A computer virus is a piece of software that can “infect” other programs by modifying them; The modification includes injecting the original program with a routine to make copies of the virus program, which can then go on to infect other programs. A virus can do anything that other programs do. The difference is that a virus attaches itself to another program and executes secretly when the host program is run.
The terminology in this area presents problems because of a lack of universal agreement on all of the terms and because some of the categories overlap. Malicious software can be divided into two categories: those that need a host program, and those that are independent.
- Need a host program : The former, referred to as parasitic, are essentially fragments of programs that cannot exist independently of some actual application program, utility, or system program. Examples: Viruses, logic bombs, and backdoors
- Independent malware is a self-contained program that can be scheduled and run by the operating system. Examples : Worms and bot programs
Backdoor or Trapdoor
A backdoor, also known as a trapdoor, is a secret entry point into a program that allows someone who is aware of the
backdoor to gain access without going through the usual security access procedures. Programmers have used backdoors legitimately for many years to debug and test programs; such a backdoor is called a maintenance hook. It Has been commonly used by developers. A threat when left in production programs allowing exploited by attackers. It is very hard to block in O/S. It requires good s/w development & update.
It is one of oldest types of malicious software. The code is embedded in legitimate program. It is activated when specified conditions met
Eg presence/absence of some file
When it is triggered it typically damages system, Modify/delete files/disks, halt machine, etc.
A Trojan horse is a useful, or apparently useful, program or command procedure containing hidden code that, when invoked, performs some unwanted or harmful function. Trojan horse programs can be used to accomplish functions
indirectly that an unauthorized user could not accomplish directly, Which is usually superficially attractive. Eg game, s/w upgrade etc. When it runs performs some additional tasks. Allows attacker to indirectly gain access they do not have directly. Often used to propagate a virus/worm or install a backdoor. Another common motivation for the Trojan horse is data destruction. The program appears to be performing a useful function (e.g., a calculator program), but it may also be quietly deleting the user’s files.
Program which secretly takes over another networked computer is called zombie. Then uses it to indirectly launch attacks. Often used to launch distributed denial of service (DDoS) attacks. Exploits known flaws in network systems.