Shopping on line can be easy, simple and save you lots of money. It can also take a lot of your time, frustrate you, and result in unwanted purchases. Now the same can be said for regular high street shopping, but with the vast opportunity presented by the Internet it will pay you to spend a few minutes reading this and understanding how to better optimize your Malware shopping experience:

1. Compare - without doubt the biggest advantage that the Malware offers shoppers today is the ability to compare thousands of Malware at a time. This is a great thing, but not necessarily all the time! Too much can be daunting at times so take advantage of the great comparison sites and where possible let them do the hard work for you.

2. Research - if it has been said it will be on the internet. Ignorance is no longer a justifiable reason for buying the wrong thing. Take the time to research in detail everything that you could possible want to know about

3. Testimonials - don't know anybody that has bought a Malware? Wrong! If the Malware is good the internet will let you know. Use the Internet as a friend and get testimonials before you buy.

4. Questions - Got a question about Malware then search the Forums, FAQ's, Blogs etc. Don't be afraid to ask .....

5. Reputation - Never heard of the company selling Malware? Don't worry, no reason why you should know every company in the world, but you know someone that does! Use the internet to find out what people are saying about Malware and build up a picture of their reputation for sales, returns, customer service, delivery etc.

6. Returns - still worried that even after all of the above your Malware wont be what you want? Check out the returns policy. There is so much competition now that someone, somewhere is bound to offer the terms that you are comfortable with.

7. Feedback - happy with your Malware then let people know, after all you are depending on others people input in your buying decision, so why not give a little back.

8. Security - check for the yellow padlock on the Malware site before you buy, and the s after http:/ /i.e. https:// = a secure site

9. Contact - got a question about Malware, or want to leave a comment then check out the sites contact page. Reputable companies have them and respond.

10. Payment - ready to pay for your Malware, then use your credit card or PayPal! Be aware of companies that don't accept them, there may be genuine reasons but given the huge amount of choice you have when buying online there is no reason at all not to buy via credit card or PayPal.

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a portmanteau of the words "Malice (legal term)" and "Computer software". The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Many normal computer users are however still unfamiliar with the term, and most never use it. Instead, "computer virus" is used in common parlance and often in the general media to describe all kinds of malware, though not all malware is a virus. Another term that has been recently coined for malware is badware, perhaps due to the anti-malware initiative Stopbadware or corruption of the term "malware".

Software is considered malware based on the perceived intent of the creator rather than any particular features. It includes computer viruses, Computer worm, Trojan horse (computing)s, spyware, dishonest adware, and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other United States states.

Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains harmful Software bug.

Purposes Many early infectious programs, including the first Internet Worm and a number of MS-DOS viruses, were written as experiments or pranks generally intended to be harmless or merely annoying rather than to cause serious damage. Young programmers learning about viruses and the techniques used to write them might write one to prove that they can do it, or to see how far it could spread. As late as 1999, widespread viruses such as the Melissa virus appear to have been written chiefly as pranks.

A slightly more hostile intent can be found in programs designed to vandalize or cause data loss. Many DOS viruses, and the Microsoft Windows ExploreZip worm, were designed to destroy files on a hard disk, or to corrupt the filesystem by writing junk data. Network-borne worms such as the 2001 Code Red worm or the Ramen worm fall into the same category. Designed to vandalize web pages, these worms may seem like the online equivalent to graffiti tagging, with the author's alias or affinity group appearing everywhere the worm goes.

However, since the rise of widespread broadband Internet access, more malicious software has been designed for a profit motive. For instance, since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for black-market exploitation. Infected "zombie computers" are used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.

Another strictly for-profit category of malware has emerged in spyware -- programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator. Spyware programs do not spread like viruses; they are generally installed by exploiting security holes or are packaged with user-installed software, such as Limewire.

Infectious malware: viruses and worms The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any other particular behavior. Originally, the term computer virus was used for a program which infected other executable software, while a computer worm transmitted itself over a network to infect other computers. More recently, the words are often used interchangeably.

Today, some draw the distinction between viruses and worms by saying that a virus requires user intervention to spread, whereas a worm spreads automatically. Using this distinction, infections transmitted by email or Microsoft Word documents, which rely on the recipient opening a file to infect the system, would be classified as viruses, not worms.

Capsule history of viruses and worms Main articles: Computer virus, computer worm.

Before Internet access became widespread, viruses spread on personal computers by infecting programs or the executable boot sectors of floppy disks. By inserting a copy of itself into the machine code instructions in these executables, a virus causes itself to be run whenever the program is run or the disk is booted. Early computer viruses were written for the Apple II and Apple Macintosh, but they became more widespread with the dominance of the IBM PC and MS-DOS system. Executable-infecting viruses are dependent on users exchanging software or boot floppies, so they spread heavily in computer hobbyist circles.

The first worms, network-borne infectious programs, originated not on personal computers, but on multitasking Unix systems. The first well-known worm was the Internet Worm of 1988, which infected SunOS and VAX BSD systems. Unlike a virus, this worm did not insert itself into other programs. Instead, it exploited security holes in network server programs and started itself running as a separate process. This same behavior is used by today's worms as well.

With the rise of the Microsoft Windows platform in the 1990s, and the flexible Macro (computer science) systems of its applications, it became possible to write infectious code in the macro language of Microsoft Office Word and similar programs. These macro virus (computing)es infect documents and templates rather than applications, but rely on the fact that macros in a Word document are a form of executable code.

Today, worms are most commonly written for the Windows OS, although a small number are also written for Linux and Unix systems. Worms today work in the same basic way as 1988's Internet Worm: they scan the network for computers with vulnerable network services, break in to those computers, and copy themselves over. Worm outbreaks have become a cyclical plague for both home users and businesses, eclipsed recently in terms of damage by spyware.

Concealment: Trojan horses, rootkits, and backdoors For a malicious program to accomplish its goals, it must be able to do so without being shut down, or deleted by the user or administrator of the computer it's running on. Concealment can also help get the malware installed in the first place. By disguising a malicious program as something innocuous or desirable, users may be tempted to install it without knowing what it does. This is the technique of the Trojan horse (computing) or trojan.

Often attempting to delete malicious software on a computer may activate the software, causing damage and the infection of other files in the computer. Some anti virus programs that fail to stop Malware and Trojans on the computer have a virus chest file. This is an isolated folder where infected files can be stored and protected from usage until they are removed.

Broadly speaking, a Trojan horse is any program that invites the user to run it, but conceals a harmful or malicious payload. The payload may take effect immediately and can lead to many undesirable effects, such as deleting all the user's files, or more commonly it may install further harmful software into the user's system to serve the creator's longer-term goals. Trojan horses known as droppers are used to start off a worm outbreak, by injecting the worm into users' local networks.

One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads off the Web or a peer-to-peer file-trading network. When the user installs the software, the spyware is installed alongside. Spyware authors who attempt to act in a legal fashion may include an end-user license agreement which states the behavior of the spyware in loose terms, but knowing that users are unlikely to read or understand it.

Once a malicious program is installed on a system, it is often useful to the creator if it stays concealed. The same is true when a human attacker breaks into a computer directly. Techniques known as rootkits allow this concealment, by modifying the host operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process (computing) from being visible in the system's list of processes, or keep its files from being read. Originally, a rootkit was a set of tools installed by a human attacker on a Unix system where the attacker had gained administrator (root) access. Today, the term is used more generally for concealment routines in a malicious program.

A Backdoor (computing) is a method of bypassing normal authentication procedures. Once a system has been compromised (by one of the above methods, or in some other way), one or more backdoors may be installed, in order to allow the attacker access in the future. The idea has often been floated that many computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. Cracker (computing) typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors Cracker (computing) may use Trojan Horse (Computing), Computer worm, or other methods.

Malware for profit: spyware, botnets, loggers, and dialers During the 1980s and 1990s, it was usually taken for granted that malicious programs were created as a form of vandalism or prank. (Although some viruses were spread only to discourage users from illegal software exchange.) More recently, the greater share of malware programs have been written with a financial or profit motive in mind. This can be taken as the malware authors' choice to monetize their control over infected systems: to turn that control into a source of revenue.

Since 2003 or so, the most costly form of malware in terms of time and money spent in recovery has been the broad category known as spyware. Spyware programs are commercially produced for the purpose of gathering information about computer users, showing them pop-up ads, or altering web-browser behavior for the financial benefit of the spyware creator. For instance, some spyware programs redirect search engine results to paid advertisements. Others often called "stealware" by the media overwrite affiliate marketing codes so that revenue goes to the spyware creator rather than the intended recipient.

Spyware programs are sometimes installed as Trojan horses of one sort or another. They differ in that their creators present themselves openly as businesses, for instance by selling advertising space on the pop-ups created by the malware. Most such programs present the user with an end-user license agreement which purportedly protects the creator from prosecution under computer contaminant laws. However, spyware EULAs have not yet been upheld in court.

Another way that financially-motivated malware creator can monetize their infections is to directly use the infected computers to do work for the creator. Spammer viruses, such as the Sobig and Mydoom virus families, are commissioned by e-mail spam gangs. The infected computers are used as open proxy to send out spam messages. The advantage to spammers of using infected computers is that they are available in large supply (thanks to the virus) and they provide anonymity, protecting the spammer from prosecution. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks.

In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously. Botnets can also be used to push upgraded malware to the infected systems, keeping them resistant to anti-virus software or other security measures.

Lastly, it is possible for a malware creator to profit by simply stealing from the person whose computer is infected. Some malware programs install a Keystroke logging, which copies down the user's keystrokes when entering a password, credit card number, or other information that may be useful to the creator. This is then transmitted to the malware creator automatically, enabling credit card fraud and other theft. Similarly, malware may copy the CD key or password for online games, allowing the creator to steal accounts or virtual items.

Another way of stealing money from the infected PC owner is to take control of the modem and dial an expensive toll call. Dialer (or porn dialer) software dials up a premium-rate telephone number such as a U.S. "900 number" and leave the line open, charging the toll to the infected user.

Vulnerability to malware In this context, as throughout, it should be borne in mind that the “system” under attack may be of various types, e.g. a single computer and operating system, a network or an application.

Various factors make a system more vulnerable to malware:

An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance.

Most systems contain bugs which may be exploited by malware. Typical examples are buffer overruns,in which an interface designed to store data in a small area of memory allows the caller to supply too much,and then overwrites its internal structures. This may used by malware to force the system to execute its code.

Originally, PCs had to be booted from floppy disks, and until recently it was common for this to be the default boot device. This meant that a corrupt floppy disk could subvert the computer during booting, and the same applies to CDs. Although that is now less common, it is still possible to forget that one has changed the default, and rare that a BIOS makes one confirm a boot from removable media.

In some systems, non-administrator users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status. This is a primarily a configuration decision, but on Microsoft Windows systems the default configuration is to over-privilege the user. This situation exists due to decisions made by Microsoft to prioritize compatibility with older systems above security configuration in newer systems and because typical applications were developed without the under-privileged users in mind. As privilege escalation exploits have increased this priority is shifting for the release of Microsoft Windows Vista. As a result, many existing applications that require excess privilege (over-privileged code) may have compatibility problems with Vista. However, Vista's User Account Control feature attempts to remedy applications not designed for under-privileged users through virtualization, acting as a crutch to resolve the privileged access problem inherent in legacy applications.

Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user. This makes users vulnerable to malware in the form of e-mail attachments, which may or may not be disguised.

Given this state of affairs, users are warned only to open attachments they trust, and to be wary of code received from untrusted sources. It is also common for operating systems to be designed so that device drivers need escalated privileges, while they are supplied by more and more hardware manufacturers, some of whom may be unreliable.

Eliminating over-privileged code Over-privileged code dates from the time when most programs were either delivered with a computer or written in-house, and repairing it would at a stroke render most anti-virus software almost redundant. It would, however, have appreciable consequences for the user interface and system management.

The system would have to maintain privilege profiles, and know which to apply for each user and program.In the case of newly installed software, an administrator would need to set up default profiles for the new code.

Eliminating vulnerability to rogue device drivers is probably harder than for arbitrary rogue executables. Two techniques, used in OpenVMS, that can help are memory mapping only the registers of the device in question and a system interface associating the driver with interrupts from the device.

Other approaches are:

Such approaches, however, if not fully integrated with the operating system, would reduplicate effort and not be universally applied, both of which would be detrimental to security.

Academic research on malware: a brief overview The notion of a self-reproducing computer program can be traced back to 1949 when John von Neumann presented lectures that encompassed the theory and organization of complicated automata.John von Neumann, "Theory of Self-Reproducing Automata", Part 1: Transcripts of lectures given at the University of Illinois, Dec. 1949, Editor: A. W. Burks, University of Illinois, USA, 1966. Neumann showed that in theory a program could reproduce itself. This constituted a plausibility result in computability theory. Fred Cohen experimented with computer viruses and confirmed Neumann's postulate. He also investigated other properties of malware (detectability, self-obfuscating programs that used rudimentary encryption that he called "evolutionary", and so on). His doctoral dissertation was on the subject of computer viruses.Fred Cohen, "Computer Viruses", PhD Thesis, University of Southern California, ASP Press, 1988. Cohen's faculty advisor, Leonard Adleman (the A in RSA) presented a rigorous proof that, in the general case, algorithmically determining whether a virus is or is not present is Turing undecidable.L. M. Adleman, "An Abstract Theory of Computer Viruses", Advances in Cryptology---Crypto '88, LNCS 403, pages 354-374, 1988. This problem must not be mistaken for that of determining, within a broad class of programs, that a virus is not present; this problem differs in that it does not require the ability to recognize all viruses. Adleman's proof is perhaps the deepest result in malware computability theory to date and it relies on Cantor's diagonal argument as well as the halting problem. Ironically, it was later shown by Young and Yung that Adleman's work in cryptography is ideal in constructing a virus that is highly resistant to reverse-engineering by presenting the notion of a Cryptovirology.A. Young, M. Yung, "Cryptovirology: Extortion-Based Security Threats and Countermeasures," IEEE Symposium on Security & Privacy, pages 129-141, 1996. A cryptovirus is a virus that contains and uses a public key. In the cryptoviral extortion attack, the virus hybrid encrypts plaintext data on the victim's machine using the virus writer's public key. In theory the victim must negotiate with the virus writer to get the plaintext back (assuming there are no backups). Analysis of the virus reveals the public key, not the needed private decryption key. This result was the first to show that computational complexity theory can be used to devise malware that is robust against reverse-engineering.

Another growing area of computer virus research is to mathematically model the infection behavior of worms using models such as Lotka-Volterra equations, which has been applied in the study of biological virus. Various virus propagation scenarios have been studied by researchers such as propagation of computer virus, fighting virus with virus like predator codes,H. Toyoizumi, A. Kara. Predators: Good Will Mobile Codes Combat against Computer Viruses. Proc. of the 2002 New Security Paradigms Workshop, 2002Zakiya M. Tamimi, Javed I. Khan, Model-Based Analysis of Two Fighting Worms, IEEE/IIU Proc. of ICCCE '06, Kuala Lumpur, Malaysia, May 2006, Vol-I, Page 157-163 effectiveness of patching etc.

Emerging vectors and pathways Wikis and Blogs Innocuous wikis and blogs are not immune to hijacking. It has been reported that the German edition of Wikipedia has recently been used as an attempt to vector infection. Through a form of social engineering, users with ill intent have added links to web pages that contain malicious software with the claim that the web page would provide detections and remedies, when in fact it was a lure to infect. Wikipedia Hijacked to Spread Malware

Targeted SMTP Threats Targeted Simple Mail Transfer Protocol threats also represent an emerging attack vector through which malware is propagated. As users adapt to widespread Spam (electronic) attacks, cybercriminals distribute crimeware to target one specific organization or industry, often for financial gain. "Protecting Corporate Assets from E-mail Crimeware," Avinti, Inc., p.1

See also

References External links

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a portmanteau of the words "Malice (legal term)" and "Computer software". The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Many normal computer users are however still unfamiliar with the term, and most never use it. Instead, "computer virus" is used in common parlance and often in the general media to describe all kinds of malware, though not all malware is a virus. Another term that has been recently coined for malware is badware, perhaps due to the anti-malware initiative Stopbadware or corruption of the term "malware".

Software is considered malware based on the perceived intent of the creator rather than any particular features. It includes computer viruses, Computer worm, Trojan horse (computing)s, spyware, dishonest adware, and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other United States states.

Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains harmful Software bug.

Purposes Many early infectious programs, including the first Internet Worm and a number of MS-DOS viruses, were written as experiments or pranks generally intended to be harmless or merely annoying rather than to cause serious damage. Young programmers learning about viruses and the techniques used to write them might write one to prove that they can do it, or to see how far it could spread. As late as 1999, widespread viruses such as the Melissa virus appear to have been written chiefly as pranks.

A slightly more hostile intent can be found in programs designed to vandalize or cause data loss. Many DOS viruses, and the Microsoft Windows ExploreZip worm, were designed to destroy files on a hard disk, or to corrupt the filesystem by writing junk data. Network-borne worms such as the 2001 Code Red worm or the Ramen worm fall into the same category. Designed to vandalize web pages, these worms may seem like the online equivalent to graffiti tagging, with the author's alias or affinity group appearing everywhere the worm goes.

However, since the rise of widespread broadband Internet access, more malicious software has been designed for a profit motive. For instance, since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for black-market exploitation. Infected "zombie computers" are used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.

Another strictly for-profit category of malware has emerged in spyware -- programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator. Spyware programs do not spread like viruses; they are generally installed by exploiting security holes or are packaged with user-installed software, such as Limewire.

Infectious malware: viruses and worms The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any other particular behavior. Originally, the term computer virus was used for a program which infected other executable software, while a computer worm transmitted itself over a network to infect other computers. More recently, the words are often used interchangeably.

Today, some draw the distinction between viruses and worms by saying that a virus requires user intervention to spread, whereas a worm spreads automatically. Using this distinction, infections transmitted by email or Microsoft Word documents, which rely on the recipient opening a file to infect the system, would be classified as viruses, not worms.

Capsule history of viruses and worms Main articles: Computer virus, computer worm.

Before Internet access became widespread, viruses spread on personal computers by infecting programs or the executable boot sectors of floppy disks. By inserting a copy of itself into the machine code instructions in these executables, a virus causes itself to be run whenever the program is run or the disk is booted. Early computer viruses were written for the Apple II and Apple Macintosh, but they became more widespread with the dominance of the IBM PC and MS-DOS system. Executable-infecting viruses are dependent on users exchanging software or boot floppies, so they spread heavily in computer hobbyist circles.

The first worms, network-borne infectious programs, originated not on personal computers, but on multitasking Unix systems. The first well-known worm was the Internet Worm of 1988, which infected SunOS and VAX BSD systems. Unlike a virus, this worm did not insert itself into other programs. Instead, it exploited security holes in network server programs and started itself running as a separate process. This same behavior is used by today's worms as well.

With the rise of the Microsoft Windows platform in the 1990s, and the flexible Macro (computer science) systems of its applications, it became possible to write infectious code in the macro language of Microsoft Office Word and similar programs. These macro virus (computing)es infect documents and templates rather than applications, but rely on the fact that macros in a Word document are a form of executable code.

Today, worms are most commonly written for the Windows OS, although a small number are also written for Linux and Unix systems. Worms today work in the same basic way as 1988's Internet Worm: they scan the network for computers with vulnerable network services, break in to those computers, and copy themselves over. Worm outbreaks have become a cyclical plague for both home users and businesses, eclipsed recently in terms of damage by spyware.

Concealment: Trojan horses, rootkits, and backdoors For a malicious program to accomplish its goals, it must be able to do so without being shut down, or deleted by the user or administrator of the computer it's running on. Concealment can also help get the malware installed in the first place. By disguising a malicious program as something innocuous or desirable, users may be tempted to install it without knowing what it does. This is the technique of the Trojan horse (computing) or trojan.

Often attempting to delete malicious software on a computer may activate the software, causing damage and the infection of other files in the computer. Some anti virus programs that fail to stop Malware and Trojans on the computer have a virus chest file. This is an isolated folder where infected files can be stored and protected from usage until they are removed.

Broadly speaking, a Trojan horse is any program that invites the user to run it, but conceals a harmful or malicious payload. The payload may take effect immediately and can lead to many undesirable effects, such as deleting all the user's files, or more commonly it may install further harmful software into the user's system to serve the creator's longer-term goals. Trojan horses known as droppers are used to start off a worm outbreak, by injecting the worm into users' local networks.

One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads off the Web or a peer-to-peer file-trading network. When the user installs the software, the spyware is installed alongside. Spyware authors who attempt to act in a legal fashion may include an end-user license agreement which states the behavior of the spyware in loose terms, but knowing that users are unlikely to read or understand it.

Once a malicious program is installed on a system, it is often useful to the creator if it stays concealed. The same is true when a human attacker breaks into a computer directly. Techniques known as rootkits allow this concealment, by modifying the host operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process (computing) from being visible in the system's list of processes, or keep its files from being read. Originally, a rootkit was a set of tools installed by a human attacker on a Unix system where the attacker had gained administrator (root) access. Today, the term is used more generally for concealment routines in a malicious program.

A Backdoor (computing) is a method of bypassing normal authentication procedures. Once a system has been compromised (by one of the above methods, or in some other way), one or more backdoors may be installed, in order to allow the attacker access in the future. The idea has often been floated that many computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. Cracker (computing) typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors Cracker (computing) may use Trojan Horse (Computing), Computer worm, or other methods.

Malware for profit: spyware, botnets, loggers, and dialers During the 1980s and 1990s, it was usually taken for granted that malicious programs were created as a form of vandalism or prank. (Although some viruses were spread only to discourage users from illegal software exchange.) More recently, the greater share of malware programs have been written with a financial or profit motive in mind. This can be taken as the malware authors' choice to monetize their control over infected systems: to turn that control into a source of revenue.

Since 2003 or so, the most costly form of malware in terms of time and money spent in recovery has been the broad category known as spyware. Spyware programs are commercially produced for the purpose of gathering information about computer users, showing them pop-up ads, or altering web-browser behavior for the financial benefit of the spyware creator. For instance, some spyware programs redirect search engine results to paid advertisements. Others often called "stealware" by the media overwrite affiliate marketing codes so that revenue goes to the spyware creator rather than the intended recipient.

Spyware programs are sometimes installed as Trojan horses of one sort or another. They differ in that their creators present themselves openly as businesses, for instance by selling advertising space on the pop-ups created by the malware. Most such programs present the user with an end-user license agreement which purportedly protects the creator from prosecution under computer contaminant laws. However, spyware EULAs have not yet been upheld in court.

Another way that financially-motivated malware creator can monetize their infections is to directly use the infected computers to do work for the creator. Spammer viruses, such as the Sobig and Mydoom virus families, are commissioned by e-mail spam gangs. The infected computers are used as open proxy to send out spam messages. The advantage to spammers of using infected computers is that they are available in large supply (thanks to the virus) and they provide anonymity, protecting the spammer from prosecution. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks.

In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously. Botnets can also be used to push upgraded malware to the infected systems, keeping them resistant to anti-virus software or other security measures.

Lastly, it is possible for a malware creator to profit by simply stealing from the person whose computer is infected. Some malware programs install a Keystroke logging, which copies down the user's keystrokes when entering a password, credit card number, or other information that may be useful to the creator. This is then transmitted to the malware creator automatically, enabling credit card fraud and other theft. Similarly, malware may copy the CD key or password for online games, allowing the creator to steal accounts or virtual items.

Another way of stealing money from the infected PC owner is to take control of the modem and dial an expensive toll call. Dialer (or porn dialer) software dials up a premium-rate telephone number such as a U.S. "900 number" and leave the line open, charging the toll to the infected user.

Vulnerability to malware In this context, as throughout, it should be borne in mind that the “system” under attack may be of various types, e.g. a single computer and operating system, a network or an application.

Various factors make a system more vulnerable to malware:

An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance.

Most systems contain bugs which may be exploited by malware. Typical examples are buffer overruns,in which an interface designed to store data in a small area of memory allows the caller to supply too much,and then overwrites its internal structures. This may used by malware to force the system to execute its code.

Originally, PCs had to be booted from floppy disks, and until recently it was common for this to be the default boot device. This meant that a corrupt floppy disk could subvert the computer during booting, and the same applies to CDs. Although that is now less common, it is still possible to forget that one has changed the default, and rare that a BIOS makes one confirm a boot from removable media.

In some systems, non-administrator users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status. This is a primarily a configuration decision, but on Microsoft Windows systems the default configuration is to over-privilege the user. This situation exists due to decisions made by Microsoft to prioritize compatibility with older systems above security configuration in newer systems and because typical applications were developed without the under-privileged users in mind. As privilege escalation exploits have increased this priority is shifting for the release of Microsoft Windows Vista. As a result, many existing applications that require excess privilege (over-privileged code) may have compatibility problems with Vista. However, Vista's User Account Control feature attempts to remedy applications not designed for under-privileged users through virtualization, acting as a crutch to resolve the privileged access problem inherent in legacy applications.

Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user. This makes users vulnerable to malware in the form of e-mail attachments, which may or may not be disguised.

Given this state of affairs, users are warned only to open attachments they trust, and to be wary of code received from untrusted sources. It is also common for operating systems to be designed so that device drivers need escalated privileges, while they are supplied by more and more hardware manufacturers, some of whom may be unreliable.

Eliminating over-privileged code Over-privileged code dates from the time when most programs were either delivered with a computer or written in-house, and repairing it would at a stroke render most anti-virus software almost redundant. It would, however, have appreciable consequences for the user interface and system management.

The system would have to maintain privilege profiles, and know which to apply for each user and program.In the case of newly installed software, an administrator would need to set up default profiles for the new code.

Eliminating vulnerability to rogue device drivers is probably harder than for arbitrary rogue executables. Two techniques, used in OpenVMS, that can help are memory mapping only the registers of the device in question and a system interface associating the driver with interrupts from the device.

Other approaches are:

Such approaches, however, if not fully integrated with the operating system, would reduplicate effort and not be universally applied, both of which would be detrimental to security.

Academic research on malware: a brief overview The notion of a self-reproducing computer program can be traced back to 1949 when John von Neumann presented lectures that encompassed the theory and organization of complicated automata.John von Neumann, "Theory of Self-Reproducing Automata", Part 1: Transcripts of lectures given at the University of Illinois, Dec. 1949, Editor: A. W. Burks, University of Illinois, USA, 1966. Neumann showed that in theory a program could reproduce itself. This constituted a plausibility result in computability theory. Fred Cohen experimented with computer viruses and confirmed Neumann's postulate. He also investigated other properties of malware (detectability, self-obfuscating programs that used rudimentary encryption that he called "evolutionary", and so on). His doctoral dissertation was on the subject of computer viruses.Fred Cohen, "Computer Viruses", PhD Thesis, University of Southern California, ASP Press, 1988. Cohen's faculty advisor, Leonard Adleman (the A in RSA) presented a rigorous proof that, in the general case, algorithmically determining whether a virus is or is not present is Turing undecidable.L. M. Adleman, "An Abstract Theory of Computer Viruses", Advances in Cryptology---Crypto '88, LNCS 403, pages 354-374, 1988. This problem must not be mistaken for that of determining, within a broad class of programs, that a virus is not present; this problem differs in that it does not require the ability to recognize all viruses. Adleman's proof is perhaps the deepest result in malware computability theory to date and it relies on Cantor's diagonal argument as well as the halting problem. Ironically, it was later shown by Young and Yung that Adleman's work in cryptography is ideal in constructing a virus that is highly resistant to reverse-engineering by presenting the notion of a Cryptovirology.A. Young, M. Yung, "Cryptovirology: Extortion-Based Security Threats and Countermeasures," IEEE Symposium on Security & Privacy, pages 129-141, 1996. A cryptovirus is a virus that contains and uses a public key. In the cryptoviral extortion attack, the virus hybrid encrypts plaintext data on the victim's machine using the virus writer's public key. In theory the victim must negotiate with the virus writer to get the plaintext back (assuming there are no backups). Analysis of the virus reveals the public key, not the needed private decryption key. This result was the first to show that computational complexity theory can be used to devise malware that is robust against reverse-engineering.

Another growing area of computer virus research is to mathematically model the infection behavior of worms using models such as Lotka-Volterra equations, which has been applied in the study of biological virus. Various virus propagation scenarios have been studied by researchers such as propagation of computer virus, fighting virus with virus like predator codes,H. Toyoizumi, A. Kara. Predators: Good Will Mobile Codes Combat against Computer Viruses. Proc. of the 2002 New Security Paradigms Workshop, 2002Zakiya M. Tamimi, Javed I. Khan, Model-Based Analysis of Two Fighting Worms, IEEE/IIU Proc. of ICCCE '06, Kuala Lumpur, Malaysia, May 2006, Vol-I, Page 157-163 effectiveness of patching etc.

Emerging vectors and pathways Wikis and Blogs Innocuous wikis and blogs are not immune to hijacking. It has been reported that the German edition of Wikipedia has recently been used as an attempt to vector infection. Through a form of social engineering, users with ill intent have added links to web pages that contain malicious software with the claim that the web page would provide detections and remedies, when in fact it was a lure to infect. Wikipedia Hijacked to Spread Malware

Targeted SMTP Threats Targeted Simple Mail Transfer Protocol threats also represent an emerging attack vector through which malware is propagated. As users adapt to widespread Spam (electronic) attacks, cybercriminals distribute crimeware to target one specific organization or industry, often for financial gain. "Protecting Corporate Assets from E-mail Crimeware," Avinti, Inc., p.1

See also

References External links



 

Malware



 
Copyright © 2008 Hintcenter.com - All rights reserved.
Home | Terms of Use | Privacy Policy
All Trademarks belong to their repective owners. Many aspects of this page are used under
commercial commons license from Yahoo!