Malware

or poor design are not classied as malware; for example some legitimate software written before the year 2000
had errors that caused serious malfunctions when the year
changed from 1999 to 2000 - these programs are not considered malware.
Software such as anti-virus, anti-malware, and rewalls
are used by home users and organizations to try to safeguard against malware attacks.[9]
As of 2012 approximately 60 to 70 percent of all active
malware used some kind of click fraud to monetize their
activity.[10]

1 Purposes
Beast, a Windows-based backdoor Trojan horse.
Backdoor 1.89%

Malware, short for malicious software, is any software

used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.[1]
It can appear in the form of executable code, scripts, active content, and other software.[2] 'Malware' is a general
term used to refer to a variety of forms of hostile or intrusive software.[3] The term badware is sometimes used,
and applied to both true (malicious) malware and unintentionally harmful software.[4]

Adware 2.27%

Spyware 0.08%
Others 1.18%

Worms 7.77%

Viruses 16.82%
Trojan horses
69.99%

Malware includes computer viruses, worms, trojan

horses, ransomware, spyware, adware, scareware, and
other malicious programs. As of 2011 the majority of
active malware threats were worms or trojans rather than
viruses.[5] In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S.
states.[6][7] Malware is often disguised as, or embedded
in, non-malicious les.

Malware by categories

March 16, 2011

Malware by categories on 16 March 2011.

Spyware or other malware is sometimes found embedded

in programs supplied ocially by companies, e.g., downloadable from websites, that appear useful or attractive,
but may have, for example, additional hidden tracking
functionality that gathers marketing statistics. An example of such software, which was described as illegitimate,
is the Sony rootkit, a Trojan embedded into CDs sold by
Sony, which silently installed and concealed itself on purchasers computers with the intention of preventing illicit
copying; it also reported on users listening habits, and
created vulnerabilities that were exploited by unrelated
malware.[8]

Many early infectious programs, including the rst Internet Worm, were written as experiments or pranks.
Today, malware is used by both black hat hackers
and governments, to steal personal, nancial, or business information[11][12] and sometimes for sabotage (e.g.,
Stuxnet).

Malware is sometimes used broadly against government

or corporate websites to gather guarded information,[13]
or to disrupt their operation in general. However, malware is often used against individuals to gain information
such as personal identication numbers or details, bank
The term malware only applies to software that intention- or credit card numbers, and passwords. Left unguarded,
ally causes harm. Software that causes harm due to bugs personal and networked computers can be at considerable
1

4 CONCEALMENT: VIRUSES, TROJAN HORSES, ROOTKITS, AND BACKDOORS

risk against these threats. (These are most frequently de- and the Madrid Institute for Advanced Studies published
fended against by various types of rewall, anti-virus soft- an article in Software Development Technologies, examware, and network hardware).[14]
ining how entrepreneurial hackers are helping enable the
Since the rise of widespread broadband Internet ac- spread of malware by oering access to computers for a
cess, malicious software has more frequently been de- price. Microsoft reported in May 2011 that one in every
signed for prot. Since 2003, the majority of widespread 14 downloads from the Internet may now contain malviruses and worms have been designed to take control of ware code. Social media, and Facebook in particular, are
of tactics used to spread malusers computers for illicit purposes.[15] Infected "zombie seeing a rise in the number
ware to computers.[25]
computers" are used to send email spam, to host contraband data such as child pornography,[16] or to en- A 2014 study found that malware was increasingly
gage in distributed denial-of-service attacks as a form of aimed at the ever more popular mobile devices such as
smartphones.[26]
extortion.[17]
Programs designed to monitor users web browsing, display unsolicited advertisements, or redirect aliate marketing revenues are called spyware. Spyware programs 3 Infectious malware: viruses and
do not spread like viruses; instead they are generally inworms
stalled by exploiting security holes. They can also be
packaged together with user-installed software, such as
Main articles: Computer virus and Computer worm
peer-to-peer applications.[18]
Ransomware aects an infected computer in some way,
and demands payment to reverse the damage. For example, programs such as CryptoLocker encrypt les securely, and only decrypt them on payment of a substantial
sum of money.

The best-known types of malware, viruses and worms,

are known for the manner in which they spread, rather
than any specic types of behavior. The term computer
virus is used for a program that embeds itself in some
other executable software (including the operating system itself) on the target system without the users consent and when that is run causes the virus to spread to
2 Proliferation
other executables. On the other hand, a worm is a standalone malware program that actively transmits itself over
Preliminary results from Symantec published in 2008 a network to infect other computers. These denitions
suggested that the release rate of malicious code and lead to the observation that a virus requires the user to
other unwanted programs may be exceeding that of legit- run an infected program or operating system for the virus
imate software applications.[19] According to F-Secure, to spread, whereas a worm spreads itself.[27]
As much malware [was] produced in 2007 as in the previous 20 years altogether.[20] Malwares most common
pathway from criminals to users is through the Internet:
4 Concealment: Viruses, trojan
primarily by e-mail and the World Wide Web.[21]
The prevalence of malware as a vehicle for Internet crime,
along with the challenge of anti-malware software to keep
up with the continuous stream of new malware, has seen
the adoption of a new mindset for individuals and businesses using the Internet. With the amount of malware
currently being distributed, some percentage of computers are currently assumed to be infected. For businesses,
especially those that sell mainly over the Internet, this
means they need to nd a way to operate despite security
concerns. The result is a greater emphasis on back-oce
protection designed to protect against advanced malware
operating on customers computers.[22] A 2013 Webroot
study shows that 64% of companies allow remote access
to servers for 25% to 100% of their workforce and that
companies with more than 25% of their employees accessing servers remotely have higher rates of malware
threats.[23]

horses, rootkits, and backdoors

(These categories are not mutually exclusive.)[28]

4.1 Viruses
Main article: Computer virus

4.2 Trojan horses

For a malicious program to accomplish its goals, it must

be able to run without being detected, shut down, or
deleted. When a malicious program is disguised as something normal or desirable, users may unwittingly install
it. This is the technique of the Trojan horse or trojan.
On 29 March 2010, Symantec Corporation named In broad terms, a Trojan horse is any program that inShaoxing, China, as the worlds malware capital.[24] A vites the user to run it, concealing harmful or malicious
2011 study from the University of California, Berkeley, executable code of any description. The code may take

3
eect immediately and can lead to many undesirable ef- 5 Vulnerability to malware
fects, such as encrypting the users les or downloading
and implementing further malicious functionality.
Main article: Vulnerability (computing)
In the case of some spyware, adware, etc. the supplier
may require the user to acknowledge or accept its installation, describing its behavior in loose terms that may
In this context, and throughout, what is called the
easily be misunderstood or ignored, with the intention of
system under attack may be anything from a sindeceiving the user into installing it without the supplier
gle application, through a complete computer and
technically in breach of the law.
operating system, to a large network.
Various factors make a system more vulnerable to
malware:

4.3

Rootkits

Once a malicious program is installed on a system, it is

essential that it stays concealed, to avoid detection. Software packages known as rootkits allow this concealment,
by modifying the hosts operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process from being visible in the systems list of
processes, or keep its les from being read.[29]
Some malicious programs contain routines to defend
against removal, not merely to hide themselves. An early
example of this behavior is recorded in the Jargon File
tale of a pair of programs infesting a Xerox CP-V time
sharing system:

Each ghost-job would detect the fact that the

other had been killed, and would start a new
copy of the recently-stopped program within a
few milliseconds. The only way to kill both
ghosts was to kill them simultaneously (very
dicult) or to deliberately crash the system.[30]

4.4

Backdoors

5.1 Security defects in software

Malware exploits security defects (security bugs or
vulnerabilities) in the design of the operating system,
in applications (such as browsers, e.g. older versions
of Microsoft Internet Explorer supported by Windows
XP[35] ), or in vulnerable versions of browser plugins such
as Adobe Flash Player, Adobe Acrobat or Reader, or
Java (see Java SE critical security issues).[36][37] Sometimes even installing new versions of such plugins does
not automatically uninstall old versions. Security advisories from plug-in providers announce security-related
updates.[38] Common vulnerabilities are assigned CVE
IDs and listed in the US National Vulnerability Database.
Secunia PSI[39] is an example of software, free for personal use, that will check a PC for vulnerable out-of-date
software, and attempt to update it.
Malware authors target bugs, or loopholes, to exploit.
A common method is exploitation of a buer overrun
vulnerability, where software designed to store data in a
specied region of memory does not prevent more data
than the buer can accommodate being supplied. Malware may provide data that overows the buer, with malicious executable code or data after the end; when this
payload is accessed it does what the attacker, not the legitimate software, determines.

A backdoor is a method of bypassing normal

authentication procedures, usually over a connection to a network such as the Internet. Once a system 5.2 Insecure design or user error
has been compromised, one or more backdoors may
be installed in order to allow access in the future,[31] Early PCs had to be booted from oppy disks; when builtinvisibly to the user.
in hard drives became common the operating system was
The idea has often been suggested that computer man- normally started from them, but it was possible to boot
ufacturers preinstall backdoors on their systems to pro- from another boot device if available, such as a oppy
vide technical support for customers, but this has never disk, CD-ROM, DVD-ROM, or USB ash drive. It was
been reliably veried. It was reported in 2014 that US common to congure the computer to boot from one of
government agencies had been diverting computers pur- these devices when available. Normally none would be
chased by those considered targets to secret workshops available; the user would intentionally insert, say, a CD
where software or hardware permitting remote access by into the optical drive to boot the computer in some special
the agency was installed, considered to be among the way, for example to install an operating system. Even
most productive operations to obtain access to networks without booting, computers can be congured to execute
around the world.[32] Backdoors may be installed by software on some media as soon as they become available,
Trojan horses, worms, implants, or other methods.[33][34] e.g. to autorun a CD or USB device when inserted.

ANTI-MALWARE STRATEGIES

Malicious software distributors would trick the user into 5.4 Use of the same operating system
booting or running from an infected device or medium;
Homogeneity: e.g. when all computers in a network
for example, a virus could make an infected computer add
run the same operating system; upon exploiting one,
autorunnable code to any USB stick plugged into it; anyone worm can exploit them all:[41] For example,
one who then attached the stick to another computer set
Microsoft Windows or Mac OS X have such a large
to autorun from USB would in turn become infected, and
share of the market that concentrating on either
also pass on the infection in the same way.[40] More gencould enable an exploited vulnerability to subvert
erally, any device that plugs into a USB port-"including
a large number of systems. Instead, introducing
gadgets like lights, fans, speakers, toys, even a digital
diversity, purely for the sake of robustness, could
microscopecan be used to spread malware. Devices
increase short-term costs for training and maintecan be infected during manufacturing or supply if quality
nance. However, having a few diverse nodes would
control is inadequate.[40]
deter total shutdown of the network, and allow those
This form of infection can largely be avoided by setting
nodes to help with recovery of the infected nodes.
up computers by default to boot from the internal hard
Such separate, functional redundancy could avoid
drive, if available, and not to autorun from devices.[40]
the cost of a total shutdown.
Intentional booting from another device is always possible
by pressing certain keys during boot.
Older email software would automatically open HTML 6 Anti-malware strategies
email containing potentially malicious JavaScript code;
users may also execute disguised malicious email attachments and infected executable les supplied in other Main article: Antivirus software
ways.
As malware attacks become more frequent, attention has
begun to shift from viruses and spyware protection, to
malware protection, and programs that have been specif5.3 Over-privileged users and over- ically developed to combat malware. (Other prevenprivileged code
tive and recovery measures, such as backup and recovery
methods, are mentioned in the computer virus article).
Main article: principle of least privilege

6.1 Anti-virus and anti-malware software

Over-privileged users: some systems allow all users
to modify their internal structures. This was the
standard operating procedure for early microcomputer and home computer systems, where there was
no distinction between an Administrator or root, and
a regular user of the system. In some systems, nonadministrator users are over-privileged by design, in
the sense that they are allowed to modify internal
structures of the system. In some environments,
users are over-privileged because they have been
inappropriately granted administrator or equivalent
status.

A specic component of the anti-virus and anti-malware

software commonly referred as the on-access or realtime scanner, hooks deep into the operating systems core
or kernel functions in a manner similar to how certain
malware itself would attempt to operate, though with
the users informed permission for protecting the system.
Any time the operating system accesses a le, the onaccess scanner checks if the le is a 'legitimate' le or not.
If the le is considered a malware by the scanner, the access operation will be stopped, the le will be dealt by the
scanner in pre-dened way (how the Anti-virus program
was congured during/post installation) and the user will
be notied. This may considerably slow down the operating system depending on how well the scanner was pro Over-privileged code: some systems allow code exe- grammed. The goal is to stop any operations the malware
cuted by a user to access all rights of that user. Also may attempt on the system before they occur, including
standard operating procedure for early microcom- activities which might exploit bugs or trigger unexpected
puter and home computer systems. Malware, run- operating system behavior.
ning as over-privileged code, can use this privilege
to subvert the system. Almost all currently popular Anti-malware programs can combat malware in two
operating systems, and also many scripting applica- ways:
tions allow code too many privileges, usually in the
1. They can provide real time protection against the insense that when a user executes code, the system allows that code all rights of that user. This makes
stallation of malware software on a computer. This
users vulnerable to malware in the form of e-mail
type of malware protection works the same way as
attachments, which may or may not be disguised.
that of antivirus protection in that the anti-malware

6.2

Website security scans

software scans all incoming network data for mal- is known to be good from schema denitions of the le
ware and blocks any threats it comes across.
(a patent for this approach exists).[50]
2. Anti-malware software programs can be used solely
for detection and removal of malware software that
has already been installed onto a computer. This
type of anti-malware software scans the contents of
the Windows registry, operating system les, and installed programs on a computer and will provide a
list of any threats found, allowing the user to choose
which les to delete or keep, or to compare this list
to a list of known malware components, removing
les that match.

6.2 Website security scans

As malware also harms the compromised websites (by
breaking reputation, blacklisting in search engines, etc.),
some websites oer vulnerability scanning.[51][52][53][54]
Such scans check the website, detect malware, may note
outdated software, and may report known security issues.

6.3 Air gap isolation

Real-time protection from malware works identically to
real-time antivirus protection: the software scans disk
les at download time, and blocks the activity of components known to represent malware. In some cases, it may
also intercept attempts to install start-up items or to modify browser settings. Because many malware components
are installed as a result of browser exploits or user error,
using security software (some of which are anti-malware,
though many are not) to sandbox browsers (essentially
isolate the browser from the computer and hence any malware induced change) can also be eective in helping to
restrict any damage done.
Examples of Microsoft Windows antivirus and antimalware software include the optional Microsoft Security Essentials[42] (for Windows XP, Vista, Windows 7
and Windows 8) for real-time protection, the Windows
Malicious Software Removal Tool[43] (now included with
Windows (Security) Updates on "Patch Tuesday", the
second Tuesday of each month), and Windows Defender
(an optional download in the case of Windows XP).[44]
Additionally, several capable antivirus software programs
are available for free download from the Internet (usually restricted to non-commercial use).[45] Tests found
some free programs to be competitive with commercial
ones.[45] Microsofts System File Checker can be used to
check for and repair corrupted system les.

As a last resort, computers can be protected from malware, and infected computers can be prevented from
disseminating trusted information, by imposing an air
gap (i.e. completely disconnecting them from all networks). However, in December 2013, scientists in Germany demonstrated that even this measure can be defeated.[55]

7 Grayware
See also: Privacy-invasive software
Grayware is a term applied to unwanted applications or
les that are not classied as malware, but can worsen
the performance of computers and may cause security
risks.[56]
It describes applications that behave in an annoying or
undesirable manner, and yet are less serious or troublesome than malware. Grayware encompasses spyware,
adware, fraudulent dialers, joke programs, remote access
tools and other unwanted programs that harm the performance of computers or cause inconvenience. The term
came into use around 2004.[57]

Another term, PUP, which stands for Potentially Unwanted Program (or PUA Potentially Unwanted Application),[58] refers to applications that would be considered unwanted despite often having been downloaded by
the user, possibly after failing to read a download agreement. PUPs include spyware, adware, fraudulent dialers.
Many virus checkers classify unauthorised key generators
Currently, no method is known for detecting hardware as grayware, although they frequently carry true malware
implants.
in addition to their ostensible purpose.
Some viruses disable System Restore and other important Windows tools such as Task Manager and
Command Prompt. Many such viruses can be removed by rebooting the computer, entering Windows
safe mode with networking,[46] and then using system
tools or Microsoft Safety Scanner.[47]

6.1.1

Known good

Typical malware products detect issues based on heuristics or signatures i.e., based on information that can be
assessed to be bad. Some products[48][49] take an alternative approach when scanning documents such as Word
and PDF, by regenerating a new, clean le, based on what

8 History of viruses and worms

Before Internet access became widespread, viruses spread
on personal computers by infecting the executable boot
sectors of oppy disks. By inserting a copy of itself
into the machine code instructions in these executables,

11

a virus causes itself to be run whenever a program is run

or the disk is booted. Early computer viruses were written for the Apple II and Macintosh, but they became more
widespread with the dominance of the IBM PC and MSDOS system. Executable-infecting viruses are dependent
on users exchanging software or boot-able oppies and
thumb drives so they spread rapidly in computer hobbyist
circles.

Comparison of antivirus software

The rst worms, network-borne infectious programs,

originated not on personal computers, but on multitasking Unix systems. The rst well-known worm was the
Internet Worm of 1988, which infected SunOS and VAX
BSD systems. Unlike a virus, this worm did not insert itself into other programs. Instead, it exploited security
holes (vulnerabilities) in network server programs and
started itself running as a separate process. This same
behavior is used by todays worms as well.

Malvertising

With the rise of the Microsoft Windows platform in the

1990s, and the exible macros of its applications, it became possible to write infectious code in the macro language of Microsoft Word and similar programs. These
macro viruses infect documents and templates rather than
applications (executables), but rely on the fact that macros
in a Word document are a form of executable code.
Today, worms are most commonly written for the Windows OS, although a few like Mare-D[59] and the L10n
worm[60] are also written for Linux and Unix systems.
Worms today work in the same basic way as 1988s Internet Worm: they scan the network and use vulnerable
computers to replicate. Because they need no human intervention, worms can spread with incredible speed. The
SQL Slammer infected thousands of computers in a few
minutes in 2003.[61]

Academic research

Main article: Malware research

REFERENCES

Computer insecurity
Cyber spying
Identity theft
Industrial espionage

Riskware
Security in Web applications
Social engineering (security)
Targeted threat
Web server overload causes

11 References
[1] Malware denition. techterms.com. Retrieved 26 August 2013.
[2] An Undirected Attack Against Critical Infrastructure
(PDF). United States Computer Emergency Readiness
Team(Us-cert.gov). Retrieved 28 September 2014.
[3] Dening Malware: FAQ. technet.microsoft.com. Retrieved 10 September 2009.
[4] stop badware Web site: What is badware?
[5] Evolution of Malware-Malware Trends. Microsoft Security Intelligence Report-Featured Articles. Microsoft.com.
Retrieved 28 April 2013.
[6] Virus/Contaminant/Destructive Transmission Statutes
by State. National Conference of State Legislatures.
2012-02-14. Retrieved 26 August 2013.
[7] "18.2-152.4:1 Penalty for Computer Contamination

(PDF). Joint Commission on Technology and Science.

The notion of a self-reproducing computer program can
Retrieved 17 September 2010.
be traced back to initial theories about the operation of
[62]
complex automata. John von Neumann showed that in [8] Russinovich, Mark (2005-10-31). Sony, Rootkits and
theory a program could reproduce itself. This constituted
Digital Rights Management Gone Too Far. Marks Blog.
a plausibility result in computability theory. Fred CoMicrosoft MSDN. Retrieved 2009-07-29.
hen experimented with computer viruses and conrmed
Neumanns postulate and investigated other properties [9] Protect Your Computer from Malware. OnGuardOnline.gov. Retrieved 26 August 2013.
of malware such as detectability, self-obfuscation using
rudimentary encryption, and others. His Doctoral disser- [10] Another way Microsoft is disrupting the malware ecosystation was on the subject of computer viruses.[63]
tem - Microsoft Malware Protection Center - Site Home
- TechNet Blogs

See also

[11] Malware. FEDERAL TRADE COMMISSION- CONSUMER INFORMATION. Retrieved 27 March 2014.

Browser hijacking

[12] Hernandez, Pedro. Microsoft Vows to Combat Government Cyber-Spying. eWeek. Retrieved 15 December
2013.

10

Category:Web security exploits

[13] Kovacs, Eduard. MiniDuke Malware Used Against European Government Organizations. Softpedia. Retrieved 27 February 2013.

[34] Appelbaum, Jacob. Shopping for Spy Gear:Catalog Advertises NSA Toolbox. SPIEGEL. Retrieved 29 December 2013.

[14] South Korea network attack 'a computer virus". BBC.

Retrieved 20 March 2013.

[35] Global Web Browser... Security Trends. Kaspersky lab.

November 2012.

[15] Malware Revolution: A Change in Target. March 2007.

[36] Rashid, Fahmida Y. (27 November 2012). Updated

Browsers Still Vulnerable to Attack if Plugins Are Outdated. pcmag.com.

[16] Child Porn: Malwares Ultimate Evil. November 2009.

[37] Danchev, Dancho (18 August 2011). Kaspersky: 12 different vulnerabilities detected on every PC. pcmag.com.

[17] PC World - Zombie PCs: Silent, Growing Threat.

[18] Peer To Peer Information. NORTH CAROLINA
STATE UNIVERSITY. Retrieved 25 March 2011.

[38] Adobe Security bulletins and advisories. Adobe.com.

Retrieved 19 January 2013.

[19] Symantec Internet Security Threat Report: Trends for

JulyDecember 2007 (Executive Summary)" (PDF) XIII.
Symantec Corp. April 2008. p. 29. Retrieved 11 May
2008.

[39] Rubenking, Neil J. Secunia Personal Software Inspector

3.0 Review & Rating. PCMag.com. Retrieved 19 January 2013.

[20] F-Secure Reports Amount of Malware Grew by 100%

during 2007 (Press release). F-Secure Corporation. 4
December 2007. Retrieved 11 December 2007.

[40] CNet: USB devices spreading viruses - Defense Department suspends use of USB drives as experts warn of USBrelated virus outbreaks, 21 November 2008

[21] F-Secure Quarterly Security Wrap-up for the rst quarter

of 2008. F-Secure. 31 March 2008. Retrieved 25 April
2008.
[22] Continuing Business with Malware Infected Customers.
Gunter Ollmann. October 2008.
[23] New Research Shows Remote Users Expose Companies
to Cybercrime. Webroot. April 2013.
[24] Symantec names Shaoxing, China as worlds malware
capital. Engadget. Retrieved 15 April 2010.
[25] Rooney, Ben (2011-05-23). Malware Is Posing Increasing Danger. Wall Street Journal.

[41] LNCS 3786 - Key Factors Inuencing Worm Infection,

U. Kanlayasiri, 2006, web (PDF): SL40-PDF.
[42] Microsoft Security Essentials. Microsoft. Retrieved 21
June 2012.
[43] Malicious Software Removal Tool. Microsoft. Retrieved 21 June 2012.
[44] Windows Defender. Microsoft. Retrieved 21 June
2012.
[45] Rubenking, Neil J. (8 January 2014). The Best Free Antivirus for 2014. pcmag.com.
[46] How do I remove a computer virus?". Microsoft. Retrieved 26 August 2013.

[26] Suarez-Tangil, Guillermo; Juan E. Tapiador, Pedro PerisLopez, Arturo Ribagorda (2014). Evolution, Detection
and Analysis of Malware in Smart Devices. IEEE Communications Surveys & Tutorials.

[47] Microsoft Safety Scanner. Microsoft. Retrieved 26 August 2013.

[27] computer virus - Encyclopedia Britannica.

nica.com. Retrieved 28 April 2013.

[49] Nexor Merlin. Nexor.

Britan-

[48] Glasswall. Glasswall.

[28] "All about Malware and Information Privacy"

[50] RESISTING THE SPREAD OF UNWANTED CODE

AND DATA. patentdocs.

[29] McDowell, Mindi. Understanding Hidden Threats:

Rootkits and Botnets. US-CERT. Retrieved 6 February
2013.

[51] An example of a website vulnerability scanner. Unmaskparasites.com. Retrieved 19 January 2013.

[30] Catb.org. Catb.org. Retrieved 15 April 2010.

[52] Redlegs File Viewer. Used to check a webpage for

malicious redirects or malicious HTML coding. Awsnap.info. Retrieved 19 January 2013.

[31] Vincentas (11 July 2013).

Malware in SpyWareLoop.com.
Spyware Loop.
Retrieved 28
July 2013.
[32] Sta, SPIEGEL. Inside TAO: Documents Reveal Top
NSA Hacking Unit. SPIEGEL. Retrieved 23 January
2014.
[33] Edwards, John. Top Zombie, Trojan Horse and Bot
Threats. IT Security. Retrieved 25 September 2007.

[53] Example Google.com Safe Browsing Diagnostic page.

Google.com. Retrieved 19 January 2013.
[54] Safe Browsing (Google Online Security Blog)". Retrieved 21 June 2012.
[55] Hanspach, Michael; Goetz, Michael (November 2013).
On Covert Acoustical Mesh Networks in Air. Journal
of Communications. doi:10.12720/jcm.8.11.758-767.

12

[56] Vincentas (11 July 2013).

Grayware in SpyWareLoop.com.
Spyware Loop.
Retrieved 28
July 2013.
[57] Threat Encyclopedia - Generic Grayware. Trend Micro.
Retrieved 27 November 2012.
[58] Rating the best anti-malware solutions. Arstechnica.
Retrieved 28 January 2014.
[59] Nick Farrell (20 February 2006). Linux worm targets
PHP aw. The Register. Retrieved 19 May 2010.
[60] John Leyden (28 March 2001). Highly destructive Linux
worm mutating. The Register. Retrieved 19 May 2010.
[61] Aggressive net bug makes history. BBC News. 3 February 2003. Retrieved 19 May 2010.
[62] John von Neumann, Theory of Self-Reproducing Automata, Part 1: Transcripts of lectures given at the University of Illinois, December 1949, Editor: A. W. Burks,
University of Illinois, USA, 1966.
[63] Fred Cohen, Computer Viruses, PhD Thesis, University
of Southern California, ASP Press, 1988.

12

External links

Malicious Software at DMOZ

Further Reading: Research Papers and Documents
about Malware on IDMARCH (Int. Digital Media
Archive)
Advanced Malware Cleaning - a Microsoft video

EXTERNAL LINKS

13
13.1

Text and image sources, contributors, and licenses

Text

Malware Source: http://en.wikipedia.org/wiki/Malware?oldid=632585655 Contributors: LC, Mav, The Anome, PierreAbbat, Paul, Fubar
Obfusco, Heron, Edward, Michael Hardy, David Martland, Pnm, Liftarn, Wwwwolf, Shoaler, (, CesarB, Ellywa, DavidWBrooks, CatherineMunro, Angela, Darkwind, Ciphergoth, Stefan, Evercat, GCarty, Etaoin, RodC, WhisperToMe, Radiojon, Tpbradbury, Bevo, Spikey,
Khym Chanur, Finlay McWalter, Rossumcapek, Huangdi, Riddley, Donarreiskoer, Pigsonthewing, Fredrik, Vespristiano, JosephBarillari, Postdlf, Rfc1394, KellyCoinGuy, DHN, Mandel, Lzur, David Gerard, Centrx, Fennec, Laudaka, Akadruid, Jtg, CarloZottmann,
Mintleaf, Everyking, Dratman, Mboverload, AlistairMcMillan, Matt Crypto, ChicXulub, Noe, Salasks, Piotrus, Quarl, Rdsmith4, Mikko
Paananen, Kevin B12, Icairns, TonyW, Clemwang, Trafton, D6, Monkeyman, Discospinster, Rich Farmbrough, Guanabot, Vague Rant,
Vsmith, Sperling, Night Gyr, Sc147, JoeSmack, Elwikipedista, Sietse Snel, EurekaLott, One-dimensional Tangent, Xgravity23, Bobo192,
Longhair, Billymac00, Smalljim, Cwolfsheep, KBi, VBGFscJUn3, Visualize, Minghong, Hfguide, Espoo, Alansohn, Mickeyreiss, Tek022,
Patrick Bernier, Arthena, T-1000, !melquiades, JereyAtW, Stephen Turner, Snowolf, Velella, GL, Uucp, Danhash, Evil Monkey, RainbowOfLight, Xixtas, Dtobias, Richard Arthur Norton (1958- ), OwenX, Mindmatrix, Camw, Pol098, Zhen-Xjell, Palica, Allen3, Cuvtixo, Elvey, Chun-hian, Jclemens, Reisio, Dpv, Ketiltrout, Rjwilmsi, Collins.mc, Vary, Bruce1ee, Frenchman113, PrivaSeeCrusade,
Connorhd, Yamamoto Ichiro, Andrzej P. Wozniak, RainR, FlaBot, Fragglet, Chobot, Bornhj, Bdelisle, Cshay, Gwernol, RogerK, Siddhant, YurikBot, Wavelength, RattusMaximus, Aussie Evil, Phantomsteve, Ikester, RussBot, DMahalko, TheDoober, Coyote376, Ptomes,
Wimt, Thane, NawlinWiki, Hm2k, Krystyn Dominik, Trovatore, Cleared as led, Coderzombie, Kingpomba, Ugnius, Amcfreely, Voidxor,
Tony1, Alex43223, FlyingPenguins, Chriscoolc, Bota47, Groink, Yudiweb, User27091, Tigalch, Flipjargendy, Romal, American2, Nikkimaria, Theda, Closedmouth, Abune, PrivaSeeCrusader, GraemeL, Crost, RealityCheck, Jaranda, Allens, Jasn, NeilN, Mhardcastle,
MacsBug, SmackBot, ManaUser, Mmernex, Hal Canary, Hydrogen Iodide, Bigbluesh, WookieInHeat, Stie, KelleyCook, Bobzchemist,
Ericwest, Ccole, Gilliam, Ohnoitsjamie, Skizzik, PJTraill, Larsroe, Appelshine, Father McKenzie, Jopsen, Thumperward, Pylori, Mitko,
Fluri, SalemY, Ikiroid, Whispering, Ted87, Janipewter, Audriusa, Furby100, Berland, JonHarder, Rrburke, DR04, Mr.Z-man, Radagast83, Cybercobra, Warren, HarisM, URLwatcher02, Drphilharmonic, DMacks, Fredgoat, Salamurai, Kajk, Pilotguy, Clicketyclack, Ged
UK, MaliNorway, CFLeon, Howdoesthiswo, Vanished user 9i39j3, Gobonobo, Robosh, Xaldafax, Nagle, Fernando S. Aldado, 16@r,
Andypandy.UK, Slakr, NcSchu, Ehheh, , Vernalex, Dl2000, Andreworkney, Fan-1967, Tomwood0, Iridescent, Dreftymac, NativeForeigner, Mere Mortal, UncleDouggie, Cbrown1023, Jitendrasinghjat, Astral9, Mzub, JForget, DJPhazer, Durito, FleetCommand,
Americasroof, Powerpugg, Wikkid, Hezzy, JohnCD, Kris Schnee, Jesse Viviano, Xxovercastxx, Kejoxen, Augrunt, Nnp, TheBigA, Cydebot, MC10, Besieged, Gogo Dodo, Pascal.Tesson, Medovina, Shirulashem, DumbBOT, Chrislk02, Optimist on the run, Kozuch, Drewjames, Jguard18, Tunheim, Legotech, Thijs!bot, Epbr123, Crockspot, Wikid77, Pstanton, Oldiowl, Technogreek43, Kharitonov, A3RO,
Screen317, James086, SusanLesch, Dawnseeker2000, Escarbot, AntiVandalBot, Widefox, Seaphoto, , SummerPhD, Quintote, Mack2, Golgofrinchian, JAnDbot, Mac Lover, Andonic, Entgroupzd, MSBOT, Geniac, Bongwarrior, VoABot II, Kinston
eagle, Tedickey, Sugarboogy phalanx, Nyttend, Rich257, Alekjds, 28421u2232nfenfcenc, LorenzoB, DerHexer, MKS, Calltech, XandroZ, Gwern, Kiminatheguardian, Atulsnischal, ClubOranje, MartinBot, CliC, Ct280, BetBot, R'n'B, LedgendGamer, J.delanoy, Svetovid, Phoenix1177, Herbythyme, A Nobody, Jaydge, Compman12, Fomalhaut71, Freejason, Demizh, HiLo48, Chiswick Chap, Kraftlos,
Largoplazo, Cometstyles, Tiggerjay, Robert Adrian Dizon, Tiangua1830, Bonadea, Jarry1250, RiseAgainst01, Sacada2, Tfraserteacher,
VolkovBot, Je G., Nburden, Wes Pacek, Philip Trueman, Teacherdude56, TXiKiBoT, Floddinn, Muro de Aguas, Zifert, PoM187, Reibot, Retiono Virginian, Jackfork, LeaveSleaves, Optigan13, Miketsa, BotKung, Wewillmeetagain, Tmalcomv, Blurpeace, RandomXYZb,
Digita, LittleBenW, Logan, Fredtheyingfrog, Adaviel, Copana2002, Tom NM, Nubiatech, LarsHolmberg, Sephiroth storm, Yintan, Calabraxthis, Xelgen, Arda Xi, Happysailor, Flyer22, Jojalozzo, Nnkx00, Nosferatus2007, Evaluist, Miniapolis, Lightmouse, Helikophis,
Correogsk, Stieg, Samker, Jacob.jose, BfMGH, Dabomb87, Ratemonth, Martarius, ClueBot, Muhammadsb1, NickCT, Vtor Cassol, The
Thing That Should Not Be, VsBot, Lawrence Cohen, Wysprgr2005, Frmorrison, Jwihbey, Sam Barsoom, Ottava Rima, Paulcmnt, Excirial, Jusdafax, Dcampbell30, Rhododendrites, Ejsilver26, WalterGR, Maniago, Jaizovic, Dekisugi, Xme, DanielPharos, Versus22, Johnuniq, Rossen4, DumZiBoT, Darkicebot, XLinkBot, BodhisattvaBot, DaL33T, Avoided, Sogle, Mifter, Noctibus, CalumH93, Kei Jo,
Addbot, Xp54321, Cxz111, Arcolz, Mortense, A.qarta, Otisjimmy1, Crazysane, TutterMouse, Ashton1983, CanadianLinuxUser, Leszek
Jaczuk, T38291, Noozgroop, CactusWriter, MrOllie, Download, LaaknorBot, Glane23, Ld100, AndersBot, Jasper Deng, Tassedethe,
Evildeathmath, Tide rolls, Teles, Gail, Jarble, Quantumobserver, Crt, Legobot, , Publicly Visible, Luckas-bot, Yobot,
Philmikeyz, WikiDan61, Tohd8BohaithuGh1, Ptbotgourou, Fraggle81, Evans1982, Gjohnson9894, Dmarquard, AnomieBOT, DemocraticLuntz, Rubinbot, Roman candles, IRP, Galoubet, RandomAct, Materialscientist, CoMePrAdZ, Crimsonmargarine, Frankenpuppy,
ArthurBot, Quebec99, Cameron Scott, Xqbot, TheAMmollusc, Mgaskins1207, Capricorn42, 12056, Avastik, Christopher Forster, Masonaxcte, S0aasdf2sf, Almabot, GrouchoBot, Monaarora84, Shirik, RibotBOT, PM800, Dougofborg, Luminique, Afromayun, Fingerz,
FrescoBot, Vikasahil, Mitravaruna, Wikipe-tan, Sky Attacker, PickingGold12, Wouldshed, TurningWork, Jonathansuh, Romangralewicz,
HamburgerRadio, Citation bot 1, SL93, Uberian22, Bobmack89x, Pinethicket, Idemnow, Vicenarian, Rameshngbot, RedBot, Overkill82,
Chan mike, Fumitol, Graham france, Javanx3d, FoxBot, Tgv8925, TobeBot, SchreyP, FFM784, Jesus Presley, Thestraycat57, Neutronrocks, Techienow, Lotje, Wikipandaeng, Dinamik-bot, Vrenator, Mirko051, Aoidh, KP000, Simonkramer, Tbhotch, Lord of the Pit,
DARTH SIDIOUS 2, Whisky drinker, Moshe1962, RjwilmsiBot, Colindier, Panda Madrid, Thunder238, Salvio giuliano, Enauspeaker,
EmausBot, John of Reading, WikitanvirBot, The Mysterious El Willstro, Porque123, Elison2007, SocialAlex, Connoe, AvicBot, Bollyje,
Dgd, Azuris, H3llBot, EneMsty12, Simorjay, Paramecium13, Tyuioop, Tolly4bolly, Cit helper, Coasterlover1994, Techpraveen, Shrigley,
Capnjim123, Ankitcktd, Ego White Tray, Mv Cristi, Pastore Italy, Corb555, Mark Martinec, ClueBot NG, Cwmhiraeth, Rich Smith, PizzaMuncherMan, Lzeltser, PwnFlakes, Matthiaspaul, MelbourneStar, Satellizer, Piast93, Steve dexon, MarsTheGrayAdept, Mesoderm, Widr,
Brandobraganza, Rubybarett, Calabe1992, BG19bot, Krenair, Harmonicsonic, Vagobot, Sailing to Byzantium, Maln98, PatrickCarbone,
Hopsmatch, MusikAnimal, Mark Arsten, Michael Barera, JZCL, 220 of Borg, BattyBot, JC.Torpey, Spazz rabbit, Cimorcus, Zhaofeng Li,
MahdiBot, Paully72, BYagour, Verzer, Antonio.chuh, ChrisGualtieri, Tech77, Hassim1983, Hnetsec, JYBot, Ghostman1947, Toeepot,
EagerToddler39, Dexbot, FTLK, Joshy5.crane, Dothack111, Skullmak, Webbanana1, Rajalakshmi S Kothandaraman, Salwanmohsen,
Lugia2453, Himanshu Jha 07, Frosty, SirkusSystems, Sourov0000, Corn cheese, Palmbeachguy, Gtangil, Dr Dinosaur IV, JimsWorld,
Flashgamer001, Camayoc, Msumedh, Kap 7, Nonsenseferret, Bio pox, Madsteve 9, Kogmaw, Tankman98, Olivernina, ExtraBart, 38zu.cn,
Mooman4158, DavidLeighEllis, Warl0ck, Ugog Nizdast, Melody Lavender, Swiftsectioner, Ginsuloft, Chris231989, Wi router rootkits, Ban embedded cpus for networks, JohnMadden2009, Someone not using his real name, Wi wiretapping, BornFearz, Dannyruthe,
Ajitkumar.pu, JaconaFrere, Vandraag, SnoozeKing, Newlywoos, Gatundr Burkllg, Alan24308, Worzzy, Lucius.the, MLP Eclipse, Stevebrown164, Andrdema, A4frees, 1anamada, AnastasiiaGS, Maxwell Verbeek, Shovelhead54, Spamero, Friendshipbracelet and Anonymous:
812

10

13

13.2

TEXT AND IMAGE SOURCES, CONTRIBUTORS, AND LICENSES

Images

File:Beast_RAT_client.jpg Source: http://upload.wikimedia.org/wikipedia/commons/9/9a/Beast_RAT_client.jpg License: Public domain Contributors: Own work Original artist: V.H.
File:Computer-aj_aj_ashton_01.svg Source: http://upload.wikimedia.org/wikipedia/commons/c/c1/Computer-aj_aj_ashton_01.svg
License: CC0 Contributors: ? Original artist: ?
File:Crystal_Clear_app_browser.png Source: http://upload.wikimedia.org/wikipedia/commons/f/fe/Crystal_Clear_app_browser.png
License: LGPL Contributors: All Crystal icons were posted by the author as LGPL on kde-look Original artist: Everaldo Coelho and
YellowIcon
File:Malware_statics_2011-03-16-en.svg
Source:
http://upload.wikimedia.org/wikipedia/commons/e/ec/Malware_statics_
2011-03-16-en.svg License: CC-BY-SA-3.0-2.5-2.0-1.0 Contributors:
Malware_statics_2011-03-16-es.svg Original artist: Malware_statics_2011-03-16-es.svg: Kizar
File:Monitor_padlock.svg Source: http://upload.wikimedia.org/wikipedia/commons/7/73/Monitor_padlock.svg License: CC-BY-SA3.0 Contributors: Transferred from en.wikipedia; transferred to Commons by User:Logan using CommonsHelper.
Original artist: Lunarbunny (talk). Original uploader was Lunarbunny at en.wikipedia
File:Question_book-new.svg Source: http://upload.wikimedia.org/wikipedia/en/9/99/Question_book-new.svg License: ? Contributors:
Created from scratch in Adobe Illustrator. Based on Image:Question book.png created by User:Equazcion Original artist:
Tkgd2007
File:Wiktionary-logo-en.svg Source: http://upload.wikimedia.org/wikipedia/commons/f/f8/Wiktionary-logo-en.svg License: Public domain Contributors: Vector version of Image:Wiktionary-logo-en.png. Original artist: Vectorized by Fvasconcellos (talk contribs), based
on original logo tossed together by Brion Vibber

13.3

Content license

Creative Commons Attribution-Share Alike 3.0