22
6. Glossary
6.1 Types of infiltrations
An Infiltration is a piece of malicious software trying to
enter and/or damage a user’s computer.
6.1.1 Viruses
A computer virus is an infiltration that corrupts
existing files on your computer. Viruses are named
after biological viruses, because they use similar
techniques to spread from one computer to another.
Computer viruses mainly attack executable files,
scripts and documents. To replicate, a virus attaches
its “body“ to the end of a target file. In short, this is
how a computer virus works: after execution of the
infected file, the virus activates itself (before the
original application) and performs its predefined task.
Only after that is the original application allowed to
run. A virus cannot infect a computer unless a user,
either accidentally or deliberately, runs or opens the
malicious program.
Computer viruses can range in purpose and severity.
Some of them are extremely dangerous because of
their ability to purposely delete files from a hard drive.
On the other hand, some viruses do not cause any
damage – they only serve to annoy the user and
demonstrate the technical skills of their authors.
It is important to note that viruses (when compared to
trojans or spyware) are increasingly rare because they
are not commercially enticing for malicious software
authors. Additionally, the term “virus” is often used
incorrectly to cover all types of infiltrations. This usage
is gradually being overcome and replaced by the new,
more accurate term “malware” (malicious software).
If your computer is infected with a virus, it is necessary
to restore infected files to their original state – i.e., to
clean them by using an antivirus program.
Examples of viruses are:
OneHalf
,
Tenga
and
Yankee
Doodle
.
6.1.2 Worms
A computer worm is a program containing malicious
code that attacks host computers and spreads via a
network. The basic difference between a virus and a
worm is that worms have the ability to replicate and
travel by themselves – they are not dependent on host
files (or boot sectors). Worms spread through email
addresses in your contact list or exploit security
vulnerabilities in network applications.
Worms are therefore much more viable than computer
viruses. Due to the wide availability of the Internet,
they can spread across the globe within hours of their
release – in some cases, even in minutes. This ability to
replicate independently and rapidly makes them more
dangerous than other types of malware.
A worm activated in a system can cause a number of
inconveniences: It can delete files, degrade system
performance, or even deactivate programs. The nature
of a computer worm qualifies it as a “means of
transport“ for other types of infiltrations.
If your computer is infected with a worm, we
recommend you delete the infected files because they
likely contain malicious code.
Examples of well-known worms are:
Lovsan/Blaster
,
Stration/Warezov
,
Bagle
and
Netsky
.
6.1.3 Trojan horses
Historically, computer trojan horses have been defined
as a class of infiltrations which attempt to present
themselves as useful programs, tricking users into
letting them run. Today, there is no longer a need for
trojan horses to disguise themselves. Their sole
purpose is to infiltrate as easily as possible and
accomplish their malicious goals. “Trojan horse” has
become a very general term describing any infiltration
not falling under any specific class of infiltration.
Since this is a very broad category, it is often divided
into many subcategories:
Downloader – A malicious program with the ability
to download other infiltrations from the Internet.
Dropper – A type of trojan horse designed to drop
other types of malware onto compromised
computers.
Backdoor – An application which communicates
with remote attackers, allowing them to gain access
to a system and to take control of it.
Keylogger – (keystroke logger) – A program which
records each keystroke that a user types and sends
the information to remote attackers.
Dialer – Dialers are programs designed to connect to
premium-rate numbers. It is almost impossible for a
user to notice that a new connection was created.
Dialers can only cause damage to users with dial-up
modems, which are no longer regularly used.
Trojan horses usually take the form of executable
files. If a file on your computer is detected as a trojan
horse, we recommend deleting it, since it most likely
contains malicious code.
Examples of well-known trojans are:
NetBus
,
Trojandownloader.Small.ZL
,
Slapper
.