DIFFERENT MALWARE

A.ADWARE
or advertising-supported software, is any software package that automatically renders
advertisements in order to generate revenue for its author. The advertisements may be in the user
interface of the software or on a screen presented to the user during the installation process.
Adware is the name given to programs that are designed to display advertisements on your
computer, redirect your search requests to advertising websites and collect marketing-type data
about you for example, the types of websites that you visit so that customised adverts can be
displayed.

B. BEHAVIOR AND FUNCTION

advertising pertinent to the types of goods The functions may be designed to analyze which
Internet sites the user visits and to present or services featured there.

C.WAYS TO AVOID
How to Avoid Spyware and Adware
A lot of unwelcome software ends up on your computer in part because of something you did or
did not do. Here's how to avoid unwanted spyware or adware:
Be selective about what you download to your computer. Make sure you really need a
program before downloading it. And if you've never heard of the software maker, read its
website carefully to learn more about the people behind the technology, as well as the
technology itself. Also, watch out for ActiveX, which is a common tool for installing spyware
without your knowledge or consent. You can turn off ActiveX via your browser preferences
and you can always turn it back on should a trusted site require it.
Read licensing agreements. It can seem daunting to read these agreements, but to play it safe,
don't just scroll to the bottom and click the "I accept" button when installing freeware.
Instead, read each agreement carefully and look for language pertaining to any information-
gathering activity, which could mean that youll get spyware or adware along with your
freebie.
Watch out for anti-spyware scams. The Web is rife with "anti-spyware" tools that do little or
nothing to prevent spyware. Some even make it worse. Purveyors of these tools often provide
free scans, which almost invariably identify hundreds of spyware programs on your computer.
They then immediately ask you to buy their bogus product.
Beware of clickable advertisements. Try to avoid programs--especially freeware--that flash
clickable ads. These ads should be a red flag. If you click the ads, it's possible someone is
watching how you respond to them.
A.ROOTKIT
A rootkit is a type of software designed to hide the fact that an operating system has been
compromised, sometimes by replacing vital executables. Rootkits allow viruses and malware to
hide in plain sight by disguising as necessary files that your antivirussoftware will overlook.
Rootkits themselves are not harmful; they are simply used to hide malware, bots and worms.
Rootkits get their name from the Unix term for the primary administrator account called root
and kits, which refer to the software pieces that implement the tool. To install a rootkit, an
attacker must first gain access to the root account by using an exploit or obtaining the password
by cracking it or social engineering. Rootkits were originally used in the early 1990s and
targeted UNIX operating systems. Today, rootkits are available for many other operating
systems, including Windows. Because rootkits are activated before your operating system even
boots up, they are very difficult to detect and therefore provide a powerful way for attackers to
access and use the targeted computer without the owners notice. Due to the way rootkits are
used and installed, they are notoriously difficult to remove. Rootkits today usually are not used
to gain elevated access, but instead are used to mask malware payloads more effectively.

B.BEHAVIOR AND FUNCTION

Provide an attacker with full access via a backdoor, permitting unauthorized access to, for
example, steal or falsify documents. One of the ways to carry this out is to subvert the login
mechanism, such as the /bin/login program on Unix-like systems or GINA on Windows. The
replacement appears to function normally, but also accepts a secret login combination that
allows an attacker direct access to the system with administrative privileges, bypassing
standard authentication and authorization mechanisms.
Conceal other malware, notably password-stealing key loggers and computer viruses.[18]
Appropriate the compromised machine as a zombie computer for attacks on other computers.
(The attack originates from the compromised system or network, instead of the attacker's
system.) "Zombie" computers are typically members of large botnets that can launch denial-
of-service attacks, distribute e-mail spam, conduct click fraud, etc.
Enforcement of digital rights management (DRM).
 Detect attacks, for example, in a honeypot.[20]
Enhance emulation software and security software.[21] Alcohol 120% and Daemon Tools are
commercial examples of non-hostile rootkits used to defeat copy-protection mechanisms
such as SafeDisc and SecuROM. Kaspersky antivirus software also uses techniques
resembling rootkits to protect itself from malicious actions. It loads its own drivers to
intercept system activity, and then prevents other processes from doing harm to itself. Its
processes are not hidden, but cannot be terminated by standard methods (It can be terminated
with Process Hacker).
Anti-theft protection: Laptops may have BIOS-based rootkit software that will periodically
report to a central authority, allowing the laptop to be monitored, disabled or wiped of
information in the event that it is stolen.

C.WAYS TO AVOID

Rootkits sneak in under the radar of computer security, hook deep into the operating system, then add
malicious programs. They arrive via clicked-on links in e-mail, instant messages and websites.

Increasingly, organized criminals use rootkits to spread remote control ware (also called botware),
spyware, spamware and keystroke loggers. They were present in 14 percent of the 5.7 million
computers scanned by Windows Malicious Software Removal Tool, according to a June Microsoft
report.

Rootkits start as low-level programs, such as Web helper applications, that are too small for security
software to notice. Then they compile and open a back door to other programs that use the computer
to relay e-mail and IM spam, or steal personal and regulated information. "Rootkits demand a new
type of technology that finds and eliminates well-hidden malware.
A.BOT
An Internet bot, also known as web robot, WWW robot or simply bot, is a software
application that runs automated tasks (scripts) over the Internet Typically, bots perform tasks
that are both simple and structurally repetitive, at a much higher rate than would be possible for a
human alone. The largest use of bots is inweb spidiring (web crawler), in which an automated
script fetches, analyzes and files information from web servers at many times the speed of a
human. More than half of all web traffic is made up of bots.

B. BEHAVIOR AND FUNCTION

Bot behavior analysis is an essencial component in botnet detection and response. Recent
reseach on bot behavior analysis is focus on idenyifing wheather analysis target file is bot or
not by monitoring user-level API call information of bot process and discover their malicous
behaviors. However, such research does not monitor the bot process which has kernel-rootkit,
anti-VM and static-DLL/binary code injection capabilities. In this paper, we present an
approach based on a combination of System Call Layer rebuilding and process executing that
enables automatic thwarting static-DLL/binary code injection. Also, we have built a system for
analyzing advance bot behavior that can monitor the behavior of bot process at kernel-level
and thwart some anti-vm methods. For experiments and evaluation, we have conduct
experiments on several recent bot samples which have kernl-rootkit, anti-VM and static-
DLL/binary code injection capabilities and shown that our system can successfully extrat their
API call information and malicious behaviors from them.

C.WAYS TO AVOID

In order to ensure your site and business has the best protections available, its important to
choose a solution that does not rely on IP addresses alone; provides real-time detection and
mitigation (without adding even 10 milliseconds of latency); offers very high accuracy (at or
above 99 percent); and learns and improves, constantly.

So, when evaluating bot protection solutions, youll want to look for these items:

Multiple detection technologies A truly comprehensive bot prevention tool wont

just offer one or two layers of protection for your site, but will employ a wide range of
technologies javascripts, statistical methods, artificial intelligence (or support vector
 machine), user-agent validation, rate limits based on Unique ID, geographic analysis,
and a network learning capability.
Constantly improving The key to a great bot protection solution relies on R&D and
network learning processes. Maintaining a shared database with a Unique ID for each
bot, so bots can be detected immediately before any bot activity reaches your
webservers. The best bot protection solutions are also constantly evolving and
investing in R&D to maintain an edge in the arms race of website security.
Ability to target all kinds of bots If you really want to protect your website, then
youll need a solution that targets not just one type of bot, but all of them. An effective
bot protection tool should protect against content theft and duplication, click fraud,
traffic fraud, comment spam, server slowdowns, and any other attacks a bot could
deliveR

A.SPYWARE
Spyware is software that aims to gather information about a person or organization without their
knowledge, that may send such information to another entity without the consumer's consent, or
that asserts control over a device without the consumer's knowledge.[1]
"Spyware" is mostly classified into four types: adware, system monitors, tracking cookies,
and trojans;[2] examples of other notorious types include digital rights management capabilities
that "phone home", keyloggers, rootkits, and web beacons.
Spyware is mostly used for the purposes of tracking and storing Internet users' movements on the
Web and serving up pop-up ads to Internet users. Whenever spyware is used for malicious
purposes, its presence is typically hidden from the user and can be difficult to detect. Some
spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public
computer intentionally in
order to monitor users.

B.BEHAVIOR
-Screen Content Monitoring;
-Keystrokes Logging;
-Email Content Monitoring;
-Chat Content Monitoring;
-Social Network Content Monitoring;
-Website Passwords and User Names Monitoring;
-Documents & Files Content Monitoring;
-Print Content Monitoring.

C.HOW TO AVOID

How can you prevent spyware from installing on your computer?

To avoid unintentionally installing it yourself, follow these good security practices:
Don't click on links within pop-up windows - Because pop-up windows are often a product
of spyware, clicking on the window may install spyware software on your computer. To
close the pop-up window, click on the "X" icon in the titlebar instead of a "close" link
within the window.
Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes
asking whether you want to run a particular program or perform another type of task.
Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the
titlebar.
Be wary of free downloadable software - There are many sites that offer customized
toolbars or other features that appeal to users. Don't download programs from sites you
don't trust, and realize that you may be exposing your computer to spyware by
downloading some of these programs.
Don't follow email links claiming to offer anti-spyware software - Like email viruses,
the links may serve the opposite purpose and actually install the spyware it claims to be
eliminating.