Friday, 12 April 2013

Antivirus Detection Techniques

The most Common ways that antivirus software detects potential malware threats are by:
  • Signature-based detection
  • Heuristic-based detection
  • Rootkit detection
  • Real-time protection
  • Sandbox

  • Signature-based detection - The antivirus software scans your files and compares their source code to a list of known malware which the antivirus vendors are aware of. Virus signatures are strings of computer code that are used to identify viruses.
  • Heuristic-based detection – Similar to signature based detection, the antivirus software scans your file for the generic source code which is common to more than one type of malware. This process helps detect new variations of known malware which has not been added to the signature –based list.
  • Rootkit detection – Rootkits are a type of malware which is designed to gain access to your computer system at an administrative level. They are difficult to remove from your system and can cause complete system failure resulting in the need for your entire operating system to be re-installed.
  • Real-time protection – Also known as “on-access scanning”, “background guard”, “resident shield” and “autoprotect.” The antivirus monitors your system for suspicious processes in “real time.” In other words when data is loaded into active memory e.g. when you insert a CD, open an email, webpage or file, the antivirus program can block the malware before damage is done to your electronic device.
  • Sandbox – Some higher-end antivirus programs allow you to open untested files or untrusted websites in a “sandbox.” A sandbox is an area of disk memory that is separate from the core operating procedures so that if the user does come across malware, the malware is isolated from the user’s files and can’t infect the electronic device.
Derivative Source – Wikipedia Creative Commons License The above text is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.


The above article is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

You are free to republish a modified or "as is" version of the above work as long as you include the following attribution on the same page as the article and allow the users of your webpage to republish this work the same way. 

Monday, 4 March 2013

Hackers - The Types of Hackers and Hacker Psychology

Hacking has a mysterious taboo behind it and the term "hacker" is often misunderstood due to the image that the media and Hollywood have portrayed them as. When you think about a hacker I'm sure you picture a pimply nosed kid in a dark room who gets his kicks out of causing distress to computer users and defacing websites. While this description is an accurate portrayal of ONE type of hacker, most of today's real threats come from sophisticated and organized networks. These hackers have the sole intent of stealing your money, identity, and/or causing as much mayhem as possible for their own financial and psychological gains. 

It is important to point out that not all hackers are out to get you and that they can be divided into 3 distinct categories:


1.   THE BLACK-HAT HACKER - These are your stereotypical hackers who are out to cause mayhem and have criminal intentions. Black-Hat hackers use their skills and talents for BAD.

2.   THE WHITE-HAT HACKER - These a system security professionals who hack computer systems in a controlled environment and with the permission of the system owners. The goals of these hackers are to find system weaknesses with the view to patch them up before a Black-Hat hacker finds them. Many White-Hat hackers are actually reformed Black-Hat hackers. White-Hat hackers use their skills and talents for GOOD.

3.   THE GREY-HAT HACKER -  The Grey-Hat hacker is someone who sits on the fence and partake in White-Hat and Black-Hat hacking. These people could have a day job as a system security professional however indulge in Black-Hat hacking in their spare time. Grey-Hat hackers use their skills and talents for GOOD and BAD.


Below is a list of the different types of hackers from a stereotypical perspective. Please note that these are all generalizations are there are often variations to the norm:  

  • The Kid
  • The Activist (Hacktivist)
  • The Rogue Insider
  • The Spy (Corporate, Governmental)
  • The Criminal
  • The Tinkerer
  • The Reformed Hacker

The Kid

 "The Kid" is hacker who is normally male, between the ages of 13-30 years. They are often antisocial and introverted in the real world however may have a massive network of friends around the world online. These hackers find pleasure in trying to outsmart IT security administrators and get their adrenaline kicks when they succeed. When "The Kid" succeeds with a hack they may get sense and feeling of accomplishment thinking "I'm better than you IT professional" which fills the void of any potential self-worth issues which they may have.  

As hacking is an online activity these hackers don't normally realise the harm that they can cause to people and companies in the real world.  These hacker are often not very skilled with the hacking software and techniques which they use so they are almost always caught.

The Activist (Hacktivist)

Hacktivists are a group of people who share a common opinion towards another person, group, company, government or even religion.  They find social acceptance  by being part of the collective of the hacktivist group and by interacting with other like-minded people. The goals of hacktivist attacks may range from trying to make people aware of a social injustice to the flat out destruction of their targets business and reputation.

Hacktivists perform hacking operations because they may disagree with a social, commercial or political norm and by carrying out these attacks they may get the feeling of collective accomplishment. The mindset of the hactivist is that they are performing their attacks for the greater good and to defend their personal freedoms. 

The Rogue Insider

The "Rogue Insider" is a person who works for the company and accesses, modifies or takes computer information and data that they are not allowed to.
Rogue insiders could be:

·         A disgruntled employee.

·         Someone that's just being nosey and accessing data which they don't have clearance to or for non-work related reasons.

·         An employee with inadequate  IT security knowledge and opens a malware infected email or visits malicious websites at work.

·         An employee who's been recruited by a competitor company to steal or damage data or cause harm to the companies reputation.


The last type of rogue insider mentioned above is the most dangerous. Their motivations for hacking their employer's system is almost always GREED. These "Rouge Insiders" hack purely for profit. They make their money either by stealing money directly from their employers or by stealing company/customer data with the view of reselling this data to a competitor. They might also use the stolen customer data to steal money directly from the customer. 

The Spy (Corporate and Governmental)

 The Corporate Spy: 

The corporate spy is normally a "hacker for hire" and use their hacking skills purely for financial gain. These hackers are normally contracted by companies to perform hacks on their competitors with the view of leveraging a corporate advantage over those competitors. This is also known as industrial espionage.

Companies may recruit a "corporate spy" to perform the following:

·         Learn about what new developments the competitor is working on.

·         Steal information such as product blue prints.

·         Learn about a competitor's financial position.

·         Find any "dirty laundry" about a competitor to use against them.

·         Steal customer information with the view of snatching the customers away from the target company.

·         Cause damage to the competitor's system with the view of hindering performance.

·         Damage the competitor's credibility.


The Governmental Spy:

Most world governments have their own departments of hackers in their employ. For the "governmental spy" their motivation for hacking is that it's a job.  These hackers may be involved in law-enforcement, keeping tabs on the populous (Although many governments deny this) or military operations and could either be trained by the government or be a reformed hacker. These hackers are normally employed or contracted by governmental departments like the police, national security and intelligence organisations or the military. 

When it comes to military hackers, in peace-time these hackers may be used to keep an eye on other countries affairs (Once again most governments deny this) and at times of conflict these hackers can be used to obtain intel on the enemy and/or cripple the oppositions communications network and infrastructure making them a soft target. 

The Criminal



The "Criminal Hacker" is motivated purely by money and has a complete disregard for social order. These are the hackers that will steal your bank account information in order to take your money. As the victims of criminal hackers are normally faceless it makes them an easy target and the criminal hacker's conscious is barely affected.

Although most criminal hackers do it for their own financial gains, there is an exception; some criminal hackers are in actual fact hacktivist extremists who destroy commercial property to justify their disagreement and hatred towards certain corporations, governments or religious groups.

 The Reformed Hacker

 These are White-Hat hackers who used to Black-Hat hackers but they were either caught or ceased illegal hacking before they were caught. The skill acquired from Black-Hat hacking have made them highly skilled system security professionals with an edge over their competition in the work environment because they already know what system flaws to look for. While experience counts towards them when it comes to finding employment many companies are weary about hiring a reformed hacker due to their dubious past.

The motivations for "Reformed Hackers" are normally to make an honest wage however there are some hacker who pretend to be reformed but are actually trying to gain access to company systems.

 The Tinkerer

The Tinkerer is a hacker who's not content with the standard settings of a software application or electronic device (Like a smart phone). Their motivations may be to either enhance the capabilities of a software application or to "crack" security protocols in the application against the manufacturers licensing terms. The Tinkerer may perform these hacks in order to make pirated copies of a software application or allow the "cracked" device to be able to install unofficial applications.

Most Tinkerers don't think that what they do is illegal and in some instances it's not. From the Tinkerer's perspective, by performing these cracks they are actually doing a community service.




 In Conclusion

There have lately been many high profile hacking attacks on multi-billion dollar companies who have the best system security software and personal that money can buy. This just proves that no system is ever safe and there is not much anyone can do if a hacker really wants access to your system.

All you can really do is always keep your operating system and programs up to date and ensure that a reputable antivirus is installed on your computer. The last thing that you want to do is make it easy for a hacker to infiltrate your computer system.





The above article is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

You are free to republish a modified or "as is" version of the above work as long as you include the following attribution on the same page as the article and allow the users of your webpage to republish this work the same way.

Saturday, 2 March 2013

Antivirus Installation Options

The most common way that antivirus programs are uploaded onto a user’s electronic device is by a full installation. This means the user installs the antivirus program on their electronic device and a full copy
of the antivirus is stored on the user’s hard disk.

 There are however other antivirus installation options available when it comes to the security of your electronic device:

Cloud Antivirus

Instead of installing a full copy of the antivirus program on your device, with a cloud antivirus program only a few core files and a user interface is installed. When a device needs to be scanned for malware, the files being scanned are sent to a remote host that does all the scanning for you.

This way most of the actual processing and scanning are done on “the cloud,” freeing up processing power and memory on the user’s device. One of the big advantages of using a cloud antivirus is that the network cloud hosts can use numerous types of detection techniques to scan your files for malware. For a cloud antivirus program to be most effective you need a constant network connection.

Online Scanning

Some antivirus vendors don’t need you to install an antivirus program at all. The requested files are uploaded via the antivirus vendor’s website, scanned for malware and a report is generated if anything is found.
This process is highly effective if you suspect that malware may already be prevalent on your device. Certain malware can effectively detect that an antivirus is being installed and either hide from the antivirus or even infect the antivirus programs themselves.
Online scanning can however be VERY DANGEROUS. There have been many fake antivirus programs offering free system scans however they in fact install malware on your system (See Rogue Security Software for more details). If you do decide to use an online scanning service be sure that it is from a trusted source (Preferably directly from a major vendor’s official website).

Rescue Disk

A rescue disk is loaded onto a CD/DVD or USB memory device and allows you to scan your system before the operating system loads into memory. This is extremely useful if malware has already done damage to your system and the operating system won’t load when you turn the device on, as well as removing malware that may be corrupting or deleting another antivirus program that you are trying to install.

Article Derivative Source – Wikipedia/Antivirus Software


Thursday, 28 February 2013

The Problems with Antivirus Software

While not having any form of protection on your electronic device is seriously ill-advised there are however some major issues that can occur when you buy and install an antivirus program. The problems with antivirus software include:

Rogue Security Software

These are malware programs that users install that pretend to be an antivirus. On most occasions the user thinks that their device is now protected against malware when in fact malware such as Trojan Horses are installed on their system. On many occasions the user actually paid for the “fake” antivirus program and hence has been defrauded of their money on top of making their private data available to hackers.
Another one of the main ways people may inadvertently install rogue security software on their devices are by clicking on a website link which pretends to have found malware on their system and prompting that they download or scan their device using that link’s installation prompts.
The best way to avoid installing rogue antivirus software is by always using well known antivirus products and downloading or buying the antivirus directly from the manufacturer’s website or another trusted source. Please visit Wikipedia for more information about Rogue Security Software.


False Positives

There have been numerous reports of antivirus programs deleting or quarantining legitimate programs and even destroying critical operating system applications. Even the most popular antivirus programs have deleted critical files and caused immense damage to computer systems around the world.
All antivirus programs have a clause in their installation terms and conditions that users need to agree to which states that legal action can not be taken against the vendors for damages caused to data and applications as a result of the antivirus program and that the antivirus program should be used at their own risk.

Unexpected Renewal Costs

Most commercial antivirus programs have a subscription clause which states that their antivirus will automatically renew around the time that the licence is about to expire. If you bought the antivirus online the odds are that the vendor you bought the antivirus from will still have your bank card details and will automatically charge you when the time for renewal approaches.  The default settings on most antivirus programs are to automatically renew themselves unless the person who bought the antivirus literally “Opts out” of the process. If you want your automatic renewal option turned off it is recommended that it be done as soon as you bought your licence as some vendors may not allow you to opt out as much as 60 days before the licence is about to expire.

Software Conflicts

Many antivirus programs can conflict with other software applications on you device. Some updates like operating system service pack upgrades or graphics card upgrades may require that your antivirus be turned off at the time of installation; otherwise your update/upgrade may be unsuccessful. In addition, antivirus programs don’t like other antivirus programs. Because many antivirus programs use the same resources on your device, they won’t work together. On most occasions only one antivirus program can be installed on your device at a time.

Antivirus Effectiveness and New Malware

No antivirus program can detect and remove all known viruses.  There have also been a lot more mention of Zero Day Attacks in the news lately which is not detectable until it is too late and the malware has executed its purpose. In a nutshell, a zero day attack is when a previously unknown vulnerability is discovered on electronic devices and the malware writers target these vulnerabilities before the antivirus vendors and application writers can find a solution to stop the malware. For more detailed information on Zero day Attacks click here – Zero Day Attacks.
New malware code is written everyday and on many occasions the people that write this code actually test it against the major antivirus programs to ensure that it is not detectable. Unfortunately antivirus vendors can not stop these viruses until they have actually discovered them.  Most of the major antivirus vendors allow users to send in any file to them that they suspect is infected with malware so that the vendor may update their antivirus programs to stop and remove it.

Other Antivirus Issues

  • System Slowdown – For an antivirus to be effective it needs to scan the user’s files, new emails and system processes for malware.  This however can eat up a lot of the electronic device’s processing power and memory, making the user’s device feels sluggish and slow.
  • Rootkits – It is really difficult for antivirus programs to detect rootkits which has compromised the user’s operating system. Rootkits have full administrative control of the device they’re on. They are hidden from the “task manager” and can change key operating system settings. Rootkits can also evade and  manipulate antivirus programs.
  • Damaged Files – Once malware has been detected on your device, the antivirus program may be able to remove the malware however the file/s that contained the malware or were corrupted by the malware can not be recovered to their original operational state. The only way to fix this is by restoring existing backups of the damaged files and data.
  • Firmware – Antivirus software is unable to protect your BIOS from infection. Some antivirus programs have also been known to block legitimate firmware updates leaving the users’ firmware outdated.

Derivative Source – Wikipedia/Antivirus Software




Antivirus Software (A Definition)

Antivirus (or alternatively spelt "anti-virus") software is a generic term for a software application used to detect and/or remove malware from an electronic device. 

Whist the term “antivirus” suggests that only computer viruses are detected by the software application, almost all modern antivirus programs detect and remove various types of malware which may attempt to install itself on your electronic device.  The main electronic devices which can by affected by malware are any form of computer (Including Windows and Apple operating systems), tablet PCs, smart phones and there has even been some mention of smart TVs being potentially affected.
The term “malware” comprises of the following:
  • Computer viruses - A computer virus is a software program that has an ability to replicate itself and spread from one computer to another.
  • Adware - Adware is a software package which automatically displays unwanted advertisements on the user’s electronic device.
  • Backdoors - backdoor is a way of bypassing the usual authentication process of a computer system which grants an unauthorised user of software application access to that computer.
  • Malicious BHOs – Malicious Browser Helper Objects (BHOs) use their unrestricted access to Microsoft Internet Explorer as a gateway to implement other forms of malware.
  • Dialers - Dialers from a malware perspective take advantage in security flaws in operating systems to make outbound phone calls to premium rate numbers without the user’s knowledge.
  • Fraudtools – Fraudtools pretend to be a well known and trusted software application (most likely masquerading as an antivirus) to steal data or money. 
  • Browser Hijackers – Malware which changes the user’s web-browser settings without the user’s permission.
  • Keyloggers - A Keylogger records the keystokes on the user’s keyboard without the user’s knowledge.
  • Malicious LSPs – Whilst not actually malware, an LSP (Layered Service Provider) is a Microsoft Windows function which intercepts and modifies inbound and outbound Internet traffic which malware might exploit.
  • Rootkits - A rootkit is a piece of software with administrative system privileges which can hide certain processes or programs on the user’s electronic device
  • Spyware – Spyware is a form of malware which can gather personal information on the user’s computer without their knowledge or consent. Spyware can also take control over certain computer functions and programs.
  • Ransomware - Ransomware restricts the access to the infected computer system and as the name suggests, holds the system to “ransom” until the user pays the extortionist to remove the restrictions.
  • Trojan horses – A Trojan horse is a form of malware which grants unauthorised access to a user’s computer system.
  • Worms - Computer worms are a standalone computer program designed to replicate themselves and spread to other electronic devices on a computer network.
Derivative Source – Wikipedia/Antivirus Software
Creative Commons License
The above definition is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Wednesday, 27 February 2013

Types of Malware

The word Malware is a term derived by mixing the words “malicious” and “software” and can be described as any form of software, script or code which is designed to cause damage to computer systems or to intrude on the privacy of computer system users.

Types of malware include the following:
  • Computer Viruses - A computer virus is a software program that has an ability to replicate itself and spread from one computer to another.
  • Adware - Adware is a software package which automatically displays unwanted advertisements on the user’s electronic device.
  • Backdoors- A backdoor is a way of bypassing the usual authentication process of a computer system which grants an unauthorised user of software application access to that computer.
  • Malicious BHOs - Malicious Browser Helper Objects (BHOs) use their unrestricted access to Microsoft Internet Explorer as a gateway to implement other forms of malware.
  • Dialers - Dialers from a malware perspective take advantage in security flaws in operating systems to make outbound phone calls to premium rate numbers without the user’s knowledge.
  • Fraudtools - Fraudtools pretend to be a well known and trusted software application (most likely masquerading as an antivirus) to steal data or money.
  • Browser Hijackers - Malware which changes the user’s web-browser settings without the user’s permission.
  • Keyloggers - A Keylogger records the keystokes on the user’s keyboard without the user’s knowledge.
  • Malicious LSPs - Whilst not actually malware, an LSP (Layered Service Provider) is a Microsoft Windows function which intercepts and modifies inbound and outbound Internet traffic which malware might exploit.
  • Spyware - Spyware is a form of malware which can gather personal information on the user’s computer without their knowledge or consent. Spyware can also take control over certain computer functions and programs.
  • Ransomware - Ransomware restricts the access to the infected computer system and as the name suggests, holds the system to “ransom” until the user pays the extortionist to remove the restrictions.
  • Trojan Horses - A Trojan horse is a form of malware which grants unauthorised access to a user’s computer system.
  • Worms - Computer worms are a standalone computer program designed to replicate themselves and spread to other electronic devices on a computer network.
  • Rootkits - A rootkit is a piece of software with administrative system privileges which can hide certain processes or programs on the user’s electronic device.


Computer Viruses 

Definition: "A computer virus is a software program that has an ability to replicate itself and spread from one computer to another."There is a misconception that most types of malware and computer viruses are the same thing however computer viruses are limited to the above definition.  Types of malware which are not classed as computer viruses are computer worms, ransomware, trojan horses, keyloggers, most rootkits, spyware, dishonest adware, malicious BHOs and other malicious software. Whilst worms and Trojan Horses also have the ability to replicate themselves, the way they do so is different to that of a computer virus. See Worms , and Trojan Horses for more details.
Resident and Non-Resident Viruses
Viruses are unable to replicate themselves unless they have been permitted to execute code and write to memory. For this reason, many viruses write themselves to legitimate programs (Known as code injection) and wait to be executed.  Viruses can be divided into 2 classes based on the way they replicate themselves when executed. The ways that viruses replicate themselves can be classed as resident viruses or non-resident viruses. 
resident virus resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.
A non-resident virus is like a resident virus however the way they spread is different. Instead of waiting for another program to access the host program like a resident virus does, a non-resident virus actually actively seeks out other applications to infect.
Derivative source - Wikipedia/Computer Virus

Adware

Adware is a software package which automatically displays unwanted advertisements on the user’s electronic device. The most common form of adware is by the way of annoying pop-ups. Other forms of adware are advertisements prevalent in the software interface or the installation of an unrelated application.  The usual reason that adware is written is to generate pay-per-click income for the adware author.
Most adware can be more of an annoyance than an actual threat to the user’s electronic device however some adware may be coupled with spyware. The spyware associated with the adware may have the ability to monitor the user’s computer habits (e.g. which websites they visit, what applications are running on a user’s device and even any security flaws on the user’s device which the spyware author can exploit).

Derivative source - Wikipedia/Adware



Backdoors (Malware)

backdoor is a way of bypassing the usual authentication process of a computer system which grants an unauthorised user access to that computer. The unauthorised user is usually undetected and can access the host computer’s data in plain text.Whilst backdoors are not technically malware in the sense a computer virus is, they are the by-product of certain rootkits, worms and Trojan Horses.
One of the most common ways that back doors are used now days are to use compromised computers to send unsolicited spam emails.


Derivative source - Wikipedia/Backdoors


Malicious BHOs (Browser Helper Object)

A Browser Helper Object (BHO) is a plugin used to add functionality to Microsoft Internet Explorer. Toolbars which can be added to your browser or have the functionality to open PDF files in the browser window are examples of BHOs. As BHOs have unrestricted access to Internet Explorer it is no wonder that malicious BHOs have been written to take advantage of the security flaw. BHOs have the ability to make visible and invisible changes to Internet Explore. Visible changes may include the addition of a toolbar to your browser window or redirection to pages containing adverts (A form of adware). Invisible BHOs could record the keystokes on the user’s keyboard (A keylogger) whenever it detects that the user is on a financial institution’s website. This is done in an attempt to steal the user’s passwords with the aim of stealing the user’s money.Since this form of malware has become apparent, Microsoft have included an “add on manager” to their browsers from Microsoft Internet Explorer 6 onwards.Derivative source - Wikipedia/BHOs

Dialers (Malware)

Although not a problem for broadband internet connections, a dialer is a form of malware which affects computers connected to the internet via an analogue modem or has an active telephone line connected to their computer by other means.Dialers from a malware perspective take advantage in security flaws in operating systems to make outbound phone calls to premium rate numbers without the user knowing. If the user is aware of a dialer making the call or initiated the call, it is likely that there has been very little or no mention of the costs incurred.Dialers can be recognised by the following:
  • “A download popup opens when opening a website.
  • On the website there is only a small hint, if any, about the price.
  • A download starts even if the cancel button has been clicked.
  • The dialer installs as default connection without any notice.
  • The dialer creates unwanted connections by itself and without user interaction.
  • The dialer does not show any notice about the price (only few do) before dialing in.
  • The high price of the connection is not being shown while connected
  • The dialer cannot be uninstalled, or only with serious effort.”  - Quotation Source – Wikipedia/Dialer
  • Another obvious way of recognising that you may have a dialer installed on your computer is by receiving very high phone bill or by noticing unknown numbers on your itemised billing.
Derivative source – Wikipedia/Dialer

Fraudtools

Fraudtools pretend to be a well known and trusted software application (most likely masquerading as a free antivirus) to steal data or money.  Fraudtools often also include adware.They way a fraudtool pretending to be a “free” antivirus (Also known as Rouge Security Software) works is by performing a fake antivirus scan of your electronic device and then pretending that malware has been found. The fraudtool then prompts for a credit card payment to be processed in order to buy the paid-for full version of the antivirus which doesn’t actually exist so that the fake malware can be removed. The user is then charged for a product that they don’t receive or worse yet, the user’s credit card information is stolen.
Derivative source – Wikipedia/Fraudtools

Keyloggers (Malware)

A Keylogger records the keystokes on the user’s keyboard without the user’s knowledge.  The “log” is then transferred to the malware writer or their associate’s computer where the key stokes can be “harvested” for passwords. The most common form of Keyloggers can be found in Trojan Horses and some computer viruses.As sifting through lines and lines of keystrokes can be tedious, many keyloggers are designed to only become active when they sense that the user is on a financial institution’s website so that that they may steal the user’s online banking passwords. Once the password has been stolen, the fraudster will have access to the user’s bank account and be in a position to steal the user’s money.
There a numerous methods that keyloggers work. They could be software based, hardware based or even involve acoustic analysis (The sound that each keystroke makes and be analysed and deciphered). From an antivirus point of view, only software based keyloggers can be detected.
As well as recording your keystrokes and recording it as computer code, some malware take screenshots of what the user is doing (known as screen-logging) and transmits images of the screenshots taken back to the malware creator or associate.
This post was written with the lay-man in mind and the technical jargon associated with the applications and methodology of keylogging is beyond the scope of this article. If you would however like to know more about keyloggers, please visit Wikipedia/Keylogger.
Derivative source: Wikipedia/Keylogger

Spyware

Spyware is a form of malware which serves to gather personal information on the user’s electronic device without their knowledge or consent. Spyware can also take control over certain aspects and applications on a person’s computer.  It is often installed on the electronic device by “piggy backing” on a legitimate application which the user installs or through infected websites.The most common use of spyware is to track a user’s Internet browsing habits and in turn serve up targeted pop-up ads or redirecting Web browsers based on those habits. More malicious forms of spyware may install keyloggers on the user’s system in an attempt to steal passwords; be it to hack into email accounts or even steal internet banking logins.
Spyware can be classed into four types:
  1. System Monitors
  2. Trojan Horses
  3. Adware
  4. Tracking Cookies
Infection Methods


Unlike a computer virus or a worm, spyware does not usually make an attempt to duplicate itself to other computers but rather use deception techniques to infect the user’s computer. Spyware is commonly coupled to genuine software by the spyware author/user and then installed along with this genuine software in the background without the user’s knowledge.
The other main way that spyware may infect a user’s device is through the use of a Trojan Horse Insrt hyper. When the user visits a webpage or uses an online application infected by a Trojan Horse, the spyware is automatically downloaded onto the user’s system without their knowledge. This is known as a drive-by download.
Signs of Spyware Infection
Spyware infections are normally not limited to single infections but they rather hunt in packs for maximum effectiveness and to evade antivirus software. When a user inadvertently downloads spyware they may download various different types of spyware at once. This may result in a dramatic slowdown on the user’s electronic device.
Signs of a potential spyware infection may include:
  • Increased CPU activity, disk use and network traffic
  • Application freezing and/or crashes
  • Unexpected system reboots or failure to boot
  • Inability to connect to the internet
  • Slow user experience
  • Inexplicable application behaviour
  • Windows installation problems
  • Antivirus and/or firewall deactivation
For more information, please visit the Derivative source – Wikipedia/Spyware

Trojan Horse (Malware)

A Trojan horse is a form of malware which grants unauthorised access to a user’s computer system. Trojan horses are currently the most common form of malware in the world. Trojan horses are not self-replicating like a computer virus or worm and are often classed as a form of Spyware.  Just like the Trojan horse from Greek mythology, the Trojan horse in malware terms pretends to be something beneficial like a free screensaver or be embedded on a site that offers free software.
When the user visits a webpage or uses an online application infected by a Trojan horse, the malware is automatically downloaded onto the user’s system without their knowledge. This is known as a drive-by download. Trojan horses are normally controlled by hackers who wish to obtain remote access to your computer system to steal data or cause system damage. Hackers may also turn your computer into a “zombie” or “slave” device, allowing the hacker to use your computer’s resources to commit fraud anonymously.

Purposes of Trojan horses
  • “Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
  • Crashing the computer
  • Computer running slow
  • Blue screen of death
  • Take over computer
  • Electronic money theft
  • Data theft (e.g. retrieving passwords or credit card information)
  • Installation of software, including third-party malware and ransomware
  • Downloading or uploading of files on the user's computer
  • Modification or deletion of files
  • Keystroke logging
  • Watching the user's screen
  • Viewing the user's webcam
  • Controlling the computer system remotely
  • Anonymizing internet viewing” Quotation Source – Wikipedia/Trojan horse
Derivative source – Wikipedia/Trojan horse

Worms (Malware)

Computer worms are a computer program designed to replicate themselves and spread to other electronic devices on a computer network. The difference between a worm and a computer virus are that computer viruses “piggyback” on other applications whilst worms are normally a standalone computer application.
Worms spread by exploiting security flaws on computer networks; either by exploiting common network flaws or my making use of backdoors hyper created by other worms or malware. Most worms don’t really have a purpose other than to replicate and spread themselves which can cause network disruption. However, some worms can carry payloads.  A Payload is code that has been added to the worm in order to perform functions beyond just replicating and spreading themselves. A payload may delete files or install backdoors which can be exploited by other malware.
Derivative source – Wikipedia/Worms

Rootkits (Malware)

A rootkit is a piece of software with administrative system privileges which can hide certain processes or programs on the user’s electronic device. Rootkits can get on a user’s system either by automatic installation via a worm hyper or directly by a hacker with administrative privileges. Rootkits are difficult to remove from your system and can cause complete system failure resulting in the need for your entire operating system to be re-installed.Uses of Rootkits
Common ways rootkits are used without the user’s knowledge:
  • Provide an attacker backdoor access to a user’s computer system in order to bypass passwords. The hacker then uses this unauthorized access to steal or modify user data.
  • Hide other malware from regular detection methods.
  • Turn the user’s device into a “zombie computer” in order to commit fraud anonymously
  • The enforcement of Digital Rights Management (DRM)
Sometimes however rootkits are voluntarily installed on a system by the user themselves to bypass copyright laws or break social rules:
  • Hide the fact that a user is cheating on an online games.
  • The detection of other rootkits.
  • Bypass copyright management software to make pirated copies of copyrighted material like software, music or movies (And other video based media)
  • Bypass product license key activation.
One positive reason for a user to voluntarily install a rootkit on their device is for theft prevention. For example, if a user’s laptop is stolen they may access their stolen laptop via the rootkit to delete any confidential information.

Ways to detect Rootkits
Because rootkits have administrative-level permissions they can hide their existence on a user’s device. Special, often complicated, methods have been created to detect rootkits:
  • "Alternative trusted medium
  • Behavioural-based
  • Signature-based
  • Difference-based
  • Integrity checking
  • Memory dumps" - Quotation source Wikipedia/Rootkits
Descriptions of these rootkit detection methods are beyond the scope of this article. If you would like to read more, please visit: Wikipedia/Rootkits
Derivative source – Wikipedia/Rootkits

Creative Commons License
The above definitions are licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.