Malware (a portmanteau of "malicious software") is software program designed to fulfill any purpose contrary to the interests of the person running it. Examples of malware include viruses and trojan horses.

Malware can be classified based on how it is executed, how it spreads, and/or what it does. The classification is not perfect, however, in the sense that the groups often overlap and the difference is not always obvious, giving rise to frequent flame wars.

Classes of malicious software

Two common types of malware are viruses and worms. These types of programs have in common that they are both able to self-replicate; they can spread (possibly modified) copies of themselves. Not every program that copies itself is a virus or worm; for instance, backup software may copy itself to other media as part of a system backup. To be classified as a virus or worm, at least some of these copies have to be able to replicate themselves too, such that the virus or worm can propagate itself. The difference between a virus and a worm is that a worm operates more or less independently of other files, whereas a virus depends on hosts to spread itself.

Virus

Viruses have used many sorts of hosts. When computer viruses first originated, common targets were executable files that are part of application programs and the boot sectors of floppy disks. More recently, most viruses have embedded themselves in e-mail as Email attachments, depending on a curious user opening the viral attachment. In the case of executable files, the infection routine of the virus arranges that when the host code is executed, the viral code gets executed as well. Normally, the host program keeps functioning after it is infected by the virus. Some viruses overwrite other programs with copies of themselves which destroys them altogether. Viruses can spread across computers when the software or document they've attached themselves to is transferred from one computer to the other.

Worms

Computer worms are similar to viruses but are stand-alone software and thus do not require host files (or other types of host code) to spread themselves. They do modify their host operating system, however, at least to the extent that they are started as part of the boot process. To spread, worms either exploit some vulnerability of the target system or use some kind of social engineering to trick users into executing them.

Wabbit

A third, uncommon, type of self-replicating malware is the wabbit. Unlike viruses, wabbits do not infect host programs or documents. Unlike worms, wabbits do not use network functionality in order to spread to other computers. An example of a simple wabbit is a fork bomb.

Trojan

A trojan horse program is a harmful piece of software that is disguised as legitimate software. Trojan horses cannot replicate themselves, in contrast to viruses or worms. A trojan horse can be deliberately attached to otherwise useful software by a programmer, or it can be spread by tricking users into believing that it is useful. To complicate matters, some trojan horses can spread or activate other malware, such as viruses. These programs are called 'droppers'. A common aftermath is the Trojan attracting a large amount of adware/spyware, causing lots of popups and web browser instability.

Backdoor

A backdoor is a piece of software that allows access to the computer system bypassing the normal authentication procedures. Based on how they work and spread, there are two groups of backdoors. The first group works much like a Trojan, i.e., they are manually inserted into another piece of software, executed via their host software and spread by their host software being installed. The second group works more like a worm in that they get executed as part of the boot process and are usually spread by worms carrying them as their payload. The term Ratware has arisen to describe backdoor malware that turns computers into zombies for sending spam. The installed software can also be used for anonymizing traffic, brute force cracking of passwords and encryptions, and distributed denial of service attacks (DDOS).

Spyware

Spyware is a piece of software that collects and sends information (such as browsing patterns in the more benign cases or credit card numbers in more malicious cases) about users or, more precisely, the results of their computer activity, typically without explicit notification. They usually work and spread like Trojan horses. The category of spyware is sometimes taken to include adware of the less-forthcoming sort.

Exploit

An exploit is a piece of software that attacks a particular security vulnerability. Exploits are not necessarily malicious in intent — they are often devised by security researchers as a way of demonstrating that a vulnerability exists. However, they are a common component of malicious programs such as network worms.

Rootkit

A rootkit is software inserted onto a computer system after an attacker has gained control of the system. Rootkits often include functions to hide the traces of the attack, as by deleting log entries or cloaking the attacker's processes. Rootkits may also include backdoors, allowing the attacker to easily regain access later; or exploit software to attack other systems. Because they often hook into the operating system at the kernel level to hide their presence rootkits can be very hard to detect. The consensus of computer security experts is that if your system has been compromised by a rootkit you should wipe your hard drives and reinstall the operating system since you can never know if you have successfully removed all traces of the rootkit.

Key Logger

A keylogger is software that copies a computer user's keystrokes to a file, which it may send to a hacker at a later time. Often the keylogger will only "awaken" when a computer user connects to a secure website, such as a bank. It then logs the keystrokes, which may include account numbers, PIN's and passwords, before they are encrypted by the secure website.

Dialers

A dialer is a program that either replaces the phone number in a modem's dial-up connection with a long-distance number, often out of the country, in order to run up phone charges on pay-per-dial numbers, or dials out at night to send keylogger or other information to a hacker.

URL injection

This software modifies the browser's behavior with respect to some- or all domains. It modifies the url submitted to the server to profit from a given affiliate scheme by the content provider of the given domain. This is often transparent to the user. The author profits at the expense of the user -- often surreptitiously. The Mozilla Firefox BetterSearch extension is one such example as its affiliate "feature" is oft unknown to the user. Moreover the user has no option to disable that aspect.

Overuse of the term "virus"

Because viruses were historically the first to appear, the term "virus" is often applied, especially in the popular media, to all sorts of malware. Modern anti-viral software strengthen this broader sense of the term as their operation is never limited to viruses.

Malware should not be confused with defective software, that is, software which is intended for a legitimate purpose but has errors or bugs.

External links

• Malware: what it is and how to prevent it
• Magoo's Guide to Eliminating Spyware — Infomation on how to get rid of spyware and keep it from coming back
• Antisource.com - Malware Analysis
• CastleCops Free support in computer malware removal.
• Spyware Warrior - Free resources and help for removing all types of Malware
• "Ten steps to Malware prevention" - Systematic tutorials on Spyware removal and prevention.
• Computer Tech Support — Free online knowledge base for everything from hardware problems to virus fixes.da:Malware

de:Malware es:Malware fr:Logiciel malveillant ko:악성코드 it:Malware nl:Malware ja:マルウェア pl:Malware fi:Haittaohjelma sv:Malware vi:Phần mềm ác tính