TYPES OF MALWARES

Malware is short for malicious software, meaning software that can be

used to compromise computer functions, steal data, bypass access
controls, or otherwise cause harm to the host computer. Malware is
a broad term that refers to a variety of malicious programs.
Trojan Horses
 A Trojan horse, commonly known as a “Trojan,” is a type of malware
that disguises itself as a normal file or program to trick users into
downloading and installing malware. A Trojan can give a malicious
party remote access to an infected computer.
 Worms
 that copies and multiplies itself by using computer networks and
security flaws.
 Worms typically cause harm to their host networks by consuming
bandwidth and overloading web servers.
Boot Sector Virus
 Infects the boot or MBR of diskettes and hard drives through the sharing of
infected disks and pirated software applications
 Once your hard drive is infected all diskettes that you use in your computer will
be infected
E-mail Viruses
 use e-mail messages to spread which allow it to automatically forward
itself to thousands of people
 Macro viruses :
 A macro virus is a virus that is written in a macro language: a programming
language which is embedded inside a software application (e.g., word processors
and spreadsheet applications). Some applications, such as Microsoft Office, 
Excel, PowerPoint allow macro programs to be embedded in documents such
that the macros are run automatically when the document is opened, and this
provides a distinct mechanism by which malicious computer instructions can
spread. This is one reason it can be dangerous to open unexpected attachments in 
e-mails. Many antivirus programs can detect macro viruses, however the macro
virus' behavior can still be difficult to detect.
A macro virus can be spread through e-mail attachments, 
removable media, networks and the Internet, and is notoriously
difficult to detect.
 A common way for a macro virus to infect a computer is by
replacing normal macros with a virus. The macro virus replaces
regular commands with the same name and runs when the
command is selected. These malicious macros may start
automatically when a document is opened or closed, without the
user's knowledge.
Stealth Virus
In computer security, a stealth virus is a computer virus that uses
various mechanisms to avoid detection by antivirus software.
Generally, stealth describes any approach to doing something while
avoiding notice.
 Typically, when an antivirus program runs, a stealth virus hides itself in
memory, and uses various tricks to also hide changes it has made to any files
or boot records.
 The virus may maintain a copy of the original, uninfected data
and monitor system activity. When the program attempts to
access data that's been altered, the virus redirects it to a storage
area maintaining the original, uninfected data. A good antivirus
program should be able to find a stealth virus by looking for
evidence in memory as well as in areas that viruses usually
attack.
ADWARE:

Adware (short for advertising-supported software) is a type of

malware that automatically delivers advertisements. Common
examples of adware include pop-up ads on websites and
advertisements that are displayed by software. Often times
software and applications offer “free” versions that come
bundled with adware. Most adware is sponsored or authored by
advertisers and serves as a revenue generating tool. 
SPYWARE

Spyware is a type of malware that functions by spying on user

activity without their knowledge.
These spying capabilities can include activity
monitoring, collecting keystrokes, data harvesting (account
information, logins, financial data), and more. Spyware often has
additional capabilities as well, ranging from modifying security
settings of software or browsers to interfering with network
connections. Spyware spreads by exploiting software
vulnerabilities, bundling itself with legitimate software, or in
Trojans.
SIGNS YOUR COMPUTER IS INFECTED

Functions slower than normal

Responds slowly and freezes
often
Restarts itself often
See uncommon error
messages, distorted menus,
and dialog boxes
Notice applications fail to
work correctly
Fail to print correctly
PREVENTION

Upload and use antivirus

software
Be aware of the e-mails and
attachments you open
Check for updates on
antivirus software regularly
Make sure antivirus software
is installed correctly
VIRUS DETECTION AND CONTROL SYSTEM:

HOW ANTIVIRUS WORKS ?

It must identify known and previously unseen malicious files with the goal of
blocking them before they can cause damage. Though tools differ in the
implementation of malware-detection mechanisms, they tend to incorporate the
same virus detection techniques.
Virus detection techniques can be classified as follows:
Signature-based IDS refers to the detection of attacks by looking for specific
patterns, such as byte sequences in network traffic, or known malicious instruction
sequences used by malware.
When an anti-malware solution provider identifies an object as malicious, its
signature is added to a database of known malware. These repositories may contain
hundreds of millions of signatures that identify malicious objects. This method of
identifying malicious objects has been the primary technique used by malware
products and remains the base approach used by the latest firewalls, email and
network gateways.
It could also be a cryptographic hash of the file or its sections. This method of detecting malware
has been an essential aspect of antivirus tools since their inception; it remains a part of many tools
to date, though its importance is diminishing.

A major limitation of signature-based detection is that, by itself, this method is unable to flag
malicious files for which signatures have not yet been developed. 

Heuristics-based detection s opposed to signature-based scanning, which looks to match signatures

found in files with that of a database of known malware, heuristic scanning uses rules and/or
algorithms to look for commands which may indicate malicious intent. By using this method,
some heuristic scanning methods are able to detect malware without needing a signature. This is
why most antivirus programs use both signature and heuristic-based methods in combination, in
order to catch any malware that may try to evade detection.
Benefits of Heuristic Scanning
Heuristic scanning is usually much faster than sandboxing because it does not execute the file and
then wait to record its behavior, with the exception of some emulation-based techniques .
Does not give away details on how malware is flagged (unlike sandboxing), so malware authors will
not be aware of what they need to change in order to evade detection.
limitations of Heuristic Scanning
When scanning a sample, the information found is generally limited to the threat name.
Because the engines are looking for specific pieces of code which indicate a malicious action, it can
lead to two possible limitations:
 If the vendor has not built detection for a particular action, then the malware will evade detection.
Some of the older methods of heuristic-based scanning have a higher propensity for reporting false
positives because they are looking for a wide range of actions that could indicate a potentially
malicious file. However, newer methods of heuristic scanning such as generic detection produce
false positives less frequently. Generic detection works by looking for features or behaviors that
are commonly seen for known threats.
Sandbox detection - Sandboxes consist of some sort of purpose-built
environment, usually virtualized (in some cases physical), where the potentially
malicious files are executed and their behavior is recorded. The recorded behavior
is then analyzed automatically through a weights system in the sandbox and/or
manually by a malware analyst. The goal of this analysis is to determine whether
the file is malicious and if it is, what exactly the file does. 
Benefits of Sandboxing
Because sandboxing actually opens the file being analyzed, it is able to see in
detail exactly what that file will do in that particular environment.
Instead of a binary yes/no and threat name, most sandboxes offer reporting with
details on the behavior recorded. In addition to providing more information on
how to classify the file, this method can be particularly useful in an incident
response environment in order to identify exactly what the intention of the file
was, in order to understand what the effects are.