What is spyware a form of malicious software that infects your computer and asks for money?

Handling Malware

Malware infecting a database server can be a serious problem. The result may be loss of data, loss of access to the database, or loss of control of the database server’s hardware. Protection against malware is typically provided by “virus protection” software running on firewalls and the servers themselves.

Most current virus protection software handles worms, Trojan horses, and bots, as well as viruses. The most important thing to keep in mind, however, is that there is an ever-escalating battle between those who write malware and those who produce the virus protection software. As soon as a new threat is identified, the software developers rush to add the new malware to their protection database; the malware producers then write new malware that is typically more powerful and sophisticated than previous releases. You can never be completely safe from malware because there is always a lag, however short, between the detection of a new piece of malware and the updating of virus protection software to handle that malware. The best you can do is to update the database that accompanies your virus protection software regularly.

Spyware

Spyware is a type of malware used to spy on user activity on a computer. Spyware will gather information on users’ habits such as browsed Web sites, accessed applications, and downloaded programs. This information is then sent to an attacker, so he or she knows what attacks can be perpetrated on a system. Spyware can have even more direct effects, like stealing of passwords and credit card information. This type of information can lead to direct financial benefits for an attacker. Spyware is generally not self-proliferating. It is not spread from infected system to infected system. Usually, spyware is downloaded from a Web site or server that the user believes contains beneficial software. In fact, many times, spyware will be bundled in a download with some sort of legitimate software.

Malware

Malware is a category name to define software that causes problems. This can include viruses, adware, and spyware. Malware can degrade system performance, expose confidential information, distribute spam, etc. Specific types of malware include:

Macro viruses. Viruses that use commands (macros) in application files (e.g., Excel and Word) to replicate themselves and do damage.

Worms. Self-contained programs that replicate themselves usually via the network or e-mail attachments.

Adware. Software that installs itself on a workstation for the purpose of displaying ads to the user. Users often unknowingly install adware when they download applications from the Web.

Spyware. Software that monitors a user's activity, often to collect account numbers, passwords, etc. Spyware often works in tandem with adware as the ads shown may be related to the activity detected by the spyware. Like adware, spyware is also frequently installed by the user unknowingly when downloading applications from the Web.

Trojan horses. Programs that appear to be legitimate, but in fact are malicious.

Backdoor Trojans: Trojan horse programs that allow a hacker to control your computer remotely.

Page Hijackers: Akin to the purposes of adware, they covertly redirect browsers to specific web pages.

Rootkits: A set of modifications to the operating system that is designed primarily to hide malicious activity. Because the rootkit software essentially resides in a modification of the operating system, it's extremely difficult to detect, and it also continually checks on itself to see that the compromised files are still compromised and reinfects as needed. In addition to being very difficult to detect, they're equally hard to remove.

Key loggers: Small applications that reside on a computer to record key strokes. These are used to capture passwords and confidential information (e.g., credit card numbers).

Of particular concern with malware is what is known as a Zero-Day attack, which is malicious code that takes advantage of a security vulnerability before there's a fix for it. In some cases, the malicious code is released even before there is public knowledge of the vulnerability.

Publisher Summary

Malware comes in numerous shapes, sizes, and purposes ranging from viruses, to spyware, to bots. There really are two different types of malware. Malware can either be infectious or concealing malware. Infectious malware is malware that spreads—software that will replicate itself from one user to the next. There are two primary items that are considered infectious malware, which include viruses—software that has infected some executable and causes the executable, when run, to spread the virus to other executable software, and worms—software that infects a computer, and then spreads to other computers. The concealment software includes Trojan Horses, rootkits, backdoors, and keylogger. Cross-site scripting (XSS) is an attack that forces a user's Web browser to execute an attacker's code. The steps followed by an attacker for a basic XSS attack include that an attacker finds an XSS hole in Site A and leaves it there for the victim. Another step is that a victim visits Site A with the XSS. Site A sends many requests through the victim's browser to Site B via a META refresh to hide the referrer without his knowledge. Next step, eventually the victim finds a hole, which is then sent to Site C without the victim's knowledge. Another step is that the victim sends successful attempts to hack Site B to Site C, where they are logged. Last step, the Webmaster of Site B becomes aware of the attacks on their Web site.

Malware

Malicious software (shortened to malware) is any software that causes damage or lost resources when used on any system it is purposely or inadvertently installed on. In this attack we are concerned with downloading malware specifically designed to alter the system in some way, usually via scripts from a web page visited by a client user. A typical scenario would involve, a malicious web page hosts some sort of malware and uses mass emailing, spam, social engineering or any other method to invite the user to download and execute the malware. A common example of such a technique is to use video codec that contains embedded malware, when the victim visits the site they are informed that downloading the codec is a requirement to view the material (Adult Pornography sites are a common delivery mechanism). Once the victim downloads and installs the malware, the attacker has gained control of the system. Drive-by-download versions of this attack do not even require the user to manually install anything as the malware is automatically downloaded and installed on a user’s system without their knowledge. These attacks usually trigger having a user merely visit a web page.

Keyloggers

A keylogger is a code that is installed by malware and sets on a device that has keyboard input (like a PC) and records keystrokes. The hope of the keylogger is that it will capture user login credentials, credit card number, government ID numbers, which can later be sold or used. Keylogger can be deployed by botnets, or themselves be deployed. Variants of keyloggers will look at other inputs and records. For example, variant code may listen to your built-in microphone or record video from the integrated camera (or just take periodic snapshots).

Malware Activity Reports

These reports summarize various malicious software activities and events likely related to malicious software.

Malware

Malware is a malicious piece of computer code or application that can damage your computer, your network, and your data. Malware is the means by which a computer is infected by a virus. Malware is software designed for the sole purpose of transmitting a virus to a computer system. The malware can be transmitted in a number of ways, including by e-mail with an attachment or through the user clicking on a malicious link. In such cases, the download of the malware is often the result of social engineering on the part of the person spreading the virus. Although we will address social engineering in more depth in chapter 6, the answer to protecting your business interests is ensuring that your company has written policies regulating such actions and that your employees are properly trained on a regular basis.

Malware

Malware can traverse and infect any device, regardless of make, model and version. Whether it be a network switch, email server, client desktop, or mobile phone, any device that uses software can be susceptible to malware. In Chapter 10 we will cover in depth coverage of malware and ways to protect against it, however the best way to protect yourself from malware attacks on mobile devices is to treat those devices identically to their desktop counterparts. You need to harden your operating system settings, keep the system patched and up to date and beware what you do on it, download and install on it and what networks you connect to.

8 Classes of Mobile Malware

Malware that attacks mobile devices is of different types and categories. It is also different in its severity and the damage that it causes. In this section we discuss the most well-known classes of malware that threaten mobile devices [35]:

Botnet: This kind of malware attacks the device by a remote user or a bot-master using a set of commands to make a bot control the device remotely. The constructed network of such devices is called a botnet. The resulting damage is on a different level compared with sending private information to a remote server, launching DoS attacks, or downloading malicious payloads [8].

Backdoor: A backdoor opens on the compromised device, causing it to wait for commands to arrive from an external server or an SMS message. This malware can exploit the root to obtain superuser privileges and avoid antimalware scanners [8].

Rootkit: This malware creates buffer overflow to obtain superuser (root) privileges on the device [35].

Worms: A worm is malware that has the ability to make copies of itself and spread these copies through a network and removable media [8].

SMS Trojan: This malware causes serious damage to the user by: (1) sending stealthy SMS messages without the user's knowledge, making the user subscribe to some premium services; (2) sending spam messages to all of the user's contacts; or (3) obtaining an authentication mechanism for some banking institutions by sending SMS messages to permit unfavorable transactions or banking Trojans [8,35].

Spyware: This kind of malware starts by pretending to be a benign or useful app, but it has an internal malicious activity [8]. It is characterized by revealing sensitive information from the phone and sending it to an external server. This sensitive information could be the International Mobile Equipment Identity or International Mobile Subscriber Identity, contacts, messages, location, or social network credentials [35].

Installer: This kind of malware installs apps using new authorizations to boost damage to the phone [35].

Ransomware: A kind of malware that blocks the user from accessing the phone by continuously displaying a Web page requesting the user to pay a certain amount of money (ransom) to remove the malware from the device. Another example of this malware is encryption of whole personal data on the phone and the request for a ransom to retrieve the decryption key [35].

Trojan: This kind of malware could be any malware that has behavior different from the previous classes. This kind could modify or remove data from the phone without the owner's consent or it could infect any computer when the phone is connected via a universal serial bus [35].