Understanding Malware: Definitions and Types
Explore the diverse world of malware with definitions, categories, and examples such as self-replicating malware, population growth, parasitic malware, logic bombs, trojans, backdoors, viruses, and more. Gain insights into the characteristics and behaviors of different types of malware to enhance your understanding of cybersecurity threats.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Chapter 2 Definitions and Timeline
Categorizing Malware No agreed upon definitions o Even for virus and worm Consider categories based on o Self-replicating o Population growth o Parasitic Then we name the different types o As defined by Aycock
Self-replicating Malware Self-replicating malware Actively attempts to propagate by creating new copies May also propagate passively o But this isn't self-replication Called these worms (in CS 265)
Population Growth Population growth Describes change in the number of instances due to self-replication Malware that doesn't self-replicate will have a zero population growth o But malware with a zero population growth may self-replicate
Parasitic Parasitic malware Requires some other executable code "Executable taken very broadly o Boot block code on a disk o Binary code in applications o Application scripting languages o Source code that may require compilation before executing, etc.
Types of Malware Logic Bomb Trojan Back Door Virus Worm Rabbit Spyware/Adware Other
Logic Bomb Self-replicating: no Population growth: 0 Parasitic: possibly Consists of 2 parts o Payload --- action to be performed o Trigger --- event to execute payload Donald Gene Burleson case (CS 265)
Trojan Horse Self-replicating: no Population growth: 0 Parasitic: yes Name comes from ancient world o Pretends to be innocent, but it s not Example: fake login prompt that steals passwords
Back Door Self-replicating: no Population growth: 0 Parasitic: possibly Bypasses normal security checks o So enables unauthorized access Example: Remote Administration Tool, or RAT
Virus Self-replicating: yes Population growth: positive Parasitic: yes When executed, tries to replicate itself into other executable code o So, it relies in some way on other code Does not propagate via a network Nice virus history given by Aycock
Worm Self-replicating: yes Population growth: positive Parasitic: no Like a virus, except o Spreads over network o Worm is standalone, does not rely on other code Good history in Aycock s book
Rabbit Self-replicating: yes Population growth: 0 Parasitic: no Two kinds of rabbits o One uses up system resources o One uses up network resources (special case of a worm)
Spyware Self-replicating: no Population growth: 0 Parasitic: no Collects info and sends it to someone o Username/password, bank info, credit card info, software license info, etc. First mention is about 1995 May arrive via drive-by download
Adware Self-replicating: no Population growth: 0 Parasitic: no Similar to spyware but focused on marketing
Hybrids, Droppers, etc. Hybrid is combination of different types of malware o Worm that is a rabbit, trojan that acts like a virus, etc., etc. Dropper is malware that deposits other malware o For example, a worm might leave behind a back door
Zombies Compromised machines that can be used by an attacker o Spam o Denial of service (DoS) o Distributed denial of service (DDoS) Today, usually part of a botnet
Naming No agreed on naming convention Virus writer might suggest a name o Your PC is now stoned! Different vendors might use different names Different variants might get different names, etc.
Naming Factors related to naming o Malware type o Family name o Variant o Modifiers (e.g., mm for mass mailer ) But many different names applied to same virus (or family) o See book for examples
Authorship Author and distributor may differ Is malware author a hacker or cracker ? o It depends on your definitions So, Aycock does not use terms like hacker or cracker o Instead, uses boring terms like malware author, malware writer, virus writer, etc.
Malware Writers Botnet hacker caught in Slovenia (2010) Japanese Virus Writer Arrested for the Second Time (2010) o "I wanted to see how much my computer programming skills had improved since the last time I was arrested." Teen Arrested in Blaster Case (2003) No 'sorry' from Love Bug author (2005)