Site hosted by Angelfire.com: Build your free website today!

MALWARE

(malicious software)

Back to home page

CONTENTS

Introduction

1. What are computer viruses, worms and Trojan Horses?

1.1 Computer viruses

1.2 Worms

1.3 Trojan Horses

2. Why is it important?

3. Who is affected and what do they do?

3.1 Symptoms

4. How does this happen?

5. How can it be prevented?

5.1 Antiviruses

Introduction

In today's interconnected world, malware detection has become a crucial aspect of software security.The consequences of malware range from inconvenience, to organizational shutdown, to a compromised and unreliable Internet environment. Malware is a program with malicious intent that has the potential to harm the machine on which it executes or the network over which it communicates. A malware detector is used to identify malware. With the help of unethical, immoral, careless, stupid or crazy malware authors, malware evolve in response to selection pressures, hiding themselves in new niches of the computer universe, or "cyberspace." Virus authors even take ideas from each other's viruses, leading to a form of primitive viral sexuality. Examples of malware are computer viruses, worms and Trojan horses.

What are computer viruses, worms and Trojan Horses?

Computer viruses

Viruses are little programs that copy themselves into "host" programs, into documents or other files from Microsoft Office products, or into special executable "bootstrap" areas of disks. Once these infected programs are executed, the computer viruses, like biological viruses, subvert the normal functions of the operating system (OS). These parasitic programs commandeer CPU, memory and disk resources to replicate themselves. They insert themselves into other host entities, thus spreading the infection.

Worms

These are self-replicating programs which spread to computers through e-mail, instant messaging programs, network systems, software vulnerabilities and peer-to-peer file-sharing network. They do not integrate their code into host programs. Examples of worms: - Beagle, Mydoom, Mytob, Blaster and Sobig.F. The Slammer, which is currently the fastest computer worm in recorded history, was observed to infect 90 percent of all vulnerable Internets hosts within 10 minutes.

Trojan Horses

These are destructive programs which masquerades as legitimate file or application to gain entry to a computer and recently mobile. Once in the system, a Trojan horse may perform any number of undesirable actions including deleting or damaging files, launching a denial of service attack, making beeping sounds, starting and stopping processes, stealing information (e.g. passwords) and opening a back door that allows an outside attacker to control the compromised computer remotely and perform such actions as launching a distributed denial of service attack in which all infected computers are transformed into zombies that overwhelm a targeted web site with simultaneous requests for information or b sending large amounts of data.
PC-Write was the first Trojan horse which appeared in 1986.

Why is it important?

It seems today, that almost everybody relies on computers especially the internet and so, security has become of great concern. There are some culprits who are taking advantage of the internet to steal important data or even money from businesses and individuals through the internet. People should therefore be aware of these, it is done through malicious programs and fortunately there are a number of things people should do now not to be victims of such acts. I wil discuss the use of antiviruses later on.

Who is affected and how?

Anyone who is connected to the internet, from a home computer to large organizations so everyone should be aware of these.

Whether intentionally or not, viruses have been observed to;

destroy a disk directory, making it impossible to retrieve your files without special repair utilities;
erase or modify specific programs or data files;
interfere with program functions (e.g., slowing down processing);
create bad sectors on disk;
decrease disk free space;
write unwanted volume labels on disks;
format all or part of a disk;
use up portions of RAM;
hang a system, forcing a reboot;
interfere with screen displays.

Symptoms of a computer infected by a virus, worm or Trojan horse;

display of unusual message or image
available memory is less than expected
corrupted files
mysterious appearance of unknown programs or files
disappearance of existing programs and files
change of system properties
music or unusual sound plays randomly
programs or files do not work properly

How does this happen?

Computer viruses insert their own executable instructions into the normal code of their hosts. Imagine in an organization and someone just sent user Bobee518 a link that promises pictures of American Idol judge Paula Abdul in a compromising position with a contestant. Who could resist? Not Bob. Unfortunately, the link was sent over IM, and it will bring Bob to the latest variant of the IM-borne Kelvir worm, which once forced Reuters to shut down its IM network. Will your security systems stop Kelvir?

Peer-to peer (P2P) networks e.g. Limewire and OpenFT are an ideal medium for spreading malware. These are a very popular means of file sharing, however there is little protection to make sure that files exchanged are not malicious.

Four basic ways in which computer viruses, worms and Trojan horses deliver their payload on a computer are:

when a user;

opens an infected file
runs an infected program
boots the computer with infected removable media inserted in a drive or plugged in a port, or
connects an unprotected computer to a network

How can it be prevented?

install antivirus programs e.g. McAfee, Norton, AVG etc
install a personal firewall program
never start a computer with a removable media inserted in the drives unless it’s uninfected
never open an email attachment unless you are expecting it and it is from a trusted source
enable macros only if the document is from trusted source and you are expecting it
check all downloaded programs for viruses, worms or trojan horses
delete any e-mail attachment which the antivirus program flags as infected immediately
check any removable media for infection before using it

Antiviruses

The better antivirus programs have evolved to become more and more alike: They pass all the tests and respond quickly to new virus outbreaks. But the best distinguish themselves by adding features outside the ordinary, features that give them additional power against attack by viruses, worms, or Trojan horses. Two in the latter category include the vulnerable McAfee VirusScan and Norton AntiVirus. The newest versions of both provide unrivaled protection against viruses while also addressing other common types of threats. We can recommend both without reservation, but the Norton entry merits Editors' Choice, thanks to its extra firewall protection and comprehensive log of its activities.

Antiviruses;

allow only authorized programs to connect to the internet
prevent unknown threats from entering your PC
remove viruses from email
block internet worms from point of entry
block suspicious programs
block hackers from accessing your computer
inspects websites to make sure they are not fakes
stop spyware from tracking you online
remove dangerous threats from files you download
guard against online identity theft

McAfee Antivirus

The latest build of McAfee VirusScan enhances the program's efficiency and level of protection. Specific areas of improvement include better handling of large e-mail attachments and blocking of what McAfee calls potentially unwanted programs (PUPs) or spyware. VirusScan scans inbound e-mail, outbound e-mail, and files received via IM, and also provide detailed information on individual viruses and worldwide virus trends.

The majority of modern viruses and worms propagate via e-mail, so VirusScan filters both inbound and outbound e-mail in Microsoft Outlook, Outlook Express, Netscape, Eudora, and Pegasus Mail. This e-mail filtering works only for POP/ SMTP accounts, but the program scans attachments coming to other types of accounts when you access them. In addition, VirusScan checks files transferred through AIM, Yahoo! Messenger, or MSN Messenger.

In addition, the WormStopper feature protects against unknown worms by blocking suspicious activity, such as the sending of a message to more than 50 recipients or the sending of more than five e-mails in less than 30 seconds. Most users will be glad for such protection, but e-mail fanatics be warned: You must respond to a pop-up for every single message that overruns these limits.

Each virus or other unwanted item found by VirusScan invokes a clickable link to McAfee's online database, which provides detailed information about thousands of viruses and hoaxes.

VIRUSSCAN'S WORMSTOPPER feature can detect behaviour that suggests an unknown e-mail worm is at work, such as sending more than five messages in 30 seconds. World Virus Map, illustrates the prevalence of viruses worldwide. You can choose all viruses or just the top ten; view results from the past 30 days, 7 days, or 24 hours; and zoom in for more detail.

For more information please visit: http://www.mcafee.com/uk/

Norton Antivirus

Norton AntiVirus 2008 (the latest antivirus) offers both antivirus protection, anti-spyware and firewall. A new Preinstall Scan works around infections that attempt to prevent, Norton Anti-Virus's installation. It automatically and silently downloads and installs virus signature updates and can run a quick scan of vulnerable files immediately afterward.

By default, Norton Anti-Virus (NAV) blocks spyware, adware, and other malicious nonvirus applications. It scans e-mail going in and out of the system as well as IM file transfers.

NAV's Internet Worm Protection feature blocks unsolicited inbound data packets just like Windows Firewall (which it replaces by default). It specifically blocks known Trojan horses and temporarily prevents all connections from any IP address that attempts illicit access. Like Windows Firewall, NAV offers protection even before Windows has loaded. It does not attempt to block multiple e-mails sent in a short period, but it does watch for programs attempting to e-mail themselves as attachments. Users are still recommended to install a dedicated firewall (such as Norton Personal Firewall or ZoneAlarm Pro), but NAV's antiworm feature does offer some degree of protection.

NAV, like the McAfee product, uses the Windows Task Scheduler for scheduled full scans and looks at all file types by default. NAV examines inbound and outbound e-mail for any POPS/SMTP account. Under its default settings, detection of a virus halts all e-mail processing until the user responds. We quickly changed the settings to have the program fix problems automatically, but the program does include an option to prevent the e-mail program from timing out when it's waiting for a response.

It can also filter file transfers through Yahoo! Messenger and MSN Messenger.

NAV keeps a detailed log of all blocked threats, each with a link to a detailed description on Symantec's Security Response Web site and an indication of the threat's disposition. It also reports on a variety of other security events, including incoming and outgoing connections, with IP address, port used, bytes sent, and duration.

Norton Anti-Virus 2008 is one of the top choice for virus protection. Its AV features are excellent, and the Internet Worm Protection feature gives added security to those not using a separate firewall.

To download the antivirus, please follow the link below;

http://www.symantecstore.com/v2.0-img/operations/symantus/site/promo/pd/navnis08_360_nz_wip.html

By Yeukai Mtandavari

Massey University Student

Contact