|
MALICIOUS
PROGRAMS
According
to Standler [
http://www.rbs2.com/ccrime.htm#anchor222222 ], any computer program
or code that is designed to do harm than good can be termed a:
TAXONOMY OF MALICIOUS PROGRAMS OR
CODES
They do this by
destroying, consuming valuable resources, exposing, creating or installing
vulnerabilities in a computing system. These Malicious Computer Programs as seen
in the above diagram are divided into the following classes:
|
MALICIOUS PROGRAMS |
EXPLANATION |
DEPENDENT PROGRAMS
|
|
TRAPDOOR |
This is a secret
(or simply undocumented) entry point into the host program. It is used by
developers to test and debug their programs by allowing remote or direct
management of the program. Some trapdoors are used for malicious intentions
[Stallings, 2001]. |
|
TROJAN HORSE |
This seems to be an
apparently useful program containing hidden codes which when it is invoked
performs harmful actions such as deleting a user’s files and destroying data.
Like the Greek mythology’s Trojan Horse, it deceives individuals into
believing that it is un-harmful when it is the opposite. It allows an
unauthorised user to accomplish tasks indirectly that it could not normally
accomplish
[Stallings,
2001]. |
|
LOGIC BOMBS |
One of the oldest types of
program. It embeds its code into legitimate programs and then like a bomb,
executes – explodes – when certain conditions are met. These condition can be
either an absence or deletion of a certain file/s and a special day, time and
so on. The Time bomb is the logic bomb that reacts based on time and date. |
|
VIRUS |
Viruses reproduce by
attaching copies of themselves to existing programs. The new copy of the
virus is executed when a user executes the new host program It will only cause
harm after it has infected an executable file and the executable file is run.
Viruses can do anything that the host program can these include destroying,
modifying files, and exposing or creating vulnerabilities. The main difference
between the virus and the host however is that the virus implements an
infection mechanism [2001,
http://www.cs.colorado.edu/~carzanig/edu/csci7000-001/csci7000-001-f01-19.pdf
] |
Back to top
INDEPENDENT PROGRAMS
|
|
WORMS |
Worms is a full-featured program unlike a virus. The worm
can copy itself; a virus however needs another program to start copying. It is
unlike a Trojan horse in that it does not pretend to be something else. Just
like an earthworm it finds its way around the network by exploiting
vulnerabilities which allows it to create copies of itself on remote machines.
A true worm neither deletes nor changes files on a computer — all it does is
to simply make multiple copies of itself and send these copies from the
computer. What happens then is that it clogs disk drives with an aim to
exhaust memory and clogs the Internet with multiple copies of the worm. This
thus causes the legitimate traffic of the internet to slow from the traffic of
the increased copies of the worm [http://freebooks.by.ru/view/LinuxNetworkSolution/31620133.htm]. |
|
BACTERIA/
RABBIT |
Bacteria like worms are
self-replicating programs and do not need a host program to execute. Bacteria
usually execute as separate threads/processes on multi-threaded systems; by
forking off new copies the result is that they consume all the systems
resources. They do not explicitly damage files but just replicate themselves
which then leads to them taking up processor, memory and disk capacity
[2001,
http://www.cs.colorado.edu/~carzanig/edu/csci7000-001/csci7000-001-f01-19.pdf
] |
Back to top
This page was
developed by Keisha McKenzie, a member of the KRaM team
|
