Malware

[1][2][3][4][5] Researchers tend to classify malware into one or more sub-types (i.e. computer viruses, worms, Trojan horses, logic bombs, ransomware, spyware, adware, rogue software, wipers and keyloggers).

[8] Cybercrime, which includes malware attacks as well as other crimes committed by computer, was predicted to cost the world economy US$6 trillion in 2021, and is increasing at a rate of 15% per year.

Fred Cohen experimented with computer viruses and confirmed Neumann's postulate and investigated other properties of malware such as detectability and self-obfuscation using rudimentary encryption.

[13] Before Internet access became widespread, viruses spread on personal computers by infecting executable programs or boot sectors of floppy disks.

Early computer viruses were written for the Apple II and Mac, but they became more widespread with the dominance of the IBM PC and MS-DOS.

For example, a virus could make an infected computer add autorunnable code to any USB stick plugged into it.

[22][23] Today, any device that plugs into a USB port – even lights, fans, speakers, toys, or peripherals such as a digital microscope – can be used to spread malware.

[24] Infected "zombie computers" can be used to send email spam, to host contraband data such as child pornography,[25] or to engage in distributed denial-of-service attacks as a form of extortion.

Software packages known as rootkits allow this concealment, by modifying the host's operating system so that the malware is hidden from the user.

[37]A backdoor is a broad term for a computer program that allows an attacker persistent unauthorised remote access to a victim's machine often without their knowledge.

The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified.

[40][41] A Trojan horse misrepresents itself to masquerade as a regular, benign program or utility in order to persuade a victim to install it.

Although their payload can be anything, many modern forms act as a backdoor, contacting a controller (phoning home) which can then have unauthorized access to the affected computer, potentially installing additional software such as a keylogger to steal confidential information, cryptomining software or adware to generate revenue to the operator of the trojan.

[44] While Trojan horses and backdoors are not easily detectable by themselves, computers may appear to run slower, emit more heat or fan noise due to heavy processor or network usage, as may occur when cryptomining software is installed.

[47] Droppers are a sub-type of Trojans that solely aim to deliver malware upon the system that they infect with the desire to subvert detection through stealth and a light payload.

A loader or stager will merely load an extension of the malware (for example a collection of malicious functions through reflective dynamic link library injection) into memory.

[54] Grayware is any unwanted application or file that can worsen the performance of computers and may cause security risks but which there is insufficient consensus or data to classify them as malware.

[32] Types of greyware typically includes spyware, adware, fraudulent dialers, joke programs ("jokeware") and remote access tools.

[38] For example, at one point, Sony BMG compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying.

Many security products classify unauthorised key generators as PUPs, although they frequently carry true malware in addition to their ostensible purpose.

[58] Programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues are called spyware.

[59] The Sony BMG rootkit was intended to prevent illicit copying; but also reported on users' listening habits, and unintentionally created extra security vulnerabilities.

Because this approach is not useful for malware that has not yet been studied, antivirus software can use dynamic analysis to monitor how the program runs on a computer and block it if it performs unexpected activity.

[57] The most commonly employed anti-detection technique involves encrypting the malware payload in order to prevent antivirus software from recognizing the signature.

[68] Malware can exploit security defects (security bugs or vulnerabilities) in the operating system, applications (such as browsers, e.g. older versions of Microsoft Internet Explorer supported by Windows XP[69]), or in vulnerable versions of browser plugins such as Adobe Flash Player, Adobe Acrobat or Reader, or Java SE.

Tools like Secunia PSI,[73] free for personal use, can scan a computer for outdated software with known vulnerabilities and attempt to update them.

[85][86][87] Typically, antivirus software can combat malware in the following ways: A specific component of anti-malware software, commonly referred to as an on-access or real-time scanner, hooks deep into the operating system's core or kernel and functions in a manner similar to how certain malware itself would attempt to operate, though with the user's informed permission for protecting the system.

It helps protect against malware, zero-day exploits, and unintentional data leaks by trapping potentially harmful code within the sandbox.

However, malware can still cross the air gap in some situations, not least due to the need to introduce software into the air-gapped network and can damage the availability or integrity of assets thereon.

AirHopper,[93] BitWhisper,[94] GSMem[95] and Fansmitter[96] are four techniques introduced by researchers that can leak data from air-gapped computers using electromagnetic, thermal and acoustic emissions.

Output of the MS-DOS "Kuku" virus
Hex dump of the Blaster worm , showing a message left for Microsoft co-founder Bill Gates by the worm's programmer
vectorial version
vectorial version