The Essential Guide to Malware

Like hangnails, cracked sidewalks and flat tires, malware is a fact of life. Unfortunately, malware is no longer just a petty annoyance. For a growing number of enterprises, malware has become a major operational and financial burden.

According to a June 2007 survey conducted by technology-research firm Computer Economics Inc. , organizations experience an average of five malware events per year. For organizations with over 5,000 desktop computers, the number climbs to 10 events per year. In 2006, the most recent year for which statistics are available, malware damage cost businesses worldwide $13.3 billion.

Malware is an umbrella term that describes any type of software capable of damaging a computer, network or mobile device , or a tool that's designed to be used to surreptitiously view or steal data from targeted systems.

Malware Threats

Malware takes many different forms. Here are the top offenders:

Viruses: As malicious programs that are buried within an existing program, viruses replicate themselves and spread from machine to machine. Viruses are a top malware headache, generating everything from relatively harmless prank messages to commands that destroy valuable programs and data. A virus may activate immediately or lay dormant for a year or more before attacking its host system.

Worms: Worms and viruses are similar in that they both self replicate. But a worm is designed specifically to spread extremely rapidly and surreptitiously. It can hurt a system by rapid reproduction, sucking up storage and memory resources or network bandwidth. It may also deposit a Trojan horse.

Trojan horses: Like a virus, a Trojan horse is a destructive program that presents itself as a harmless application. Unlike viruses, however, Trojan horses don't replicate themselves. On the other hand, they do perform one or more destructive tasks once activated, such as stealing identity or financial data. A Trojan horse may also be designed to make its host more vulnerable to future attacks or simply activate to destroy hard-drive applications or data. Typically, Trojan horses gain access to systems by masquerading as a useful program or item.

Rootkits: A rootkit is a specialized and particularly dangerous from of malware. Rootkits essentially subvert the core operating system and its loading mechanisms, inserting their own code into the basic core software operating the system. This makes them extremely difficult to detect and eradicate.

Backdoors or Trapdoors: A hidden bypass to a program's security area, a backdoor or trapdoor may be created by a programmer to expedite troubleshooting or for some other innocuous purpose. But once discovered, the technique may be used by an attacker to damage, destroy or steal data. A program with a known backdoor or trapdoor may itself be considered malware.

Spam: Unwanted email , besides being a nuisance, is often used by attackers as a tool for leading unsuspecting recipients to Web sites where viruses, worms, spyware and other types of malware can be installed on their systems.

Spyware: Spyware is software surreptitiously installed on a computer to send information about a user's Web-surfing habits to an external location. Some spyware is relatively innocuous, designed to generate data about shopping, viewing or other habits without revealing the identities of individual users. Malicious spyware, however, may be used to hijack Web browsers in order to change their home pages, receive waves of pop-up ads or ignore user navigation commands.

Botnets: Armies of "zombie" computers infected by a Trojan horse and commanded by an attacker, botnets can be used to launch spam email campaigns, viruses or DDoS (distributed denial of service) attacks on Web sites for either amusement or extortion purposes. Typically, these botnets are built up secretly over several months before being activated.

Malware Protection

Since malware consists of multiple threats, many methods and technologies are employed to safeguard systems. Firewalls , for example, are used to filter out potentially destructive data. Spam filters , spyware blockers , IDSes (Intrusion Detection Systems) and IPSes (Intrusion Prevention Systems) are other popular tools are used to fortify networks and their computers against potentially destructive data. Anti-virus programs , one of the most powerful anti-malware defenses, are designed to protect computers from the threats posed by many common types of malware, including viruses, worms and Trojan horses. Over the past several years, anti-virus software publishers have gradually enhanced their products to provide protection against a growing number of malware threats, such as spam and spyware.

The malware threat has multiplied over the course of many years, and it's highly unlikely that the problem will vanish soon, if ever. It's therefore important for businesses to carefully create an IT defense system that includes tools covering the full spectrum of malware threats.