Malware Descriptions

Definitions of malware categories and descriptions of individual viruses, Trojans, worms and other malicious programs.

Malicious Programs Descriptions

Malicious programs can be divided into the following groups: worms, viruses, Trojans, hacker utilities and other malware. All of these are designed to damage the infected machine or other networked machines.

Network Worms

This category includes programs that propagate via LANs or the Internet with the following objectives:

• Penetrating remote machines
• Launching copies on victim machines
• Spreading further to new machines

Worms use different networking systems to propagate: email, instant messaging, file-sharing (P2P), IRC channels, LANs, WANs and so forth.

Most existing worms spread as files in one form or another - email attachments, in ICQ or IRC messages, links to files stored on infected websites or FTP servers, files accessible via P2P networks and so on.

There are a small number of so-called fileless or packet worms; these spread as network packets and directly penetrate the RAM of the victim machine, where the code is then executed.

Worms use a variety of methods for penetrating victim machines and subsequently executing code, including:

• Social engineering; emails that encourage recipients to open the attachment
• Poorly configured networks; networks that leave local machines open to access from outside the network
• Vulnerabilities in operating systems and applications

Today's malware is often a composite creation: worms now often include Trojan functions or are able to infect exe files on the victim machine. They are no longer pure worms, but blended threats.

Classic Viruses

This class of malicious programs covers programs that spread copies of themselves throughout a single machine in order to:

• Launch and/or execute this code once a user fulfills a designated action
• Penetrate other resources within the victim machine

Unlike worms, viruses do not use network resources to penetrate other machines. Copies of viruses can penetrate other machines only if an infected object is accessed and the code is launched by a user on an uninfected machine.

This can happen in the following ways:

• The virus infects files on a network resource that other users can access
• The virus infects removable storage media which are then attached to a clean machine
• The user attaches an infected file to an email and sends it to a 'healthy' recipient

Viruses are sometimes carried by worms as additional payloads or they can themselves include backdoor or Trojan functionality which destroy data on an infected machine.

Trojan Programs

This class of malware includes a wide variety of programs that perform actions without the user's knowledge or consent: collecting data and sending it to a cyber criminal, destroying or altering data with malicious intent, causing the computer to malfunction, or using a machine's capabilities for malicious or criminal purposes, such as sending spam.

A subset of Trojans damage remote machines or networks without compromising infected machines; these are Trojans that utilize victim machines to participate in a DoS attack on a designated web site.

Hacker Utilities and other malicious programs

This diverse class includes:

• Utilities such as constructors that can be used to create viruses, worms and Trojans
• Program libraries specially developed to be used in creating malware
• Hacker utilities that encrypt infected files to hide them from antivirus software
• Jokes that interfere with normal computer function
• Programs that deliberately misinform users about their actions in the system
• Other programs that are designed to directly or indirectly damage local or networked machines