Main

8. Malware

2 min read

Definitions and importance

Malicious software or malware is any program intentionally designed to infiltrate, damage or exfiltrate data from computers without the user’s informed consent. Understanding malware is crucial because it underpins many attacks on confidentiality, integrity and availability in real-world systems.

Classification and types

Malware can be grouped both by how it spreads and by what it does once inside:

  • Parasitic code (for example virus) injects itself into existing host programs or documents.
  • Self-contained programs (worms, bots, trojans) run independently
  • Some malware replicates (virus, worms), while others do not (trojans, many spam-delivered payloads)

Infection and propagation

Computers become infected through several mechanisms:

  • Infection of existing content, such as inserting malicious code into binaries or macros.
  • Exploitation of software vulnerabilities, where worms scan for unpatched systems and propagate automatically.
  • Social engineering, tricking users into running trojans or opening phishing attachments that bypass security controls.

Payloads and damage

Once on a system, malware executes actions allowed by the compromised account’s privileges. Common payloads include:

  • Data theft, sending person or corporate data to remote servers.
  • File corruption or destruction.
  • Ransomware, encrypting files or shares and demanding payment for keys.
  • Keylogging or espionage, silently capturing credentials and activity

Detection and defence approaches

Detecting malware is challenging due to its volume (thousands of new variants daily) and obfuscation techniques. Antivirus and endpoint defences have evolved in three generations:

  1. Signature-based (static) scanners match known byte patterns. effective only against previously identified samples.
  2. Heuristic (static) scanners apply rules to detect likely malware structure or code constructs.
  3. Behavioral (dynamic) “activity traps” monitor a program’s actions at runtime, flagging anomalous behavior rather static patterns.
    Because no single technique is foolproof, modern defences layer signature, heuristic and behavior-based tools alongside firewalls, intrusion-prevention systems and strict access controls.

Typical exam questions

Focus on:

  • Defining malware clearly distinguishing it from benign software
  • Explaining classification by replication and host dependency with examples.
  • Describing infection vectors (content infection, vulnerability exploitation, social engineering).
  • Outlining payload types and linking each to the CIA triad.
  • Summarizing the three generations of antivirus technology and why each emerged.

Zuletzt bearbeitete Seiten

Graphansicht

Backlinks