Understanding Malware: Definitions and Types

Slide Note
Embed
Share

Explore the diverse world of malware with definitions, categories, and examples such as self-replicating malware, population growth, parasitic malware, logic bombs, trojans, backdoors, viruses, and more. Gain insights into the characteristics and behaviors of different types of malware to enhance your understanding of cybersecurity threats.


Uploaded on Sep 07, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Chapter 2 Definitions and Timeline

  2. Categorizing Malware No agreed upon definitions o Even for virus and worm Consider categories based on o Self-replicating o Population growth o Parasitic Then we name the different types o As defined by Aycock

  3. Self-replicating Malware Self-replicating malware Actively attempts to propagate by creating new copies May also propagate passively o But this isn't self-replication Called these worms (in CS 265)

  4. Population Growth Population growth Describes change in the number of instances due to self-replication Malware that doesn't self-replicate will have a zero population growth o But malware with a zero population growth may self-replicate

  5. Parasitic Parasitic malware Requires some other executable code "Executable taken very broadly o Boot block code on a disk o Binary code in applications o Application scripting languages o Source code that may require compilation before executing, etc.

  6. Types of Malware Logic Bomb Trojan Back Door Virus Worm Rabbit Spyware/Adware Other

  7. Logic Bomb Self-replicating: no Population growth: 0 Parasitic: possibly Consists of 2 parts o Payload --- action to be performed o Trigger --- event to execute payload Donald Gene Burleson case (CS 265)

  8. Trojan Horse Self-replicating: no Population growth: 0 Parasitic: yes Name comes from ancient world o Pretends to be innocent, but it s not Example: fake login prompt that steals passwords

  9. Back Door Self-replicating: no Population growth: 0 Parasitic: possibly Bypasses normal security checks o So enables unauthorized access Example: Remote Administration Tool, or RAT

  10. Virus Self-replicating: yes Population growth: positive Parasitic: yes When executed, tries to replicate itself into other executable code o So, it relies in some way on other code Does not propagate via a network Nice virus history given by Aycock

  11. Worm Self-replicating: yes Population growth: positive Parasitic: no Like a virus, except o Spreads over network o Worm is standalone, does not rely on other code Good history in Aycock s book

  12. Rabbit Self-replicating: yes Population growth: 0 Parasitic: no Two kinds of rabbits o One uses up system resources o One uses up network resources (special case of a worm)

  13. Spyware Self-replicating: no Population growth: 0 Parasitic: no Collects info and sends it to someone o Username/password, bank info, credit card info, software license info, etc. First mention is about 1995 May arrive via drive-by download

  14. Adware Self-replicating: no Population growth: 0 Parasitic: no Similar to spyware but focused on marketing

  15. Hybrids, Droppers, etc. Hybrid is combination of different types of malware o Worm that is a rabbit, trojan that acts like a virus, etc., etc. Dropper is malware that deposits other malware o For example, a worm might leave behind a back door

  16. Zombies Compromised machines that can be used by an attacker o Spam o Denial of service (DoS) o Distributed denial of service (DDoS) Today, usually part of a botnet

  17. Naming No agreed on naming convention Virus writer might suggest a name o Your PC is now stoned! Different vendors might use different names Different variants might get different names, etc.

  18. Naming Factors related to naming o Malware type o Family name o Variant o Modifiers (e.g., mm for mass mailer ) But many different names applied to same virus (or family) o See book for examples

  19. Authorship Author and distributor may differ Is malware author a hacker or cracker ? o It depends on your definitions So, Aycock does not use terms like hacker or cracker o Instead, uses boring terms like malware author, malware writer, virus writer, etc.

  20. Malware Writers Botnet hacker caught in Slovenia (2010) Japanese Virus Writer Arrested for the Second Time (2010) o "I wanted to see how much my computer programming skills had improved since the last time I was arrested." Teen Arrested in Blaster Case (2003) No 'sorry' from Love Bug author (2005)

  21. Timeline

More Related Content