Saturday, July 3, 2010

Life Cycle of a Malware.

Well. Almost everyone reading this article knows about Computer Viruses. Though its nothing new to us, This article is an attempt to give bit detailed information on this and the Life-Cycle of a Computer Worm ..Life cycle of a computer Virus or Malware is no different from that of a Biological Virus.

Here We go!!

A malware is a program that performs unexpected or unauthorized, but always malicious, actions. It is a general term used to refer to viruses, Trojans, and worms. Malware, depending on their type, may or may not include replicating and non-replicating malicious code.

Due to the many facets of malicious code or a malicious program, referring to it as malware helps to avoid confusion. For example, a virus that also has Trojan-like capabilities may be called malware.

Hence, now we will see what exactly are the difference between a Virus, Trojan and a Malware.

What is a virus?

A computer virus is a program – a piece of executable code – that has the unique ability to replicate. Like biological viruses, computer viruses can spread quickly and are often difficult to eradicate. They can attach themselves to just about any type of executable file and are spread as files that are copied and sent from individual to individual.
In addition to replication, some computer viruses share another commonality:
a damage routine that delivers the virus payload. While payloads may only display messages or images, they can also destroy files, reformat your hard drive, or cause other damage. If the virus does not contain a damage routine, it can cause trouble by consuming storage space and memory, and degrading the overall performance of your computer.

What is a Trojan?

A Trojan is a Back-door entry malware that performs a malicious action, but has no replication abilities. Coined from Greek mythology's Trojan horse ( Do you remember that Hollywood flick Troy ?? J ), a Trojan may arrive as a seemingly harmless file or application, but actually has some hidden malicious intent within its code.
Trojan malware usually have a payload. When a Trojan is executed, you may experience unwanted system problems in operation, and sometimes loss of valuable data. Good example is key loggers and Once your computer is compromised with the keyloggers every key stroke on your computer will be logged and the detailed information of whatever you typed (like password) will be stored in the local drive for future access of the intruder or it will be logged and sent to the intruder on the remote location via e-mail .

What is a worm?

A computer worm is a self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems. The propagation usually takes place via network connections or email attachments.
More recent worms have also discovered ways to propagate using Instant Messengers, via file sharing applications, and by collaborating with other malware such as Trojans or other worm variants.
WORM_BAGLE.BE, for example, forms a vicious worm-Trojan cycle with TROJ_BAGLE.BE, in which the worm mass-mails copies of the Trojan, and the Trojan downloads copies of the worm.
Some worms may have an additional payload, such as preventing a user from accessing antivirus Web sites, or stealing the licenses of installed games and applications.

Now let us talk about the Evolution and the Life-cycle of a virus. It includes 5 Phases .

Phase 1 : Creation : To create a Computer Virus/Malware on needs to have the knowledge of coding .Now days , Any one with the basic knowledge of Coding and access to the internet( where you will get plenty of self- tutorial websites teaches how to write a virus )can create a virus.

Phase 2 : Replication and Propagation

Not all the malwares have this Replication and Propagation capabilities .Trojans can be only downloaded from the link or by installing masked application pretending to be the genuine .

While Virus can replicate via E-mails ,IMs or with network shares and some of these has the ability to automated self-replication within a system or network.

Phase 3: Execution

Most malware perform their malicious activities upon execution like opening a unknown .exe file . Some have certain payloads that are activated only at a certain trigger date, or with the onset of a specific trigger condition

Phase 4: Discovery

This phase does not always follow activation, but typically does. When a malware is detected and isolated across the world , it is sent to the ICSA in Washington, D.C., to be documented and distributed to antivirus software developers. Vendors like Symantec or MacAfee or developer’s will create signatures or DAT files based on the pattern of the malware and will be released to the public use with their respective AV products .

Phase 5:Assimilation

At this point, antivirus software developers modify their software so that it can detect the new malware. This can take anywhere from one day to six months, depending on the developer and the malware type.

Phase 6 : Eradication

With the latest up –to-date AV programs on end user machine is the best way to eradicate majority of the Major Malware or Viruses .

Preventive measures;

Proactive or preventive measures are as follow but not only limited to these ;

Make sure you have a very powerful Anti-Virus Software (McAfee Symantec or Trend Micro) running on your system and is up to date with the latest virus definition files .

Make Sure not to visit untrusted websites or download untrusted files from the internet .

Make sure not to open any e-mail attachment from any unknown source.



1.


No comments: