PDA

View Full Version : How does malware spread



nec207
June 4th, 2011, 03:38 AM
Is this right? How malware spreads?






Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three.
One common mistake that people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same thing. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you better protect your computer from their often damaging effects.

What Is a Virus?
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. Because a virus is spread by human action people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email.

What Is a Worm?
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.

Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.

What Is a Trojan horse?
A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
What Are Blended Threats?

Added into the mix, we also have what is called a blended threat. A blended threat is a more sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one single threat. Blended threats can use server and Internet vulnerabilities to initiate, then transmit and also spread an attack. Characteristics of blended threats are that they cause harm to the infected system or network, they propagates using multiple methods, the attack can come from multiple points, and blended threats also exploit vulnerabilities.

To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack it would also, for example, install a backdoor and maybe even damage a local system in one shot. Additionally, blended threats are designed to use multiple modes of transport. So, while a worm may travel and spread through e-mail, a single blended threat could use multiple routes including e-mail, IRC and file-sharing sharing networks.

Lastly, rather than a specific attack on predetermined .exe files, a blended thread could do multiple malicious acts, like modify your exe files, HTML files and registry keys at the same time basically it can cause damage within several areas of your network at one time.
Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats also require no human intervention to propagate.
Tips to Combat Viruses, Worms and Trojan Horses on Your Computer
Keep The Operating System Updated

The first step in protecting your computer from any malicious there is to ensure that your operating system (OS) is up-to-date. This is essential if you are running a Microsoft Windows OS. Secondly, you need to have anti-virus software installed on your system and ensure you download updates frequently to ensure your software has the latest fixes for new viruses, worms, and Trojan horses. Additionally, you want to make sure your anti-virus program has the capability to scan e-mail and files as they are downloaded from the Internet, and you also need to run full disk scans periodically. This will help prevent malicious programs from even reaching your computer.

Use a Firewall
You should also install a firewall. A firewall is a system that prevents unauthorized use and access to your computer. A firewall can be either hardware or software. Hardware firewalls provide a strong degree of protection from most forms of attack coming from the outside world and can be purchased as a stand-alone product or in broadband routers. Unfortunately, when battling viruses, worms and Trojans, a hardware firewall may be less effective than a software firewall, as it could possibly ignore embedded worms in out going e-mails and see this as regular network traffic.

For individual home users, the most popular firewall choice is a software firewall. A good software firewall will protect your computer from outside attempts to control or gain access your computer, and usually provides additional protection against the most common Trojan programs or e-mail worms. The downside to software firewalls is that they will only protect the computer they are installed on, not a network.

It is important to remember that on its own a firewall is not going to rid you of your computer virus problems, but when used in conjunction with regular operating system updates and a good anti-virus scanning software, it will add some extra security and protection for your computer or network.

Did You Know... CodeRed, a blended threat, launched DoS attacks, defaced Web servers, and its variant, CodeRed II, left Trojan horses behind for later execution. CodeRed was processed in memory not on a hard disk allowing it to slip past some anti-virus products. Computer Economics has estimated the worldwide cost of CodeRed at $2.62 billion dollars

Dustin2128
June 4th, 2011, 03:53 AM
Sounds old, circa 2005 I guess, but I don't see any inaccuracies.

nec207
June 4th, 2011, 03:57 AM
Sounds old, circa 2005 I guess, but I don't see any inaccuracies.


DO anti-virus programs show this?


The reason I ask has the anti-virus programs shown I got trojans.

wonder if some anti-virus programs call adware /spyware/ and other rough/bad files trojans?

Do to I never download any thing or click on a program .No free music,free movies ,free games ,free software or other free stuff .


Yet the anti-virus programs show I get trojans.

The 80's and 90's was year of virus and worms not any more.Most 98% time it is trojans, spyware ,adware,pop ups,ads or home page or browser hijacking.

I never had virus or worm in where it infected every file on the computer

DangerOnTheRanger
June 5th, 2011, 02:26 AM
I'm guessing what you mean by "free" is programs/media that normally need to be bought, you can download for free.

Now, not only is that illegal, but often the people who upload that "free" media embed viruses in them. So I'd advise staying away from those sort of things if that's what you're doing.

Now, "Free" (as in freedom) software, installable from the Ubuntu Software Center, is legal, and it's something completely different.

Dustin2128
June 5th, 2011, 03:08 AM
I'm guessing what you mean by "free" is programs/media that normally need to be bought, you can download for free.

Now, not only is that illegal, but often the people who upload that "free" media embed viruses in them. So I'd advise staying away from those sort of things if that's what you're doing.

Now, "Free" (as in freedom) software, installable from the Ubuntu Software Center, is legal, and it's something completely different.
Plenty of paid applications have viruses in them as well. *cough*DRM*cough*

tgm4883
June 5th, 2011, 03:16 AM
Plenty of paid applications have viruses in them as well. *cough*DRM*cough*

Other than Sony and their rootkit fiasco, I know of no paid applications that intentionally have a virus (which is what you are implying). Further, while DRM is terrible, it is not a virus (or a threat) and has never (to my knowledge) been classified as such.

PhillyPhil
June 5th, 2011, 05:19 AM
... and has never (to my knowledge) been classified as such.

Symantec classified the Sony rootkit as a high level threat.

Thewhistlingwind
June 5th, 2011, 05:21 AM
SecuROM is famous for killing peoples CD drives.

tgm4883
June 5th, 2011, 05:26 AM
Symantec classified the Sony rootkit as a high level threat.

Did I not just explicitly give exception to the Sony rootkit.


http://external.ak.fbcdn.net/safe_image.php?d=5c05506488562c94754a1968d62ea725&w=90&h=90&url=http%3A%2F%2Fcdn1.knowyourmeme.com%2Fsystem%2F icons%2F5545%2Fsquare%2FOpoQQ.jpg%3F1302279173

nec207
June 5th, 2011, 06:19 PM
There are many sites that have free stuff legal or illegal but with no malware :P But with me not being internet savvy I do not download any thing other than text ,web site or message board.

No music,movies ,games ,software or any thing legal or illegal or P2P or torrent.In past I used to download screensavers and wallpaper but do not do that now.

No porn sites no cracks or keys.

Yet I still get spyware ,adware and trojans !! Most of the time I go to a web site and get it or go to web site that has ads or pop up and get it.

I wonder if anti-virus program calls spyware ,adware or other bad files trojans .Has I thought to get a trojans you have to download some thing that turns out not to be it at all.

This is a other reason I'm in a transition of moving away from windows not say GUI I do not really like in windows.

Not sure if ad or pop would be called a trojan.

tgm4883
June 5th, 2011, 08:44 PM
There are many sites that have free stuff legal or illegal but with no malware :P But with me not being internet savvy I do not download any thing other than text ,web site or message board.

No music,movies ,games ,software or any thing legal or illegal or P2P or torrent.In past I used to download screensavers and wallpaper but do not do that now.

No porn sites no cracks or keys.

Yet I still get spyware ,adware and trojans !! Most of the time I go to a web site and get it or go to web site that has ads or pop up and get it.

I wonder if anti-virus program calls spyware ,adware or other bad files trojans .Has I thought to get a trojans you have to download some thing that turns out not to be it at all.

This is a other reason I'm in a transition of moving away from windows not say GUI I do not really like in windows.

Not sure if ad or pop would be called a trojan.

An ad or pop up would not be classified as a trojan. It would only be classified as a trojan if it fell into this definition
http://en.wikipedia.org/wiki/Trojan_horse_(computing)

nec207
June 5th, 2011, 09:15 PM
I'm just saying all trojan I got was going to web site ,web site that has ads or pop ups or a web site that takes you to other web site.Has I never downloaded any thing where I have to click on it.

That is why I wonder if they are not trojan but the anti-virus program calls the adware,spyware or bad files trojan.

nec207
June 20th, 2011, 05:53 PM
On a side note here , I think it is strange and may be the problem is with the windows sandbox.

I downloaded FLV player ,Quicktime and flash updates and Java updates and I get many many prompts of confirmation of installation.

Yet I can go to web site that has ads ,pop ups or a web site that takes me to a other web site and I get trojan on my computer.

Some times Kaspersky blocks it and other times it gets by .I think the ones that get by are new malware that Kaspersky does not know how to block it yet.

But the windows sandbox is not supposed to just allow things to just run.

DangerOnTheRanger
June 20th, 2011, 08:08 PM
Of course the Windows sandbox (I'm guessing you're referring to Sandboxie) isn't supposed to allow any program to install itself automatically.

Problem is, the Windows sandbox itself probably has security holes :)

nec207
June 27th, 2011, 12:13 AM
Of course the Windows sandbox (I'm guessing you're referring to Sandboxie) isn't supposed to allow any program to install itself automatically.

Problem is, the Windows sandbox itself probably has security holes :)

So you think that is why trojan are getting by and running ? as the the legit stuff like FLV player ,Quicktime and flash updates and Java up dates ,MS updates so on go by law of many many prompts of confirmation of installation as the trojan are not doing this?

I have windows vista .

christopher.wortman
June 27th, 2011, 12:29 AM
I don't use Windows so I dont get malware. I havent had a piece of malware since 2003. But then again I have used Linux since then XD My Windows machine is connected to the Internet for games, I use it next to my Wii, and 360, I really want a PS3 to complete the ensemble. I hope beyond all reason that Linux doesn't catch on so I dont have to worry about malware

Dustin2128
June 27th, 2011, 01:47 AM
Ran microsoft security essentials on my dad's laptop. Great antivirus program, surprisingly, oxymoron though the phrase is.

christopher.wortman
June 27th, 2011, 01:51 AM
Ran microsoft security essentials on my dad's laptop. Great antivirus program, surprisingly, oxymoron though the phrase is.

I use it on mine, and anyone else's computer I install Windows onto. It works a lot better than other free ones like avg... Then again I rarely use Windows for anything other than steam, and other random games...

Dangertux
June 27th, 2011, 02:02 AM
I personally think that the original post should be updated to reflect a few things. While a firewall is always positive, many people confuse a Windows software firewall with an actual firewall solution. This is not to knock software firewalls, if it's what you have , it's what you have. However, current root-kit methodologies adapt to pray on user's trust for their security software. Thus instead of hooking the kernel will also sometimes hook the firewall. Just something to keep in mind.

Also , a word on sandboxing, again, it's a positive thing. However, people put entirely too much trust in the sandbox concept. It's sound by concept, however it has flaws. Even recently there was POC that you could quite easily bypass both DEP and sandbox methods with a buffer overflow in Google's Chrome.

If you look at what sandboxing really is anyway, breaking out of a sandbox is nothing new. Breaking out of any type of virtualized instance hasn't been "impossible" in years. Which also goes for the people that "run everything in a VM." That's great, and for most threats will provide an extra measure of security, but yes, the host machine CAN be accessed from a guest instance.

Other then that I think it's a pretty decent basic article.

Oh I almost forgot, the question about malware coming from major manufactures, add Energizer to the list with Sony.

EDIT: If you're still using MS Windows, I do highly recommend Microsoft Security Essentials which was also referenced by a poster above, it is actually very good at what it does.

doas777
June 27th, 2011, 02:06 AM
@op:

overall your article was pretty good. it did get some of the details wrong, but overall not bad.

first off, nowadays almost everything comes as trojans. you do not have to knowingly download somthing to get a trojan however. most "drive-by-download" infection scenarios (arguably the most prevalent these days) use trojans. you go to a webpage that contains a malformed flash file, which when executed on your host downloads a trojan and executes it. in this case, the human action that caused the trojan to execute was simply going to the page.

Viruses and Worms are getting rather rare these days, because usually all you have to do to prevent them, is keep your system up to date. additionally, viruses and worms are hard to contol since they are kinda p2p deployed. a client-server paradigm like a flash exploit is more controlable and stable for the vxer.

One key distinction I would make about your article, is that viruses can start without intervention, and spread using application vulnerabilities. worms on the other hand exploit system vulnerabilities and thus get far more access. both can spread widely, but viruses often infect lots of files on a system, whereas worms are usually territorial, and use techniques (Mutexs) to ensure that there can be only one. some worms actually install security patches to patch other vulnerabilities that could be exploited by software that would interfer with the worms tasks.

hope that helps.

nec207
June 27th, 2011, 04:33 AM
Why are viruses and Worms getting so hard to find now but in the 90's every where? Give it other 5 years and may be no viruses and Worms on the internet .But liitle to no trojans in the 90's now there are trojans every where.

Also what is wrong with windows sandbox and why was the sandbox of IE a copy of the Sandboxie ?

I use Kaspersky on my computer it blocks 90% malware before it gets on my computer and most malware on the computer it will remove but the malware makers are smart now where just having Kaspersky is not enough you need other malware remover and scanner tools .

Thewhistlingwind
June 27th, 2011, 04:50 AM
Why are viruses and Worms getting so hard to find now but in the 90's every where? Give it other 5 years and may be no viruses and Worms on the internet .But liitle to no trojans in the 90's now there are trojans every where.


Simple, in the 90's, windows was still based on DOS, users were still ignorant, (And still are now.) code hadn't been written with security in mind.

Thus, it was very easy to direct a drive-by download, nowadays, with Windows taking a much harsher stance towards security, (Comparatively) it requires more user input to install software. So blackhats have moved on from a lot of previously scripted web bug exploits and are now putting a lot more effort and personality into attacking fewer targets, with higher success rates.

It's just one more shift in the malware paradigm. I wrote about this somewhere, I swear I did.......

EDIT:
the reason that viruses and worms fell out of fashion has several factors. the most effective are automatic updates in both the OS and most network capable applications.
in the old days, if you found a bug and made a patch for it, you usually had to put it on your website and hope the users noticed it. nowadays some AV providors offer multiple updates per day. that is much of the reason that trojans and web distrbution became prefered over p2p spawning. old viruses took forever to spread, but with the good av vendors, a piece of malcode may be good for less than 24 hours.

This too, antivirus got better, and 3rd party applications became less of a problem because they update themselves.

doas777
June 27th, 2011, 05:10 AM
Why are viruses and Worms getting so hard to find now but in the 90's every where? Give it other 5 years and may be no viruses and Worms on the internet .But liitle to no trojans in the 90's now there are trojans every where.

Also what is wrong with windows sandbox and why was the sandbox of IE a copy of the Sandboxie ?

I use Kaspersky on my computer it blocks 90% malware before it gets on my computer and most malware on the computer it will remove but the malware makers are smart now where just having Kaspersky is not enough you need other malware remover and scanner tools .

the reason that viruses and worms fell out of fashion has several factors. the most effective are automatic updates in both the OS and most network capable applications.
in the old days, if you found a bug and made a patch for it, you usually had to put it on your website and hope the users noticed it. nowadays some AV providors offer multiple updates per day. that is much of the reason that trojans and web distrbution became prefered over p2p spawning. old viruses took forever to spread, but with the good av vendors, a piece of malcode may be good for less than 24 hours.

tgm4883
June 27th, 2011, 04:12 PM
Simple, in the 90's, windows was still based on DOS, users were still ignorant, (And still are now.) code hadn't been written with security in mind.

Thus, it was very easy to direct a drive-by download, nowadays, with Windows taking a much harsher stance towards security, (Comparatively) it requires more user input to install software. So blackhats have moved on from a lot of previously scripted web bug exploits and are now putting a lot more effort and personality into attacking fewer targets, with higher success rates.

It's just one more shift in the malware paradigm. I wrote about this somewhere, I swear I did.......

EDIT:

This too, antivirus got better, and 3rd party applications became less of a problem because they update themselves.

Please don't do that again (edit your post and quote the post after yours). It's confusing and breaks the way normal people read. It's similar to top posting.

nec207
June 28th, 2011, 07:29 PM
the reason that viruses and worms fell out of fashion has several factors. the most effective are automatic updates in both the OS and most network capable applications.
in the old days, if you found a bug and made a patch for it, you usually had to put it on your website and hope the users noticed it. nowadays some AV providors offer multiple updates per day. that is much of the reason that trojans and web distrbution became prefered over p2p spawning. old viruses took forever to spread, but with the good av vendors, a piece of malcode may be good for less than 24 hours.


Well from what I understand worms travel by your e-mail adress or IP address and do not copy it self to every file on your computer like a viruses do.And viruses do not spread by e-mail adress or IP address but you have to click on the file .Like some one gives you a floppy disk or e-mail attachment and you click on it and copy self to every file.

Now days no one uses a floppy disk but USB sticks or CD/DVD so theoretically it should be the same.

The windows IE sandbox is not to allow any program/file to just run or access any system files or access any where out side of your temp folder with out confirmation.

You should clear out your temp folder now and than for tracking cookies and malware.

Thewhistlingwind
June 28th, 2011, 08:10 PM
Please don't do that again (edit your post and quote the post after yours). It's confusing and breaks the way normal people read. It's similar to top posting.

Oops, I have done that, like, twenty times since then, binge edit spree?

nec207
July 4th, 2011, 07:59 PM
You have not done what?