Information Security in Education/Malicious Software

Introduction


The specific Malicious Software detailed within this page can come in the form of attacks on a single computer or computer network attacks. Malicious Software can be responsible for damage and reduced computer security on both the individual and network levels. A basic understanding of Malicious Software can be helpful in recognizing the threats that you may encounter in the digital age.

The topic of Malicious Software is broad and technical. This page will focus on the questions of "What is it?" and "What does it do?" for each topic.

Malicious Software
Malicious Software is also commonly referred to as Malware. According to Bruce Schneier, "Malicious Software includes computer viruses, worms, and trojan horses" (Schneier, 2004). Other experts include spyware, dishonest adware, crimeware, rootkits, and other unwanted software. Bots and botnets will also be presented as they have also become a more common threat to computer security.

What is it? Malicious Software or malware is software designed to infiltrate a computer system without the owner's informed consent.

What does it do? Depending on the variety of malware, "it can hijack your browser, redirect your search attempts, serve up nasty pop-up ads, track what web sites you visit, and generally screw things up". The bottom line is malware can cost you or your organization time, money, resources, privacy, and security.

Computer Viruses


What is it? A Computer virus "is a program that can infect other programs by modeling them to include a possibly evolved copy of itself. It can spread throughout a computer system or network. Every program that gets infected may also act as a virus and thus the infection grows" (Thompson, 1984).

What does it do? "A properly engineered virus can have a devastating effect, disrupting productivity and doing billions of dollars in damages". Viruses can cause any number of symptoms ranging from slowing down the computer to ultimately crashing it.

Viruses have been around since virtually computers have been in existence, dating back to 1949. The term virus dates back to 1984 and is credited to Kenneth Thompson. The term computer virus is often used synonymously for all forms of malware, although each form of malware discussed on this page has a different function. | Here is a great link to explore the history of viruses.

Worms
What is it? Computer worms are independent programs that copy themselves and reproduce at a rapid pace, usually over a computer network. "The programs on individual computers are described as the segments of worms. The segments in a worm remain in communication with each other, should one segment fail, the remaining pieces must find another free computer, initialize it, and add it to the worm. As segments(computers) join and then leave the program, the worm itself seems to move through the network"(Schoch, J., & Hupp, J., 1982).

What does it do? It is similar to a computer virus because it magnifies the damage it does by spreading rapidly, and can include malicious instructions that cause damage or annoyance. "Unlike a virus, which attaches itself to a host program, a worm keeps its independence and usually doesn't modify other programs"(Lehtinen, 2006). Worms can infect your email, delete computer files, lock you out of your computer, and even steal your information.

| Here is an interesting link to a 60 Minutes investigation that explains what computer worms are and chronicles the spread of the Conficker worm in March of 2009.

Trojan Horses


What is it? A Trojan horse (computing) is a code fragment that hides inside a program and performs a disguised function. It takes its name from the classical mythology tale of the hollow wooden horse made by Odysseus wherein soldiers hid and then launched their attack during the Trojan War.

What does it do? A Trojan horse hides inside a independent program that performs a useful task. Along with that function, it performs some other unauthorized operation. "Once a Trojan horse is activated, it can access files, folders, or your entire system. Commonly, Trojans create a "backdoor”, which can be used to send your personal information to another location". Some Trojans may open up the possibility of someone accessing your machine, while others may monitor your Internet connection and grab your email addresses and access passwords. One common and annoying function is the annoying unwanted pop-up messages that seemingly arise from nowhere.

| Hereis a six minute YouTube video that explains most of what you might want to know about Trojans.

Spyware
What is it? Spyware refers to programs that use your Internet connection to send information from your personal computer to some other computer, normally without your knowledge or permission.

What does it do? On the Internet (where it is sometimes called a spybot or tracking software), "spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties." "Different strains of spyware perform different functions. Some might also hijack your browser to take you to an unexpected site, cause your computer to dial expensive 900 numbers, replace the Home page setting in your browser with another site, or serve you personal ads, even when you're offline."

Adware
What is it? Adware is short for Advertising Supported software. The legal type of adware is a way for shareware authors to make money from a product, other than by selling it to the users. But since this page is about Malicious Software, dishonest adware is what is explained more fully. Dishonest adware is an aggressive form of unwanted software that evolved from legal adware. Adware then began exhibiting spyware and malware characteristics. Dishonest adware writers began to design their programs so that they would reinstall automatically if removed, sometimes using different file names. As Adware has matured it has become smarter. Historically, as fast as the clean-up experts have worked out how to fight malware, those behind it have fought back with new tricks.

What does it do? It generates advertisements such as pop-up windows or hotlinks on Web pages that are not part of a page's code. "Adware may add links to your favorites and your desktop. It can hijack your home page and search engine, create tool bars that appear out of nowhere, and generate unwanted pop-up windows."

| Here is another short YouTube video that does a nice job of simply explaining the differences between adware and spyware.

Crimeware
What is it? Crimeware is any software tool used in cybercrime. Crimeware is software that is:


 * used in the commission of the criminal act
 * not generally regarded as a desirable software or hardware application
 * not involuntarily enabling the crime

Like cybercrime itself, the term crimeware covers a wide range of different malicious, or potentially malicious software.

What does it do? Because the definition above states just about any software could be used in a manner that would deem is crimeware, examples of how a software program can be used as crimeware follows. For example, child predators often use various IM clients to converse with their intended victims. Another example would be FTP sites are sometimes set up to facilitate the distribution of pirated software.

Rootkits
What is it? Rootkits are mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network.

What does it do? Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

Bots & Botnets


What are bots and botnets? A bot is a type of malware which allows an attacker to gain complete control over the affected computer. Computers that are infected with a 'bot' are generally referred to as 'zombies'. There are literally tens of thousands of computers on the Internet which are infected with some type of 'bot' and whose users don't even realize it. A botnet is the network of computers that have been infected by a particular bot software. The term "botnet" is short for "robot network".

What does a botnet do? Computers that have been caught up in a botnet have been effectively taken over, and can be used to perform almost any task by the person or persons who control the botnet. Botnets are controlled by criminals whose motives include selling products, operating financial scams and crippling websites through coordinated attacks.

An interesting fact is that while it is possible for Mac or Linux systems to become victim to botnets, the vast majority of botnets are Windows PC based.

Lastly, | here is a YouTube video that explains the bot and botnet tale.

Additional Information
1. http://en.wikipedia.org/wiki/Malware

2. http://en.wikipedia.org/wiki/Computer_virus

3. http://en.wikipedia.org/wiki/Computer_worm

4. http://en.wikipedia.org/wiki/Trojan_horse_(computing)

5. http://en.wikipedia.org/wiki/Spyware

6. http://en.wikipedia.org/wiki/Adware

7. http://en.wikipedia.org/wiki/Crimeware

8. http://en.wikipedia.org/wiki/Rootkit

9. http://en.wikipedia.org/wiki/Botnet

10. http://computer.howstuffworks.com/virus2.htm

11. http://news.cnet.com/60-minutes-whats-next-for-the-conficker-worm/

12. http://www.youtube.com/watch?v=ssckV79mNLs