Malicious Software And Its Detection Techniques – A Definitive Guide !! (Includes Malicious Software Types)
The Internet is vast and indeed vulnerable. We surf the internet freely without caring about our privacy and online security (most of us and not all) . Malware is currently the major source of attacks and fraudulent activities on the Internet. Malware is used to infect computers.
Malware, short-form is malicious software or also called as malicious software . Malicious software is software where an attacker can get partial or full control of the program.
Thus attacker is free to do anything that he/she wants to do. There are different types of malicious software available . Botnet is a network of zombies, i.e. compromised computers under the control of an attacker.
This software basically consists of Bot , which is a program loaded on a zombie computer (a zombie is a computer connected to the Internet that has been compromised by a hacker) that provides remote control mechanisms to an attacker. Bot – a small program to remotely control a computer.
What Are The Malicious Software Types ?
There are many types of Malicious software available around us . Here we will see just the important ones that you very often encounter in your PC or laptop frequently.
So lets start by a Bot . A Bot is characterized by Remote control and communication (C and C) channels to command a victim (Means of receiving and sending commands and information between the botmaster and the zombies). For e.g. perform a denial of service attack , send spam etc .(A botnet is very famous these days on internet)
Trojan horse: It is a computer program. Along with some useful code or function, some hidden malicious code or function is there which may hamper the performance of security mechanisms. Useful information can be stolen by attackers.
Bacterium : Bacterium is a special kind of virus. The virus is getting attached with different files but bacterium does not get attached to a specific file.
Logic bomb : Logic bomb is generally used in DOS (Denial of service) attacks. When specified conditions are met it activates malicious program logic. It may damage system resources greatly.
Time bomb : This gets activated when specified time occurs.
Rabbit: It is a kind of virus/worms that replicates itself without any limits. The intention is to exhaust resources
Trapdoor / backdoor : An intruder can enter into the system by bypassing all security services or mechanisms. Thus intruder knows the flaws or loopholes in the system and can get these loopholes to gain access to the computer.
Virus : It is a self replicated, a hidden computer program. The virus cannot run on its own rather it requires host program to run it and make it active. Malicious logic is written in the program which infects another program, i.e. it becomes the part of another program.
Worm : Worm is also a computer program that can run independently. By propagating a complete working version of itself onto other hosts on a network it can consume computer resources destructively.
Types Of Viruses And Worms In Malicious Software !!
Virus and worms are the classes of malicious software which are capable of replicating itself or copy the contents many times or even can modify the system settings or data.
The basic differences between worm and virus are, the virus needs a host program to propagate or spread itself whereas worm does not need host it propagates independently but slowly.
Types of Virus That Are Very Common Nowadays !!
So below are the most common virus types that you may face in any infected/good system.
Boot sector viruses
It infects storage media like disks and hard drives. All disks or hard serves contain sector and the first sector is called as Boot Sector. This boot carries Master Boot Record which is used to read and load operating
system.
The virus infects itself sector while rebooting system Boot sector also spreads other computers if the same disk is shared to another system.
Program Virus
A program virus gets active when program containing these virus gets opened (.bin, .exe, .ove), once it gets open it starts copying itself and infect another program.
Multipartite virus
It is a combination/hybrid of the boot sector and program virus. It infects the program files. When this virus is active it will affect the boot sector also after booting or starting up it will affect other computer also.
Stealth Virus
Dubbed Brain” the first computer virus was a stealth virus it tries to disguise itself, so that antivirus software may not able to recognize it. It alters the file size, concealing file’s memory, and so on.
Polymorphic Virus
It keeps on changing it patterns or signature to get undetected. Usually, it acts like a chameleon. These are not actual virus, it is a virus which hides the actual virus of the system.
Macro Virus
Applications such as MS word, excel sheets have macro supportive language. This virus infects victim every documents once it gets into victims systems.
Types of Computer Worms :
E-mail worms : It spreads through infected email messages of any infected websites.
Instant messaging worms : It spreads by sending links to the contact list of the instant messaging application.
Internet worm : It scans all network resources which are available and system. If it is found vulnerable, it will take advantage and gain access.
IRC (Internet Relay Chat) worms : It places a copy of itself through links in infected websites.
File sharing Network worms : It places a copy of itself in a folder which is shareable and spread via P2P network
Now once you very well acquainted with the common types of malicious software online , you can hopefully stay away from any harmful or malicious entity online . But the question is how can you determine the danger just by looking into any file or website .
The answer is simple , you can not always able to distinguish the danger of malicious content online . So you just need to follow some best practices from your end as follows :
1. Use commercial software from trustworthy sources.
2. Open only safe attachments.
3. Keep a recoverable system image in safe place.
4. Use virus scanners often (daily).
5. Update virus detectors daily as Databases of virus signatures change very often.
6. Test new software on isolated computers.
7. Backup executable system files.
So the above are some of the best practices you may try to mitigate the risk . So now just jump into the next section to know the different ways to prevent any such potential danger in the future .
What To Do In Order To Prevent The Danger Of The Malicious Attacks ?
There are many ways in which you can prevent these Malicious code to cause harm to your PC or laptop . You should follow the above mentioned best practices along with the below measures to get fruitful results indeed .
The main aim of a security system is to protect the most valuable assets (data/secret information ) of organizations like banks, companies, universities and many others because these organizations have data or secret information in some form, and their security policies are keen for protecting the privacy, integrity, and
availability of this valuable information or data.
An Intrusion Detection System (IDS) is software that monitors the events occur in computer systems or networks, analyzing what happens during execution and tries to find out indications that the computer has been misused in order to achieve confidentiality, integrity, and availability of a resource or data.”
The IDS will continuously run on our system in the background, and only generate the alert when it detects something suspicious as per its own rules and regulation or attack signature present into it and taking some immediate action to prevent damage .
Signature Based Detection :
It is a process of comparing the signatures of known threats with the events that are been observed. Here the current packet is been matched with log entry of the signatures in the
network.
Signature is defined as the pattern (structure) that we search inside a data packet. The data packet may contain source address, destination address, protocol, port number etc.
If an attacker adds any malicious code into these data packet he is generating attack patterns or signature. Signature based IDS create databases of such attack patterns for detecting the known or documented attacks. Single signature is used to detect one or more types of attacks which are present in different parts of a data packet.
Anomaly Based Detection :
It is the process of comparing activities that are supposed to be normal against observed events to identify deviation. An IDPS uses Anomaly-based detection techniques, which have profiles that represent normal activities of user, host, connections or applications.
For example : Web activities are the normal activity done in a network. Anomaly-based IDS works on the notation that “attack behavior” enough differ from “normal behavior” (IDS developer may define normal behavior).
Normal or acceptable behaviors of the system (e.g. CPU usage, job execution time etc) if the system behavior looks abnormal i.e. increasing CPU speed, too many job execution at a time then it is assumed that the systems are out of normal activity. Anomaly-based detection is based on the abnormal behavior of a host or network .
Stateful Protocol Analysis :
Unlike anomaly-based detection ,which uses host and network-specific profiles., the stateful protocol analysis relies on Vendor developed universal profiles.
The stateful protocol analysis means the IDPS is able of checking the network, applications, and protocols that are predefined in them. It can identify the unexpected sequences of threats in the form of commands .
Lastly you can use the more advanced Firewall and Antivirus for protection against the malicious codes .
A firewall device filters all traffic between the intranet and extranet. All the traffic runs through firewall. The main purpose of the firewall is to keep attackers outside the protected environment. For that policies are set in the firewall to decide what is allowed and what is not allowed.
Anti-virus is a software or computer program that scans files or computer’s memory and check for certain patterns of events and detects them as an attack. It checks for a particular pattern called signature or known viruses .
Checkout the review of the Avast Antivirus here .
Also if you want a free Antivirus software then check out here .
I hope you really like the post about malicious code and software. Also just stay tuned for more interesting stuff in this series .
Aric is a tech enthusiast , who love to write about the tech related products and ‘How To’ blogs . IT Engineer by profession , right now working in the Automation field in a Software product company . The other hobbies includes singing , trekking and writing blogs .