Jump to content

Malware: Difference between revisions

From ICANNWiki
12th DNS Seal Wiki article.
 
Jessica (talk | contribs)
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Glossary|
'''Malware''', an abbreviated version of malicious software, is "software designed specifically to damage or disrupt a system."<ref>[http://www.webopedia.com/TERM/M/malware.html Malware] at Webopedia</ref> Malware remains a major security threat for Internet users.
|note  = '''This information is brought to you by<br> [http://dnsseal.wiki/ DNS Seal], a best practices wiki for DNS'''
| logo            = DNS Seal.png
|link          = http://dnsseal.wiki/
}}


'''Malware''', an abbreviated version of malicious software, is "software designed specifically to damage or disrupt a system."<ref>[http://www.webopedia.com/TERM/M/malware.html Malware] at Webopedia</ref> Malware remains a major security threat for Internet users.
==Common Types of Malware Based on Purpose==
*'''Adware''': This software is responsible for u'''ndesired pop-ups and other kinds of aggressive advertisements'''.<ref name="vera">[http://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/ Common Malware Types: Cybersecurity 101] (October 12, 2012), Veracode</ref><ref>[http://en.wikipedia.org/wiki/Adware Adware] at Wikipedia</ref>
 
*'''Bots''': This software, once installed, '''operates based on orders given from an outside party''', such as a hacker.<ref name="vera"/> While bots can be used for harmless purposes, they can also create large security threats if programmed to "infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices."<ref name="cisco">[http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html What Is the Difference: Viruses, Worms, Trojans, and Bots?], Cisco Systems</ref> Bots can be used in [[Botnet Attacks|botnets]], [[DDoS Attack|DDoS]], [[Spam|spam]] or [[Fast Flux|fast flux]] attacks. Botnets have become an increasing problem in recent years, and individuals with compromised computers may not be aware they are infected.<ref>[http://www.fbi.gov/news/news_blog/botnets-101 Botnets 101: What They Are and How to Avoid Them] (June 5, 2013), Federal Bureau of Investigation</ref>
 
*'''Ransomware''': this allows a malicious '''third party to essentially stop users from accessing their computers, often by locking the users' system or encrypting files, until a specified amount of money is paid'''.<ref name="micro ransom">[http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx Ransomware], Microsoft Malware Protection Center</ref><ref name="vera"/> Sometimes attackers using ransomware will pose as legitimate authorities.<ref name="micro ransom"/> McAfee security observed a large increase in ransomware in 2012 with 200,000 new versions of it found per quarter.<ref name=state>[http://www.scmagazine.com/the-state-of-malware-2013/slideshow/1255/#5 The state of malware 2013], ''SC Magazine''</ref>
 
*'''Spyware''': this software '''monitors the user's activities and then sends the information to other "interest parties."'''<ref>[http://ist.mit.edu/security/malware Viruses, Spyware, and Malware], Information Systems and Technology</ref> Spyware can track a user's Internet history, log keystrokes, and steal data.<ref name="vera"/> A recent Kindsight Security Report indicated that spyware is also targeting and spreading to mobile devices.<ref>[http://www.kindsight.net/sites/default/files/Kindsight-Q2-2013-Malware-Report.pdf Kindsight security Labs MaLware report – Q2 2013] (PDF), Kindsight</ref>
 
*'''Trojans'''/'''Backdoors''': trojans or trojan horses are a fairly well-known classification of malware. They disguise themselves as harmless files and downloads; however, after they are installed, they can severely hobble a computer or system by creating backdoors or distributing other malware.<ref name="cisco"/> Trojans can also harvest personal data, change files and settings, or allow a hacker to control the computer.<ref name="vera"/>
 
*'''Viruses''': this type of malware can '''spread from system to system''', often by using infected attachments.<ref name="vera"/> Unlike some of the other kinds of malware listed, viruses can copy themselves or insert themselves into other programs.<ref name="cisco"/>
 
*'''Worms''': this malware can also '''replicate itself''' and does not "require a host program or human help to propagate."<ref name="cisco"/> Worms often use system vulnerabilities to infect computers or networks.<ref name="cisco"/>
 
*'''Credential Stealers''': access, copy, or '''steal authentication credentials'''.<ref>[https://content.fireeye.com/m-trends/rpt-m-trends-2021 Malware Families by Category, M-Trends 2021, pg. 22</ref>


==Common Examples of Malware==
*'''Downloader''': A program whose purpose is to download (and launch) a file from a specified address.
*'''Adware''': This software is responsible for undesired pop-ups and other kinds of aggressive advertisements.<ref name="vera">[http://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/ Common Malware Types: Cybersecurity 101] (October 12, 2012), Veracode</ref><ref>[http://en.wikipedia.org/wiki/Adware Adware] at Wikipedia</ref>


*'''Bots''': This software, once installed, operates based on orders given from an outside party, such as a hacker.<ref name="vera"/> While bots can be used for harmless purposes, they can also create large security threats if programmed to "infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices."<ref name="cisco">[http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html What Is the Difference: Viruses, Worms, Trojans, and Bots?], Cisco Systems</ref> Bots can be used in [[Botnet Attacks|botnets]], [[DDoS Attacks|DDoS]], [[Spam|spam]] or [[Fast Flux|fast flux]] attacks. Botnets have become an increasing problem in recent years, and individuals with compromised computers may not be aware they are infected.<ref>[http://www.fbi.gov/news/news_blog/botnets-101 Botnets 101: What They Are and How to Avoid Them] (June 5, 2013), Federal Bureau of Investigation</ref>
*'''Dropper''': A program whose purpose is to '''extract, install, and launch or execute''' one or more files.


*'''Ransomware''': this allows a malicious third party to essentially stop users from accessing their computers, often by locking the users' system or encrypting files, until a specified amount of money is paid.<ref name="micro ransom">[http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx Ransomware], Microsoft Malware Protection Center</ref><ref name="vera"/> Sometimes attackers using ransomware will pose as legitimate authorities.<ref name="micro ransom"/> McAfee security observed a large increase in ransomware in 2012 with 200,000 new versions of it found per quarter.<ref name=state>[http://www.scmagazine.com/the-state-of-malware-2013/slideshow/1255/#5 The state of malware 2013], ''SC Magazine''</ref>
*'''Launcher''': '''executes or loads one or more files''' but does not contain or configure them.


*'''Spyware''': this software monitors the user's activities and then sends the information to other "interest parties."<ref>[http://ist.mit.edu/security/malware Viruses, Spyware, and Malware], Information Systems and Technology</ref> Spyware can track a user's Internet history, log keystrokes, and steal data.<ref name="vera"/> A recent Kindsight Security Report indicated that spyware is also targeting and spreading to mobile devices.<ref>[http://www.kindsight.net/sites/default/files/Kindsight-Q2-2013-Malware-Report.pdf Kindsight security Labs MaLware report – Q2 2013] (PDF), Kindsight</ref>
*'''Keyloggers''':  


*'''Trojans''': trojans or trojan horses are a fairly well known classification of malware. They disguise themselves as harmless files and downloads; however, after they are installed, they can severely hobble a computer or system by creating backdoors or distributing other malware.<ref name="cisco"/> Trojans can also harvest personal data, change files and settings, or allow a hacker to control the computer.<ref name="vera"/>
*'''Point of sale (POS)''':  


*'''Viruses''': this type of malware can spread from system to system, often by using infected attachments.<ref name="vera"/> Unlike some of the other kinds of malware listed, viruses can copy themselves or insert themselves into other programs.<ref name="cisco"/>
*'''[[DNS Tunneling|Tunnelers]]''':


*'''Worms''': this malware can also replicate itself and does not "require a host program or human help to propagate."<ref name="cisco"/> Worms often use system vulnerabilities to infect computers or networks.<ref name="cisco"/>
*'''Data Miners''':


==Public Perception==  
==Public Perception==  
Line 51: Line 61:
==Related Articles==
==Related Articles==
*[[Botnet Attacks]]
*[[Botnet Attacks]]
*[[DDoS Attacks]]
*[[DDoS Attack]]
*[[Pharming]]
*[[Pharming]]
*[[Phishing]]
*[[Phishing]]
Line 59: Line 69:
<references/>
<references/>


[[Category: Bad Practice]]
[[Category:DNS Abuse]]

Latest revision as of 15:59, 23 July 2021

Malware, an abbreviated version of malicious software, is "software designed specifically to damage or disrupt a system."[1] Malware remains a major security threat for Internet users.

Common Types of Malware Based on Purpose[edit | edit source]

  • Adware: This software is responsible for undesired pop-ups and other kinds of aggressive advertisements.[2][3]
  • Bots: This software, once installed, operates based on orders given from an outside party, such as a hacker.[2] While bots can be used for harmless purposes, they can also create large security threats if programmed to "infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices."[4] Bots can be used in botnets, DDoS, spam or fast flux attacks. Botnets have become an increasing problem in recent years, and individuals with compromised computers may not be aware they are infected.[5]
  • Ransomware: this allows a malicious third party to essentially stop users from accessing their computers, often by locking the users' system or encrypting files, until a specified amount of money is paid.[6][2] Sometimes attackers using ransomware will pose as legitimate authorities.[6] McAfee security observed a large increase in ransomware in 2012 with 200,000 new versions of it found per quarter.[7]
  • Spyware: this software monitors the user's activities and then sends the information to other "interest parties."[8] Spyware can track a user's Internet history, log keystrokes, and steal data.[2] A recent Kindsight Security Report indicated that spyware is also targeting and spreading to mobile devices.[9]
  • Trojans/Backdoors: trojans or trojan horses are a fairly well-known classification of malware. They disguise themselves as harmless files and downloads; however, after they are installed, they can severely hobble a computer or system by creating backdoors or distributing other malware.[4] Trojans can also harvest personal data, change files and settings, or allow a hacker to control the computer.[2]
  • Viruses: this type of malware can spread from system to system, often by using infected attachments.[2] Unlike some of the other kinds of malware listed, viruses can copy themselves or insert themselves into other programs.[4]
  • Worms: this malware can also replicate itself and does not "require a host program or human help to propagate."[4] Worms often use system vulnerabilities to infect computers or networks.[4]
  • Credential Stealers: access, copy, or steal authentication credentials.[10]
  • Downloader: A program whose purpose is to download (and launch) a file from a specified address.
  • Dropper: A program whose purpose is to extract, install, and launch or execute one or more files.
  • Launcher: executes or loads one or more files but does not contain or configure them.
  • Keyloggers:
  • Point of sale (POS):
  • Data Miners:

Public Perception[edit | edit source]

Spreading malware is a practice that is viewed very negatively. Malware can be used to crash a computer, steal data, or freeze an entire network. As such a large threat, many users are aware of the dangers posed by malware and choose to use Internet security services. However, malware is a constantly evolving threat.

Outcome[edit | edit source]

Malware is dangerous and has equally severe consequences. Malware can slow down a computer's operating system, use infected computers in cyber attacks, completely disable a network, or steal private or financial data.

Historical Use[edit | edit source]

Malware is evolving and changing, both in the sophistication of the malware used and the type of malware favored by attackers.[7] For example, in the late 1990s and early 2000s, worms and viruses that spread through email attachments were a major threat.[11] The early 2000s also saw the emergence of using links and social engineering in emails to spread malware.[11] In recent years, attention has shifted to trojans and botnets. According to a 2013 PandaLabs Report, trojans represented about 80% of computer infections.[12] Sophos's 2014 Threat Report highlights the growing threat that botnets pose to Internet users. The amount of malware available also seems to be growing. The same PandaLabs Security Report found that as many as 6.5 million pieces of malware were created in the first quarter of 2013.[12] The increasing amount of malware available reveals the serious threat faced by Internet users.

ICANN Policy[edit | edit source]

  • ICANN does not have a policy or reporting procedure relating to malware as "malware are outside of ICANN's scope and authority."[13]
  • 2013 Registry Agreement (RA): This agreement, which all new gTLD applicants were required to sign, states that registries must require their registrars to include policies that prohibit registrants from activities like creating and distributing malware.[14] Additionally, registries are required to "periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats" and to keep security files on threats and the remedial actions taken by the registries.[14]

Legislation[edit | edit source]

  • Computer Fraud and Abuse Act (CFAA): This act makes it illegal to use "malicious code" to damage protected computers.[15]
    • In addition to this act, many states also have legislature that addresses computer crimes.[16]
  • Many other countries also have laws that address malware and other computer crimes.[17] In some countries, it is illegal not only to use malware but to have or create malware, such as in Japan.[18]
  • In 2004, the Computer Software Privacy and Control Act was introduced in congress with the goal of addressing adware and spyware, particularly.[19][20] However, the bill was not enacted.[20]

Additional Resources[edit | edit source]

Related Articles[edit | edit source]

References[edit | edit source]

  1. Malware at Webopedia
  2. 2.0 2.1 2.2 2.3 2.4 2.5 Common Malware Types: Cybersecurity 101 (October 12, 2012), Veracode
  3. Adware at Wikipedia
  4. 4.0 4.1 4.2 4.3 4.4 What Is the Difference: Viruses, Worms, Trojans, and Bots?, Cisco Systems
  5. Botnets 101: What They Are and How to Avoid Them (June 5, 2013), Federal Bureau of Investigation
  6. 6.0 6.1 Ransomware, Microsoft Malware Protection Center
  7. 7.0 7.1 The state of malware 2013, SC Magazine
  8. Viruses, Spyware, and Malware, Information Systems and Technology
  9. Kindsight security Labs MaLware report – Q2 2013 (PDF), Kindsight
  10. [https://content.fireeye.com/m-trends/rpt-m-trends-2021 Malware Families by Category, M-Trends 2021, pg. 22
  11. 11.0 11.1 Evolution of Malware, Microsoft Security Intelligence Report
  12. 12.0 12.1 http://press.pandasecurity.com/usa/news/pandalabs-q1-report-trojans-account-for-80-of-malware-infections-set-new-record/
  13. About Malware, Internet Corporation for Assigned Names and Numbers (ICANN)
  14. 14.0 14.1 View the Updated Registry Agreement (PDF), ICANN
  15. Computer Fraud and Abuse Act at Wikipedia
  16. State Hacking/Computer Security Laws, IronGeek.com
  17. What the Law Says about Distributing a Virus or Malware by Craig S. Wright (September 20, 2011), Infosec Island (Wired Business Media)
  18. Japan makes malware writing illegal, AVG Australia
  19. Federal Computer Crime Laws by Maxim May (June 1 ,2004), SANS Institute
  20. 20.0 20.1 H.R. 4255 (108th): Computer Software Privacy and Control Act, Govtrack.us