Virus Primer
What is Malware?
A malware is a program that performs unexpected or unauthorized, but always malicious, actions. It is a general term used to refer to viruses, Trojans,
and worms. Malware, depending on their type, may or may not include replicating and non-replicating malicious code. Due to the many facets of malicious
code or a malicious program, referring to it as malware helps to avoid confusion. For example, a virus that also has Trojan-like capabilities may be called
malware.
What is a virus?
A computer virus is a program – a piece of executable code – that has the unique ability to replicate. Like biological viruses, computer viruses can spread
quickly and are often difficult to eradicate. They can attach themselves to just about any type of executable file and are spread as files that are copied
and sent from individual to individual.In addition to replication, some computer viruses share another commonality: a damage routine that delivers the virus
payload. While payloads may only display messages or images, they can also destroy files, reformat your hard drive, or cause other damage. If the virus does
not contain a damage routine, it can cause trouble by consuming storage space and memory, and degrading the overall performance of your computer.
What is a Trojan?
A Trojan is a malware that performs a malicious action, but has no replication abilities. Coined from Greek mythology's Trojan horse, a Trojan may arrive as
a seemingly harmless file or application, but actually has some hidden malicious intent within its code.Trojan malware usually have a payload. When a Trojan
is executed, you may experience unwanted system problems in operation, and sometimes loss of valuable data.
What is a worm?
A computer worm is a self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems.
The propagation usually takes place via network connections or email attachments. More recent worms have also discovered ways to propagate using Instant
Messengers, via file sharing applications, and by collaborating with other malware such as Trojans or other worm variants. WORM_BAGLE.BE, for example, forms
a vicious worm-Trojan cycle with TROJ_BAGLE.BE, in which the worm mass-mails copies of the Trojan, and the Trojan downloads copies of the worm. Additionally,
the
FATSO family is a family of worms that propagate via an
instant messaging application and a popular peer-to-peer file sharing application. Some worms may have an additional payload, such as preventing a user from
accessing antivirus Web sites, or stealing the licenses of installed games and applications.
Life Cycle of a Malware
The life cycle of a malware begins when it is created and ends when it is completely eradicated. The following outline describes each stage:
Creation
Until recently, creating a malware required knowledge of a computer programming language. Today anyone with basic programming knowledge, and Internet access,
can create a malware. Whole Web sites exist whose only intent is to spread malicious code, and to encourage individuals to develop their own harmful version
of already existing, and tried-and-tested malicious programs.
Replication and Propagation
Malware propagate in a number of ways. Worms may spread via email, instant messengers, or network shares. Viruses replicate within a system, while some
viruses also have automatic propagation techniques similar to worms. Trojans. while not having any automatic form of replication and propagation, are
nevertheless available all over the Internet, and the links to download them from may be included in email messages, or other Web sites.For more information
on the propagation techniques of today's malware types, read more here.
Activation
Most malware perform their malicious activities upon execution. Some have certain payloads that are activated only at a certain trigger date, or with the
onset of a specific trigger condition.
Discovery
This phase does not always follow activation, but typically does. When a malware is detected and isolated, it is sent to the ICSA in Washington, D.C., to
be documented and distributed to antivirus software developers. However, with the rapid development of technology, and the ease by which malware authors
create their programs, most malware are released to unsuspecting users even before they are discovered by the "authorities". This is all the more reason
to protect your system from the threats that surround the computing world today.To read more about what you can do to prevent your system from becoming
infected, read more here.
Assimilation
At this point, antivirus software developers modify their software so that it can detect the new malware. This can take anywhere from one day to six months,
depending on the developer and the malware type.
Eradication
If enough users install up-to-date virus protection software, any malware can be wiped out. So far no malware have disappeared completely, but some have
long ceased to be a major threat.
What can you do to Protect against Malware?
There are many things you can do to protect against malware. At the top of the list is using a powerful antivirus product, and keeping it up-to-date with
the latest pattern files. You may also visit the ICSA lab's
Web site for further suggestions.
