Malicious programs can be divided into the following groups: worms,
viruses, Trojans, hacker utilities and other malware. All of these are
designed to damage the infected machine or other networked machines. Network Worms This category includes programs that propagate via LANs or the Internet with the following objectives: Penetrating remote machines Launching copies on victim machines Spreading further to new machines Worms
use different networking systems to propagate: email, instant
messaging, file-sharing (P2P), IRC channels, LANs, WANs and so forth. Most
existing worms spread as files in one form or another - email
attachments, in ICQ or IRC messages, links to files stored on infected
websites or FTP servers, files accessible via P2P networks and so on. There
are a small number of so-called fileless or packet worms; these spread
as network packets and directly penetrate the RAM of the victim
machine, where the code is then executed. Worms use a variety of methods for penetrating victim machines and subsequently executing code, including: Social engineering; emails that encourage recipients to open the attachment Poorly configured networks; networks that leave local machines open to access from outside the network Vulnerabilities in operating systems and applications Today's
malware is often a composite creation: worms now often include Trojan
functions or are able to infect exe files on the victim machine. They
are no longer pure worms, but blended threats. Classic Viruses This class of malicious programs covers programs that spread copies of themselves throughout a single machine in order to: Launch and/or execute this code once a user fulfills a designated action Penetrate other resources within the victim machine Unlike
worms, viruses do not use network resources to penetrate other
machines. Copies of viruses can penetrate other machines only if an
infected object is accessed and the code is launched by a user on an
uninfected machine. This can happen in the following ways: The virus infects files on a network resource that other users can access The virus infects removable storage media which are then attached to a clean machine The user attaches an infected file to an email and sends it to a 'healthy' recipient Viruses
are sometimes carried by worms as additional payloads or they can
themselves include backdoor or Trojan functionality which destroy data
on an infected machine. Trojan Programs This
class of malware includes a wide variety of programs that perform
actions without the user's knowledge or consent: collecting data and
sending it to a cyber criminal, destroying or altering data with
malicious intent, causing the computer to malfunction, or using a
machine's capabilities for malicious or criminal purposes, such as
sending spam. A subset of Trojans damage remote machines or networks
without compromising infected machines; these are Trojans that utilize
victim machines to participate in a DoS attack on a designated web site. Hacker Utilities and other malicious programs This diverse class includes: Utilities such as constructors that can be used to create viruses, worms and Trojans Program libraries specially developed to be used in creating malware Hacker utilities that encrypt infected files to hide them from antivirus software Jokes that interfere with normal computer function Programs that deliberately misinform users about their actions in the system Other programs that are designed to directly or indirectly damage local or networked machines http://www.viruslist.com
