35
6. Glossary
6.1 Types of infiltrations
An Infiltration is a piece of malicious software trying to enter and/or
damage a user’s computer.
6.1.1
Viruses
A computer virus is an infiltration which corrupts existing files on your
computer. Viruses are named as such after biological viruses, as they
use similar techniques to spread from one computer to another.
Computer viruses attack mainly executable files and documents. To
replicate, a virus attaches its “body“ to the end of a target file. In short,
this is how a computer virus works: after execution of the infected
file, the virus activates itself (before the original application) and
performs its predefined task. Only after that is the original application
allowed to run. A virus cannot infect a computer unless a user (either
accidentally or deliberately) runs or opens the malicious program by
him/herself.
Computer viruses can range in activity and severity. Some of them
are extremely dangerous because of their ability to purposely delete
files from a hard drive. On the other hand, some viruses cause no real
damage – they only serve to annoy the user and demonstrate the
technical skills of their authors.
It is important to note that viruses are (when compared to trojans
or spyware) gradually becoming more of a rarity, since they are not
commercially enticing for authors of malicious software. Also, the
term “virus” is often incorrectly used to cover all types of infiltrations.
At present, this is gradually being overcome and the new, more
accurate term “malware” (malicious software) is used.
If your computer is infected with a virus, it is necessary to restore
infected files to their original state – i.e. to clean them by using an
antivirus program.
Examples of viruses are:
OneHalf, Tenga, and Yankee Doodle.
6.1.2
Worms
A computer worm is a program containing malicious code that
attacks host computers and spreads via a network. The basic
difference between a virus and a worm is that worms have the ability
to replicate and travel by themselves. They are not dependent on host
files (or boot sectors).
Worms proliferate by means of email or network packets. In this
regard, worms can be categorized two ways:
▪
–
distributing themselves to email addresses found in
a user’s contact list and
▪
Network
–
exploiting security vulnerabilities in various
applications.
Worms are therefore much more viable than computer viruses. Due
to the wide availability of the Internet, they can spread across the
globe within hours of their release – in some cases, even in minutes.
This ability to replicate independently and rapidly makes them more
dangerous than other types of malware, such as viruses.
A worm activated in a system can cause a number of inconveniences:
It can delete files, degrade system performance, or even deactivate
some programs. The nature of a computer worm qualifies it as a
“means of transport“ for other types of infiltrations.
If your computer is infected with a computer worm, we recommend
that you delete infected files, because they likely contain malicious
code.
Examples of well‑known worms are:
Lovsan/Blaster, Stration/
Warezov, Bagle, and Netsky.
6.1.3
Trojan horses
Historically, computer trojan horses have been defined as a class of
infiltrations which attempt to present themselves as useful programs,
thus tricking users into letting them run. But it is important to note
that this was true for trojan horses in the past–today, there is no
longer a need for them to disguise themselves. Their sole purpose
is to infiltrate as easily as possible and accomplish their malicious
goals. “Trojan horse” has become a very general term describing any
infiltration not falling under any specific class of infiltration.
Since this is a very broad category, it is often divided into many
subcategories. The most widely known are:
▪
downloader – a malicious program with the ability to download
other infiltrations from the Internet.
▪
dropper – a type of trojan horse designed to drop other types
of malware onto compromised computers.
▪
backdoor – an application which communicates with remote
attackers, allowing them to gain access to a system and to take
control of it.
▪
keylogger – (keystroke logger) – a program which records each
keystroke that a user types and sends the information to remote
attackers.
▪
dialer – dialers are programs designed to connect to premium‑rate
numbers. It is almost impossible for a user to notice that a new
connection was created. Dialers can only cause damage to users
with dial‑up modems, which are no longer regularly used.
Trojan horses usually take the form of executable files with the
extension .exe. If a file on your computer is detected as a trojan horse,
it is advisable to delete it, since it most likely contains malicious code.
Examples of well‑known trojans are:
NetBus, Trojandownloader.
Small.ZL, Slapper
6.1.4
Rootkits
Rootkits are malicious programs that grant Internet attackers
unlimited access to a system, while concealing their presence.
Rootkits, after accessing a system (usually exploiting a system
vulnerability), use functions in the operating system to avoid
detection by antivirus software: they conceal processes, files and
Windows registry data. For this reason, it is almost impossible to
detect them using ordinary testing techniques.
When it comes to rootkit prevention, remember that there are two
levels of detection:
1. When they try to access a system. They are still not present,
and are therefore inactive. Most antivirus systems are able to
eliminate rootkits at this level (assuming that they actually detect
such files as being infected).
2. When they are hidden from the usual testing. Users of the ESET
antivirus system have the advantage of Anti‑Stealth technology,
which is also able to detect and eliminate active rootkits.
6.1.5
Adware
Adware is a short for advertising‑supported software. Programs
displaying advertising material fall under this category. Adware
applications often automatically open a new pop‑up window
containing advertisements in an Internet browser, or change the
browser’s home page. Adware is often bundled with freeware
programs, allowing their creators to cover development costs of their
(usually useful) applications.
Adware itself is not dangerous – users will only be bothered with
advertisements. Its danger lies in the fact that adware may also
