Malicious program

For a detailed description of how malware and especially viruses work, see Computer Virus .

Classification

The malware known to date can basically be divided into three different classes, computer viruses , computer worms and Trojan horses .

Computer viruses

Computer viruses are usually classified into the following subclasses according to the type of host file (s):

If a link is set to the actual virus code in another file, this file also counts as infected or as a host file, since the link is regarded as part of the virus code. Memory-resident viruses also infect the RAM, but this is irrelevant for the classification of the virus by host file.

Numerous other names for viruses mostly refer to their behavior, the host systems or the techniques used.

Computer worms

Wümer is divided into four different classes according to their distribution method:

• Network worms use exploits in operating systems and applications and copy themselves directly to other computers via the network.
• E-mail worms send themselves automatically or partially automatically by email and often use exploits in MS Outlook or similar programs.
• Removable disk worms spread via USB sticks and removable hard drives and often use security holes in the autostart function.
• Bluetoth worms exploit Bluetoth technology from cell phones and tablet computers.

Worms are often incorrectly referred to as viruses in the mass media. A clear distinguishing feature is that a computer worm does not need a host file.

Trojan horses

Depending on the nature of its harmful effects, there are many other, more or less established names for malware. Often these are Trojan horses because they cannot spread independently or automatically. A commonly used short form is Trojan, but this term is often considered incorrect due to the origin of the word. However, the term is firmly established in the German language both in the specialist field and in general and thus represents a correct designation. A Trojan horse is usually downloaded from the Internet as a result of deception, it is caught as a drive-by download, or gets it leaked accidentally or on purpose. The following examples are mostly Trojan horses:

• A backdoor is a widespread malicious function that is usually introduced and installed by viruses, worms or Trojan horses. It allows third parties unauthorized access ("back door") to the computer, but hidden and bypassing the usual security devices. Backdoors are often used to misuse the compromised computer as a spam distributor or for denial-of-service attacks.
• Spyware and adware research computers and user behavior and send the data to the manufacturer or other sources in order to either sell them or to place targeted advertising. This form of malware is often installed along with other useful software without asking the user, and often remains active after it is uninstalled. As Spyware is a software program that collect information on the activities of the user and to third parties. Adware is software that - often together with desired installations or web accesses - starts functions thatserve advertising or market research without being asked for and without any benefit to the user.
• Scareware is designed to unsettle the user and induce him to install malicious software or to pay for a useless product. For example, fake warning messages are displayed about alleged virus attacks on the computer that commercially available software is purporting to remove.
• Ransomware blocks access to the operating system or encrypts potentially important files and asks the user to pay a ransom - usually via the digital Bitcoin payment system.
• Keyloggers are programs that are used to log the entries made by the user on the keyboard of a computer and make them available to a third party. Among other things, entered user names and passwords are recorded, which in turn give the third party the opportunity to access the systems for which these access data are intended. Repeated use of the compromised access data can also enable an attack on a large number of user accounts and systems.
• Grayware is sometimes used as a separate category in order to distinguish software such as spyware and adware or other variants that do not directly affect system functions from clearly harmful forms (not to be confused with grayware or re-importing goods by the official importer).
• Dialers (dial-up programs for premium-rate telephone numbers ) are also sometimes mentioned as malware, although they are not included in the narrower sense. Illegal dialer programs secretly dial-in, i. H. in the background and unnoticed by the user and inflict financial damage on the victim, which is billed to the telephone bill, for example. Under criminal law, this is fraud .
• Rogueware (even rogue software, rogue security software or English "rogue security software" ) deceives the user supposed to remove other malicious programs. Some versions are offered for a fee, other versions install additional malware during the deception process.
• Coin mining (also known as cryptocurrency mining ) describes a technique in which an attacker uses the hardware and energy resources of victims unnoticed and without their consent for computationally intensive mining , e.g. B. via manipulated websites or malware.

distribution

In 2008, security companies like F-Secure were expected to see “a million new malware threats”. According to this, around 25,000 new malware programs - so-called unique samples , i.e. malware with a unique "fingerprint" according to MD5 - reach servers specially set up for this purpose, e.g. B. Honeypots . In contrast, AV-Test was able to count ten million new malware programs in 2008 as early as mid-April 2008. A major change can be seen in the spread of malware: Trojan horses in e-mail file attachments are becoming increasingly rare, while attacks via the web, for example via drive-by download, are increasing. In addition, the use of rootkit techniques to hide malware is becoming more common. According to the California malware specialist Kindsight Security, an average of 13% of private computers in Germany were infected by malware in 2012. According to a security study by the magazine <kes> and Microsoft in 2014, “infection by malware” has advanced to the first place in terms of threats to corporate IT. In doing so, she has pushed “employee error and negligence” into second place. 74 percent of the study participants stated that they had been affected by malware incidents in the past two years. In the companies surveyed, email is at the top of the path of infection. This would be followed by web content that distributes the malware via active content or "drive-by downloads".

motivation

Studies dealing with the motivation of malware developers have come to the five primary results:

• Greed: Attacks are carried out in order to gain personal, material gain
• Curiosity: Attacks are carried out to satisfy personal curiosity
• Espionage: Attacks are carried out in order to gain specific information
• Retaliation: Attacks are used to purposefully cause harm to satisfy personal emotions
• Conspiracy: Attacks are carried out to lure possible pursuers on the wrong track.

See also

• Botnet
• Content filter
• Crimeware
• Dropper
• Information security
• Logic bomb
• Malicious code
• Pharming
• Phishing
• Riskware
• Vishing
• Quarantine of malware

literature

• Eugene Kaspersky: Malware: About Viruses, Worms, Hackers and Trojans and How to Protect Yourself from Them. Hanser-Verlag, Munich 2008, ISBN 978-3-446-41500-3 .

Web links

Commons : Malicious programs  - collection of images, videos and audio files

• Risks from malware from the Internet (seminar paper FH Würzburg, PDF file and Powerpoint presentation)
• Viruses, worms, Trojan horses Information page of the CERT of the University of Stuttgart (RUS-CERT) on malware
• Kaspersky Malware Classifications Classification of types of malware according to harmfulness
• Mikko Hypponen: The Malware Museum. Internet Archive , 2016, accessed on February 8, 2016 (Collection of emulations of historical malware). 
• Malware: How to Detect, Remove, and Prevent Malware. 1und1.de/digitalguide, June 2, 2016, accessed June 30, 2017.

Individual evidence

1. ↑ [ http://seclab.cs.ucdavis.edu/projects/history/papers/ande72.pdf Computer Security Technology Planning Study , 1972, p. 62, (PDF; 8.1 MB)
2. ↑ http://news.cnet.com/8301-13506_3-9745010-17.html 25th anniversary of the computer virus? Not so almost! by Don Reisinger , November 30, 2013
3. ↑ wsj.com: In the Bitcoin Era, Ransomware Attacks Surge
4. ↑ Bitdefender.de: E-Threat-Trends 2011 , accessed on July 8, 2013.
5. ↑ Microsoft.com: Beware of False Virus Alerts , Retrieved July 8, 2013.
6. ↑ Marvin Strathmann: CoinHive - This software secretly mines digital money while you surf , Süddeutsche Zeitung, November 30, 2017, accessed on December 1, 2017
7. ↑ October's Most Wanted Malware: Cryptocurrency Mining Presents New Threat , Check Point Research Team, November 13, 2017, accessed December 1, 2017
8. ↑ heise.de: F-Secure expects 1 million malware threats this year
9. ↑ Spiegel-Online: Virus hunter Kaspersky: "[...] the era of e-mail viruses is over [...]. Today nobody needs an email to get a virus into circulation. Criminals distribute their viruses via hijacked websites: just one visit is enough to infect the computer. They hide their programs in multimedia files and circulate them via social networks (→ social software ). They leave links in guest books or on Wikipedia, and if you click on them, you catch something. "
10. ↑ <kes> / Microsoft Security Study 2014 special edition . 2014. 
11. ↑ Heise Security : Study: Malware is the main threat to corporate IT from October 1, 2014. Retrieved October 14, 2014.
12. ↑ Threats . In: Security @ Work . Springer Berlin Heidelberg, 2006, ISBN 978-3-540-22028-2 , p. 49–83 , doi : 10.1007 / 3-540-36226-6_5 ( springer.com [accessed July 10, 2018]).