What is a Malicious program?

Malicious programs can be divided into the following groups: worms, viruses, trojans, hacker utilities and other malware. All of these are designed to damage the infected machine or other networked machines.

Network Worms

This category includes programs that propagate via LANs or the Internet with the following objectives:

  • Penetrating remote machines.
  • Launching copies on victim machines.
  • Spreading further to new machines.

Worms use different networking systems to propagate: email, instant messaging, file-sharing (P2P), IRC channels, LANs, WANs and so forth.

Most existing worms spread as files in one form or another: e-mail attachments, in ICQ or IRC messages, links to files stored on infected websites or FTP servers, files accessible via P2P networks and so on.

There are a small number of so-called fileless or packet worms; these spread as network packets and directly penetrate the RAM of the victim machine, where the code is then executed.

Worms use a variety of methods for penetrating victim machines and subsequently executing code, including:

  • Social engineering; emails that encourage recipients to open the attachment.
  • Poorly configured networks; networks that leave local machines open to access from outside the network.
  • Vulnerabilities in operating systems and applications.

Today's malware is often a composite creation: worms now often include Trojan functions or are able to infect exe files on the victim machine. They are no longer pure worms, but blended threats.

Classic Viruses

A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. A virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.

Viruses spread copies of themselves in order to:

  • Launch and/or execute code once a user fulfills a designated action.
  • Penetrate other resources within the victim's machine.

Unlike worms, viruses do not use network resources to penetrate other machines. Copies of viruses can penetrate other machines only if an infected object is accessed and the code is launched by a user on an uninfected machine. This can happen in the following ways:

  • The virus infects files on a network resource that other users can access.
  • The virus infects removable storage media which are then attached to a clean machine.
  • The user attaches an infected file to an email and sends it to a 'healthy' recipient.

Viruses are sometimes carried by worms as additional payloads or they can themselves include backdoor or Trojan functionality which destroy data on an infected machine.

Trojan Programs

This class of malware includes a wide variety of programs that perform actions without the user's knowledge or consent: collecting data and sending it to a cyber criminal, destroying or altering data with malicious intent, causing the computer to malfunction, or using a machine's capabilities for malicious or criminal purposes, such as sending spam.

A subset of Trojans damage remote machines or networks without compromising infected machines; these are Trojans that utilize victim machines to participate in a Denial of Service "DoS" attack on a designated web site.

Hacker Utilities and other malicious programs

This diverse class includes:

  • Utilities such as constructors that can be used to create viruses, worms and Trojans.
  • Program libraries specially developed to be used in creating malware.
  • Hacker utilities that encrypt infected files to hide them from antivirus software.
  • Jokes that interfere with normal computer function.
  • Programs that deliberately misinform users about their actions in the system.
  • Other programs that are designed to directly or indirectly damage local or networked machines.