Viruses, Worms and Trojan Horses
Malicious software are harmful programs that can steal, delete, modify sensitive data without the permission or knowledge of the owner of the data. Malicious software are also called malware. Malware can cause any type of disruption in the performance of the computer or computer network. Some of the common types of malware are:
- Trojan Horses
Viruses: Virus is a kind of malicious software, which gets attached to other programs for the execution of unwanted activities on the target host. A virus contains code, which is installed on the target computer and performs unauthorised actions. It replicates into the memory of the computer system. It is mostly attached with emails and macros. Viruses are programmed for various purposes. Some viruses are programmed for damaging the computer, deleting or modifying files or reformatting the hard disk. Further, there are some viruses that are programmed to just replicate themselves and cause erratic behaviour. Viruses can be recognised as file infector viruses, boot sector viruses, master boot record viruses, multipartite viruses andmacro viruses. File infector viruses are those viruses that generally infect the program files. They usually infect executable code like .exe files. Jerusalem and Cascade are some examples of file infector viruses.
Boot sector viruses are those viruses that infect the boot record of floppy disks and hard disks. These types of viruses get themselves attached to the boot record of the floppy disk or hard disk and when the user attempts to run the program of the boot record, boot sector viruses gets activated. Form, Disk Killer, Michelangelo, Stoned, etc are some examples of boot sector viruses. Master boot record viruses infect the hard disk or floppy disk in the same manner as boot sector virus. However, these types of viruses generally save a copy of boot record in some other location of the computer. Multipartite viruses are more dangerous than boot sector viruses and master boot record viruses. They not only infect the boot record but also infect the program files. It is very difficult to repair the boot record if it is infected with this type of virus. Further, it will keep on infecting the boot record unless these viruses are completely removed from boot record area. Some examples of multipartite viruses are One half, Emperor, Anthrax and Tequilla.
Macro viruses are those viruses that infect data files. These are very common types of viruses. W97M.Melissa, WM.NiceDay, W97M.Groov, etc are some examples of macro viruses. However, a virus can only spread due to human actions.
Worms: Worms are self-replicating malicious programs that can spread even without any human action. A worm contains some arbitrary malicious code to damage network security. The attacker installs these on the memory of the target computer system. At first, worms enable the vulnerability by installing themselves then propagate the method for selecting new target and installing the code. At last, the worm uses the payload for accessing the information. There are various types of worms like email worms, Internet worms, file-sharing network worms, instant message and chat-room worms. Email worms are those type of worms that uses email client to replicate. These types of worms are generally present in an email link or in an attachment of an email. When the user clicks on the link or opens the attachment, the worm gets activated and starts infecting the computer. ILOVEYOU worm is a well-known example of email worms.
Internet worms are the type of worms that generally scan the available network resources and scan the Internet for finding out vulnerable machines. If they find any vulnerable machine the worm will gain access to it. These types of worms are usually created to exploit the newly discovered issues on the machine.
File sharing network worms are worms that copy themselves into a shared folder. When the user unknowingly downloads the files from this shared folder’ the worms start to replicate in the user’s machine. Phatbot is an example of these types of worms.Instant message and chat-room worm spreads by sending links or infected files by using the contact list of the user’s chat room profile or instant messaging applications. But these types of worms cannot infect unless the user accepts the message or clicks the link.
Trojan Horses: A Trojan horse is a malicious program that appears to be a genuine program but is in fact malicious. It generally hides in a seemingly harmless program like email attachment or free programs such as games and tries to trick the user to install it by various means of social engineering. It then asks the end-users to provide or enter the confidential information for accessing the free programs or attachment. For example, many times attacker logs into the Windows box and executes a program, which generates a screen that looks like a trusted Windows logon screen. The user enters their username and password on the screen, which is received by the attacker. After receiving the information, it can set up holes in your computer security. Trojan can perform various actions like creating backdoors, spying, turning the computers into a zombie or sends costly SMS messages without the knowledge of the owner. Trojan Horses can be classified as Exploit, Backdoor, Rootkit, DDoS, Bankers, FakeAV, Ransom, Downloader, Spy, etc.
Exploit Trojan tries to find out the weakness of the software or operating system that are installed on the network for some malicious intent. Backdoor Trojan provides unauthorised users the access to the network. Rootkit Trojan is designed to hide certain objects or activities in the user’s system so that the existence of the malicious program in the system is not detected. Trojan-DDoS are programmed to conduct Denial of Service (DoS) attack in the target Web address. Trojan-bankers are programmed with an aim to steal the information of user’s bank details like gathering credit card or debit card details during online banking.
Trojan-Fake AV are designed to convince the users that their computer is infected with malicious programs with an intent to extort money from the user. But in fact, those malicious programs are unreal and the attacker extorts money in the name of removing these malicious programs.
Trojan-Ransom is designed to modify the data that is stored on the user’s computer so that the computer cannot run properly.
Trojan-downloader are designed with an intent to download and install new malicious programs on the user’s computer.
Trojan-Spy are usually invisible to the users. They collect information when the user performs his regular activities. For instance, it tracks the data when the user types something on the keyboard, takes screenshot of the activity that user performs on his/her computer or gets the list of applications running on the user’s machine.