30 March 2007


Malware includes all of the various nasty programs and code that internet security is designed to resist. Specifically, it includes viruses, trojan horses, spambots, spyware, and worms. I've included a brief list of malware varieties and added to it when possible. The superscript "T" links to the TechEncyclopedia entry on the subject; "W" links to the related Wikipedia entry.

AdwareT W: any program that runs advertising from the user's browser, whether installed with the user's permission or not.

BotT W: from "robot"; a computer program that does the same then endlessly, such as send spam e-mails (spambots). Bots are a common type of virus or worm payload.

DNS hijackingT: an especially advanced form of malicious internet crime in which the perpetrator creates a website that resembles another, legitimate business website (or pharm), and then causes browsers directed to that site to mimic the URL of the legitimate site. This is an especially frightening technology because it's very difficult for even a savvy computer user to notice the scam.

Mark: the target of a scam, ex ante; a mark has not necessarily been victimized, and may possess the combination of luck, specialized knowledge, mistrust, and common sense to escape the scam. See definition 2.e.2 of the Merriam-Webster dictionary.

PayloadT W: the thing carried by a virus, trojan horse, or a worm. In addition to replicating itself, the malware tends to carry some code that does something destructive once it has infected a host.

Pharm[ing]T W: a website designed to mimic or duplicate as much as possible a legitimate website. Fairly easy to do; one can merely copy the source of a page, plus its stylesheet, and create pseudo-domains like "", so that a visitor is suitably impressed. Pharms are used to "harvest" identity data about victims who visit and are deceived into thinking that it's the legitimate site. Especially sophisticated pharming schemes incorporate DNS hacking, in which the URL displayed is that of the legitimate site.

Phish[ing]T W: this works a lot like fishing; the perpetrator sets a trap, like a fishing lure, whose purpose is to retrieve the victim's identity information. The most familiar phishing campaign involves the "Spanish Prisoner" or "419 Hoax." The great majority of phishing scams appear to warn the mark of some account irregularity, such as with her Washington Mutual checking account, or eBay account, PayPal account, Amazon, etc. There is a high probability that the mark doesn't have any such account, but the phisher sends an immense number of e-mails so that someone is likely to be deceived ("Only Washington Mutual would know I have a checking account with Washington Mutual").

SpambotsT W: a very common form of virus or worm payload. As the name suggests, it's a program that transmits spam using the infected computer. It may also leave spam "comments" on blogs.

Spanish PrisonerW: also known as the "Advanced fee scam" or "419 Scam" (so-called from a section of the Nigerian criminal code that pertains to such scams). The 419 Hoax appears as an e-mail purporting to be from the relative of some terrible person, such as General Sani Abacha or Jean-Bidel Bokassa, who is trying to smuggle a vast sum of money out of the country illegally. For this reason, the mark is urged to be discreet and trusting towards one he imagines to be a partner in the scam. He is told he must supply a fee to help carry out the job, in return for which he will be awarded with a large share of the spoils. Oddly, the 419 scams of today are distinuguished for the historical sophistication of their backstories.

SpywareT W: records the keystrokes and mouse clicks of a computer user, then transmits these to the perpetrator in order to steal the victim's identity. Sometimes spyware "announces" that it is spyware. The license agreement that everyone accepts without reading may actually state that the browser is installing spyware. For example, it might say that the program performs anonymous profiling, which means that the user's habits are being recorded. Such software is used to create marketing profiles.

Trojan horsesT W: this is a form of malware that is designed to defeat computer security by posing as a legitimate site. One strategy involves a hoax, in which victims log into a bogus site cleverly disguised to resemble a legitimate e-commerce site. These are very frequently abetted by a concomitant phishing campaign. A common scheme is to send the intended victim ("mark") an e-mail announcing that she has a problem with her eBay account, and a hotlink to a website where she can log in and correct the problem. Needless to say, the link goes to a domain controlled by the perpetrator, and when the user logs into what she thinks is her eBay account, the website collects the username and password.

Another approach is for the perpetrator to write code that provides access to the harddrive of a victim's computer whenever the victim's computer accesses the internet (a "backdoor"). This allows the perpetrator to use the infected computer as a "bot," or malware host, that attacks other computers. In this way, the perpetrator can easily protect his identity. The computer user installs the code thinking it is freeware; or, else, the OS may be prompted to automatically install the program before the user knows what is happening.

As a general rule, trojan horses of this variety are attacked when visiting porn sites because the latter require bandwidth, and the webmaster uses the porn to lure visitors. Pornography is a seedy business, of course, and visitors are ashamed of their vice. So they are easy targets.

VirusT W: a virus is a malicious piece of code transmitted either through a circulating disk or else through downloaded files from the internet. Initially, computer viruses were similar to biological viruses; the malicious code had to upload itself from the perpetrator's disk to a public computer, like those at a library or copy shop; and it had to copy itself from the infected computer to any disk unfortunate enough to be inserted into that computer's floppy disk drive.

In order to replicate itself (and do whatever damage the virus was intended to do, beyond replicating itself), the virus has to be attached to an executable file; as such it must be camouflaged as a legitimate program. Because of program uploading rules for different operating systems, the Windows and DOS variants are massively more vulnerable to all forms of malware than Mac OS and others.

Viruses occasionally were formed with criminal or vandalizing intent. The Stoned Virus, which I recall suffering in 1995, was a fairly inoffensive virus that merely urged me to legalize marijuana whenever I booted up my ancient PC. More recently, the Samy Virus was the fastest-spreading virus to date; it infected MySpace profiles. The Michaelangelo Virus was fairly nasty, but that was in 1992. For the most part, viruses are relatively minor threats and greatly outclassed by other forms of malware.

WormsT W: often confused with viruses; worms, like viruses, are self-replicating computer programs. Originally, viruses were likely to be spread by swapping disks, while worms were spread by networks.

ZombieT W: typically, the "payload" of a worm or other form of malware.. A zombie is designed to provide access to the hard drive of an infected computer by transmitting network access information to the perpetrator's computer. This turns the victim's computer into a captive server, and unwilling accomplice to the perpetrator. The linked Wikipedia entry refers to such a computer.

SOURCES & ADDITIONAL READING: the superscript "T" links to the TechEncyclopedia entry on the subject; "W" links to the related Wikipedia entry. Internet Fraud Watch; Data Wales, "The Internet Fraud Advisory"—list of common internet frauds; FBI site on online scams;

Symantec, "What is the difference between viruses, worms, and Trojans?"; ComputerWorld, "Spam, Malware, and Vulnerabilities Top Stories";

Labels: ,


Post a Comment

<< Home