Malicious software categories

Nowadays, computer users and network operators have to struggle and vaccinate themselves against an ever rising different variety of methods of attack which can infect or target specific networks or machines in a co-ordinated attack. The following are the simple and straightforward classification of some malware categories:

Worm

Computer worms are self-replicating computer programs. A worm uses self-propagating malicious code that can automatically spread itself from one computer to different computers through network connections. Unlike a virus, a worm doesn’t attach itself to an existing program. Worms spread through the network connectivity, exploiting vulnerabilities in computer systems and find the other vulnerable systems.

So the next question in order to have a more clear definition of the malware: “without the help of carrier can the code replicate?” .i.e. can the code infect an executable file? If “YES”, then the code is regarded as some sort of worm.

A worm can be harmful, such as overwhelming network bandwidth or acquiring local system resources, perhaps causing a DoS attack (denial of service). Some worms can execute and spread without user interference, while others require users to execute the worm code in order
to spread.
The majority of worms try to copy itself onto a host computer and then use the computer network to replicate. For example, the Sasser worm relies on a service vulnerability to initially
infect a system, and then uses the infected system’s network connection to replicate. If the latest security updates are installed, or there are firewalls in the LAN environment to block the network ports the worm uses, the attack might not succeed.

Trojan horse

A Trojan horse or Trojan is a program or file that a user permits or invites onto his system, thinking that the program or file is usual software. But actually, the program or file contains malware that attempts to take control over the system or provide a way for an outsider to reach
in. Trojan horses are not self-replicating which differentiate them from viruses and worms. Once a Trojan horse has been installed on a target computer it can be possible for a hacker to access it remotely and execute operations. The types of operations that a hacker can carry out are limited by user privileges on the target computer and the design of the Trojan horse itself.

A few additional terms to be considered when referring to Trojan horse behavior are recognized
and explained below:

• Backdoors or Remote Access Trojans(RATs)

A few Trojan horse programs permit the hacker or data thief to have control over a system remotely. Such programs are called Remote Access Trojans (RATs) or backdoors. Examples
of RATs include Back Orifice, Cafeene, and SubSeven.

• Rootkits

Rootkits are collections of software programs that a hacker or data thief can use to have unauthorized access to remote computer systems and start attacks. Rootkits have the capability of altering the existing OS’s softwares so that an attacker can hide himself. This rootkit program may use different techniques like: monitoring keystrokes, altering system log files, creating a backdoor into the system, and initiating attacks against other computer systems on the network. Rootkits are usually structured into a set of tools that are tuned to exclusively target a specific operating system. The first rootkits were noticed in the early 1990s, and at that time the Linux and Sun operating systems were the main targets. At present, rootkits are available for all possible operating systems, which include the Microsoft Windows platform.

Virus

The virus code is written to convey purpose of replicating itself. It tries to spread and infect computer to other without the permission or knowledge of owner by attaching itself to a host program. It has the capabilities of damaging hardware, software, or data present in computer system. When the host system is executed, the virus code also runs, infecting new hosts and every now and then delivering an additional payload.

If the malicious code appends a copy of itself to a file, boot sector, or document of a disk drive in order to duplicate it is believed a virus. This malicious code may be a copy of original virus or it could be customized version of original virus . As referred previously, a virus will frequently have a payload that it might drop on a local computer, such as a Trojan horse, which will then execute one or more malicious acivities, such as deleting user data. However, a virus that only duplicates itself and has no payload is still a malware problem because the virus itself may damage data, take up system resources, and take more network bandwidth as it replicates.