Basic concepts in the field of information security. Malicious software. Essence and classification of a program harmful to a computer system
Malicious program
Malicious program(in the jargon of antivirus services " malware", English malware, malicious software- “malicious software”) - any software designed to obtain unauthorized access to the computing resources of the computer itself or to information stored on the computer, for the purpose of unauthorized use of computer resources by the owner or causing harm (damage) to the owner of the information, and/or the owner of the computer, and/or the owner of the computer network, by copying, distorting, deleting or substituting information.
Synonyms
- badware (bad- bad and (soft) ware- software) - bad software.
- computer contaminant (computer- computer and contaminant Contaminant is a term for malicious software used in the laws of some US states, such as California and West Virginia.
- crimeware (crime- crime and (soft ware- software) is a class of malware specifically designed to automate financial crimes. This is not a synonym for the term malware (the meaning of the term malware is broader), but all programs related to crimeware are malicious.
Terminology
By basic definition, malware is designed to gain unauthorized access to information, bypassing existing access control rules. The Federal Service for Technical and Export Control (FSTEC of Russia) defines these concepts as follows:
- Authorized access to information(English authorized access to information) - access to information that does not violate the rules of access control.
- Unauthorized access to information(English unauthorized access to information) - access to information that violates the rules of access control using standard means provided by computer technology or automated systems. Standard means mean a set of software, firmware and hardware for computer equipment or automated systems.
- Access control rules(English access mediation rules) - a set of rules regulating the access rights of access subjects to access objects
Other definitions of the term "malware"
According to Article 273 of the Criminal Code of the Russian Federation (“Creation, use and distribution of malicious programs for computers”), the definition of malicious programs is as follows: “... computer programs or changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying information, disruption of the operation of a computer, computer system or their network..."
It should be noted that the current wording of Article 273 interprets the concept of harmfulness extremely broadly. When the inclusion of this article in the Criminal Code was discussed, it was understood that program actions that were not explicitly approved would be considered “unauthorized” user this program. However, current judicial practice also classifies as malicious programs that modify (with the permission of the user) executable files and/or databases of other programs, if such modification is not permitted by their copyright holders. At the same time, in a number of cases, in the presence of a principled position of the defense and a competent examination, the broad interpretation of Article 273 was declared illegal by the court.
Microsoft defines the term “malware” as follows: “Malware is an abbreviation for “malicious software,” usually used as a common term to refer to any software specifically designed to cause damage to an individual computer, server, or a computer network, regardless of whether it is a virus, spyware, etc.”
Classification of malware
Each antivirus software company has its own corporate classification and nomenclature of malware. The classification given in this article is based on the nomenclature of Kaspersky Lab.
By malicious load
This section lacks links to sources of information.
Information must be verifiable, otherwise it may be questioned and deleted. Malware can form chains: for example, using an exploit (1), a loader (2) is deployed on the victim’s computer, which installs a worm (3) from the Internet. Symptoms of infection
However, it should be taken into account that despite the absence of symptoms, the computer may be infected with malware. Anti-malware methodsThere is no absolute protection against malware: no one is immune from “zero-day exploits” like Sasser or Conficker. But with some measures you can significantly reduce the risk of malware infection. The following are the main and most effective measures to improve security:
Legal aspectsThe legislation of many countries around the world provides for various penalties, including criminal liability, for the creation, use and distribution of malicious programs. In particular, criminal liability for the creation, use and distribution of malicious computer programs is provided for in Article 273 of the Criminal Code of the Russian Federation. In order for a program to be considered malicious, three criteria are needed:
Clearer criteria by which software products (modules) can be classified as malicious programs have not been clearly stated anywhere to date. Accordingly, in order for a statement about the harmfulness of a program to have legal force, it is necessary to conduct a software and technical examination in compliance with all formalities established by current legislation. Links
See also
Anti-malware software products
Notes
|
There is a class of programs that were originally written for the purpose of destroying data on someone else’s computer, stealing someone else’s information, unauthorized use of someone else’s resources, etc., or acquired such properties for some reason. Such programs carry a malicious payload and are accordingly called malware.
A malware is a program that causes any harm to the computer on which it runs or to other computers on the network.
2.1 Viruses
Term "computer virus" appeared later - officially its author is considered to be an employee of Lehigh University (USA) F. Cohen in 1984 at the seventh conference on information security. The main feature of a computer virus is the ability to self-replicate.
Computer virus is a program capable of creating its own duplicates (not necessarily identical to the original) and introducing them into computer networks and/or files, system areas of the computer and other executable objects. At the same time, duplicates retain the ability to further spread.
Conventionally, the life cycle of any computer virus can be divided into five stages:
Infiltrating someone else's computer
Activation
Search for objects to infect
Preparing copies
Embedding copies
The virus can penetrate both mobile media and network connections - in fact, all channels through which a file can be copied. However, unlike worms, viruses do not use network resources - infection with a virus is possible only if the user himself has activated it in some way. For example, he copied or received an infected file by mail and launched it himself or simply opened it.
After penetration, activation of the virus follows. This can happen in several ways and, in accordance with the chosen method, viruses are divided into several types. The classification of viruses is presented in Table 1:
Table 1- Types of computer viruses
Name |
Description |
|
Boot viruses |
infect boot sectors of hard drives and mobile media. |
|
File viruses |
Classic file viruses |
they inject themselves into executable files in various ways (inject their malicious code or completely overwrite them), create duplicate files, copies of themselves in various directories of the hard drive, or use the peculiarities of the file system organization |
Macro viruses |
which are written in the internal language, the so-called macros of an application. The vast majority of macro viruses use macros in the Microsoft Word text editor |
|
Script viruses |
written in the form of scripts for a specific command shell - for example, bat files for DOS or VBS and JS - scripts for Windows Scripting Host (WSH) |
An additional difference between viruses and other malicious programs is their strict attachment to the operating system or software shell for which each specific virus was written. This means that a Microsoft Windows virus will not work and infect files on a computer with another operating system installed, such as Unix. Likewise, a macro virus for Microsoft Word 2003 will most likely not work in Microsoft Excel 97.
When preparing their virus copies to camouflage themselves from antiviruses, they can use the following technologies:
Encryption- in this case, the virus consists of two parts: the virus itself and the encryptor.
Metamorphism- when using this method, viral copies are created by replacing some commands with similar ones, rearranging parts of the code, and inserting additional commands between them that usually do nothing.
Accordingly, depending on the methods used, viruses can be divided into encrypted, metamorphic and polymorphic, using a combination of two types of camouflage.
The main goals of any computer virus are to spread to other computer resources and perform special actions upon certain events or user actions (for example, on the 26th of every even month or when the computer is rebooted). Special actions often turn out to be malicious.
Malware is a program designed to harm a computer and/or its owner. Obtaining and installing such programs is called infecting the computer. To avoid infection, you need to know the types of malware and methods of protecting against them. I will tell you about this in the article.
For what Do they still create malware? There are many options. Here are the most common ones:
Just for fun
- self-affirmation in the face of peers
- theft of personal information (passwords, credit card codes, etc.)
- extortion of money
- distribution of spam through zombie computers that unite into a botnet
- revenge
Classification of malware
The most popular types of malware are:
- computer virus
- Trojan program
- network worm
- rootkit
Computer virus
– a type of malware whose purpose is to carry out actions that harm the PC owner without his knowledge. A distinctive feature of viruses is their ability to reproduce. You can catch a virus via the Internet or from removable storage media: flash drives, floppy disks, disks. Viruses usually inject themselves into the body of programs or replace programs.
Trojan horse
(you can also hear such names as Trojan, Trojan, Trojan horse) - a malicious program that penetrates the victim’s computer under the guise of a harmless one (for example, a codec, system update, screensaver, driver, etc.). Unlike a virus, Trojans do not have their own method of spreading. You can receive them by email, from a removable drive, or from an Internet site.
Network worm
– an independent malicious program that penetrates a victim’s computer using vulnerabilities in operating system software.
Rootkit
– a program designed to hide traces of an attacker’s malicious actions in the system. Not always harmful. For example, rootkits are systems used to protect licensed discs that publishers use. Also, an example of a rootkit that does not harm the user are programs for emulating virtual drives: Daemon Tools, Alcohol 120%.
Symptoms of a computer infection:
Blocking access to antivirus developer sites
- appearance of new applications in autostart
- launching new processes previously unknown
- random opening of windows, images, videos, sounds
- spontaneous shutdown or reboot of the computer
- decreased computer performance
- unexpected opening of the drive tray
- disappearance or change of files and folders
- reduced download speed from the Internet
- active operation of hard drives in the absence of tasks set by the user. Identified by the blinking light on the system unit.
How protect yourself from malware? There are several ways:
Install a good antivirus (Kaspersky, NOD32, Dr. Web, Avast, AntiVir and others)
- install Firewall to protect against network attacks
- install recommended updates from Microsoft
- do not open files received from unreliable sources
Thus, knowing the main types of malicious software, how to protect against them and the symptoms of infection, you will protect your data as much as possible.
P.S. The article is relevant only for Windows users, since Mac OS and Linux users do not have the luxury of viruses. There are several reasons for this:
- writing viruses on these operating systems is extremely difficult
- there are very few vulnerabilities in these operating systems, and if any are found, they are corrected in a timely manner
- all modifications of system files of Unix-like OS require confirmation from the user
Still, owners of these OSs can catch a virus, but it will not be able to run and harm a computer running Ubuntu or Leopard.
In this article we answered the following questions:
- What is malware?
- How can you avoid getting your computer infected?
- Why is malware created?
- What is a computer virus?
- What is a Trojan program?
- What is a network worm?
- What is a rootkit?
- What is a botnet?
- How do you know if your computer is infected with a virus?
- What are the symptoms of a computer being infected with malware?
- How to protect yourself from malicious software?
- Why are there no viruses on Mac (Leopard)?
- Why are there no viruses on Linux?
Your questions:
No questions yet. You can ask your question in the comments.
This article was written specifically for
In this article we will get acquainted with main types of malware . There are many different types of these, let's break it all down in order!
And so I will try to describe everything quite simply, I think you will like it! And so let's go!
Viruses
The first type is, as you probably all already know, “viruses” (computer) and “worms” (Well, also computer J) what are they? Surely you have heard many definitions and their classifications? If not yet, now you will definitely know and imagine what they are and how they work!
Viruses are a kind of malicious software that performs various unauthorized actions in your OS (Operating System), it all depends on its purpose. Basically, a virus is a program code that gives your computer certain commands that the computer executes. We’ll talk to you about how this happens and how viruses are written in the article “Virus commands and how it works.” Well, that’s all about viruses for now, let’s move on to the next type: worms.
Worms
What are worms and how does it work? This is also malicious software that contains a slightly different “code”, namely the main difference is self-reproduction (copying itself) each copy of it retains its inherited self-reproduction properties! Which has a very bad effect on your computer speed.
Trojans
Trojan programs are programs designed and written specifically for the specific “needs” of an attacker. For example, a Trojan program can easily copy your data (For example, passwords, or other information from your computer).
I would like to note that such programs can also modify or block information or even an entire system of commands on your computer! Be careful, these are very dangerous and harmful programs that can cause serious consequences. Let me give you an example, let’s say your computer, after visiting the Internet, picked up a Trojan and your antivirus detected it, you think, okay, I’ll delete it and that’s it! At first glance, everything is logical: they picked it up and deleted it, it would seem not scary!
And as I already wrote, if you read carefully, such a program can modify information and commands (Change, make changes) and it turns out that the Trojan was removed and it has already done its job by changing a number of commands in your system or its settings. What could this turn out to be? Yes, absolutely everything depends on the code and what changes it brings to the system of your PC.
These are the pies, dear readers! Well, I would like to write how a Trojan differs from a simple virus. The main difference is that such Trojans do not copy “themselves” (they do not create copies of themselves). Well, for now, let's move on with the Trojans!
The next type is quite cunning programs and they are called “Malicious utilities”. This is one of the most complex types of programs since these programs can be both useful and harmful. And of course, like me without an example :)
Malicious utilities
Let me give you an example: such a program is installed on your PC (Personal Computer) and then it may not harm your computer at all, but as always there is a but. Such a program can hack the security system of another computer from yours! Can you imagine? You sit, you drink your tea, watch a movie, and in the meantime, the processor of your machine processes commands with the help of which the protection system of another computer is bypassed, there are few such utilities, but they already exist and I have come across them! And so, as you understand, not everything about this type is clear, but for now let’s finish talking about this and move on to another type.
Adware, Pornware and Riskware
Adware, Pornware and Riskware, well, this is a little more complicated and a little more detailed. So what is this malware? Heh, I'll try to be as clear as possible. Let's begin... This is definitely a conventional series of harmful programs, since they can be both harmful and completely useful programs. Let me give an example again for clarification? With an example, everything will become clearer. Let’s say you are a System Administrator and you need to install a remote system administration program for computers, for those who are not very familiar with this, I will write briefly. This is the ability to control another computer from a distance, via a local network (Special cable) or the Internet. So in this case, everything is fine because you need it to simplify the operation and maintenance of other PCs. But imagine if in the role of a system administrator there is an attacker who wants to get his own idea of using this loophole?
So I briefly described everything, I will write many more articles on this type in more detail, how it all works, and how to implement it all and protect yourself from this kind of threats.
CONCEPT AND TYPES OF MALWARE
The first reports of harmful programs deliberately and covertly introduced into the software of various computer systems appeared in the early 80s. The name “computer viruses” comes from its similarity to a biological prototype, in terms of the ability to reproduce independently. Some other medical and biological terms were also transferred to the new computer area, for example, such as mutation, strain, vaccine, etc. A message about programs that, when certain conditions occur, begin to produce harmful actions, for example, after a certain number of starts they destroy the data stored in the system information, but do not have the ability to self-replicate characteristic of viruses, appeared much earlier
1.Luke. A condition that facilitates the implementation of many types of information security threats in information technologies is the presence of “traps”. The hatch is usually inserted into the program at the debugging stage to facilitate work: this module can be called in different places, which allows you to debug individual parts of the program independently. The presence of a hatch allows you to call the program in a non-standard way, which may affect the state of the security system. Hatches may remain in the program for a variety of reasons. Detection of hatches is the result of a random and labor-intensive search. There is only one protection against hatches - to prevent them from appearing in the program, and when accepting software products developed by other manufacturers, the source code of the programs should be analyzed in order to detect hatches.
2. Logic bombs are used to distort or destroy information; less often, they are used to commit theft or fraud. A logic bomb is sometimes inserted during program development, and it is triggered when some condition is met (time, date, code word). Manipulating logic bombs is also something that dissatisfied employees who are planning to leave the organization do, but these can also be consultants, employees with certain political beliefs, etc. A real example of a logic bomb: a programmer, anticipating his dismissal, enters into the payroll program certain changes that take effect when his name disappears from the company's personnel data set.
3. Trojan horse- a program that performs, in addition to the main, i.e., designed and documented actions, additional actions not described in the documentation. The analogy with the ancient Greek Trojan horse is justified - in both cases, a threat lurks in an unsuspicious shell. A Trojan horse is an additional block of commands inserted in one way or another into the original harmless program, which is then transferred (donated, sold) to IT users. This block of commands can be triggered when a certain condition occurs (date, time, by external command, etc.). A Trojan horse usually acts within the authority of one user, but in the interests of another user or even a stranger, whose identity is sometimes impossible to establish. A Trojan horse can perform the most dangerous actions if the user who launched it has an extended set of privileges. In this case, an attacker who has created and introduced a Trojan horse and does not have these privileges himself can perform unauthorized privileged functions using the wrong hands. A radical way to protect against this threat is to create a closed environment for using programs.
4. Worm- a program that spreads through the network and does not leave a copy of itself on a magnetic medium.
The worm uses network support mechanisms to determine which host may be infected. Then, using the same mechanisms, it transfers its body or part of it to this node and either activates or waits for suitable conditions for this. A suitable environment for a worm to spread is a network where all users are considered friendly and trust each other, and there are no protective mechanisms. The best way to protect against a worm is to take precautions against unauthorized network access
5. Password Grabber- These are programs specifically designed to steal passwords. When a user tries to access the workstation, the information necessary to end the work session is displayed on the screen. When attempting to log in, the user enters a name and password, which are sent to the owner of the invader, after which an error message is displayed and input and control are returned to the operating system. A user who thinks he made a mistake when typing his password logs in again and gains access to the system. However, its name and password are already known to the owner of the invader program. Password interception is also possible in other ways. To prevent this threat, before logging into the system, you must make sure that you are entering your name and password into the system input program and not some other one. In addition, you must strictly adhere to the rules for using passwords and working with the system. Most violations occur not due to clever attacks, but due to simple negligence. Compliance with specially developed rules for using passwords is a necessary condition for reliable protection.
7. Computer virus It is customary to refer to a specially written, usually small program that is capable of spontaneously attaching to other programs (i.e., infecting them), creating copies of itself (not necessarily completely identical to the original) and introducing them into files, system areas of a personal computer, and other computers combined with it in order to disrupt the normal operation of programs, damage files and directories, and create various interferences when working on a computer.
TYPES OF COMPUTER VIRUSES, THEIR CLASSIFICATION
The way most viruses operate is by changing the PC system files so that the virus begins its activity every time the personal computer is booted. Some viruses infect system boot files, others specialize in various program files. Whenever a user copies files onto a machine's storage media or sends infected files over a network, the transferred copy of the virus tries to install itself on the new drive. All actions of the virus can be performed quite quickly and without issuing any messages, so the user often does not notice that his PC is infected and does not have time to take appropriate appropriate measures. To analyze the effects of computer viruses, the concept life cycle virus, which includes four main stages:
1. Implementation
2. Incubation period (primarily to hide the source of penetration)
3. Reproduction (self-propagation)
4. Destruction (distortion and/or destruction of information)
The targets of computer viruses can be divided into two groups:
1. In order to prolong their existence, viruses infect other programs, and not all, but those that are most often used and/or have a high priority in information
2. Viruses most often act with destructive purposes on data, and less often on programs.
Methods of manifestation of computer viruses include:
Slowdown of the personal computer, including freezing and stopping;
Changing data in the corresponding files;
Inability to load the operating system;
Termination of operation or incorrect operation of a previously successfully functioning user program;
Increasing the number of files on disk;
Changing file sizes;
Malfunction of the operating system, which requires periodic rebooting;
Periodic appearance of inappropriate messages on the monitor screen;
The appearance of sound effects;
Reducing the amount of free RAM;
A noticeable increase in hard drive access time;
Changing the date and time of file creation;
Destruction of the file structure (disappearance of files, corruption of directories);
The disk drive warning light comes on when there is no user access to it;
Formatting a disk without user command, etc.
Viruses can be classified according to the following characteristics:
1. By type of habitat Viruses are classified into the following types:
· boot are embedded in the boot sector of the disk or in the sector containing the system disk boot program;
· file are embedded mainly in executable files with extensions .COM And .EXE;
· systemic penetrate system modules and peripheral device drivers, file allocation tables and partition tables;
· network viruses live in computer networks;
· file-boot They affect boot sectors of disks and application program files.
2. According to the degree of impact on the resources of computer systems and networks stand out :
harmless viruses , that do not have a destructive effect on the operation of a personal computer, but can overfill the RAM as a result of their reproduction;
non-hazardous viruses do not destroy files, but reduce free disk memory, display graphic effects on the screen, create sound effects, etc.;
dangerous viruses often lead to various serious disruptions in the operation of a personal computer and all information technology;
destructive lead to the erasure of information, complete or partial disruption of application programs... etc.
3. According to the method of infection of the habitat viruses are divided into the following groups:
resident viruses When a computer is infected, they leave their resident part in the RAM, which then intercepts the operating system's calls to other infection objects, infiltrates them and carries out its destructive actions until the computer is turned off or rebooted. Resident program is a program that is permanently located in the RAM of a personal computer.
non-resident viruses do not infect the RAM of a personal computer and are active for a limited time.
4. Algorithmic feature of constructing viruses influences their manifestation and functioning. The following types of viruses are distinguished:
§ replicator, due to their rapid reproduction, they lead to overflow of the main memory, while the destruction of replicator programs becomes more difficult if the reproduced programs are not exact copies of the original;
§ mutating over time they change and self-produce. At the same time, self-reproducing, they recreate copies that are clearly different from the original;
§ stealth viruses (invisible) intercept calls from the operating system to infected files and disk sectors and substitute uninfected objects in their place. When accessing files, such viruses use rather original algorithms that allow them to “deceive” resident anti-virus monitors;
§ macroviruses use the capabilities of macro languages built into office data processing programs (text editors, spreadsheets, etc.).