MALWARE DETECTION TECHNIQUES
Sachin Boban (Team Leader)
Rahul P Nair
Stein Astor Fernandez
What is malware?
Malware, short for malicious software, is software used or created to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software. Malware includes computer viruses, worms, Trojan horses, spyware, adware, and other malicious programs. In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states. Malware is not the same as defective software, which is software that has a legitimate purpose but contains harmful bugs that were not noticed before release. However, some malware is disguised as genuine software, and may come from an official company website. An example of this is software used for harmless purposes that is packed with additional tracking software that gathers marketing statistics. Different Types of Malware
Viruses: A computer virus is code that replicates by inserting itself into other programs. A program that a virus has inserted itself into is infected, and is referred to as the virus’ host. A virus needs an existing host program in order to cause harm. Worms: A computer worm replicates itself by executing its own code independent of any other program. The primary distinction between a virus and a worm is that a worm does not need a host to cause harm. Another distinction between viruses and worms is their propagation model. In general, viruses attempt to spread through programs/ﬁles on a single computer system. However, worms spread via network connections with the goal of infecting as many computer systems connected to the network as possible. Trojans: A Trojan is a type of malware that masquerades as a legitimate file or helpful program but whose real purpose is to grant a hacker unauthorized access to a computer. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses may steal information, or harm their host computer systems. Trojans may use drive-by downloads or install via online games or internet-driven applications in order to reach target computers. The term is derived from the Trojan Horse story in Greek mythology because Trojan horses employ a form of “social engineering,” presenting themselves as harmless, useful gifts, in order to persuade victims to install them on their computers. Spyware: Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Some spyware, such as key loggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users. Adware: Adware, or advertising-supported software, is any software package which automatically renders advertisements. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during the installation process. The object of the Adware is to generate revenue for its author. Adware, by itself, is harmless; however, some adware may come with integrated spyware such as key loggers and other privacy-invasive software. Botnet: A botnet is a collection of computers who have been infected with remotely-controlled malware. The bots are usually used to send spam and adware remotely. The simplest bot configuration is where the bots are connected to single central hub. This configuration does not scale much because maintenance of various connections over single server is difficult. The next configuration is hierarchical structure where bot master...
Please join StudyMode to read the full document