How can you identify the type and location of the malware in an infected computer?
by: John Patrick T. Panizales
Malware
Short for malicious software. It is an umbrella term for all malicious programs designed to compromise computer functions, steal sensitive data, bypass access controls—its goal is to cause some form of problem or cause harm to the host computer.
Different types of malware exist. Each having their own method used to propagate throughout computer systems. It is important to understand each type of malware in order for a person to generate possible solutions to get around the problem.
Listed below are some of the most common types of malware:
- Viruses
This is the most common type of malware and is usually misused interchangeably with the term malware. Viruses usually do their job by occupying hard disk space, using up too much of the cpu processing time or corrupting data leaving the infected computer utterly useless. They can also be used to steal information, steal money and many more.
Viruses usually hide themselves among other files and can spread by replicating themselves once the infected file is executed. They are usually spread through script files, documents, and cross-site scripting vulnerabilities in web apps. So, the way to stay clear firm virus is to avoid downloading suspicious programs, avoid opening emails from an unknown source, avoid recklessly clicking links and to be wary of some advertisements as they may trigger the virus, if it contains any, once clicked.
2. Trojan Horse
Instead of hiding inside other files, trojan horses disguise themselves as legitimate programs and when installed in a system,the attacker can now have remote access to the computer and can carry out exploitations such as making the system vulnerable to other types of malware or steal sensitive data. Therefore, to be free from Trojan horses one must be wary of the programs they download from the internet.
3. Spyware
A type of malware attackers use to monitor the victim's’ computer activity. Spywares usually bundle themselves with other malware, such as trojan horses. They can also invade a computer through the internet, either by the click of a link or opening up an infected e-mail. If one suspects that his/her computer has been infected, a person may double check the list of programs installed on the computer and verify whether you have voluntarily installed the program or not. If one sees a suspicious program, uninstall the program and run a trusted anti-virus software to check if there are other remaining files. Sometimes spyware programs also go by disguised file names, try to look for odd looking files, verify and then remove the file from the system.
4. Adware
Software used to display advertisements. Usually not harmful, however it can be defined as a malware if it cause inconvenience to the user, or by exposing the victim to ads with malware content. Adwares are usually bundled along other programs.
5. Rootkits
This type of malware, when downloaded, usually embeds itself deep into the system. Like any other malware, rootkits do any unwanted activity like steal information or modify system settings. Detection for this type of malware is usually difficult and requires manual methods of removal and detection like observing computer behavior and performing a system analysis. Ways of avoiding being infected from rootkits is to regularly install security patches, updating virus definitions, avoiding suspicious downloads and performing static analysis scans.
6. Worms
Worms spread through computer networks by exploiting network vulnerabilities. They cause harm by over consuming bandwidth and overloading web servers.Some worms also carry with them pieces of code(called payloads) that execute tasks beyond the purpose of replicating the worm. They differ from viruses, since they are able to replicate without human help, unlike viruses which require being executed to propagate.
Malicious software often find their homes along a writeable areas in victim’s system. the Application Data, Local, Roaming and Temp directories typically are the target locations while less common locations can include the temporary Internet cache directories, file download locations, shared user locations, and the root level of system drives or program file directories.
The most common of which is the user’s home directory. Within a user's homepath, the Application Data, Local, Roaming and Temp directories typically are the usual targets and less common locations can include the temporary Internet cache directories, file download locations, shared user locations, and the root level of system drives or program file directories.
To conclude, if a person detects that something is off from their system, they can try to observe what is going on. Based on the definitions of the different types of malware given, one can identify the type of malware that has infected the system. Once determined, a person can run a trusted anti-virus software or manually locate malicious software on the locations stated above.
Sources:
http://www.malicious-streams.com/resources/articles/DGMW1_Suspicious_FS_Geography.html
Comments
Post a Comment