For other uses of the terms authentication, authentic and authenticity, see authenticity. ... In the context of computer networking, cracking (also called black-hat hacking) is the act of compromising the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network. ... In the context of computer networking, cracking (also called black-hat hacking) is the act of compromising the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network. ... In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. ... A computer worm is a self-replicating computer program. ...


Malware for profit: spyware, botnets, keystroke loggers, and dialers

During the 1980s and 1990s, it was usually taken for granted that malicious programs were created as a form of vandalism or prank (although some viruses were spread only to discourage users from illegal software exchange.) More recently, the greater share of malware programs have been written with a financial or profit motive in mind. This can be taken as the malware authors' choice to monetize their control over infected systems: to turn that control into a source of revenue.-1... Botnet is a jargon term for a collection of software robots, or bots, which run autonomously and automatically. ... Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the users keystrokes. ... A dialer (or dialler) is a computer program which creates a connection to the Internet or another computer network over the analog telephone or ISDN network. ... Vandalism is the conspicuous defacement or destruction of a structure, a symbol or anything else that goes against the will of the owner/governing body. ... This article needs to be cleaned up to conform to a higher standard of quality. ...


Since 2003 or so, the most costly form of malware in terms of time and money spent in recovery has been the broad category known as spyware.[citation needed] Spyware programs are commercially produced for the purpose of gathering information about computer users, showing them pop-up ads, or altering web-browser behavior for the financial benefit of the spyware creator. For instance, some spyware programs redirect search engine results to paid advertisements. Others, often called "stealware" by the media, overwrite affiliate marketing codes so that revenue goes to the spyware creator rather than the intended recipient.-1... Dozens of pop-up ads covering a desktop. ... Search engine redirects here. ... Stealware is a piece of software that comes (with some p2p programs) in and checks if the store youre buying from has an affiliate system that the P2P software vendor is using. ... Illustration of the concept of affiliate marketing Affiliate marketing is a web-based marketing practice in which a business rewards one or more affiliates for each visitor or customer brought about by the affiliates marketing efforts. ...


Spyware programs are sometimes installed as Trojan horses of one sort or another. They differ in that their creators present themselves openly as businesses, for instance by selling advertising space on the pop-ups created by the malware. Most such programs present the user with an end-user license agreement which purportedly protects the creator from prosecution under computer contaminant laws. However, spyware EULAs have not yet been upheld in court. A software license is a type of proprietary or gratiuitious license as well as a memorandum of contract between a producer and a user of computer software — sometimes called an End User License Agreement (EULA) — that specifies the perimeters of the permission granted by the owner to the user. ...


Another way that financially-motivated malware creator can profit from their infections is to directly use the infected computers to do work for the creator. Spammer viruses, such as the Sobig and Mydoom virus families, are commissioned by e-mail spam gangs. The infected computers are used as proxies to send out spam messages. The advantage to spammers of using infected computers is that they are available in large supply (thanks to the virus) and they provide anonymity, protecting the spammer from prosecution. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks. The Sobig Worm was a computer worm that infected millions of Internet-connected, Microsoft Windows computers in August 2003. ... Mydoom, also known as Novarg, Mimail. ... E-mail spam, also known as bulk e-mail or junk e-mail is a subset of spam that involves sending nearly identical messages to numerous recipients by e-mail. ... An open proxy is a proxy server which is accessible by any Internet user. ... A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ...


In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously. Botnets can also be used to push upgraded malware to the infected systems, keeping them resistant to anti-virus software or other security measures. Botnet is a jargon term for a collection of software robots, or bots, which run autonomously and automatically. ... A malbot is a robot or Internet bot designed or used for malicious intentions such as gaining unauthorised access to a computer system, or participation in a Botnet. ... This article is about Internet Relay Chat. ...


Lastly, it is possible for a malware creator to profit by simply stealing from the person whose computer is infected. Some malware programs install a key logger, which copies down the user's keystrokes when entering a password, credit card number, or other information that may be useful to the creator. This is then transmitted to the malware creator automatically, enabling credit card fraud and other theft. Similarly, malware may copy the CD key or password for online games, allowing the creator to steal accounts or virtual items. Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the users keystrokes. ... Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. ... A CD key is a specific software-based key for a certain program or a computer game. ...


Another way of stealing money from the infected PC owner is to take control of the modem and dial an expensive toll call. Dialer (or porn dialer) software dials up a premium-rate telephone number such as a U.S. "900 number" and leave the line open, charging the toll to the infected user. For other uses, see Modem (disambiguation). ... A dialer (or dialler) is a computer program which creates a connection to the Internet or another computer network over the analog telephone or ISDN network. ... Premium-rate telephone numbers are telephone numbers for telephone calls during which certain services are provided, and for which prices higher than normal are charged. ...


Vulnerability to malware

In this context, as throughout, it should be borne in mind that the “system” under attack may be of various types, e.g. a single computer and operating system, a network or an application. For other uses of the word Vulnerability, please refer to vulnerability. ...


Various factors make a system more vulnerable to malware:

  • Homogeneity – e.g. when all computers in a network run the same OS, if you can hack that OS, you can break into any computer running it.
  • Defects – most systems containing errors which may be exploited by malware.
  • Unconfirmed code – code from a floppy disk, CD-ROM or USB device may be executed without the user’s agreement.
  • Over-privileged users – some systems allow all users to modify their internal structures.
  • Over-privileged code – most popular systems allow code executed by a user all rights of that user.

An often cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance. A floppy disk is a data storage device that is composed of a disk of thin, flexible (floppy) magnetic storage medium encased in a square or rectangular plastic shell. ... The CD-ROM (an abbreviation for Compact Disc Read-Only Memory (ROM)) is a non-volatile optical data storage medium using the same physical format as audio compact discs, readable by a computer with a CD-ROM drive. ... Note: USB may also mean upper sideband in radio. ...


Most systems contain bugs which may be exploited by malware. Typical examples are buffer overruns, in which an interface designed to store data in a small area of memory allows the caller to supply too much, and then overwrites its internal structures. This may used by malware to force the system to execute its code. In computer programming, a buffer overflow is an anomalous condition where a program somehow writes data beyond the allocated end of a buffer in memory. ...


Originally, PCs had to be booted from floppy disks, and until recently it was common for this to be the default boot device. This meant that a corrupt floppy disk could subvert the computer during booting, and the same applies to CDs. Although that is now less common, it is still possible to forget that one has changed the default, and rare that a BIOS makes one confirm a boot from removable media. For other uses, see Bios. ...


In some systems, non-administrator users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status. This is a primarily a configuration decision, but on Microsoft Windows systems the default configuration is to over-privilege the user. This situation exists due to decisions made by Microsoft to prioritize compatibility with older systems above security configuration in newer systems[citation needed] and because typical applications were developed without the under-privileged users in mind. As privilege escalation exploits have increased this priority is shifting for the release of Microsoft Windows Vista. As a result, many existing applications that require excess privilege (over-privileged code) may have compatibility problems with Vista. However, Vista's User Account Control feature attempts to remedy applications not designed for under-privileged users through virtualization, acting as a crutch to resolve the privileged access problem inherent in legacy applications.


Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user. This makes users vulnerable to malware in the form of e-mail attachments, which may or may not be disguised. An e-mail attachment (or email attachment) is a computer file which is sent along with an e-mail message. ...


Given this state of affairs, users are warned only to open attachments they trust, and to be wary of code received from untrusted sources. It is also common for operating systems to be designed so that device drivers need escalated privileges, while they are supplied by more and more hardware manufacturers, some of whom may be unreliable. A device driver, or software driver is a computer program allowing higher-level computer programs to interact with a computer hardware device. ...


Eliminating over-privileged code

Over-privileged code dates from the time when most programs were either delivered with a computer or written in-house, and repairing it would at a stroke render most anti-virus software almost redundant. It would, however, have appreciable consequences for the user interface and system management.


The system would have to maintain privilege profiles, and know which to apply for each user and program. In the case of newly installed software, an administrator would need to set up default profiles for the new code.


Eliminating vulnerability to rogue device drivers is probably harder than for arbitrary rogue executables. Two techniques, used in VMS, that can help are memory mapping only the registers of the device in question and a system interface associating the driver with interrupts from the device. A device driver, often called a driver for short, is a computer program that enables another program (typically, an operating system) to interact with a hardware device. ... OpenVMS[1] (Open Virtual Memory System or just VMS) is the name of a high-end computer server operating system that runs on the VAX[2] and Alpha[3] family of computers developed by Digital Equipment Corporation of Maynard, Massachusetts (DIGITAL was then purchased by Compaq, and is now owned...


Other approaches are:

  • Various forms of virtualization, allowing the code unlimited access only to virtual resources
  • Various forms of sandbox or jail
  • The security functions of Java, in java.security

Such approaches, however, if not fully integrated with the operating system, would reduplicate effort and not be universally applied, both of which would be detrimental to security. In computing, virtualization is a broad term that refers to the abstraction of computer resources. ... In computer security, a sandbox is a is a play item for little kids, suppliers and untrusted users. ... In computer security, a jail is the generic name for a sandbox mechanism which works by imposing additional resource limits on programs. ... Java language redirects here. ...


Academic research on malware: a brief overview

The notion of a self-reproducing computer program can be traced back to 1949 when John von Neumann presented lectures that encompassed the theory and organization of complicated automata.[6] Neumann showed that in theory a program could reproduce itself. This constituted a plausibility result in computability theory. Fred Cohen experimented with computer viruses and confirmed Neumann's postulate. He also investigated other properties of malware (detectability, self-obfuscating programs that used rudimentary encryption that he called "evolutionary", and so on). His doctoral dissertation was on the subject of computer viruses.[7] Cohen's faculty advisor, Leonard Adleman (the A in RSA) presented a rigorous proof that, in the general case, algorithmically determining whether a virus is or is not present is Turing undecidable.[8] This problem must not be mistaken for that of determining, within a broad class of programs, that a virus is not present; this problem differs in that it does not require the ability to recognize all viruses. Adleman's proof is perhaps the deepest result in malware computability theory to date and it relies on Cantor's diagonal argument as well as the halting problem. Ironically, it was later shown by Young and Yung that Adleman's work in cryptography is ideal in constructing a virus that is highly resistant to reverse-engineering by presenting the notion of a cryptovirus.[9] A cryptovirus is a virus that contains and uses a public key and randomly generated symmetric cipher initialization vector (IV) and session key (SK). In the cryptoviral extortion attack, the virus hybrid encrypts plaintext data on the victim's machine using the randomly generated IV and SK. The IV+SK are then encrypted using the virus writer's public key. In theory the victim must negotiate with the virus writer to get the IV+SK back in order to decrypt the ciphertext (assuming there are no backups). Analysis of the virus reveals the public key, not the IV and SK needed for decryption, or the private key needed to recover the IV and SK. This result was the first to show that computational complexity theory can be used to devise malware that is robust against reverse-engineering. For other persons named John Neumann, see John Neumann (disambiguation). ... For the branch of mathematical logic called computability theory, see Recursion theory. ... In cryptography, RSA is an algorithm for public-key cryptography. ... For the branch of mathematical logic called computability theory, see Recursion theory. ... Cantors diagonal argument, also called the diagonalisation argument, the diagonal slash argument or the diagonal method, was published in 1891 by Georg Cantor as a proof that there are infinite sets which cannot be put into one-to-one correspondence with the infinite set of natural numbers. ... In computability theory the halting problem is a decision problem which can be stated as follows: Given a description of a program and a finite input, decide whether the program finishes running or will run forever, given that input. ... The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write or λεγειν legein to speak) is the study of message secrecy. ... Cryptovirology is a field that studies how to use cryptography to design powerful malicious software. ... A symmetric-key algorithm is an algorithm for cryptography that uses the same cryptographic key to encrypt and decrypt the message. ... In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to... A session key is a key used for encrypting one message or a group of messages in a communication session. ... This article is about cryptography. ... PKC, see PKC (disambiguation) Public-key cryptography is a form of modern cryptography which allows users to communicate securely without previously agreeing on a shared secret key. ... This article is about algorithms for encryption and decryption. ... As a branch of the theory of computation in computer science, computational complexity theory investigates the problems related to the amounts of resources required for the execution of algorithms (e. ...


Another growing area of computer virus research is to mathematically model the infection behavior of worms using models such as Lotka–Volterra equations, which has been applied in the study of biological virus. Various virus propagation scenarios have been studied by researchers such as propagation of computer virus, fighting virus with virus like predator codes,[10][11] effectiveness of patching etc.


Grayware

Grayware[12] (or greyware) is a general term sometimes used as a classification for applications that behave in a manner that is annoying or undesirable, and yet less serious or troublesome than malware.[13] Grayware encompasses spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs apart from viruses that are designed to harm the performance of computers on your network. The term has been in use since at least as early as September 2004.[14]


Grayware refers to applications or files that are not classified as viruses or trojan horse programs, but can still negatively affect the performance of the computers on your network and introduce significant security risks to your organization.[15] Often grayware performs a variety of undesired actions such as irritating users with pop-up windows, tracking user habits and unnecessarily exposing computer vulnerabilities to attack. Stop editing pages god ... In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. ... Dozens of pop-up ads cover a desktop. ...

  • Spyware is software that installs components on a computer for the purpose of recording Web surfing habits (primarily for marketing purposes). Spyware sends this information to its author or to other interested parties when the computer is online. Spyware often downloads with items identified as 'free downloads' and does not notify the user of its existence or ask for permission to install the components. The information spyware components gather can include user keystrokes, which means that private information such as login names, passwords, and credit card numbers are vulnerable to theft. Spyware gathers data, such as account user names, passwords, credit card numbers, and other confidential information, and transmits it to third parties.
  • Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla Firefox. While not categorized as malware, many users consider adware invasive. Adware programs often create unwanted effects on a system, such as annoying popup ads and the general degradation in either network connection or system performance. Adware programs are typically installed as separate programs that are bundled with certain free software. Many users inadvertently agree to installing adware by accepting the End User License Agreement (EULA) on the free software. Adware are also often installed in tandem with spyware programs. Both programs feed off of each other's functionalities - spyware programs profile users' Internet behavior, while adware programs display targeted ads that correspond to the gathered user profile.

-1... This article is about advertising-supported software. ... A software license is a type of proprietary or gratiuitious license as well as a memorandum of contract between a producer and a user of computer software — sometimes called an End User License Agreement (EULA) — that specifies the perimeters of the permission granted by the owner to the user. ...

Web and spam

 <iframe src="http://example.net/out.ph p?s_id=11" width=0 height=0 /> 
If an intruder can gain access to a website, it can be hijacked with a single HTML element.[16]

The World Wide Web is criminals' preferred pathway for spreading malware. About one in ten Web pages may contain malicious code.[17] The World Wide Web and WWW redirect here. ...


Wikis and blogs

Innocuous wikis and blogs are not immune to hijacking. It has been reported that the German edition of Wikipedia has recently been used as an attempt to vector infection. Through a form of social engineering, users with ill intent have added links to web pages that contain malicious software with the claim that the web page would provide detections and remedies, when in fact it was a lure to infect.[18] This article is about the manipulation of individuals. ...


Targeted SMTP threats

Targeted SMTP threats also represent an emerging attack vector through which malware is propagated. As users adapt to widespread spam attacks, cybercriminals distribute crimeware to target one specific organization or industry, often for financial gain.[19] Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. ... This article is about electronic spam. ... Crimeware is a class of computer program designed specifically to automate financial crime. ...


HTTP and FTP

Infections via "drive-by" download are spread through the Web over HTTP and FTP when resources containing spurious keywords are indexed by legitimate search engines, as well as when JavaScript is surreptitiously added to legitimate websites and advertising networks.[20] The World Wide Web and WWW redirect here. ... HTTP (for HyperText Transfer Protocol) is the primary method used to convey information on the World Wide Web. ... The abbreviation FTP can refer to: The File Transfer Protocol used on the Internet. ...


See also

Privacy-invasive software is a category of computer software that ignores users’ privacy and that is distributed with a specific intent, often of a commercial nature. ... Many current computer systems have only limited security precautions in place. ... This article is about the network security device. ... This article is about the manipulation of individuals. ... Spy Software (also known as Computer Monitoring Software or Keylogger) secretly records a computer user by capturing all keystrokes, websites visited, and chat conversations. ... Targeted threats are a class of malware destined for one specific organization or industry. ... Windows Defender, previously known as Microsoft AntiSpyware, is a software product from Microsoft designed to prevent, remove and quarantine spyware on Microsofts Windows XP, Windows Server 2003, and Windows Vista operating systems. ... The inside/front of a Dell PowerEdge web server The term Web server can mean one of two things: A computer program that is responsible for accepting HTTP requests from clients, which are known as Web browsers, and serving them HTTP responses along with optional data contents, which usually are... A browser exploit is a short piece of code that exploits a software bug in a web browser such that the code makes the browser do something unexpected, including crash, read or write local files, propagate a virus or install spyware. ... In software engineering, a web application is an application delivered to users from a web server over a network such as the World Wide Web or an intranet. ... Privilege escalation is the act of exploiting a bug in an application to gain access to resources which normally would have been protected from an application or user. ...

References

  1. ^ National Conference of State Legislatures Virus/Contaminant/Destructive Transmission Statutes by State
  2. ^ Symantec Internet Security Threat Report: Trends for July-December 2007 (Executive Summary) (PDF) 29. Symantec Corp. (April 2008). Retrieved on 2008-05-11.
  3. ^ F-Secure Corporation (December 4, 2007). "F-Secure Reports Amount of Malware Grew by 100% during 2007". Press release. Retrieved on 2007-12-11.
  4. ^ F-Secure Quarterly Security Wrap-up for the first quarter of 2008. F-Secure (March 31, 2008). Retrieved on 2008-04-25.
  5. ^ PC World - Zombie PCs: Silent, Growing Threat
  6. ^ John von Neumann, "Theory of Self-Reproducing Automata", Part 1: Transcripts of lectures given at the University of Illinois, Dec. 1949, Editor: A. W. Burks, University of Illinois, USA, 1966.
  7. ^ Fred Cohen, "Computer Viruses", PhD Thesis, University of Southern California, ASP Press, 1988.
  8. ^ L. M. Adleman, "An Abstract Theory of Computer Viruses", Advances in Cryptology---Crypto '88, LNCS 403, pages 354-374, 1988.
  9. ^ A. Young, M. Yung, "Cryptovirology: Extortion-Based Security Threats and Countermeasures," IEEE Symposium on Security & Privacy, pages 129-141, 1996.
  10. ^ H. Toyoizumi, A. Kara. Predators: Good Will Mobile Codes Combat against Computer Viruses. Proc. of the 2002 New Security Paradigms Workshop, 2002
  11. ^ Zakiya M. Tamimi, Javed I. Khan, Model-Based Analysis of Two Fighting Worms, IEEE/IIU Proc. of ICCCE '06, Kuala Lumpur, Malaysia, May 2006, Vol-I, Page 157-163
  12. ^ Other meanings. Retrieved on 2007-01-20. The term "grayware" is also used to describe a kind of Native American pottery and has also been used by some working in computer technology as slang for the human brain. grayware definition. TechWeb.com. Retrieved on 2007-01-02.
  13. ^ Greyware. What is greyware? - A word definition from the Webopedia Computer Dictionary. Retrieved on 2006-06-05.
  14. ^ Antony Savvas. The network clampdown. Computer Weekly. Retrieved on 2007-01-20.
  15. ^ Fortinet WhitePaper PROTECTING NETWORKS AGAINST SPYWARE ADWARE AND OTHER FORMS OF GRAYWARE (PDF). Retrieved on 2007-01-20.
  16. ^ Zittrain, Jonathan (Mike Deehan, producer). (2008-04-17). Berkman Book Release: The Future of the Internet - And How to Stop It [video/audio]. Cambridge, MA, USA: Berkman Center, The President and Fellows of Harvard College. Retrieved on 2008-04-21.
  17. ^ "Google searches web's dark side", BBC News, May 11, 2007. Retrieved on 2008-04-26. 
  18. ^ Wikipedia Hijacked to Spread Malware
  19. ^ "Protecting Corporate Assets from E-mail Crimeware," Avinti, Inc., p.1
  20. ^ F-Secure (March 31, 2008). "F-Secure Quarterly Security Wrap-up for the first quarter of 2008". Press release. Retrieved on 2008-03-31.

2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini/Common Era, in accordance with the Gregorian calendar. ... is the 131st day of the year (132nd in leap years) in the Gregorian calendar. ... is the 338th day of the year (339th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... For information on Wikipedia press releases, see Wikipedia:Press releases. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 345th day of the year (346th in leap years) in the Gregorian calendar. ... is the 90th day of the year (91st in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini/Common Era, in accordance with the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini/Common Era, in accordance with the Gregorian calendar. ... is the 115th day of the year (116th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 20th day of the year in the Gregorian calendar. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 2nd day of the year in the Gregorian calendar. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 156th day of the year (157th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 20th day of the year in the Gregorian calendar. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 20th day of the year in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini/Common Era, in accordance with the Gregorian calendar. ... is the 107th day of the year (108th in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini/Common Era, in accordance with the Gregorian calendar. ... is the 111th day of the year (112th in leap years) in the Gregorian calendar. ... is the 131st day of the year (132nd in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini/Common Era, in accordance with the Gregorian calendar. ... is the 116th day of the year (117th in leap years) in the Gregorian calendar. ... is the 90th day of the year (91st in leap years) in the Gregorian calendar. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini/Common Era, in accordance with the Gregorian calendar. ... For information on Wikipedia press releases, see Wikipedia:Press releases. ... 2008 (MMVIII) is the current year, a leap year that started on Tuesday of the Anno Domini/Common Era, in accordance with the Gregorian calendar. ... is the 90th day of the year (91st in leap years) in the Gregorian calendar. ...

External links

Look up malware in Wiktionary, the free dictionary.
Wikipedia does not have an article with this exact name. ... Wiktionary (a portmanteau of wiki and dictionary) is a multilingual, Web-based project to create a free content dictionary, available in over 151 languages. ... This article needs cleanup. ... Botnet is a jargon term for a collection of software robots, or bots, which run autonomously and automatically. ... A computer worm is a self-replicating computer program, similar to a computer virus. ... A malbot is a robot or Internet bot designed or used for malicious intentions such as gaining unauthorised access to a computer system, or participation in a Botnet. ... The typical lifecycle of spam that originates from a botnet: (1) Spammers web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic The Storm botnet or Storm worm botnet is a remotely-controlled network of zombie computers (or...

  Results from FactBites:
 
Malware Radar - Discovering hidden threats (98 words)
Many companies that felt secure were actually infected with active malware hidden to installed protection.
According to Panda Research study, 72% of medium and large organizations are infected with active malware that can cause economic and productivity losses and remain hidden to installed protections using rootkits techniques.
Malware Radar is the only automated audit which locates infection points that traditional security solutions fail to detect.
Malware - Wikipedia, the free encyclopedia (3100 words)
Malware is software designed to infiltrate or damage a computer system, without the owner's informed consent.
In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other U.S. states [1].
Adleman's proof is perhaps the deepest result in malware computability theory to date and it relies on Cantor's diagonal argument as well as the halting problem.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m