Malware Definition

Malware is any software that is developed for the purpose of doing harm to computers or via computers.

Malware can be classified in several ways, including on the basis of how it is spread, how it is executed and/or what it does. The main types of malware include worms, viruses, trojans, backdoors, spyware, rootkits and spam.

Worms and viruses are computer programs that replicate themselves without human intervention. The difference is that a virus attaches itself to, and becomes part of, another executable (i.e., runnable) program, whereas a worm is self-contained and does not need to be part of another program to replicate itself. Also, while viruses are designed to cause problems on a local system and are passed through boot sectors of disks and through e-mail attachments and other files, worms are designed to thrive in a network environment. Once a worm is executed, it actively seeks other computers, rather than just parts of systems, into which to make copies of itself.

A trojan, or trojan horse, is software that is disguised as a legitimate program in order to entice users to download and install it. In contrast to worms and viruses, trojans are not directly self-replicating. They can be designed to do various harmful things, including corrupt files (often in subtle ways), erase data and install other types of malware.

A backdoor (usually written as a single word) is any hidden method for obtaining remote access to a computer or other system. Backdoors typically work by allowing someone or something with knowledge of them to use special password(s) and/or other actions to bypass the normal authentication (e.g., user name and password) procedure on a remote machine (i.e., a computer located elsewhere on the Internet or other network) to gain access to the all-powerful root (i.e., administrative) account. Backdoors are designed to remain hidden to even careful inspection.

Spyware is software that in installed in a computer for the purpose of covertly gathering information about the computer, its users and/or or other computers on the network to which it is connected. The types of information gathered typically are user names and passwords, web browsing habits, financial data (e.g., bank account and credit card numbers) or trade secrets. A common application of spyware is to provide pop-up advertisements that are targeted at individual users based on their web surfing habits.

A rootkit is software that is secretly inserted into a computer and which allows an intruder to gain access to the root account and thereby be able to control the computer at will. Rootkits frequently include functions to hide the traces of their penetration, such as by deleting log entries. They typically include backdoors so that the intruder can easily gain access again at a later date, for example, in order to attack other systems at specific times.

Spam is unwanted e-mail which is sent out in large volume. Although people receiving a few pieces of spam per day might not think that it is anything to be too concerned about, it is a major problem for several reasons, including the facts that its huge volume (perhaps half or more of all e-mail) places a great load on the entire e-mail system, it often contains other types of malware and much of its content is fraudulent. Organizations typically have to devote considerable resources to attempting to filter out and delete spam while not losing legitimate e-mail, thereby distracting them from their primary tasks.

There are several basic reasons that malware are created. They include a feeling of accomplishment or a desire to show off one's technical skills, the desire to do harm, and a profit motive. The profit motive is probably the most important by far, as there can be huge financial rewards from such activities, mainly for criminal gangs and, to a lesser extent, for the computer experts that they hire to assist with such activities.

The damage caused by malware can be very great. For example, it can lead to the unavailability of computers and networks until they are repaired, and such repair can be expensive. It can also result in the destruction or theft of confidential data as well as the theft of funds. In addition, it can result in the temporary loss of use or damage to other equipment which is dependent on computers.

Similar damage can result from poorly written software1, which, like malware, is extremely common. Although the distinction between the two at times can be subtle, in general the difference is that malware is created entirely or mainly for the purpose of doing harm or otherwise benefiting its creator at the expense of others, whereas the desire to do harm is not the main purpose of poorly written software2.

There are a number of steps that computer users can take to minimize the chances of becoming infected by malware. They include using relatively secure software, providing physical security for computers and networks, enforcing the use of strong passwords, employing firewalls, using malware detection programs, avoiding opening e-mail attachments of unknown origin, avoiding the downloading of dubious programs and avoiding use of the root account except when absolutely necessary.

Some types of operating systems and application programs are much more resistant to malware than others, particularly Linux and other Unix-like operating systems. This is largely because they have been designed from the ground up with security as a primary goal3, rather than having attempts at creating security added on later as an afterthought.

It is also due to the fact that malware designed to attack such systems is relatively uncommon. One reason for this is that the number of computers using such operating systems is still in the minority, thus providing a smaller (and thus a less enticing) target. Another reason is that because such systems are far more resistant to malware, it is thus much more difficult to create malware that can successfully attack them.

1The continuous existence of numerous and serious security holes and other defects in some of the most popular commercial software might, in fact, do as much, or even more, damage to the economy as malware. No reliable data is available, although the cost of each is clearly in the multiple billions of dollars per year, according to most industry sources. One reason for the lack of reliable data is that many victims, including large corporations, are reluctant to reveal the existence or extent of damage. Another is the difficulty in determining how to allocate the damage between malware and poorly written software, as the two are often intimately related.

2There has been much speculation as to why security remains such a big problem for some of the most widely used commercial software. The most likely explanation is that there is no strong incentive to improve it. This may be in part because a full-scale cleanup would be very costly, as much of the software is extremely large and complex. But also to be kept in mind is the fact that the computer security business, including the sale of security-related software (e.g., anti-virus programs), the use of security consultants, and the sale of new, supposedly more secure versions of defective software, are very large and profitable businesses.

3Among the various ways in which this is accomplished is through the use of a fine-grained system of ownership and permissions for each file, directory and other object on the system, thereby giving an added layer of protection to critical system files. Another is by making the source code freely available on the Internet for programmers from around the world to inspect for possible security holes and other problems, rather than attempting (often unsuccessfully) to keep the code secret.

Created February 5, 2006.
Copyright © 2006 The Linux Information Project. All Rights Reserved.