0 évaluation0% ont trouvé ce document utile (0 vote)
14 vues8 pages
Malware is a general term used to refer to a variety of forms of hostile software. It can appear in the form of executable code, scripts, active content, and other software. Malware includes computer viruses, worms, tro&an horses, ransomware, spyware, adware, scareware.
Malware is a general term used to refer to a variety of forms of hostile software. It can appear in the form of executable code, scripts, active content, and other software. Malware includes computer viruses, worms, tro&an horses, ransomware, spyware, adware, scareware.
Malware is a general term used to refer to a variety of forms of hostile software. It can appear in the form of executable code, scripts, active content, and other software. Malware includes computer viruses, worms, tro&an horses, ransomware, spyware, adware, scareware.
Malware, short for malicious software, is any software used to disrupt
computer operation, gather sensitive information, or gain access to private
computer systems.[1] It can appear in the form of executable code, scripts, active content, and other software.[2] Malware is a general term used to refer to a variety of forms of hostile or intrusive software.[!] "he term badware is sometimes used, and applied to both true #malicious$ malware and unintentionally harmful software.[%] Malware includes computer viruses, worms, tro&an horses, ransomware, spyware, adware, scareware, and other malicious programs. 's of 2(11 the ma&ority of active malware threats were worms or tro&ans rather than viruses. [)] In law, malware is sometimes *nown as a computer contaminant, as in the legal codes of several +.,. states.[-][.] Malware is often disguised as, or embedded in, non/malicious 0les. ,pyware or other malware is sometimes found embedded in programs supplied o1cially by companies, e.g., downloadable from websites, that appear useful or attractive, but may have, for example, additional hidden trac*ing functionality that gathers mar*eting statistics. 'n example of such software, which was described as illegitimate, is the ,ony root*it, a "ro&an embedded into 23s sold by ,ony, which silently installed and concealed itself on purchasers computers with the intention of preventing illicit copying4 it also reported on users listening habits, and created vulnerabilities that were exploited by unrelated malware.[5] "he term malware only applies to software that intentionally causes harm. ,oftware that causes harm due to bugs or poor design are not classi0ed as malware4 for example some legitimate software written before the year 2((( had errors that caused serious malfunctions when the year changed from 1666 to 2((( / these programs are not considered malware. ,oftware such as anti/virus, anti/malware, and 0rewalls are used by home users and organi7ations to try to safeguard against malware attac*s. [6]8urposes[edit] Malware by categories on March 1-, 2(11. Many early infectious programs, including the 0rst Internet 9orm, were written as experiments or pran*s. "oday, malware is used by both blac* hat hac*ers and governments, to steal personal, 0nancial, or business information[11][12] and sometimes for sabotage #e.g., ,tuxnet$. Malware is sometimes used broadly against government or corporate websites to gather guarded information,[1!] or to disrupt their operation in general. :owever, malware is often used against individuals to gain information such as personal identi0cation numbers or details, ban* or credit card numbers, and passwords. ;eft unguarded, personal and networ*ed computers can be at considerable ris* against these threats. #"hese are most fre<uently defended against by various types of 0rewall, anti/virus software, and networ* hardware$.[1%] ,ince the rise of widespread broadband Internet access, malicious software has more fre<uently been designed for pro0t. ,ince 2((!, the ma&ority of widespread viruses and worms have been designed to ta*e control of users computers for illicit purposes.[1)] Infected =7ombie computers= are used to send email spam, to host contraband data such as child pornography,[1-] or to engage in distributed denial/of/service attac*s as a form of extortion.[1.] 8rograms designed to monitor users web browsing, display unsolicited advertisements, or redirect a1liate mar*eting revenues are called spyware. ,pyware programs do not spread li*e viruses4 instead they are generally installed by exploiting security holes. "hey can also be pac*aged together with user/installed software, such as peer/to/peer applications.[15] >ansomware a?ects an infected computer in some way, and demands payment to reverse the damage. @or example, programs such as 2rypto;oc*er encrypt 0les securely, and only decrypt them on payment of a substantial sum of money. 8roliferation[edit] 8reliminary results from ,ymantec published in 2((5 suggested that =the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.=[16] 'ccording to @/ ,ecure, ='s much malware [was] produced in 2((. as in the previous 2( years altogether.=[2(] Malwares most common pathway from criminals to users is through the InternetA primarily by e/mail and the 9orld 9ide 9eb. [21] "he prevalence of malware as a vehicle for Internet crime, along with the challenge of anti/malware software to *eep up with the continuous stream of new malware, has seen the adoption of a new mindset for individuals and businesses using the Internet. 9ith the amount of malware currently being distributed, some percentage of computers are currently assumed to be infected. @or businesses, especially those that sell mainly over the Internet, this means they need to 0nd a way to operate despite security concerns. "he result is a greater emphasis on bac*/o1ce protection designed to protect against advanced malware operating on customers computers.[22] ' 2(1! 9ebroot study shows that -%B of companies allow remote access to servers for 2)B to 1((B of their wor*force and that companies with more than 2)B of their employees accessing servers remotely have higher rates of malware threats.[2!] Cn March 26, 2(1(, ,ymantec 2orporation named ,haoxing, 2hina, as the worlds malware capital.[2%] ' 2(11 study from the +niversity of 2alifornia, Der*eley, and the Madrid Institute for 'dvanced ,tudies published an article in ,oftware 3evelopment "echnologies, examining how entrepreneurial hac*ers are helping enable the spread of malware by o?ering access to computers for a price. Microsoft reported in May 2(11 that one in every 1% downloads from the Internet may now contain malware code. ,ocial media, and @aceboo* in particular, are seeing a rise in the number of tactics used to spread malware to computers.[2)] ' 2(1% study found that malware was increasingly aimed at the ever more popular mobile devices such as smartphones.[2-] Infectious malwareA viruses and worms[edit] Main articlesA 2omputer virus and 2omputer worm "he best/*nown types of malware, viruses and worms, are *nown for the manner in which they spread, rather than any speci0c types of behavior. "he term computer virus is used for a program that embeds itself in some other executable software #including the operating system itself$ on the target system without the users consent and when that is run causes the virus to spread to other executables. Cn the other hand, a worm is a stand/alone malware program that actively transmits itself over a networ* to infect other computers. "hese de0nitions lead to the observation that a virus re<uires the user to run an infected program or operating system for the virus to spread, whereas a worm spreads itself.[2.] 2oncealmentA Eiruses, tro&an horses, root*its, and bac*doors[edit] #"hese categories are not mutually exclusive.$ Eiruses[edit] Main articleA 2omputer virus "ro&an horses[edit] @or a malicious program to accomplish its goals, it must be able to run without being detected, shut down, or deleted. 9hen a malicious program is disguised as something normal or desirable, users may unwittingly install it. "his is the techni<ue of the "ro&an horse or tro&an. In broad terms, a "ro&an horse is any program that invites the user to run it, concealing harmful or malicious executable code of any description. "he code may ta*e e?ect immediately and can lead to many undesirable e?ects, such as encrypting the users 0les or downloading and implementing further malicious functionality.[citation needed] In the case of some spyware, adware, etc. the supplier may re<uire the user to ac*nowledge or accept its installation, describing its behavior in loose terms that may easily be misunderstood or ignored, with the intention of deceiving the use into installing it without the supplier technically in breach of the law.[citation needed] >oot*its[edit] Cnce a malicious program is installed on a system, it is essential that it stays concealed, to avoid detection. ,oftware pac*ages *nown as root*its allow this concealment, by modifying the hosts operating system so that the malware is hidden from the user. >oot*its can prevent a malicious process from being visible in the systems list of processes, or *eep its 0les from being read.[25] ,ome malicious programs contain routines to defend against removal, not merely to hide themselves. 'n early example of this behavior is recorded in the Fargon @ile tale of a pair of programs infesting a Gerox 28/E time sharing systemA Hach ghost/&ob would detect the fact that the other had been *illed, and would start a new copy of the recently/stopped program within a few milliseconds. "he only way to *ill both ghosts was to *ill them simultaneously #very di1cult$ or to deliberately crash the system.[26] Dac*doors[edit] ' bac*door is a method of bypassing normal authentication procedures, usually over a connection to a networ* such as the Internet. Cnce a system has been compromised, one or more bac*doors may be installed in order to allow access in the future,[!(] invisibly to the user. "he idea has often been suggested that computer manufacturers preinstall bac*doors on their systems to provide technical support for customers, but this has never been reliably veri0ed. It was reported in 2(1% that +, government agencies had been diverting computers purchased by those considered =targets= to secret wor*shops where software or hardware permitting remote access by the agency was installed, considered to be among the most productive operations to obtain access to networ*s around the world.[!1] Dac*doors may be installed by "ro&an horses, worms, implants, or other methods.[!2][!!] Eulnerability to malware[edit] Main articleA Eulnerability #computing$ In this context, and throughout, what is called the =system= under attac* may be anything from a single application, through a complete computer and operating system, to a large networ*. Earious factors ma*e a system more vulnerable to malwareA ,ecurity defects in software[edit] Malware exploits security defects #security bugs or vulnerabilities$ in the design of the operating system, in applications #such as browsers, e.g. older versions of Microsoft Internet Hxplorer supported by 9indows G8[!%]$, or in vulnerable versions of browser plugins such as 'dobe @lash 8layer, 'dobe 'crobat or >eader, or Fava #see Fava ,H critical security issues$.[!)][!-] ,ometimes even installing new versions of such plugins does not automatically uninstall old versions. ,ecurity advisories from plug/in providers announce security/related updates.[!.] 2ommon vulnerabilities are assigned 2EH I3s and listed in the +, Iational Eulnerability 3atabase. ,ecunia 8,I[!5] is an example of software, free for personal use, that will chec* a 82 for vulnerable out/of/date software, and attempt to update it. Malware authors target bugs, or loopholes, to exploit. ' common method is exploitation of a bu?er overrun vulnerability, where software designed to store data in a speci0ed region of memory does not prevent more data than the bu?er can accommodate being supplied. Malware may provide data that overJows the bu?er, with malicious executable code or data after the end4 when this payload is accessed it does what the attac*er, not the legitimate software, determines. Insecure design or user error[edit] Harly 82s had to be booted from Joppy dis*s4 when built/in hard drives became common the operating system was normally started from them, but it was possible to boot from another boot device if available, such as a Joppy dis*, 23/>CM, 3E3/>CM, or +,D Jash drive. It was common to con0gure the computer to boot from one of these devices when available. Iormally none would be available4 the user would intentionally insert, say, a 23 into the optical drive to boot the computer in some special way, for example to install an operating system. Hven without booting, computers can be con0gured to execute software on some media as soon as they are become available, e.g. to autorun a 23 or +,D device when inserted. Malicious software distributors would tric* the user into booting or running from an infected device or medium4 for example, a virus could ma*e an infected computer add autorunnable code to any +,D stic* plugged into it4 anyone who then attached the stic* to another computer set to autorun from +,D would in turn become infected, and also pass on the infection in the same way.[!6] More generally, any device that plugs into a +,D port/ K=including gadgets li*e lights, fans, spea*ers, toys, even a digital microscope=Kcan be used to spread malware. 3evices can be infected during manufacturing or supply if <uality control is inade<uate.[!6] "his form of infection can largely be avoided by setting up computers by default to boot from the internal hard drive, if available, and not to autorun from devices.[!6] Intentional booting from another device is always possible by pressing certain *eys during boot. Clder email software would automatically open :"M; email containing potentially malicious Fava,cript code4 users may also execute disguised malicious email attachments and infected executable 0les supplied in other ways.[citation needed] Cver/privileged users and over/privileged code[edit] Main articleA principle of least privilege Cver/privileged usersA some systems allow all users to modify their internal structures. "his was the standard operating procedure for early microcomputer and home computer systems, where there was no distinction between an 'dministrator or root, and a regular user of the system. In some systems, non/administrator users are over/privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over/privileged because they have been inappropriately granted administrator or e<uivalent status. Cver/privileged codeA some systems allow code executed by a user to access all rights of that user. 'lso standard operating procedure for early microcomputer and home computer systems. Malware, running as over/ privileged code, can use this privilege to subvert the system. 'lmost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user. "his ma*es users vulnerable to malware in the form of e/mail attachments, which may or may not be disguised. +se of the same operating system[edit] :omogeneityA e.g. when all computers in a networ* run the same operating system4 upon exploiting one, one worm can exploit them allA[%(] @or example, Microsoft 9indows or Mac C, G have such a large share of the mar*et that concentrating on either could enable an exploited vulnerability to subvert a large number of systems. Instead, introducing diversity, purely for the sa*e of robustness, could increase short/term costs for training and maintenance. :owever, having a few diverse nodes would deter total shutdown of the networ*, and allow those nodes to help with recovery of the infected nodes. ,uch separate, functional redundancy could avoid the cost of a total shutdown. 'nti/malware strategies[edit] Main articleA 'ntivirus software 's malware attac*s become more fre<uent, attention has begun to shift from viruses and spyware protection, to malware protection, and programs that have been speci0cally developed to combat malware. #Cther preventive and recovery measures, such as bac*up and recovery methods, are mentioned in the computer virus article$. 'nti/virus and anti/malware software[edit] ' speci0c component of the anti/virus and anti/malware software commonly referred as the on/access or real/time scanner, hoo*s deep into the operating systems core or *ernel functions in a manner similar to how certain malware itself would attempt to operate, though with the users informed permission for protecting the system. 'ny time the operating system accesses a 0le, the on/access scanner chec*s if the 0le is a legitimate 0le or not. If the 0le is considered a malware by the scanner, the access operation will be stopped, the 0le will be dealt by the scanner in pre/de0ned way #how the 'nti/virus program was con0gured duringLpost installation$ and the user will be noti0ed. "his may considerably slow down the operating system depending on how well the scanner was programmed. "he goal is to stop any operations the malware may attempt on the system before they occur, including activities which might exploit bugs or trigger unexpected operating system behavior. [citation needed] 'nti/malware programs can combat malware in two waysA "hey can provide real time protection against the installation of malware software on a computer. "his type of malware protection wor*s the same way as that of antivirus protection in that the anti/malware software scans all incoming networ* data for malware and bloc*s any threats it comes across. 'nti/malware software programs can be used solely for detection and removal of malware software that has already been installed onto a computer. "his type of anti/malware software scans the contents of the 9indows registry, operating system 0les, and installed programs on a computer and will provide a list of any threats found, allowing the user to choose which 0les to delete or *eep, or to compare this list to a list of *nown malware components, removing 0les that match.[citation needed] >eal/time protection from malware wor*s identically to real/time antivirus protectionA the software scans dis* 0les at download time, and bloc*s the activity of components *nown to represent malware. In some cases, it may also intercept attempts to install start/up items or to modify browser settings. Decause many malware components are installed as a result of browser exploits or user error, using security software #some of which are anti/ malware, though many are not$ to =sandbox= browsers #essentially isolate the browser from the computer and hence any malware induced change$ can also be e?ective in helping to restrict any damage done.[citation needed] Hxamples of Microsoft 9indows antivirus and anti/malware software include the optional Microsoft ,ecurity Hssentials[%1] #for 9indows G8, Eista, 9indows . and 9indows 5$ for real/time protection, the 9indows Malicious ,oftware >emoval "ool[%2] #now included with 9indows #,ecurity$ +pdates on =8atch "uesday=, the second "uesday of each month$, and 9indows 3efender #an optional download in the case of 9indows G8$.[%!] 'dditionally, several capable antivirus software programs are available for free download from the Internet #usually restricted to non/commercial use$.[%%] "ests found some free programs to be competitive with commercial ones.[%%] Microsofts ,ystem @ile 2hec*er can be used to chec* for and repair corrupted system 0les. ,ome viruses disable ,ystem >estore and other important 9indows tools such as "as* Manager and 2ommand 8rompt. Many such viruses can be removed by rebooting the computer, entering 9indows safe mode with networ*ing,[%)] and then using system tools or Microsoft ,afety ,canner.[%-] 2urrently, no method is *nown for detecting hardware implants. Mnown good[edit] "ypical malware products detect issues based on heuristics or signatures N i.e., based on information that can be assessed to be bad. ,ome products[%.] [%5] ta*e an alternative approach when scanning documents such as 9ord and 83@, by regenerating a new, clean 0le, based on what is *nown to be good from schema de0nitions of the 0le #a patent for this approach exists$. [%6] 9ebsite security scans[edit] 's malware also harms the compromised websites #by brea*ing reputation, blac*listing in search engines, etc.$, some websites o?er vulnerability scanning.[)(][)1][)2][)!] ,uch scans chec* the website, detect malware, may note outdated software, and may report *nown security issues.