Unit 2
Malware (malicious sofware) is sofware that enters a computer system without
the user’s knowledge or consent and then performs an unwanted and
... [Show More] harmful
action. Malware is most ofen used as the general term that refers to a wide
variety of damaging sofware programs.
NOTE: Many jurisdictions use the legal term computer contaminant instead of
malware to be as encompassing and precise as possible so that offenders cannot
find a loophole to escape prosecution. A typical definition is: “Computer
contaminant means any data, information, image, program, signal or sound that is
designed or has the capability to:
1. Contaminate, corrupt, consume, damage, destroy, disrupt, modify, record or
transmit; or
2. Cause to be contaminated, corrupted, consumed, damaged, destroyed,
disrupted, modified, recorded or transmitted, any other data, information,
image, program, signal or sound contained in a computer, system or network
without the knowledge or consent of the person who owns the other data,
information, image, program, signal or sound or the computer, system or
network.”
As security defenses have continued to evolve in order to repel malware, so too
has malware continued to become more complex, with new malware being written
and distributed. This has resulted in an enormous number of different instances of
malware that have emerged (an example is the malware ZeuS). Yet there has been
no standard established for the classification of these different instances of
malware; many malware classifications are simply lists of different types of
malware (virus) instead of broader categories in which like instances can be
grouped together. As a result, the attempts to classify malware can be confusing.
NOTE: Because threat actors ofen tweak their malware so that it evades the latest
security defenses, many instances of malware are similar. These similar instances
of malware are sometimes referred to as malware families.
One method of classifying the various instances of malware is by using the primary
trait that the malware possesses. These traits are circulation, infection,
concealment, and payload capabilities.
Circulation. Some malware has as its primary trait spreading rapidly to other
systems to impact a large number of users. Malware can circulate through a
variety of means: by using the network to which all the devices are
connected, through USB flash drives that are shared among users, or by
sending the malware as an email attachment. Malware can be circulated
automatically or it may require an action by the user.
Infection. Once the malware reaches a system through circulation, then it
must “infect” or embed itself into that system. The malware might run only
one time, or it might remain on the system and be launched an infinite
number of times. Some malware attaches itself to a benign program while
other malware functions as a stand-alone process. [Show Less]