Monday, July 13, 2009

How does Malware work?

How does Malware work?


Malware can attack multiple ways. The technology (spyware, trojan, rootkit) and the attack vector (fake software, e-mail attachments, direct hacking) has remained the same.

It's the intent that is different, malware always has some type of fraud behind the purpose of distribution.

Some examples of how malware works


Trojan Horse

You download a cool calculator program and install it. The calculator works fine. In a few days you start to have problems with your computer and when you search on the internet you start to get annoying pop-ups. Then you start to get popups at random when you are not searching the internet. The malicious pop-up program was most likely hidden away inside the calculator program. The installation also may have implanted itself inside programs that already existed on your computer. This makes it difficult to remove.


Rootkit in e-mail attachment
Your friend sends you a funny video, when you double click on it you get a security warning, but you want to see it so you click OK to get past the warning. However nothing happened, you think nothing of it..maybe it was a bad copy.
Later you talk to your friend however he says he didn't send you a video. Something did happen in the background when you clicked on the video, malware was installed. There is no way to know the intent behind it. You may not notice anything, your computer could be used as a bot net drone to attack web sites or other computers.

Spyware in "drive by download"

You click on a link in search results and immediately get pop-ups. You close the pages but get weird errors. You think nothing harmful could have come of it, you simply "drove by" the website. You didn't install anything. However your computer had a software flaw that let the website install spyware without your permission. You didn't get a warning because it was a flaw in the programming of the web browser. You now have spyware resident on your system. What you type in web forms, login pages, chat and what sites you visit could all be sent to the hacker's website.

No comments: