Part III. Malware: Classic Viruses, Worms, Trojans.
Warm-up activities.
1. What kinds of malicious programs do you know? 2. Can malware cause serious damage to computers and networks? 3. Who writes malicious programs? 4. What are the reasons for writing malware? 5. Is it possible to stop malware writers’ activity? |
|
Malicious programs: what they are like.
A malicious program is software designed to penetrate and damage computers and networks. Among the malware writers are script kiddies, young people who learned to program and want to test their skills; professional malware writers, who research software and hardware vulnerabilities and use social engineering to make financial gain from using their malicious creations; and the so called “proof-of-concept” malware authors, who write malicious programs for research purposes. In spite of the media attention given to young malware writers, approximately 90% of malicious code is written by professionals. In most cases the reason for writing malware is simple – to get something for nothing: from free Internet access to money from e-wallets of the other users. Malicious computer programs can be divided into the following classes:
Classic viruses. A virus is a malicious program that spreads its copies throughout a single machine in order to penetrate other resources within the victim machine and infect an executable file. After infection, the executable file functions in a different way than before: maybe only displaying a benign message on the monitor, maybe deleting or altering some or all files on the user’s hard drive. Copies of viruses can penetrate other machines only if an infected object is accessed and the code is launched by a user on an uninfected machine. A computer virus is able to propagate by attaching itself to executable files and causes harm only after it has infected an executable file and the executable file is run. Viruses are sometimes carried by worms as additional payloads or they can themselves include backdoor or Trojan functionality which destroy data on an infected machine. The word “virus” is also commonly used to include computer viruses, worms, and Trojan Horse programs.
Worms. A worm is a program that penetrates remote machines and spreads further to new machines, propagating via LANs or the Internet. A worm neither deletes nor changes files on the victim’s computer. The difference between a virus and a worm is that a virus never copies itself – a virus is copied only when the infected executable file is run. A worm makes multiple copies of itself and sends these copies from the victim’s computer, thus clogging disk drives and the Internet with its numerous copies. Worms use different network systems to propagate: e-mail, instant messaging, file-sharing (P2P), IRC channels, LANs, WANs and so forth. Most existing worms spread as files of e-mail attachments, in ICQ or IRC messages, links to files stored on infected websites or FTP servers, files accessible via P2P networks and so on. Today’s malware can combine different types of malicious code. Worms now often include Trojan functions or can drop a virus into the victim’s computer. This kind of worm is known as a blended threat.
Trojan programs. This class of malware includes a wide variety of programs that are installed on a victim’s computer by an intruder without any knowledge of the victim or downloaded (perhaps in an attachment in an e-mail) by the user, who can hardly suspect of true purpose of the Trojan program. Trojans are often perceived as being less dangerous than worms, but this is a misconception. Trojans are becoming more elaborate. Trojan spy programs are proliferating, with dozens of new versions appearing every week. These versions are slightly different, but developed with one aim in mind: to steal confidential information. Trojans allow collecting data and sending it to cyber criminals, destroying or altering data, or launching DoS attacks on websites. A Trojan doesn’t replicate itself, which distinguishes it from viruses and worms.
Logic bombs. A logic bomb is a program that detonates when some event occurs. The detonated program might stop working, crash the computer, release a virus, and delete data files. A time bomb is a logic bomb, in which the program detonates when the computer’s clock reaches some target date.
Hoaxes. A hoax is a warning about a nonexistent malicious program. Sometimes friends send each other e-mails about a new virus threat. Hoaxes may seem harmless, but they do a great deal of damage to the Internet as a whole. They clog up e-mail servers and cause people to panic. Companies can spend money and time investigating what is just someone’s idea of a joke.
Comments
LAN (local area network) - локальная сеть
P2P (peer-to-peer) - соединение равноправных узлов
IRC (Internet Relay Chat) - интернет-чат (глобальная система, посредством которой пользователи могут общаться друг с другом в реальном времени посредством обмена письменными сообщениями)
WAN (Wide-Area Network) - глобальная сеть (сеть, обеспечивающая передачу информации на значительные расстояния с использованием коммутируемых и выделенных линий или специальных каналов связи)
ICQ (“I Seek You”) - система интерактивного общения в Internet, позволяющее находить в сети партнеров по интересам и обмениваться с ними сообщениями в реальном времени - продукт компании Mirabilis, в настоящее время принадлежащей корпорации America Online
FTP (File Transfer Protocol) - протокол передачи файлов (используемый в Internet протокол передачи файлов между хост-компьютерами)