Malicious code, or malware, is a type of software designed to take over or damage an operating system without the user's knowledge or approval. It can be very difficult to remove and can cause considerable damage. Common malware exploits are listed in the following table:
A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A virus has the following characteristics:A replication mechanism, which is usually a file that it infects and uses as a host. When the infected file is distributed, the virus is distributed with it. Viruses typically attach to executable files, but can also attach to other types of files, such as .doc and .zip files. Some viruses are distributed using infected email attachments that are subsequently replicated to everyone in your address book. They can also be inadvertently downloaded from a malicious or compromised website.An objective, which is usually to destroy, compromise, or corrupt data.Replicates only when an activation mechanism is triggered. For example, it may be activated when an infected file is executed or when it is opened with an associated program.
A worm is a self-replicating program. A worm has the following characteristics:A worm does not require a host file to propagate.It automatically replicates itself without an activation mechanism. It does not rely on a user to activate it.Typically, a worm infects one system and then spreads itself to other systems on the network.
A Trojan horse is malware that is disguised as legitimate software. A Trojan horse has the following characteristics:The malicious software is usually hidden within useful software, typically a game. The legitimate part of a Trojan is called a wrapper. The malware is encapsulated within the wrapper. It infects the system when the wrapper software is run.A Trojan cannot replicate itself. Instead, it relies on end users to spread it manually.A Trojan may contain malware that turns the infected computer into a zombie, or bot. This allows the infected computer to be remotely controlled by a zombie master, or bot herder, to conduct malicious attacks on other computers and networks.
A rootkit is a stealthy type of malware. A rootkit is installed in the boot sector of the hard disk drive, which causes the rootkit to be loaded by the BIOS before the operating system. After the rootkit is loaded, it loads the legitimate operating system installed on the hard drive. As a result, a rootkit can be very difficult to detect and remove from an infected system. Because it is loaded into RAM before the operating system, a rootkit can hide itself from detection methods used by standard antimalware software. Specialized rootkit detection software may be required to detect the infection. If a rootkit is detected, you may not be able to remove it from the system without completely re-installing the operating system.
Spyware is malware designed to intercept or take partial control of the user's interaction with the computer. Spyware has the following characteristics:It is usually installed when the user visits a malicious website, installs an infected application, or opens an infected email attachment.Spyware typically collects personal information about the user, such as Internet surfing habits, usernames, and passwords. It usually sends the information it captures back to an attacker, who may use it for personal gain or sell it to others.Some spyware uses tracking cookies to collect information about a user's Internet activities.Some spyware may interfere with the user's ability to control the computer. For example, it may install unwanted software, change computer settings, or redirect web browser activity.
Adware monitors actions to identify personal preference and sends pop-ups or other types of advertisements that align with those preferences. Adware has the following characteristics:It is usually passive in nature.It invades the user's privacy without their permission.Adware may be installed when a user visits a malicious website, installs an infected application, or opens an infected email attachment.Typically, adware is less destructive than other types of malware. Usually, it is more annoying than harmful.
Grayware is software that might offer a legitimate service but that also includes features that you aren't aware of or features that could be used for malicious purposes.Grayware is often installed with the user's permission, but without the user fully understanding what it does.Some grayware installs automatically when another program is installed.Features included with grayware might be identified in the end user license agreement (EULA). However, the undesirable features may be undocumented or even obscured.
Ransomware is a form of malware that denies access to an infected computer system until the user pays a ransom. A common form of ransomware encrypts the hard disk on the user's system, preventing access to data. The attacker demands a ransom in return for providing the decryption key. Unfortunately, the attacker frequently does not unencrypt the hard disk even after the user complies with their ransom demands.
Scareware is a scam that fools users into thinking they have some form of malware on their system. The intent of the scam is to sell the user fake antivirus software to remove malware they don't actually have.
Crimeware is designed to facilitate identity theft by gaining access to a user's online financial accounts, such as banks or online retailers. Crimeware can:Use keystroke loggers, which capture keystrokes, mouse operations, or screenshots and transmits those actions back to the attacker to obtain passwords.Redirect users to fake sites.Steal cached passwords.Conduct transactions in the background after login.
Spam is unwanted and unsolicited email sent in bulk to multiple recipients. Spam:May be benign emails trying to sell products.May be malicious emails containing phishing scams or malware-infected attachments.Wastes bandwidth and consumes system resources.
Effective antimalware software is your first line of defense against malware. Be aware of the following when using antimalware software:
Malware definition files are provided by the software vendor. These files are used to identify viruses and are a vital component of the antimalware software.
Protection against malware is only provided after a definition file that matches the target malware has been released.
For maximum protection, you must keep definition files updated. Most software will automatically check for updated definition files daily.
You should scan new files before they are copied or downloaded to the system. This is called real-time protection. You should also periodically scan the entire system.
Additional countermeasures for malware include:
Installing antimalware scanning software on email servers. Attachments are scanned before email is delivered. You can also block all attachments to prevent any unwanted software, but this will also block needed attachments.
Implementing spam filters and real-time blacklists. When implementing filters, be sure not to make the filters too broad. Otherwise, legitimate emails will be rejected.
Training users to use caution when downloading software or responding to emails.
Training users to update their malware definition files frequently and to scan removable storage devices before copying files.
Disabling scripts when previewing or viewing emails.
Implementing software policies that prevent downloading software from the Internet.
Keeping your operating system files up to date. Apply security-related hotfixes as they are released to bring all non-compliant systems into compliance. A non-compliant system is any computer that doesn't meet your security guidelines.