Example Of Malware Report

A malicious program is a computer program or a portable code intended for realization of threats of information stored in a computer system, or flush misuse of system resources, or otherwise act that prevents the normal functioning of the computer system. Malware software includes worms, classic file viruses, Trojans, hacker tools, etc. that cause a deliberate harm to the computer on which they perform, or to other computers in network.
Regardless to the type the malware can cause significant harm, implementing any threat information - threatened breach of integrity, confidentiality, availability. The place the global spread of malware is, of course, the Internet. Of course, nowadays the Internet is a very helpful and for someone it is just necessary. In a short period of time you can search information, read the latest news and chat with many people all around the world without leaving your home, office, etc. But do not forget that hackers can easily get into your computer and gain access to your personal data (Kabay, 2005).
Although vendors of hardware and software, as well as officials in the government taking poses defenders of personal information, in which foreign invasion is unacceptable, there are serious reasons to fear that our travels over the Internet will not be left without attention of someone's watchful eye, anonymity and security are not guaranteed. Nowadays hackers can easily read e-mails, and Web-servers log everything, even including a list of viewed Web-pages.

The Evolution of Malware Software

The history of virus programs begins in the early 1949, when John von Naumann, a Hungarian origin American scientist, developed a mathematical theory of the creation of self-replicating programs. It was the first theory of the creation of computer viruses, which entailed a very limited interest among the scientific community. In the early 60's, the engineers from the Bell Telephone Laboratories from the USA including V.A. Vysotsky, G.D. McIlroy and Robert Morris created a game called “Darwin”. It involved a so-called supervisor available in computer memory which defined the rules and orders of battles between software-rivals, created by the players. Programs possessed the functions to space research, reproduction and destruction. The goal of the game was to remove all the copies of enemy’s program and capture the battlefield (Aycock, 2006).
The first computer viruses were designed in the end of the 60's - early 70-ies. In a number of cases the malware software were errors in programs that made programs copy themselves, clogging up the computer's hard disk, reducing the computer system productivity, but it is believed that most of the viruses are deliberately created to destroy. The first victim of the virus, created by programmers for fun, became a computer called Univax 1108. The “Pervading Animal” infected only one computer – the one on which it was created.
Currently, the problem of malicious software (including adware and spyware) is one of the biggest hassles faced daily by modern computer users and deserves special attention for solving it. This software has a detrimental effect that is manifested in undermining the reliability of the computer and violating privacy, confidentiality and breaking the relationship between the mechanisms of the computer protected by some combination of spy action. Such programs are often installed without informing the user and are difficult to remove even after their detection. Causing the dramatic decrease in productivity, chaotic changing user setting and appearing of questionable toolbars and add-ons the spy ware and adware systems may also add themselves to subtle modes of computer operation and deeply embed in the complex mechanisms of the operating system to greatly complicate their detection and destruction.
Performance decrease is probably the most visible consequence of malware since it directly affects the operation of computer to such an extent that even a layman can detect it. Every now and then popping-up ads are even more alarming to the user especially if the computer is not connected to the Internet. Exposed by viruses the operating system experiences a decline in responsiveness as malicious code streams compete with the system and useful programs. Viruses cause program settings changes, mysteriously added new features, unusual processes appeared in Task Manager (up to a dozen), or programs behaving as if they were using by someone else, and the user has lost control over them. Side effects of malware lead to serious consequences and, nevertheless, many computer users still continue to behave frivolously.

Types of Malware

Computer virus is a kind of computer programs, with the distinguishing feature of ability to reproduce (self-replication). Moreover, the infection can harm or totally demolish all documents and information controlled by the client for whose benefit a contaminated system was propelled, and harm or even annihilate the working framework with all records and files in general.
Nonspecialists sometimes allude different sorts of Trojans, spyware and even spam to malware (conveyance of business, political or other publicizing or different sorts of messages to persons not desiring to get them). The legitimateness of the mass appropriation of specific sorts of messages that don't oblige the assent of the beneficiary can be settled in the law of the certain country. For instance, it may concern reports of approaching calamities, mass mobilization, and so on. There are countless PC infections that spread by means of the Internet as far and wide as possible, arranging virus epidemics.
Viruses spread by adopting themselves in the executable code of other programs or replacing other programs. For a while, even the thought that, as a program, the virus can infect only the program, generally not infecting the whole system, but corrupting some data. The implication is that such copies of the virus will not get control, as the information is not used by the processor as instructions. For example unformatted text might not be a carrier of the virus.
Later, however, the attackers achieved the viral behavior to locate not only in executable code containing the machine code of the processor. Viruses were written in the language of batch files. Then came the macro viruses, intruding through the macros in documents such programs as Microsoft Word and Excel. Sometime later, the attackers created viruses that exploit vulnerabilities in popular software (for example, Adobe Photoshop, Internet Explorer, Outlook), generally treated a conventional data. Virus began to spread through the introduction of a special code sequence of data (pictures, text, etc.) using software vulnerabilities.

Trojans

Trojans are malware penetrating a computer disguised as harmless programs, like codec, screensaver, hacking software, etc. They do not have their own distribution mechanism, and it differs from viruses that spread by attaching harmless software or documents, and worms that self-replicate over the network. However, the Trojan virus can carry the body – then a user running the Trojan turns into a hotbed of contagion. Trojans are very easy to program: the simplest of them consist of a few dozen lines of code in Visual Basic or C ++. The name “Trojan” come from the notion of the “Trojan horse”, a wooden horse, the Greeks, according to legend, presented to the Trojans, who was hid inside if its body the warriors who then opened the gates of the city to the conquerors. This name is primarily reflects the stealth and cunning true intentions of potential software developer.

A Trojan is being launched on a computer can:

interfere with the user (in jest, by mistake, or to achieve any other purpose);
spy on the user;
use of computer resources for any illegal (and sometimes causing direct damage) activities, etc.
In order to provoke the user to run the Trojan program file it is called with official name, disguised as another program (such as the installation of another program), file type, or simply provide an attractive name to run, an icon etc. An attacker can rebuild an existing program, adding to its malicious source code, and then to give out for the original or a substitute for it.
Trojans have many types and forms, so there is absolutely reliable protection from them. To detect and remove Trojans need to use anti-virus software. If antivirus reports that upon detection of Trojan he cannot remove it, you can try to boot an operating system from an alternative source, and repeat the test Antivirus. If a Trojan is detected in the system, it can also be removed manually (“safe mode” recommended). It is extremely important for the detection of malicious software to regularly update anti-virus database installed on your computer since every day there is a lot of new malware appeared in the world.

Spyware

Spyware program is surreptitiously installed on your computer in order to complete or partial control of the computer and the user without the latter's consent. At the moment, there are many definitions and interpretations of the spyware term. Anti-Spyware Coalition includes many major manufacturers of anti-spyware and anti-virus software detects it as a monitoring software products installed and used without proper warning the user's consent and control by the user that is illegally installed. Spyware can complete an extensive variety of undertakings, for example:
collect information about the habits of Internet use and the most frequently visited sites (tracking software);
remember keystrokes (keyloggers) and record screenshots (screen scraper) to continue to send information to the creator spyware;
remotely control the computer (remote control software) - backdoors, botnets, droneware;
install add-on programs;
unauthorized analysis of security systems (security analysis software) - port scanners and vulnerability and password crackers;
change the settings of the operating system (system modifying software) - rootkits interceptors management (hijackers) and so on. - resulting in a decrease in the rate of Internet connection or loss of connection itself, the opening of other home pages or removal of certain programs;
activity redirect browsers that entails visiting websites blindly with the risk of virus infection.
Legitimate uses of potentially malware technologies are tracking software which is widely used and perfectly legal for monitoring PCs, and adware which openly be included in the composition of free and shareware software, and the user agrees to the viewing of advertising in order to have any further opportunity (for example, to use the program free of charge). In this case, the presence of adware should be clearly prescribed in the end-user agreement (EULA) (Szor, 2005). Remote control program and monitoring can be used for remote technical support or access to their own resources, which are located on the remote computer. Dialers can allow access to the resources necessary to the user (for example, to dial-up the Internet service provider to connect to the Internet). Passive tracking technologies may be useful to personalize web pages visited by the user.
Unlike viruses and worms, spyware does not usually self-replicating. Like many modern viruses, spyware embedded in the computer mainly for commercial purposes. Typical manifestations include display advertising pop-ups, theft of personal information (including financial, such as credit card numbers), tracking the habits of visiting Web sites, or redirect the browser address request for advertising or porn sites. Creators of spyware can commit fraud on phone lines with a program like "dialer". The dialer can reconfigure the modem to dial out on expensive telephone numbers instead of the usual ISP. Connection with these numbers is not credible and is executed for international or intercontinental rates, resulting in exorbitant amount of telephone bills. The dialer is not effective on computers without a modem or not connected to a phone line.

Net Worms

Worm is a self-replicating computer programs that propagate in the local and global computer networks. It is a fully stand-alone program. One of the first experiments on the use of computer worms in the distributed computing have been carried out in the Xerox research center in Palo Alto by John Shoch and Jon Hupp in 1978. One of the most well-known computer worms is the "Morris Worm", written by Robert Morris, Jr., who was then a student at Cornell University. The spread of the worm began Nov. 2, 1988, after which the worm has infected a large number of fast computers connected to the Internet.
Worms can use a variety of mechanisms (the so-called vectors) distribution. Some worms require certain user actions to spread (e.g., opening the infected message in the e-mail client). Other worms can propagate autonomously, selecting and attacking computers in a fully automatic mode. Sometimes there are worms with a whole set of different vector distribution strategies selection of the victim, and even exploits for various operating systems.
Often the classification includes the so-called in-memory worms that can infect a running program and set in RAM, while not affecting the hard drives. These worms can be eliminated by restarting the computer (and, consequently, dumping of RAM). Such worms consist essentially of exploits (shell code) and a small payload (the worm body), which is located entirely in RAM. The specificity of these worms is that they are not loaded by the loader as all the usual executable files and, therefore, can only rely on those dynamic libraries that have already been loaded into memory by other programs.
There are also worms that after the successful infection of memory stores the hard disk, and take measures to further run this code (for example, by prescribing appropriate keys in the registry Windows). From these worms can be removed only by the anti-virus or similar instruments. Often infectious part of worms (exploit shellcode) contains a small payload, which is loaded in RAM and can reload the worm body via the network itself as a separate file. To do this, some worms may contain infectious part of a simple TFTP-client. Downloadable manner worm body (usually a single executable file) is now responsible for the further spread of the scanning and already infected with the system, and may also contain more serious, a complete payload, whose purpose can be, for example, causing any damage (e.g., DoS-attacks). Most email worms are distributed as a single file. They do not need a separate “infectious” part, since it is usually user-prey using mail client voluntarily worm downloads and runs entirely.

Rootkit

A program or set of programs that use technology to hide system objects (files, processes, drivers, services, registry keys, open ports, connections, etc.) through the bypass system mechanisms is called a rootkit. Rootkit permits a programmer to pick up a decent footing in the traded off framework and conceal the hints of their exercises. In Windows, the term rootkit is thought to be a program that is being brought into the framework and snares framework works or replaces the framework libraries. Capture attempt and alteration of low-level API works essentially permits a program subjectively enough to cover its vicinity in the framework, shielding it from identification by the client and hostile to infection programming. Furthermore, numerous rootkits can veil the vicinity of any framework portrayed in its arrangement courses of action, organizers and documents on the plate in registry keys. Many rootkits install in their drivers and services (of course they also are "invisible").
Lately, the danger of rootkits is getting to be progressively essential, in light of the fact that the engineers of infections, Trojans and spyware are starting to join rootkit advances in their malevolent projects. Excellent sample are the Trojan-Spy, Win32 Qukart, which veil their vicinity in the framework utilizing rootkit innovations. RootKit-instrument flawlessly works on Windows 95, 98, ME, 2000 and XP. Conventionally, all rootkit technology can be divided into two categories:

Rootkits running in user mode;

Rootkits running in kernel mode.
The first category is based on the interception of functions the user mode libraries, the second - to install a system driver, intercepts kernel functions. Also, rootkits can be classified according to the principle of action and on the permanence of existence. According to the principle of action they are divided into those who change algorithms system functions performance and those who change system data structures.

Symptoms of Malware Infection

Viruses on your PC are hard to find because they are disguised among ordinary files. Let us consider the most detailed features of infecting your computer, and how to recover data after a virus attack and measures to prevent their destruction by malicious programs (Christodorescu, 2006). Signs of the infection can be the following:
unintended display of messages or images;
supplying of unusual sounds;
sudden opening and closing the CD-ROM-unit;
arbitrary, without your participation, running any computer programs;
the presence of firewall warning about trying any of the programs on your computer to access the Internet, even though you did not initiate it.

Works cited

Aycock, John Daniel. Computer Viruses and Malware. New York: Springer, 2006. Print.
Christodorescu, Mihai. Malware Detection. New York: Springer, 2006. Print.
Kabay, M. E. "Some Notes on Malware." Ubiquity (2005): 1. Print.
Szor, Peter. The Art of Computer Virus Research and Defense. Upper Saddle River, NJ: Addison-Wesley, 2005. Print.