192 Chapter 8 ■ Trojans, Viruses, Worms, and Covert Channels
With these abilities in mind, it is important to distinguish worms from viruses by
considering a couple of key points:
■ A worm can be considered a special type of malware that can replicate and consume
memory, but at the same time it does not typically attach itself to other applications or
software.
■ A worm spreads through infected networks automatically and only requires that a host
is vulnerable. A virus does not have this ability.Worms can be created using the same types of techniques we explored
earlier with viruses. You can create a worm either by coding it yourself or
by using one of the many point-and-click utilities available.Spyware
Spyware is a type of malware that is designed to collect and forward information regarding
a victim’s activities to an interested party. The defining characteristic is that the application
acts behind the scenes to gather this information without the user’s consent or knowledge.
The information gathered by spyware can be anything that the creator of the spyware
feels is worthwhile. Spyware has been used to target ads, steal identities, generate revenue,
alter systems, and capture other information. Additionally, it is not unheard of for spyware
to open the door for later attacks that may perform tasks such as downloading software
and so on.Methods of Spyware Infection
Spyware can be placed on a system in a number of different ways, each offering its own
benefits. Once the software is installed, it stays hidden and carries out its goals. Methods of
infection include, but are not limited to, the following:
■ Peer-to-peer networks (P2P)—This delivery mechanism has become very popular
because of the increased number of individuals using these networks to obtain free
software.
■ Instant messaging (IM)—Delivering malicious software via IM is easy. Plus, IM
software has never had much in the way of security controls.
■ Internet relay chat (IRC)—IRC is a commonly used mechanism to deliver messages and
software because of its widespread use and the ability to entice new users to download
software.
■ E-mail attachments—With the rise of e-mail as a communication medium, the practice
of using it to distribute malware has also risen.
■ Physical access—Once an attacker gains physical access, it becomes relatively easy to
install spyware and compromise the system.
■ Browser defects—Many users forget or do not choose to update their browsers as soon
as updates are released, so distribution of spyware becomes easier.