Malware, a short for malicious software, is a software designed to infiltrate or damage a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
Many computer users are unfamiliar with the term, and often use “computer virus” for all types of malware, including true viruses. Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software.
In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several American states, including California and West Virginia. Malware is not the same as defective software, that is, software which has a legitimate purpose but contains harmful bugs. Preliminary results from Symantec sensors published in 2008 suggested that “the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.”
According to F-Secure, “As much malware (was) produced in 2007 as in the previous 20 years altogether.”
What is its purpose?
Many early infectious programs, including the first Internet Worm and a number of MS-DOS viruses, were written as experiments or pranks generally intended to be harmless or merely annoying rather than to cause serious damage to computers. In some cases the perpetrator did not realize how much harm their creations could do. Young programmers learning about viruses and the techniques used to write them only to prove that they could or to see how far it could spread.
As late as 1999, widespread viruses such as the Melissa virus appear to have been written chiefly as pranks.
Hostile intent related to vandalism can be found in programs designed to cause harm or data loss. Many DOS viruses, and the Windows ExploreZip worm, were designed to destroy files on a hard disk, or to corrupt the file system by writing junk data. Network-borne worms such as the 2001 Code Red worm or the Ramen worm fall into the same category. Designed to vandalize web pages, these worms may seem like the online equivalent to graffiti tagging, with the author’s alias or affinity group appearing everywhere the worm goes. However, since the rise of widespread broadband Internet access, malicious software has come to be designed for a profit motive, either more or less legal (forced advertising) or criminal.
Another strictly for-profit category of malware has emerged in spyware — programs designed to monitor users’ web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator. Spyware programs do not spread like viruses; they are generally installed by exploiting security holes or are packaged with user-installed software, such as peer-to-peer applications. It is not uncommon for spyware and advertising programs to install so many processes that the infected machine becomes unusable, defeating the intention of the attack.
The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any other particular behavior. The term computer virus is used for a program which has infected some executable software and which causes that software, when run, to spread the virus to other executable software. Viruses may also contain a payload which performs other actions, often malicious. A worm, on the other hand, is a program which actively transmits itself over a network to infect other computers. It too may carry a payload. These definitions lead to the observation that a virus requires user intervention to spread, whereas a worm spreads automatically.
Some writers in the trade and popular press appear to misunderstand this distinction, and use the terms interchangeably.
How to counter such attacks?
As malware attacks become more frequent, attention has begun to shift from viruses and spyware protection, to malware protection, and programs have been developed to specifically combat them.
Lavasoft’s Ad-Aware SE and “Spybot – Search & Destroy” are examples of freeware program originally created to combat spyware and adware, but which also protects against some malware, viruses, and worms. Malwarebytes’ Anti-Malware is a shareware more focused on trojans, browser hijackers, and other malware, and which consequently roots out many kinds of malware that most other defensive programs won’t find. Anti-malware programs can combat malware in two ways:
1. They can provide real time protection against the installation of malware software on your computer. This type of spyware protection works the same way as that of anti-virus protection in that the anti-malware software scans all incoming network data for malware software and blocks any threats it comes across.
2. Anti-malware software programs can be used solely for detection and removal of malware software that has already been installed onto your computer. This type of malware protection is normally much easier to use and more popular. This type of anti-malware software scans the contents of the windows registry, operating system files, and installed programs on your computer and will provide a list of any threats found, allowing you to choose what you want to delete and what you want to keep, or compare this list to a list of known malware components, removing files which match.
Real-time protection from malware works identically to real-time anti-virus protection: the software scans disk files at download time, and blocks the activity of components known to represent malware.