What is malware?
Malware (malicious software), not virus, is the general term for software that is designed to behave badly. Malware encompasses the complete line of viruses (boot sector, stealth, polymorphic, multipart, self-garbling), worms, trojan horses, logic bombs, rootkits, etc. As you can see by the list above, malware comes in many shapes and sizes. We previously talked about viruses, so let’s briefly address some of the other forms of malware.
A trojan horse is malware that comes packaged along with something that the user does desire (data, software, whatever). Open source software has been attacked a few notorious times via trojan horse attacks. The most infamous is probably the time in 2002 that the OpenSSH server was compromised and versions of OpenSSH were replaced with trojaned versions of SSH. You can still read the CERT Advisory about the attack.
A worm is a piece of software that exploits a vulnerability to get itself established on a host and then uses that host to attack other systems. A worm is self-replicating and stand alone. The most notorious worm that affected many Linux systems was called L10n and attacked via bind in 2001.
A rootkit is a program designed to hide that malware in on the system. Rootkits have taken the form of kernel modules, binary replacements for key system utilities (ls, ps, etc.) which hide malware processes and files from the output that administrators uses to see what is happening on the system.
A botnet is a network of subverted machines that are running a rootkit or other malware on their system that makes them remotely directable. Botnets are frequently used to launch distributed denial of service attacks. The evolution of botnets is fascinating because they have gained sophistication in command and control structure to avoid single points of failure. In a very interesting turn of events, two Symantec researchers discovered the first Mac botnet. The botnet malware was distributed as a trojan horse connected to pirated iWork ’09 software.
This covers just a few of the additional types of malware and as you can see there are many. The study of malware is one of the “cooler” (or just more flashy) specialties of the computer security profession.
This article was part three in a multi-part series about anti-virus and Linux which was announced in the article Anti-virus for Linux Redux.
bjacobson
Emilly, nice article. Botnets are a growing problem.
News story today:
http://www.pcworld.com/businesscenter/article/163642/gang_of_six_controls_botnet_of_19_million_computers.html
Criminals have built a massive “botnet” network of hacked computers that has infected an estimated 1.9 million computers worldwide, including systems within U.S. and U.K. government networks, security vendor Finjan reported Tuesday.
A group of six criminals has run the operation since February, controlling the botnet from a server located in the Ukraine, Finjan said. Using a network of Web sites, they have installed their malware by tricking victims into viewing malicious Web code that then installs the malware.
Nearly half of the computers hacked by the gang are located in the U.S., but they have also hit a sizeable number of machines in the U.K., Canada, Germany and France, Finjan said.
. . .
Emily Ratliff
Hi Bryan,
While not botnet related, a couple of other recent stories on hacking also caught my attention. Sadly the stories are lacking in technical detail.
Joint Strike Fighter plans stolen.
and
Electric Power Grid hacked
Emily