Virus Worms And Trojans Pdf
File Name: virus worms and trojans .zip
This era is one of instantaneous information, immediate communication and lightning Internet. But while, on the one hand, this has provided a lot of conveniences and changed the way we live our lives, on the other hand, it has also made threats against your safety an everyday concern. Virus and malware are one of the ways in which your data can be compromised.
- How to prevent and remove viruses and other malware
- Service Unavailable in EU region
- Trojan Horses, Computer Viruses, and Worms
The purpose of this paper is to discuss various types of computer viruses, along with their characteristics, working, effects on the computer systems and to suggest measures for detecting the virus infection in a computer system and to elaborate means of prevention. The author undertook an extensive study and review of the literature available online and on relevant web sites on the present topic.
An important distinction between computer viruses and worms is that viruses require an active host program or an already-infected and active operating system in order for viruses to run, cause damage and infect other executable files or documents, while worms are stand-alone malicious programs that can self-replicate and propagate via computer networks, without human help. Viruses are typically attached to an executable file or a word document. They often spread via P2P file sharing, infected websites, and email attachment downloads. Once a virus finds its way onto your system, it will remain dormant until the infected host file or program is activated, which in turn makes the virus active enabling it to run and replicate on your system.
How to prevent and remove viruses and other malware
Malware a portmanteau for malicious software is any software intentionally designed to cause damage to a computer , server , client , or computer network   by contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug.
Programs are also considered malware if they secretly act against the interests of the computer user. For example, at one point Sony music Compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.
A range of antivirus software , firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present, and to recover from malware-associated malicious activity and attacks. Many early infectious programs, including the first Internet Worm , were written as experiments or pranks. Malware is sometimes used broadly against government or corporate websites to gather guarded information,  or to disrupt their operation in general.
However, malware can be used against individuals to gain information such as personal identification numbers or details, bank or credit card numbers, and passwords. Since the rise of widespread broadband Internet access, malicious software has more frequently been designed for profit.
Since , the majority of widespread viruses and worms have been designed to take control of users' computers for illicit purposes. Programs designed to monitor users' web browsing, display unsolicited advertisements , or redirect affiliate marketing revenues are called spyware.
Spyware programs do not spread like viruses; instead they are generally installed by exploiting security holes. They can also be hidden and packaged together with unrelated user-installed software. Ransomware affects an infected computer system in some way, and demands payment to bring it back to its normal state. There are two variations of ransomware, being crypto ransomware and locker ransomware.
Whereas the traditional ransomware is one that locks down a system and encrypts its contents. For example, programs such as CryptoLocker encrypt files securely, and only decrypt them on payment of a substantial sum of money. Some malware is used to generate money by click fraud , making it appear that the computer user has clicked an advertising link on a site, generating a payment from the advertiser.
In addition to criminal money-making, malware can be used for sabotage, often for political motives. Stuxnet , for example, was designed to disrupt very specific industrial equipment. There have been politically motivated attacks which spread over and shut down large computer networks, including massive deletion of files and corruption of master boot records , described as "computer killing.
Disttrack and Saudi Aramco August The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any specific types of behavior. A computer virus is software that embeds itself in some other executable software including the operating system itself on the target system without the user's knowledge and consent and when it is run, the virus is spread to other executables. On the other hand, a worm is a stand-alone malware software that actively transmits itself over a network to infect other computers and can copy itself without infecting files.
These definitions lead to the observation that a virus requires the user to run an infected software or operating system for the virus to spread, whereas a worm spreads itself. These categories are not mutually exclusive, so malware may use multiple techniques.
A computer virus is software usually hidden within another seemingly innocuous program that can produce copies of itself and insert them into other programs or files, and that usually performs a harmful action such as destroying data.
A Trojan horse is a harmful program that misrepresents itself to masquerade as a regular, benign program or utility in order to persuade a victim to install it. A Trojan horse usually carries a hidden destructive function that is activated when the application is started. The term is derived from the Ancient Greek story of the Trojan horse used to invade the city of Troy by stealth. Trojan horses are generally spread by some form of social engineering , for example, where a user is duped into executing an e-mail attachment disguised to be unsuspicious, e.
Although their payload can be anything, many modern forms act as a backdoor , contacting a controller phoning home which can then have unauthorized access to the affected computer, potentially installing additional software such as a keylogger to steal confidential information, cryptomining software or adware to generate revenue to the operator of the trojan. Unlike computer viruses and worms, Trojan horses generally do not attempt to inject themselves into other files or otherwise propagate themselves.
In spring Mac users were hit by the new version of Proton Remote Access Trojan RAT  trained to extract password data from various sources, such as browser auto-fill data, the Mac-OS keychain, and password vaults. Once malicious software is installed on a system, it is essential that it stays concealed, to avoid detection.
Software packages known as rootkits allow this concealment, by modifying the host's operating system so that the malware is hidden from the user. Rootkits can prevent a harmful process from being visible in the system's list of processes , or keep its files from being read.
An early example of this behavior is recorded in the Jargon File tale of a pair of programs infesting a Xerox CP-V time sharing system:. A backdoor is a method of bypassing normal authentication procedures, usually over a connection to a network such as the Internet.
Once a system has been compromised, one or more backdoors may be installed in order to allow access in the future,  invisibly to the user. The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified.
It was reported in that US government agencies had been diverting computers purchased by those considered "targets" to secret workshops where software or hardware permitting remote access by the agency was installed, considered to be among the most productive operations to obtain access to networks around the world.
Since the beginning of , a sizable portion of malware has been utilizing a combination of many techniques designed to avoid detection and analysis. An increasingly common technique is adware that uses stolen certificates to disable anti-malware and virus protection; technical remedies are available to deal with the adware. Nowadays, one of the most sophisticated and stealthy ways of evasion is to use information hiding techniques, namely stegomalware. A survey on stegomalware was published by Cabaj et al.
Fileless malware does not require a file to operate. It runs within memory and utilizes existing system tools to carry out malicious acts. Because there are no files on the system, there are no executable files for antivirus and forensic tools to analyze, making such malware nearly impossible to detect.
The only way to detect fileless malware is to catch it operating in real time. Such attacks are not easy to perform but are becoming more prevalent with the help of exploit-kits. Malware exploits security defects security bugs or vulnerabilities in the design of the operating system, in applications such as browsers, e.
Security advisories from plug-in providers announce security-related updates. Secunia PSI  is an example of software, free for personal use, that will check a PC for vulnerable out-of-date software, and attempt to update it. Malware authors target bugs , or loopholes, to exploit.
A common method is exploitation of a buffer overrun vulnerability, where software designed to store data in a specified region of memory does not prevent more data than the buffer can accommodate being supplied. Malware may provide data that overflows the buffer, with malicious executable code or data after the end; when this payload is accessed it does what the attacker, not the legitimate software, determines.
Anti-malware is a continuously growing threat to malware detection. Early PCs had to be booted from floppy disks. It was common to configure the computer to boot from one of these devices when available.
Normally none would be available; the user would intentionally insert, say, a CD into the optical drive to boot the computer in some special way, for example, to install an operating system.
Even without booting, computers can be configured to execute software on some media as soon as they become available, e. Malware distributors would trick the user into booting or running from an infected device or medium. For example, a virus could make an infected computer add autorunnable code to any USB stick plugged into it. Anyone who then attached the stick to another computer set to autorun from USB would in turn become infected, and also pass on the infection in the same way.
Devices can be infected during manufacturing or supply if quality control is inadequate. This form of infection can largely be avoided by setting up computers by default to boot from the internal hard drive, if available, and not to autorun from devices.
Users may also execute disguised malicious email attachments. In computing, privilege refers to how much a user or program is allowed to modify a system. In poorly designed computer systems, both users and programs can be assigned more privileges than they should have, and malware can take advantage of this.
The two ways that malware does this is through overprivileged users and overprivileged code. Some systems allow all users to modify their internal structures, and such users today would be considered over-privileged users. This was the standard operating procedure for early microcomputer and home computer systems, where there was no distinction between an administrator or root , and a regular user of the system. In some systems, non-administrator users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system.
In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status. Some systems allow code executed by a user to access all rights of that user, which is known as over-privileged code.
This was also standard operating procedure for early microcomputer and home computer systems. Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user.
This makes users vulnerable to malware in the form of e-mail attachments , which may or may not be disguised. As malware attacks become more frequent, attention has begun to shift from viruses and spyware protection, to malware protection, and programs that have been specifically developed to combat malware.
Other preventive and recovery measures, such as backup and recovery methods, are mentioned in the computer virus article. Reboot to restore software is also useful for mitigating malware by rolling back malicious alterations. A specific component of anti-virus and anti-malware software, commonly referred to as an on-access or real-time scanner, hooks deep into the operating system's core or kernel and functions in a manner similar to how certain malware itself would attempt to operate, though with the user's informed permission for protecting the system.
Any time the operating system accesses a file, the on-access scanner checks if the file is a 'legitimate' file or not. The goal is to stop any operations the malware may attempt on the system before they occur, including activities which might exploit bugs or trigger unexpected operating system behavior. Real-time protection from malware works identically to real-time antivirus protection: the software scans disk files at download time, and blocks the activity of components known to represent malware.
In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Because many malware components are installed as a result of browser exploits or user error, using security software some of which are anti-malware, though many are not to "sandbox" browsers essentially isolate the browser from the computer and hence any malware induced change can also be effective in helping to restrict any damage done.
Many such viruses can be removed by rebooting the computer, entering Windows safe mode with networking,  and then using system tools or Microsoft Safety Scanner. Hardware implants can be of any type, so there can be no general way to detect them. As malware also harms the compromised websites by breaking reputation, blacklisting in search engines, etc.
As a last resort, computers can be protected from malware, and infected computers can be prevented from disseminating trusted information, by imposing an "air gap" i. However, malware can still cross the air gap in some situations.
Stuxnet is an example of malware that is introduced to the target environment via a USB drive. Grayware sometimes spelled as greyware is a term applied to unwanted applications or files that are not classified as malware, but can worsen the performance of computers and may cause security risks.
It describes applications that behave in an annoying or undesirable manner, and yet are less serious or troublesome than malware. Grayware encompasses spyware , adware , fraudulent dialers , joke programs, remote access tools and other unwanted programs that may harm the performance of computers or cause inconvenience. The term came into use around
Service Unavailable in EU region
Virus : Virus is a computer program or software that connect itself to another software or computer program to harm computer system. When the computer program runs attached with virus it perform some action such as deleting a file from the computer system. Worms : Worms is also a computer program like virus but it does not modify the program. It replicate itself more and more to cause slow down the computer system. Worms can be controlled by remote. Trojan Horse: Trojan Horse does not replicate itself like virus and worms. It is a hidden piece of code which steal the important information of user.
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Many worms are designed only to spread, and do not attempt to change the systems they pass through. However, as the Morris worm and Mydoom showed, even these "payload-free" worms can cause major disruption by increasing network traffic and other unintended effects. In the novel, Nichlas Haflinger designs and sets off a data-gathering worm in an act of revenge against the powerful men who run a national electronic information web that induces mass conformity.
Viruses, Worms, Trojan Horses, and Time Bombs: Prank, Prowess,. Protection or Prosecution? Anne W. Branscomb. Program on Information Resources Policy.
Trojan Horses, Computer Viruses, and Worms
United States. Secure yourself against unauthorized access, email compromise, and document tampering with our enterprise tested, cloud-based PKI. All legacy Symantec account portals have moved to CertCentral. If not, contact our sales or support teams here. They will send you an email with a unique link to access your account.
This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses , computer worms , Trojan horses , similar malware , related research and events. From Wikipedia, the free encyclopedia. Not to be confused with List of computer worms. This article may require cleanup to meet Wikipedia's quality standards.